Hallo Forum , es ist passiert.
Telekom Rechnung Link angeklickt, und das war´s
Im Download Verzeichnis ein paar Musik Titel als zip erschienen.
Notebook läuft stabil. Aber unsicher bin ich trotzdem.
Combofix im abgesichertem Modus ausgeführt. Malware Bytes keine Funde.
Im Download Verzeichnis ein paar Musik Titel als zip erschienen.
Hier Link aus dem Quelcode:
hxxp://ilfotografo.mystores.it/pdf/data_telekomde"><font style="font-size: 12px;" size="1" color="#00A1DE" face="Arial,Verdana,Helvetica">Ihre detaillierte Rechnung für April 2014, 66387_11111111_P_153568_I_90.pdf</font></a>.

Extras Log angehängt
OTL.txt geht nicht, zu Groß

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 5/27/2014 11:55:47 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\admin_hms\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.91 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 43.80% Memory free
7.82 Gb Paging File | 5.53 Gb Available in Paging File | 70.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99.31 Gb Total Space | 20.09 Gb Free Space | 20.23% Space Free | Partition Type: NTFS
Drive E: | 14.64 Gb Total Space | 2.18 Gb Free Space | 14.88% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.12 Gb Free Space | 42.54% Space Free | Partition Type: FAT32
Drive G: | 1.26 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 546.80 Gb Total Space | 28.80 Gb Free Space | 5.27% Space Free | Partition Type: NTFS
 
Computer Name: CNU2202DXB | User Name: admin_hms | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 513
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 192.168.253.0/24
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = 192.168.253.0/24
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = 192.168.253.0/24
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"EnableFirewall" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"EnableFirewall" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 513
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 192.168.253.0/24
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = 192.168.253.0/24
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = 192.168.253.0/24
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = 
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D838E34-FBD2-4CA3-8B3D-D658D90BE1C1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{10E805B4-B115-4EFD-85A7-D59F6717B3CF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1774FB98-35FA-47B9-A16C-95C895D903F7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1BF4A557-5B86-41A3-9AB2-A83B35E3759D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1DF4A71E-77E1-4093-97E3-D2DC0A746421}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1F343FD7-A3F7-4161-9C03-342618EF2A11}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3463A564-23B1-4232-A263-3D7F1D5056A4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{37F973F1-761B-460A-AAF9-4715A7DF0D63}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3D494199-592D-417B-A3B0-58CFE1CBD49B}" = lport=57526 | protocol=6 | dir=in | name=trend micro client/server security agent listener | 
"{401DA716-D035-40EB-92E7-1ACE86AA4CC5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{496B6F62-5A56-4AB3-97FD-D5D971B106BF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4C8C82D0-EA9C-4DEA-B4D2-94EEE267726C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{6B2FBEA7-0F38-4578-884A-8C3B95E6F448}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9B1E2912-4687-4713-8FA6-183CC2E282E8}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AA36923C-16FD-49C1-863E-49B6C82A332F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B4512B84-28B2-4BDE-B466-2613782F9EEE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B5882F0D-6463-4E37-80D8-C53CBC6EEDDF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B5BF88B0-2216-4444-81B9-9D3D253C7E8C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B9228550-F6AE-46C1-A934-577E291F9DA8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BF9085DF-7FD9-4FE1-B4AA-F59FA8B2BAC8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C345A4BE-9C30-4870-9981-CC9D79CD62A9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C5946195-ADC8-4CA1-B074-0431B6A3EC82}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C94633DD-9084-4E4C-8393-0B6C755E55D6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E0272705-B5D2-4F3E-9B25-172F1DE31FE4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EE9C2C03-6EB9-48BC-8F9C-57C37B79E259}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{FA579259-5D4C-4B45-8759-E2C67F5446D0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FB790178-B98A-4CAE-8736-1D2FDD8E00D2}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12994BDF-B635-4A46-A755-049370DF0317}" = protocol=17 | dir=in | app=c:\program files (x86)\alcatel_pimphony\aocphone.exe | 
"{2FB913AF-7728-4B29-9F49-7B8A9313A43D}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{32D17AAF-58CB-4677-8800-DA0DAEF3BF2B}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{381AD756-FF5E-4170-9D43-BAD483000B64}" = protocol=6 | dir=in | app=c:\program files (x86)\alcatel_pimphony\uaproc.exe | 
"{456C5E1A-4E21-424B-ABDA-5C082F95538A}" = protocol=17 | dir=in | app=c:\program files (x86)\alcatel_pimphony\onlineupdat.exe | 
"{471078D0-E18C-4E1E-9C59-199AAA6AD111}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{56092957-9CB8-470F-A06B-05178461CE96}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{68EFB6A9-7358-4B52-A61E-5CBFF9B827FE}" = protocol=6 | dir=in | app=c:\program files (x86)\alcatel_pimphony\aocphone.exe | 
"{69A40F20-139B-4815-92DF-FDD231F664FF}" = protocol=17 | dir=in | app=c:\program files (x86)\alcatel_pimphony\aocwiz.exe | 
"{81CCA404-A5B7-471F-85DE-2BD071DB1D6D}" = protocol=17 | dir=in | app=c:\program files (x86)\alcatel_pimphony\appdiag\appdiag.exe | 
"{8A0D3F3C-9733-4EFD-A9DF-0F785E53706D}" = protocol=6 | dir=in | app=c:\program files (x86)\alcatel_pimphony\aocwiz.exe | 
"{8D0944FC-FFBB-423B-81C4-0CCE86837F4F}" = protocol=6 | dir=in | app=c:\program files (x86)\alcatel_pimphony\abers.exe | 
"{90283C0F-4EEF-4479-AD78-C4A6C96EF7FB}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe | 
"{913CB29C-4034-4A53-9C7F-17A2775BCA98}" = protocol=6 | dir=in | app=c:\program files (x86)\alcatel_pimphony\onlineupdat.exe | 
"{960C3C7D-4B29-4C10-8805-6D6EFB74EF7D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A1B8B7A0-40F1-4E29-A0B0-4E861413E689}" = protocol=6 | dir=in | app=c:\program files (x86)\alcatel_pimphony\appdiag\appdiag.exe | 
"{A732F665-B876-463F-BED8-FC0485C4DF45}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B243B048-E837-4243-B9E6-15F3B99B4444}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{BDF77CE4-33DD-4FA1-AE81-389CBDBDEE88}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{C996F6CF-D3D3-4EC4-902A-5CB8E43067F3}" = protocol=6 | dir=in | app=c:\program files (x86)\alcatel_pimphony\registration.exe | 
"{D06EC665-0D24-4397-9060-3AD8B16ACB64}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D872A2E8-9F81-49D3-B5D0-9FA1E1C74D21}" = protocol=17 | dir=in | app=c:\program files (x86)\alcatel_pimphony\abers.exe | 
"{E2407315-4096-4574-AAEA-94121E1C7E05}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe | 
"{E9E0D6F5-7B2A-4AEC-AFF6-406D6BF82A17}" = protocol=17 | dir=in | app=c:\program files (x86)\alcatel_pimphony\registration.exe | 
"{F14DC2B4-3670-457B-B356-C1B15F428D09}" = protocol=17 | dir=in | app=c:\program files (x86)\alcatel_pimphony\uaproc.exe | 
"{F4A5F33A-C23E-4691-8DB5-4550004E8B92}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{F860F1DF-EF14-4F0A-B3D6-E2600F301733}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FB3D834A-35A2-463C-A7D1-85EA52FEB244}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{51B6C499-7B3D-4157-B67F-C695798739E4}C:\users\j.xxxxxx\appdata\local\temp\rarsfx1\wps.exe" = protocol=6 | dir=in | app=c:\users\j.xxxxxx\appdata\local\temp\rarsfx1\wps.exe | 
"TCP Query User{78C9B11E-8E1F-451A-9DC8-5CFFD2CE13C7}\\wsrv02\vol1\gdiline\gdiline.exe" = protocol=6 | dir=in | app=\\wsrv02\vol1\gdiline\gdiline.exe | 
"TCP Query User{84BFD804-5E6E-4011-A535-D4A408BF0052}C:\users\j.xxxxxx\appdata\local\temp\rarsfx0\wps.exe" = protocol=6 | dir=in | app=c:\users\j.xxxxxx\appdata\local\temp\rarsfx0\wps.exe | 
"TCP Query User{DFA4EDE9-94B0-467F-AED4-582A8498FC43}C:\program files (x86)\winfonie mobile 2\winfoniemobile2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winfonie mobile 2\winfoniemobile2.exe | 
"UDP Query User{5A2AC176-3BE3-4AE5-99AD-79898F61DBBC}C:\program files (x86)\winfonie mobile 2\winfoniemobile2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winfonie mobile 2\winfoniemobile2.exe | 
"UDP Query User{91CB029D-E1DD-44D5-ABEA-99DDC08FCEE0}\\wsrv02\vol1\gdiline\gdiline.exe" = protocol=17 | dir=in | app=\\wsrv02\vol1\gdiline\gdiline.exe | 
"UDP Query User{AF3FF93F-64DC-41B1-B334-DA1C84A1377E}C:\users\j.xxxxxx\appdata\local\temp\rarsfx1\wps.exe" = protocol=17 | dir=in | app=c:\users\j.xxxxxx\appdata\local\temp\rarsfx1\wps.exe | 
"UDP Query User{AF838C14-8DA2-481C-AE63-09AB1E81E781}C:\users\j.xxxxxx\appdata\local\temp\rarsfx0\wps.exe" = protocol=17 | dir=in | app=c:\users\j.xxxxxx\appdata\local\temp\rarsfx0\wps.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1241CE77-0B65-40A0-B893-02EA49E35332}" = HP Officejet Pro 8600 - Grundlegende Software für das Gerät
"{19D84BB4-35C9-4125-90AB-C2ADD0F9A8EC}" = Trend Micro Worry-Free Business Security Agent
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{483D5A49-A26B-4CB8-AA2D-0D1811322061}" = HP DayStarter
"{4DF1691E-8012-4E7C-89CF-3F7B9146DA6E}" = Studie zur Verbesserung von HP Officejet Pro 8600 Produkten
"{50928788-ED14-4B45-97FF-EC3C4EC7BBC1}" = HP 3D DriveGuard
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{61D3AB5C-02B5-47FC-906A-C49A0954C7C6}" = Validity Fingerprint Sensor Driver
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87821717-5688-4AE6-887A-6B11571D0CD7}" = Embedded Security for HP ProtectTools
"{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}" = Drive Encryption For HP ProtectTools
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}" = Privacy Manager for HP ProtectTools
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CF9ACC81-C8C3-4BD1-BD1F-FE13CF344E20}" = HP Power Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D3A775F2-2674-4452-8D80-1FC1446052EE}" = Face Recognition for HP ProtectTools
"{D856C86A-6D49-4A32-BBC2-54714EAF2CA0}" = HP ProtectTools Security Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E6F19F75-2802-4E60-B04B-B7151BBEE53F}" = HP HotKey Support
"GIMP-2_is1" = GIMP 2.8.0
"GPL Ghostscript 9.04" = GPL Ghostscript
"HPProtectTools" = HP ProtectTools Security Manager
"PROSet" = Intel(R) Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
"Wofie" = Trend Micro Worry-Free Business Security Agent
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{225C4860-9D03-49F5-B983-943EB938E0B0}" = HP GPS and Location
"{23544215-E6E6-448B-B6E9-6268D5B3E74D}" = HP SoftPaq Download Manager
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4B21E4B2-89B8-499D-803A-34ABF929401E}" = HP Connection Manager
"{52B18ABC-AD5F-4C3C-B391-04F57B380449}" = HP Client Automation Agent Preload 
"{531000B3-DBEE-4115-BBF3-DA48B67C053F}" = HP Software Setup
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}" = HP Documentation
"{646E8C34-C88B-42F9-9F41-985A801219E1}" = HP Mobile Broadband Drivers
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{72CD20B8-55F3-4B4F-A44F-E381232E84ED}" = HP QuickWeb
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{831ADA8C-C73B-4915-AF8D-83D22BD58AA8}" = PIMphony
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{93139A49-0360-4718-8B93-C1F9EB12E3D8}" = Roxio Secure Burn
"{954079D6-28E0-417D-AC43-F728E3CB7CE5}" = HP System Default Settings
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9CB4FBA9-45C0-41AA-97CC-283B42E1A21E}" = Roxio MyDVD Business 2010
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.9) - Deutsch
"{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Secure Burn
"{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Hilfe
"{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}" = HP Software Framework
"{BACE8BFA-8F39-421D-BEF1-6E78632BDC90}" = Roxio MyDVD Business 2010
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E92D47A1-D27D-430A-8368-0BAFD956507D}" = HP Support Assistant
"{EFCB119B-6A71-489F-A81A-61627969D35C}" = HP ESU for Microsoft Windows 7
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F24F876B-7D71-4BD6-88E9-614D3BB84216}" = Alcor Micro Smart Card Reader Driver
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"David.InfoCenter" = David.InfoCenter 
"FreePDF_XP" = FreePDF (Remove only)
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 27.0.1 (x86 de)" = Mozilla Firefox 27.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"Sunplus SPUVCb" = HP HD Webcam [Fixed]
"SZCCID" = Alcor Micro Smart Card Reader Driver
"VIP Access SDK" = VIP Access SDK (1.0.0.55) 
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/27/2014 3:30:37 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PccNT.exe, Version: 18.0.0.1267, 
Zeitstempel: 0x50d0790b  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, 
Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000000001  ID
 des fehlerhaften Prozesses: 0x54c  Startzeit der fehlerhaften Anwendung: 0x01cf797d8cdcf409
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Trend Micro\Client Server Security
 Agent\PccNT.exe  Pfad des fehlerhaften Moduls: unknown  Berichtskennung: cb74948d-e570-11e3-9125-028037ec0200
 
Error - 5/27/2014 3:31:35 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PccNT.exe, Version: 18.0.0.1267, 
Zeitstempel: 0x50d0790b  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, 
Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000000001  ID
 des fehlerhaften Prozesses: 0x2164  Startzeit der fehlerhaften Anwendung: 0x01cf797daf733f41
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Trend Micro\Client Server Security
 Agent\PccNT.exe  Pfad des fehlerhaften Moduls: unknown  Berichtskennung: eded1e95-e570-11e3-9125-028037ec0200
 
Error - 5/27/2014 3:31:36 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PccNT.exe, Version: 18.0.0.1267, 
Zeitstempel: 0x50d0790b  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, 
Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000ff4317c0  ID
 des fehlerhaften Prozesses: 0x22b0  Startzeit der fehlerhaften Anwendung: 0x01cf797db0481b71
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Trend Micro\Client Server Security
 Agent\PccNT.exe  Pfad des fehlerhaften Moduls: unknown  Berichtskennung: eeda64c5-e570-11e3-9125-028037ec0200
 
Error - 5/27/2014 3:31:38 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PccNT.exe, Version: 18.0.0.1267, 
Zeitstempel: 0x50d0790b  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, 
Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000000001  ID
 des fehlerhaften Prozesses: 0x1bb4  Startzeit der fehlerhaften Anwendung: 0x01cf797db131f2b9
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Trend Micro\Client Server Security
 Agent\PccNT.exe  Pfad des fehlerhaften Moduls: unknown  Berichtskennung: efbccbc1-e570-11e3-9125-028037ec0200
 
Error - 5/27/2014 3:31:49 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PccNT.exe, Version: 18.0.0.1267, 
Zeitstempel: 0x50d0790b  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, 
Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000ff4317c0  ID
 des fehlerhaften Prozesses: 0x21e0  Startzeit der fehlerhaften Anwendung: 0x01cf797db81f66a1
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Trend Micro\Client Server Security
 Agent\PccNT.exe  Pfad des fehlerhaften Moduls: unknown  Berichtskennung: f698e44d-e570-11e3-9125-028037ec0200
 
Error - 5/27/2014 4:41:57 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hpqWmiEx.exe, Version: 4.6.15.1, 
Zeitstempel: 0x50a165a9  Name des fehlerhaften Moduls: hpqWmiEx.exe, Version: 4.6.15.1,
 Zeitstempel: 0x50a165a9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002b5d6  ID des fehlerhaften
 Prozesses: 0xfec  Startzeit der fehlerhaften Anwendung: 0x01cf796c52b2beaf  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
Berichtskennung:
 c2d0bb6a-e57a-11e3-9125-028037ec0200
 
Error - 5/27/2014 5:00:16 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BTTray.exe, Version: 6.3.0.6300, 
Zeitstempel: 0x4c5238e2  Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.18205,
 Zeitstempel: 0x51dba4dc  Ausnahmecode: 0xc0000409  Fehleroffset: 0x0000000000016303
ID
 des fehlerhaften Prozesses: 0x126c  Startzeit der fehlerhaften Anwendung: 0x01cf796c5ee191a7
Pfad
 der fehlerhaften Anwendung: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Pfad
 des fehlerhaften Moduls: C:\windows\system32\RPCRT4.dll  Berichtskennung: 5184c3b2-e57d-11e3-9125-028037ec0200
 
Error - 5/27/2014 5:10:25 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = VSS | ID = 18
Description = 
 
Error - 5/27/2014 5:10:25 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = VSS | ID = 8193
Description = 
 
Error - 5/27/2014 5:10:25 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = System Restore | ID = 8193
Description = 
 
[ HP Connection Manager Events ]
Error - 5/12/2014 1:23:41 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = hpCMSrv | ID = 5
Description = 2014/05/12 07:23:41.155|00001858|Error      |ChpWanMBN::GetDataClass|GetCurrentDataClass
 failed with error 0x80548210
 
Error - 5/12/2014 1:23:41 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = hpCMSrv | ID = 5
Description = 2014/05/12 07:23:41.170|00001858|Error      |ChpWanMBN::GetDataClass|GetCurrentDataClass
 failed with error 0x80548210
 
Error - 5/12/2014 1:23:41 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = hpCMSrv | ID = 5
Description = 2014/05/12 07:23:41.196|00001858|Error      |ChpWanMBN::GetDataClass|GetCurrentDataClass
 failed with error 0x80548210
 
Error - 5/18/2014 7:14:10 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = hpMobile | ID = 5
Description = 2014.05.18 13:14:10.392|00001B38|Error      |[HP.Mobile]Wwan::Disconnect{bool()}|Ausnahme
 von HRESULT: 0xA3010210
 
Error - 5/18/2014 7:14:10 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = hpMobile | ID = 5
Description = 2014.05.18 13:14:10.408|00001B38|Error      |[HP.Mobile]DeviceException::ShowError{void(HP.Mobile.Devices.Device,System.Exception)}|Mobiles
 Internet (WWAN): Das Gerät hat einen Fehler zurückgegeben (Ausnahme von HRESULT:
 0xA3010210)
 
Error - 5/18/2014 7:14:13 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = hpCMSrv | ID = 5
Description = 2014/05/18 13:14:13.731|00001BCC|Error      |CWWAN::IsRoamingChanged|Fire_IsRoamingChanged
 failed [hr:0x800706BA]
 
Error - 5/18/2014 7:14:13 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = hpCMSrv | ID = 5
Description = 2014/05/18 13:14:13.746|00001BCC|Error      |CWWAN::DataClassChanged|Fire_DataClassChanged
 failed [hr:0x800706BA]
 
Error - 5/23/2014 10:01:12 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = hpCMSrv | ID = 5
Description = 2014/05/23 16:01:12.752|000004BC|Error      |ChpWanMBN::GetPINState|GetPinState
 failed with error 0x80070490
 
Error - 5/23/2014 10:01:12 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = hpCMSrv | ID = 5
Description = 2014/05/23 16:01:12.861|000004BC|Error      |CWWAN::DataClassChanged|Fire_DataClassChanged
 failed [hr:0x800706BA]
 
Error - 5/27/2014 5:00:12 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = hpCMSrv | ID = 5
Description = 2014/05/27 11:00:12.203|0000199C|Error      |ChpWanMBN::GetDataClass|GetCurrentDataClass
 failed with error 0x80548210
 
[ HP Power Assistant Events ]
Error - 12/12/2012 2:22:11 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = HP PA Service | ID = 1024
Description = An error occured in HP Power Assistant application, module [HistoryDB].
Please
 restart HP Power Assistant application. Additional details may be available in the
 Details section.    DETAILS   Some kind of disk I/O error occurred  disk I/O errorDailyHistoricalFileManager
 
Error - 2/13/2013 9:52:27 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Level value needs to be an integer between 0 and 100, got 101UpdateBatteryPredictions()
 has bad values.  Check PMCCapabilities.XML and PMCData.XML if in emulation mode
 
Error - 2/13/2013 9:53:27 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Level value needs to be an integer between 0 and 100, got 101UpdateBatteryPredictions()
 has bad values.  Check PMCCapabilities.XML and PMCData.XML if in emulation mode
 
Error - 4/15/2013 1:11:29 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
 
Error - 12/18/2013 9:44:49 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Die Datei oder Assembly "CaslShared, Version=3.5.1.1, Culture=neutral,
 PublicKeyToken=9c6f83d5b7f3d097" oder eine Abhängigkeit davon wurde nicht gefunden.
 Das System kann die angegebene Datei nicht finden.
 
Error - 5/4/2014 9:31:09 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Get Debug.PowerSource failed : e_GENERAL_EXCEPTION
 
[ HP Software Framework Events ]
Error - 5/4/2014 9:31:09 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = hpCasl | ID = 5
Description = 2014.05.04 15:31:09.787|00001BB8|Error      |[hpcasl]Command::Get{hpCasl.enReturnCode(string,object&)}|An
 exception occurred Die COM-Klassenfactory für die Komponente mit CLSID {F5539356-2F02-40D4-999E-FA61F45FE12E}
 konnte aufgrund des folgenden Fehlers nicht abgerufen werden: 8007045b.
 
Error - 5/4/2014 9:31:09 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Casl | ID = 5
Description = 2014.05.04 15:31:09.834|00001240|Error      |[CaslWmi]A::A{bool()}|Error
 connecting to Global Event server. Exception: Die COM-Klassenfactory für die Komponente
 mit CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} konnte aufgrund des folgenden 
Fehlers nicht abgerufen werden: 8007045b.
 
Error - 5/4/2014 9:31:09 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Casl | ID = 5
Description = 2014.05.04 15:31:09.850|00001240|Error      |[CaslWmi]A::A{bool()}|Error
 connecting to Global Event server. Exception: Die COM-Klassenfactory für die Komponente
 mit CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} konnte aufgrund des folgenden 
Fehlers nicht abgerufen werden: 8007045b.
 
Error - 5/4/2014 9:31:09 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Casl | ID = 5
Description = 2014.05.04 15:31:09.865|00001240|Error      |[CaslWmi]A::A{bool()}|Error
 connecting to Global Event server. Exception: Die COM-Klassenfactory für die Komponente
 mit CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} konnte aufgrund des folgenden 
Fehlers nicht abgerufen werden: 8007045b.
 
Error - 5/4/2014 9:31:09 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Casl | ID = 5
Description = 2014.05.04 15:31:09.881|00001240|Error      |[CaslWmi]A::A{bool()}|Error
 connecting to Global Event server. Exception: Die COM-Klassenfactory für die Komponente
 mit CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} konnte aufgrund des folgenden 
Fehlers nicht abgerufen werden: 8007045b.
 
Error - 5/4/2014 9:31:09 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Casl | ID = 5
Description = 2014.05.04 15:31:09.912|00001240|Error      |[CaslWmi]A::A{bool()}|Error
 connecting to Global Event server. Exception: Die COM-Klassenfactory für die Komponente
 mit CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} konnte aufgrund des folgenden 
Fehlers nicht abgerufen werden: 8007045b.
 
Error - 5/4/2014 9:31:09 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Casl | ID = 5
Description = 2014.05.04 15:31:09.928|00001240|Error      |[CaslWmi]A::A{bool()}|Error
 connecting to Global Event server. Exception: Die COM-Klassenfactory für die Komponente
 mit CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} konnte aufgrund des folgenden 
Fehlers nicht abgerufen werden: 8007045b.
 
Error - 5/4/2014 9:31:09 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Casl | ID = 5
Description = 2014.05.04 15:31:09.943|00001240|Error      |[CaslWmi]A::A{bool()}|Error
 connecting to Global Event server. Exception: Die COM-Klassenfactory für die Komponente
 mit CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} konnte aufgrund des folgenden 
Fehlers nicht abgerufen werden: 8007045b.
 
Error - 5/4/2014 9:31:09 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Casl | ID = 5
Description = 2014.05.04 15:31:09.959|00001240|Error      |[CaslWmi]A::A{bool()}|Error
 connecting to Global Event server. Exception: Die COM-Klassenfactory für die Komponente
 mit CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} konnte aufgrund des folgenden 
Fehlers nicht abgerufen werden: 8007045b.
 
Error - 5/4/2014 9:31:09 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Casl | ID = 5
Description = 2014.05.04 15:31:09.974|00001240|Error      |[CaslWmi]A::A{bool()}|Error
 connecting to Global Event server. Exception: Die COM-Klassenfactory für die Komponente
 mit CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} konnte aufgrund des folgenden 
Fehlers nicht abgerufen werden: 8007045b.
 
[ System Events ]
Error - 5/27/2014 5:10:34 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 5/27/2014 5:10:52 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 5/27/2014 5:10:52 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 5/27/2014 5:10:52 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 5/27/2014 5:12:40 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 5/27/2014 5:13:52 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 5/27/2014 5:14:20 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 5/27/2014 5:14:23 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 5/27/2014 5:18:14 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne NETZWERK aufgrund der folgenden  Ursache nicht einrichten:   %%1311    Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein 
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 5/27/2014 5:18:17 AM | Computer Name = CNU2202DXB.netzwerk.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
 
< End of report >
         

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 5/27/2014 11:55:47 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\admin_hms\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.91 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 43.80% Memory free
7.82 Gb Paging File | 5.53 Gb Available in Paging File | 70.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99.31 Gb Total Space | 20.09 Gb Free Space | 20.23% Space Free | Partition Type: NTFS
Drive E: | 14.64 Gb Total Space | 2.18 Gb Free Space | 14.88% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.12 Gb Free Space | 42.54% Space Free | Partition Type: FAT32
Drive G: | 1.26 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 546.80 Gb Total Space | 28.80 Gb Free Space | 5.27% Space Free | Partition Type: NTFS
 
Computer Name: CNU2202DXB | User Name: admin_hms | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\admin_hms\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe (Ericsson AB)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
PRC - c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe (Infineon Technologies AG)
PRC - c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe (Infineon Technologies AG)
PRC - c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe (Infineon Technologies AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe ()
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Tobit InfoCenter\DVWIN32.EXE (Tobit.Software)
PRC - C:\PROGRA~2\TOBITI~1\DVREMIND.EXE (Tobit.Software)
PRC - C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Windows\SysWOW64\DV4TS.EXE (Tobit Software)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\fe51f1fc1d649f0f9278946af8a76ee4\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\921a4977671bce1f2f553e9adcdb06ee\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll ()
MOD - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe ()
MOD - c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Tobit InfoCenter\DVWIN32$.GER ()
MOD - C:\Windows\TOBITCLT.DLL ()
MOD - C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO -viewer-\RawPictureLib.pcp ()
MOD - C:\PROGRA~2\TOBITI~1\aspell.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (DpHost) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV:64bit: - (McAfee Endpoint Encryption Agent) -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe ()
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (HPDayStarterService) -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe (Hewlett-Packard Company)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (tmlisten) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe (Trend Micro Inc.)
SRV - (ntrtscan) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe (Trend Micro Inc.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (TMBMServer) -- C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (TmProxy) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe (Trend Micro Inc.)
SRV - (hpCMSrv) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (HP ProtectTools Service) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (PdiService) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (HPFSService) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (FLCDLOCK) -- c:\Windows\SysWOW64\flcdlock.exe (Hewlett-Packard Company)
SRV - (WMCoreService) -- C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe (Ericsson AB)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (IFXSpMgtSrv) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
SRV - (PersonalSecureDriveService) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe (Infineon Technologies AG)
SRV - (IFXTCS) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe (Infineon Technologies AG)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (uArcCapture) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe (ArcSoft, Inc.)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.)
DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.)
DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (MfeEpePc) -- C:\windows\SysNative\drivers\MfeEpePc.sys (McAfee, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (WwanUsbServ) -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys (Ericsson AB)
DRV:64bit: - (DAMDrv) -- C:\Windows\SysNative\drivers\DAMDrv64.sys (Hewlett-Packard Company)
DRV:64bit: - (h36wgps) -- C:\Windows\SysNative\drivers\h36wgps64.sys (Ericsson AB)
DRV:64bit: - (SPUVCbv) -- C:\Windows\SysNative\drivers\SPUVCBv_x64.sys (Sunplus Technology)
DRV:64bit: - (SzCCID) -- C:\Windows\SysNative\drivers\SzCCID.sys (Generic)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (ARCVCAM) -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys (ArcSoft, Inc.)
DRV:64bit: - (Mbm3Mdm) -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys (MCCI Corporation)
DRV:64bit: - (Mbm3DevMt) -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys (MCCI Corporation)
DRV:64bit: - (Mbm3CBus) -- C:\Windows\SysNative\drivers\Mbm3CBus.sys (MCCI Corporation)
DRV:64bit: - (Mbm3mdfl) -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys (MCCI Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (ecnssndisfltr) -- C:\Windows\SysNative\drivers\wwussf64.sys (Ericsson AB)
DRV:64bit: - (ecnssndis) -- C:\Windows\SysNative\drivers\wwuss64.sys (Ericsson AB)
DRV:64bit: - (PersonalSecureDrive) -- C:\Windows\SysNative\drivers\psd.sys (Infineon Technologies AG)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (TmFilter) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys (Trend Micro Inc.)
DRV - (TmPreFilter) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys (Trend Micro Inc.)
DRV - (VSApiNt) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys (Trend Micro Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-2396011135-491111833-1837060023-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-2396011135-491111833-1837060023-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-2396011135-491111833-1837060023-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKU\S-1-5-21-2396011135-491111833-1837060023-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2396011135-491111833-1837060023-1004\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKU\S-1-5-21-2396011135-491111833-1837060023-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/05/11 00:57:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/05/11 01:13:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/05/11 01:13:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/05/11 01:13:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files (x86)\Trend Micro\Client Server Security Agent\FirefoxExtension [2013/01/11 11:00:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/05/27 11:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin_hms\AppData\Roaming\mozilla\Extensions
[2014/03/05 16:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014/03/05 16:36:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/05/27 11:18:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DsMgr] C:\Program Files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [DV4TS.EXE] C:\Windows\SysWOW64\DV4TS.EXE (Tobit Software)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HP HD Webcam [Fixed]_Monitor] C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IFXSPMGT] c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-2396011135-491111833-1837060023-1004..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\j.xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PIMphony.lnk = C:\Program Files (x86)\Alcatel_PIMphony\aocphone.exe (Alcatel)
O4 - Startup: C:\Users\j.xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600.lnk = C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2396011135-491111833-1837060023-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2396011135-491111833-1837060023-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2396011135-491111833-1837060023-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {19DFFB5D-E30A-4E3B-8524-0AD8F4D88D32} https://217.92.192.110:8080/XTunnel64.cab (VPLaunch Class)
O16:64bit: - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} https://217.92.192.110:8080/WebCacheCleaner_64.cab (WebCacheCleaner Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.253.241 192.168.253.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = netzwerk.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06E157DD-2805-4CC8-BDBD-94FC7833B924}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93DC6024-B4FE-4F6E-84E0-D9E805047186}: DhcpNameServer = 192.168.253.241 192.168.253.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5FEAD0F-A7FB-4273-ACA3-DD618CEA7382}: NameServer = 139.7.30.125,139.7.30.126
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\windows\SysWow64\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/14 16:32:06 | 000,000,026 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/27 11:56:00 | 000,000,000 | ---D | C] -- C:\Users\admin_hms\AppData\Roaming\Roxio Burn
[2014/05/27 11:24:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\admin_hms\Desktop\OTL.exe
[2014/05/27 11:18:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/05/27 11:10:19 | 000,000,000 | ---D | C] -- C:\ComboFix
[2014/05/27 11:09:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2014/05/27 11:09:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2014/05/27 11:09:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2014/05/27 11:09:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/05/27 11:09:23 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2014/05/27 11:02:34 | 005,203,612 | R--- | C] (Swearware) -- C:\Users\admin_hms\Desktop\ComboFix.exe
[2014/05/27 11:02:03 | 000,000,000 | -HSD | C] -- C:\Users\admin_hms\AppData\Local\EmieUserList
[2014/05/27 11:02:03 | 000,000,000 | -HSD | C] -- C:\Users\admin_hms\AppData\Local\EmieSiteList
[2014/05/27 11:01:59 | 000,000,000 | ---D | C] -- C:\Users\admin_hms\AppData\Roaming\Mozilla
[2014/05/27 11:01:59 | 000,000,000 | ---D | C] -- C:\Users\admin_hms\AppData\Local\Mozilla
[2014/05/21 08:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\GroupPolicy
[2014/05/14 17:39:27 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/05/14 17:39:27 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/05/14 07:50:32 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/05/14 07:50:32 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/05/14 07:46:20 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2014/05/14 07:46:19 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2014/05/14 07:46:19 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2014/05/14 07:46:19 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2014/05/14 07:46:19 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\objsel.dll
[2014/05/14 07:46:19 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winlogon.exe
[2014/05/14 07:46:18 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\objsel.dll
[2014/05/14 07:46:18 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2014/05/14 07:46:18 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cngprovider.dll
[2014/05/14 07:46:18 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adprovider.dll
[2014/05/14 07:46:18 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\capiprovider.dll
[2014/05/14 07:46:18 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpapiprovider.dll
[2014/05/14 07:46:18 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cngprovider.dll
[2014/05/14 07:46:18 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\adprovider.dll
[2014/05/14 07:46:18 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\capiprovider.dll
[2014/05/14 07:46:18 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpapiprovider.dll
[2014/05/14 07:46:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dimsroam.dll
[2014/05/14 07:46:18 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dimsroam.dll
[2014/05/14 07:46:17 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2014/05/14 07:46:17 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wincredprovider.dll
[2014/05/14 07:46:17 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wincredprovider.dll
[2014/05/14 07:46:17 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2014/05/14 07:46:17 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2014/05/02 17:52:43 | 000,000,000 | --SD | C] -- C:\windows\SysNative\CompatTel
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/27 11:33:17 | 000,000,812 | ---- | M] () -- C:\windows\Tobit.ini
[2014/05/27 11:24:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admin_hms\Desktop\OTL.exe
[2014/05/27 11:22:56 | 000,013,869 | ---- | M] () -- C:\windows\cfgall.ini
[2014/05/27 11:21:55 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/27 11:21:55 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/27 11:21:11 | 001,717,708 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/05/27 11:21:11 | 000,737,484 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2014/05/27 11:21:11 | 000,690,340 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/05/27 11:21:11 | 000,162,494 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2014/05/27 11:21:11 | 000,134,794 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/05/27 11:18:20 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2014/05/27 11:14:49 | 000,002,356 | ---- | M] () -- C:\Users\Public\Desktop\ProAlpha Server.lnk
[2014/05/27 11:14:42 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/05/27 11:14:38 | 4200,968,192 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/27 11:03:10 | 005,203,612 | R--- | M] (Swearware) -- C:\Users\admin_hms\Desktop\ComboFix.exe
[2014/05/23 07:23:31 | 000,007,494 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/05/15 09:24:54 | 000,000,144 | ---- | M] () -- C:\windows\cfgrs_ex.ini
[2014/05/15 09:24:53 | 000,001,182 | ---- | M] () -- C:\windows\cfgrs.ini
[2014/05/09 08:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/05/09 08:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/05/06 05:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/05/06 04:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
 
========== Files Created - No Company Name ==========
 
[2014/05/27 11:09:44 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2014/05/27 11:09:44 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2014/05/27 11:09:44 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2014/05/27 11:09:44 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2014/05/27 11:09:44 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2014/05/21 08:30:53 | 000,002,356 | ---- | C] () -- C:\Users\Public\Desktop\ProAlpha Server.lnk
[2014/05/21 08:30:53 | 000,000,855 | ---- | C] () -- C:\Users\Public\Desktop\GDILine.lnk
[2014/05/15 09:24:54 | 000,000,144 | ---- | C] () -- C:\windows\cfgrs_ex.ini
[2014/05/15 09:24:53 | 000,001,182 | ---- | C] () -- C:\windows\cfgrs.ini
[2013/12/23 17:24:13 | 000,000,235 | ---- | C] () -- C:\windows\TOBITADD.INI
[2013/12/23 17:22:00 | 000,185,344 | ---- | C] () -- C:\windows\DVGRF.DLL
[2013/12/23 17:21:48 | 000,000,023 | ---- | C] () -- C:\windows\AVFD.INI
[2013/12/23 17:21:43 | 004,877,312 | ---- | C] () -- C:\windows\TOBITCLT.DLL
[2013/12/23 17:21:28 | 000,000,812 | ---- | C] () -- C:\windows\Tobit.ini
[2013/12/16 19:44:40 | 000,236,568 | ---- | C] () -- C:\windows\RegBootClean64.exe
[2013/12/16 19:44:39 | 000,181,272 | ---- | C] () -- C:\windows\RegBootClean.exe
[2013/03/10 21:05:13 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/11/27 11:48:11 | 000,000,425 | ---- | C] () -- C:\windows\BRWMARK.INI
[2012/11/27 11:48:11 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI
[2012/09/02 18:55:06 | 000,111,932 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat
[2012/09/02 18:55:06 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat
[2012/09/02 18:55:06 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat
[2012/09/02 18:55:06 | 000,026,154 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat
[2012/09/02 18:55:06 | 000,024,903 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat
[2012/09/02 18:55:06 | 000,021,390 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat
[2012/09/02 18:55:06 | 000,020,148 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat
[2012/09/02 18:55:06 | 000,011,811 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat
[2012/09/02 18:55:06 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat
[2012/09/02 18:55:06 | 000,001,146 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_DU.dat
[2012/09/02 18:55:06 | 000,001,139 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat
[2012/09/02 18:55:06 | 000,001,139 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat
[2012/09/02 18:55:06 | 000,001,136 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat
[2012/09/02 18:55:06 | 000,001,129 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat
[2012/09/02 18:55:06 | 000,001,129 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat
[2012/09/02 18:55:06 | 000,001,120 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_IT.dat
[2012/09/02 18:55:06 | 000,001,107 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_GE.dat
[2012/09/02 18:55:06 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat
[2012/09/02 18:55:06 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini
[2012/08/28 10:53:51 | 000,000,032 | ---- | C] () -- C:\windows\CD_Start.INI
[2012/08/14 07:30:47 | 000,000,043 | ---- | C] () -- C:\windows\gswin64.ini
[2012/06/26 16:02:40 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2012/06/21 09:40:57 | 000,099,840 | ---- | C] () -- C:\windows\IMGMSGMO.dll
[2012/06/21 09:36:02 | 000,013,869 | ---- | C] () -- C:\windows\cfgall.ini
[2012/06/21 09:24:31 | 000,007,494 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/06/20 15:29:43 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DigitalPersona
[2012/06/20 15:30:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Infineon
[2012/06/20 17:55:28 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Synaptics
[2012/06/20 18:05:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\WMCore
[2012/06/21 09:25:15 | 000,000,000 | ---D | M] -- C:\Users\admin_hms\AppData\Roaming\DigitalPersona
[2012/06/21 09:25:32 | 000,000,000 | ---D | M] -- C:\Users\admin_hms\AppData\Roaming\Infineon
[2012/06/21 09:28:28 | 000,000,000 | ---D | M] -- C:\Users\admin_hms\AppData\Roaming\Synaptics
[2013/12/18 15:48:49 | 000,000,000 | ---D | M] -- C:\Users\admin_hms\AppData\Roaming\Tobit
[2013/12/18 15:35:50 | 000,000,000 | ---D | M] -- C:\Users\admin_hms\AppData\Roaming\WMCore
[2014/05/27 07:27:45 | 000,000,000 | ---D | M] -- C:\Users\j.xxxxx\AppData\Roaming\Alcatel PIMphony
[2012/06/21 09:30:24 | 000,000,000 | ---D | M] -- C:\Users\j.xxxxx\AppData\Roaming\DigitalPersona
[2012/08/08 16:41:52 | 000,000,000 | ---D | M] -- C:\Users\j.xxxxx\AppData\Roaming\FreePDF
[2012/06/21 09:30:41 | 000,000,000 | ---D | M] -- C:\Users\j.xxxxx\AppData\Roaming\Infineon
[2012/09/02 18:55:48 | 000,000,000 | ---D | M] -- C:\Users\j.xxxxx\AppData\Roaming\Panasonic
[2012/07/12 09:52:02 | 000,000,000 | ---D | M] -- C:\Users\j.xxxxx\AppData\Roaming\Samsung
[2012/06/21 09:33:31 | 000,000,000 | ---D | M] -- C:\Users\j.xxxxx\AppData\Roaming\Synaptics
[2013/12/16 12:38:35 | 000,000,000 | ---D | M] -- C:\Users\j.xxxxx\AppData\Roaming\TeamViewer
[2014/02/17 09:11:35 | 000,000,000 | ---D | M] -- C:\Users\j.xxxxx\AppData\Roaming\Tobit
[2012/06/21 09:43:51 | 000,000,000 | ---D | M] -- C:\Users\j.xxxxx\AppData\Roaming\WMCore
 
========== Purity Check ==========
 
 

< End of report >
         

Dann jetzt noch bitte wie oben angegeben FRST laufen lassen