| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Diverse Viren auf Win8 Rechner - wie gehts weiter?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.10.2014, 22:04
| #1 |
| |  Diverse Viren auf Win8 Rechner - wie gehts weiter? Hallo! durch einen Klick auf "Ihr Videoplayer ist nicht aktuell" hab ich mir (Laptop intel corei7 win8.1 64bit) einiges eingefangen, Umleitungen beim Surfen und eDeals, Rechner sehr langsam, Firefox sehr langsam, Rechner startet sehr langsam, Poups mit Umfragen etc., Dropbox findet keine Internetverbindung mehr etc. frst und frst64 laufen wohl nicht auf win8, oder? In den Programmen finde ich nichts, was mir auffällig vorkommt, leider, also nichts, was ich deinstallieren könnte (siehe Liste unten; bin aber auch kein Profi...). Spyhunter findet u.a. diese hier (aber Spyhunter kommt bei euch ja nicht so toll weg - weiß schon, aber war mal in der Nacht dann etwas hilflos...): Istartsurf.com Snap.do Webssearches.com 2o7 Adserver Adtech Advert Advertising Avware.V-bates Adware.Web Frog CasableMedia Media Mediaplex PUP.Freemake.Video Converter PUP.NewPlayer PUP.SupTab OTL sagt Code:
ATTFilter ebOTL logfile created on: 12.09.2014 16:59:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DieSinnnwells\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17278) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 5,62 Gb Available Physical Memory | 71,05% Memory free 9,73 Gb Paging File | 6,33 Gb Available in Paging File | 65,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 891,22 Gb Total Space | 525,17 Gb Free Space | 58,93% Space Free | Partition Type: NTFS Drive D: | 25,00 Gb Total Space | 22,73 Gb Free Space | 90,93% Space Free | Partition Type: NTFS Drive E: | 931,46 Gb Total Space | 542,70 Gb Free Space | 58,26% Space Free | Partition Type: NTFS Drive G: | 1862,82 Gb Total Space | 1167,45 Gb Free Space | 62,67% Space Free | Partition Type: NTFS Computer Name: SINNWELLNOTE | User Name: DieSinnnwells | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014.09.11 10:59:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DieSinnnwells\Desktop\OTL.exe PRC - [2014.09.04 20:49:42 | 000,060,452 | ---- | M] () -- C:\Windows\SysWOW64\DebugDirect3dMotion\DebugDirect3dMotion.exe PRC - [2014.09.04 20:49:34 | 000,251,429 | ---- | M] () -- C:\Users\DieSinnnwells\AppData\Local\AppCursorFunction\BIOSPathTask.exe PRC - [2014.09.04 20:49:34 | 000,107,557 | ---- | M] () -- C:\Users\DieSinnnwells\AppData\Local\AppCursorFunction\AppCursorFunction.exe PRC - [2014.08.06 09:19:58 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2014.08.06 09:19:44 | 001,021,520 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe PRC - [2014.08.06 09:19:43 | 000,751,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2014.08.06 09:19:43 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2014.08.04 14:20:42 | 000,161,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe PRC - [2014.07.30 02:22:10 | 036,414,496 | ---- | M] (Dropbox, Inc.) -- C:\Users\DieSinnnwells\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.12.12 21:56:14 | 003,145,536 | ---- | M] () -- C:\Users\DieSinnnwells\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe PRC - [2013.06.07 17:08:36 | 017,124,256 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe PRC - [2013.05.17 01:06:26 | 000,366,552 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2013.05.17 01:06:22 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2013.05.16 16:44:06 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe PRC - [2013.05.14 10:02:50 | 000,552,960 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331STI.EXE PRC - [2013.04.30 12:25:22 | 000,286,704 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2013.04.30 12:25:22 | 000,015,344 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2013.03.18 15:25:26 | 001,161,592 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2013.03.18 15:25:08 | 001,124,728 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2013.03.08 15:18:34 | 000,095,192 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe PRC - [2013.01.09 08:06:06 | 001,259,872 | ---- | M] (SafeNet, Inc) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe PRC - [2013.01.09 02:03:02 | 000,376,832 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe PRC - [2013.01.09 02:00:02 | 000,293,216 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe PRC - [2012.12.13 22:18:54 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE PRC - [2012.10.30 20:11:32 | 000,168,464 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe PRC - [2012.03.26 18:35:16 | 000,449,168 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe PRC - [2004.12.14 02:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2014.09.12 16:27:55 | 000,043,008 | ---- | M] () -- c:\users\diesin~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplpivmj.dll MOD - [2014.09.11 01:38:26 | 000,250,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\72004d1b2eec7dfa9cc465c9804c9e20\WindowsFormsIntegration.ni.dll MOD - [2014.09.11 01:38:13 | 002,964,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\d82137c37ef37707446bb6056c0ee9c4\System.IdentityModel.ni.dll MOD - [2014.09.11 01:37:59 | 000,786,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\668eb7171833079353583f414ea7192d\System.ServiceModel.Internals.ni.dll MOD - [2014.09.11 01:37:59 | 000,118,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\9c66601bad4851a24e037f606482160f\SMDiagnostics.ni.dll MOD - [2014.09.11 01:35:52 | 007,785,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\462e6667cb4ef74abec9524d96c4d7d5\System.Xml.ni.dll MOD - [2014.09.11 01:35:49 | 001,874,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\dd08601ab40a3c0743ee8d7b4350debe\System.Xaml.ni.dll MOD - [2014.09.11 01:35:48 | 012,856,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\cc272fa4bc8ae7c468e3c75a57ae3c72\System.Windows.Forms.ni.dll MOD - [2014.09.11 01:35:43 | 000,219,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\e99d52ddc175721f6ed14653e32ba4c5\System.ServiceProcess.ni.dll MOD - [2014.09.11 01:35:42 | 019,567,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\528be8efca0c6b6c9ce63f3664c80443\System.ServiceModel.ni.dll MOD - [2014.09.11 01:35:33 | 002,803,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\cf112546e5e77b821db19d8b958cfeee\System.Runtime.Serialization.ni.dll MOD - [2014.09.11 01:35:30 | 001,635,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\9e99d85dfa5a3de8e34fe912acf82021\System.Drawing.ni.dll MOD - [2014.09.11 01:35:29 | 007,385,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\a7d80873c90c120b21057d652b039a52\System.Data.ni.dll MOD - [2014.09.11 01:35:26 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\04d455ea050b547ca661a16509fe4638\System.Configuration.ni.dll MOD - [2014.09.11 01:35:26 | 000,463,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\165bbf987a17d5254aeb43e769ab02f7\PresentationFramework.Aero2.ni.dll MOD - [2014.09.11 01:35:25 | 018,744,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\201ff175176fa9f3f7930492d6f8e140\PresentationFramework.ni.dll MOD - [2014.09.11 01:35:18 | 011,027,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\137698b247bb9989ebaf0a9c9528f17a\PresentationCore.ni.dll MOD - [2014.09.11 01:35:13 | 003,957,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\358c6ca55986bf6ef35d4de5806f3f99\WindowsBase.ni.dll MOD - [2014.09.11 01:35:10 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\5e8ea4bc2ddce0edd65f5c68b7241c06\System.Core.ni.dll MOD - [2014.09.11 01:35:07 | 010,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3028925cf331e81d2b55093a3f131bd5\System.ni.dll MOD - [2014.09.04 20:49:34 | 000,251,429 | ---- | M] () -- C:\Users\DieSinnnwells\AppData\Local\AppCursorFunction\BIOSPathTask.exe MOD - [2014.08.04 14:20:34 | 000,052,472 | ---- | M] () -- C:\Users\DIESIN~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll MOD - [2014.07.30 02:20:20 | 003,610,624 | ---- | M] () -- C:\Users\DieSinnnwells\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2014.05.07 13:05:21 | 000,146,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\8e945b32dd6b4b00c900f6c01c0f3c62\System.Numerics.ni.dll MOD - [2014.01.27 13:52:41 | 017,395,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll MOD - [2013.12.12 21:56:14 | 003,145,536 | ---- | M] () -- C:\Users\DieSinnnwells\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe MOD - [2013.08.23 21:01:44 | 025,100,288 | ---- | M] () -- C:\Users\DieSinnnwells\AppData\Roaming\Dropbox\bin\libcef.dll ========== Services (SafeList) ========== SRV:64bit: - [2014.09.11 10:29:19 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2014.04.06 13:20:36 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2014.04.03 04:51:48 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc) SRV:64bit: - [2014.03.14 08:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc) SRV:64bit: - [2014.03.08 07:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc) SRV:64bit: - [2014.03.06 09:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2014.02.22 17:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2014.02.22 11:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2014.02.22 11:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2014.02.22 11:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2014.02.22 11:25:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2014.02.22 11:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.12.10 09:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness) SRV:64bit: - [2013.11.23 06:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013.08.22 14:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2013.08.22 13:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC) SRV:64bit: - [2013.08.22 13:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2013.08.22 13:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2013.08.22 13:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2013.08.22 13:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2013.08.22 12:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface) SRV:64bit: - [2013.08.22 12:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost) SRV:64bit: - [2013.08.22 11:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum) SRV:64bit: - [2013.08.22 11:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2013.08.22 11:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013.08.22 11:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.08.22 11:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService) SRV:64bit: - [2013.08.22 11:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2013.08.22 11:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2013.08.22 11:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV - [2014.09.09 22:17:16 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014.09.04 20:49:42 | 000,060,452 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\DebugDirect3dMotion\DebugDirect3dMotion.exe -- (DebugDirect3dMotion) SRV - [2014.09.04 20:49:34 | 000,107,557 | ---- | M] () [Auto | Running] -- C:\Users\DieSinnnwells\AppData\Local\AppCursorFunction\AppCursorFunction.exe -- (AppCursorFunction.exe) SRV - [2014.08.06 09:19:58 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2014.08.06 09:19:44 | 001,021,520 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService) SRV - [2014.08.06 09:19:43 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2014.08.04 14:20:40 | 000,149,296 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost) SRV - [2014.07.30 12:05:04 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014.05.12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe -- (MBAMService) SRV - [2014.05.12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe -- (MBAMScheduler) SRV - [2014.04.03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2014.03.14 08:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc) SRV - [2014.01.09 07:15:48 | 001,025,408 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service) SRV - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.12.21 01:02:54 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2013.09.05 03:35:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.09.01 13:30:33 | 000,068,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe -- (VeriFaceSrv) SRV - [2013.08.28 17:24:04 | 003,378,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV - [2013.08.28 17:23:48 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2013.08.28 17:23:40 | 000,626,416 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2013.08.28 17:23:20 | 000,149,744 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2013.08.28 01:27:58 | 000,661,832 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Programme\Avid\Editor Transcode\Dynamic Media Files\DMFService.exe -- (Avid DMF Service) SRV - [2013.08.28 01:25:32 | 000,662,344 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Programme\Avid\Editor Transcode\TranscodeService\AvidEditorMSE.exe -- (Avid Editor Broker) SRV - [2013.08.28 01:25:32 | 000,297,800 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Programme\Avid\Editor Transcode\TranscodeService\rnc-central\AvidEditorTranscodeStatus.exe -- (Avid Editor Transcode Status) SRV - [2013.08.28 01:25:30 | 000,662,344 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Programme\Avid\Editor Transcode\TranscodeService\AvidEditorTranscode.exe -- (Avid Editor Transcode Service) SRV - [2013.08.28 01:25:30 | 000,661,832 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Programme\Avid\Editor Transcode\TranscodeService\AvidEditorDbEngine.exe -- (Avid Editor Db Engine) SRV - [2013.08.22 14:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2013.08.22 05:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2013.08.22 04:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost) SRV - [2013.07.04 20:36:32 | 000,337,920 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2013.06.07 17:08:36 | 017,124,256 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices) SRV - [2013.06.04 12:49:42 | 000,156,104 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe -- (Intel(R) SRV - [2013.05.28 15:37:36 | 000,101,536 | ---- | M] (Intel) [Auto | Running] -- C:\Programme\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe -- (BrcmSetSecurity) SRV - [2013.05.17 01:06:26 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2013.05.17 01:06:22 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2013.05.01 09:04:08 | 000,772,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2013.04.30 12:25:22 | 000,015,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2013.03.18 15:25:26 | 001,161,592 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2013.03.18 15:25:08 | 001,124,728 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2013.02.13 12:47:04 | 000,820,184 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R) SRV - [2013.02.13 12:46:48 | 000,731,648 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2013.01.09 08:06:06 | 001,259,872 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2013.01.09 02:03:02 | 000,376,832 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer) SRV - [2013.01.09 02:00:02 | 000,293,216 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe -- (SentinelSecurityRuntime) SRV - [2012.12.13 22:18:54 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc) SRV - [2012.12.13 22:18:48 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8) SRV - [2012.09.12 18:07:06 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2014.07.08 11:32:06 | 000,042,040 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Disabled | Unknown] -- C:\Windows\SysNative\drivers\avnetflt.sys -- (avnetflt) DRV:64bit: - [2014.07.01 15:54:46 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2014.06.05 09:06:52 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2014.05.31 12:07:07 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2014.05.12 07:26:14 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl) DRV:64bit: - [2014.05.12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2014.05.01 15:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2014.04.01 08:23:41 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2014.03.24 04:30:57 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2014.03.24 04:30:57 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv) DRV:64bit: - [2014.03.24 04:27:03 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2014.03.20 05:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS) DRV:64bit: - [2014.03.13 14:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof) DRV:64bit: - [2014.03.08 22:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2014.02.22 18:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2014.02.22 17:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2014.02.22 17:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2014.02.22 17:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2014.02.22 17:49:47 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2014.02.22 17:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS) DRV:64bit: - [2014.02.22 14:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2013.12.25 12:37:44 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2) DRV:64bit: - [2013.12.25 12:37:44 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.12.25 12:37:44 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep) DRV:64bit: - [2013.12.21 01:02:44 | 004,216,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2013.12.15 01:34:54 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2013.12.15 01:34:54 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2013.12.04 20:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum) DRV:64bit: - [2013.11.14 09:33:28 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme) DRV:64bit: - [2013.11.14 09:26:36 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2013.11.14 09:13:40 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2013.11.14 09:13:36 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2013.10.31 20:25:19 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.10.08 23:52:34 | 003,648,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwew02.sys -- (NETwNe64) DRV:64bit: - [2013.09.25 23:52:42 | 003,589,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwbw02.sys -- (NETwNb64) DRV:64bit: - [2013.09.05 03:37:00 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2013.09.01 13:33:08 | 000,035,600 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2013.08.22 15:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv) DRV:64bit: - [2013.08.22 15:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2013.08.22 14:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam) DRV:64bit: - [2013.08.22 14:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2013.08.22 14:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2013.08.22 14:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2013.08.22 14:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2013.08.22 14:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2013.08.22 14:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2013.08.22 14:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2013.08.22 14:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2013.08.22 14:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3) DRV:64bit: - [2013.08.22 14:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX) DRV:64bit: - [2013.08.22 14:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2013.08.22 14:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2013.08.22 14:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware) DRV:64bit: - [2013.08.22 14:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2013.08.22 14:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2013.08.22 14:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2013.08.22 14:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2013.08.22 14:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2013.08.22 14:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2013.08.22 14:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2013.08.22 14:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci) DRV:64bit: - [2013.08.22 14:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2013.08.22 14:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2013.08.22 14:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI) DRV:64bit: - [2013.08.22 14:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci) DRV:64bit: - [2013.08.22 14:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2013.08.22 13:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2013.08.22 13:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache) DRV:64bit: - [2013.08.22 13:39:50 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2013.08.22 13:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2013.08.22 13:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2013.08.22 13:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2013.08.22 13:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2013.08.22 13:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2013.08.22 13:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.08.22 13:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2013.08.22 13:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2013.08.22 13:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2013.08.22 13:38:17 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2013.08.22 13:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2013.08.22 13:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2013.08.22 13:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2013.08.22 13:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2013.08.22 13:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2013.08.22 13:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2013.08.22 13:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2013.08.22 13:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc) DRV:64bit: - [2013.08.22 13:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus) DRV:64bit: - [2013.08.22 13:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2013.08.22 13:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2013.08.22 13:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2013.08.22 10:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2013.08.13 01:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2) DRV:64bit: - [2013.08.10 02:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV) DRV:64bit: - [2013.07.30 20:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO) DRV:64bit: - [2013.07.25 21:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C) DRV:64bit: - [2013.07.04 20:36:32 | 000,550,912 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2013.06.20 07:29:10 | 000,532,720 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2013.06.20 07:29:08 | 000,033,008 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2013.06.18 16:44:59 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C63x64.sys -- (L1C) DRV:64bit: - [2013.06.04 12:49:20 | 000,115,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibtusb.sys -- (ibtusb) DRV:64bit: - [2013.05.31 11:45:12 | 001,064,704 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs) DRV:64bit: - [2013.05.28 15:37:28 | 000,206,744 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb3Hub.sys -- (usb3Hub) DRV:64bit: - [2013.05.17 01:06:24 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2013.05.01 09:04:36 | 000,165,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2013.04.30 12:25:00 | 000,677,360 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2013.04.11 15:08:40 | 000,106,704 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\Tpkd.sys -- (Tpkd) DRV:64bit: - [2013.04.09 20:52:32 | 000,100,184 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\IntelPcc.sys -- (IntelHSWPcc) DRV:64bit: - [2013.03.28 13:47:00 | 001,366,328 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2012.10.03 11:26:58 | 000,095,232 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2012.06.22 11:01:32 | 000,022,704 | ---- | M] () [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner) DRV:64bit: - [2012.06.13 17:10:32 | 000,102,376 | ---- | M] ("CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2011.05.24 03:00:00 | 000,055,952 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.09.17 08:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{CD4D22C8-F6CD-46CD-9432-456CB4AA5085}: "URL" = hxxp://url24.info/?id=4412f9766a2094&q={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{E3D32510-4D0D-4B4A-BE19-108A12DB42AD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*origin.com;*ea.com;*akamaihd.net IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:21521 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2014.01.09 13:08:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.11.01 00:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DieSinnnwells\AppData\Roaming\mozilla\Extensions [2014.09.08 12:33:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DieSinnnwells\AppData\Roaming\mozilla\Firefox\Profiles\tdaqq3v8.default\extensions [2014.09.04 13:09:40 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\DieSinnnwells\AppData\Roaming\mozilla\Firefox\Profiles\tdaqq3v8.default\extensions\abs@avira.com [2014.07.30 12:05:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2014.07.30 12:05:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.08.22 15:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.) O4:64bit: - HKLM..\Run: [DolbyTrayApp] c:\program files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.) O4:64bit: - HKLM..\Run: [Energy Manager] C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Lenovo Utility] C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo) O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE (Vimicro) O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKCU..\Run: [Amazon Cloud Player] C:\Users\DieSinnnwells\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe () O4 - HKCU..\Run: [GMX Application {sync-000021}] C:\Users\DieSinnnwells\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe (1&1 Mail & Media GmbH) O4 - Startup: C:\Users\DieSinnnwells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\DieSinnnwells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\DieSinnnwells\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D3612D4-07E1-4BDB-AF25-4BCFD39A5773}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\WINDOWS\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2014.09.11 09:00:37 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.09.12 16:58:53 | 000,000,000 | ---D | C] -- C:\_OTL [2014.09.11 11:08:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2014.09.11 11:08:49 | 000,000,000 | ---D | C] -- C:\Users\DieSinnnwells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2014.09.11 10:59:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\DieSinnnwells\Desktop\OTL.exe [2014.09.11 09:00:13 | 000,000,000 | ---D | C] -- C:\Users\DieSinnnwells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2014.09.11 09:00:12 | 000,000,000 | ---D | C] -- C:\sh4ldr [2014.09.11 09:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2014.09.11 08:59:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2014.09.08 12:48:29 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys [2014.09.08 12:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2014.09.08 12:48:20 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys [2014.09.08 12:48:20 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys [2014.09.08 12:48:20 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys [2014.09.08 12:48:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2014.09.08 12:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014.09.08 12:09:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014.09.04 20:52:20 | 000,000,000 | ---D | C] -- C:\Users\DieSinnnwells\AppData\Local\com [2014.09.04 20:49:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\DebugDirect3dMotion [2014.09.04 20:49:32 | 000,000,000 | ---D | C] -- C:\Users\DieSinnnwells\AppData\Local\AppCursorFunction [2014.09.03 17:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.09.12 16:26:25 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2014.09.11 11:08:49 | 000,001,295 | ---- | M] () -- C:\Users\DieSinnnwells\Desktop\Revo Uninstaller.lnk [2014.09.11 10:59:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DieSinnnwells\Desktop\OTL.exe [2014.09.11 10:44:59 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys [2014.09.11 10:33:03 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2014.09.11 10:32:58 | 2503,389,183 | -HS- | M] () -- C:\hiberfil.sys [2014.09.11 10:32:22 | 000,012,800 | ---- | M] () -- C:\WINDOWS\SysNative\VfService.trf [2014.09.11 10:17:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2014.09.11 09:00:37 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2014.09.11 09:00:13 | 000,002,301 | ---- | M] () -- C:\Users\DieSinnnwells\Desktop\SpyHunter.lnk [2014.09.11 08:47:08 | 001,807,578 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2014.09.11 08:47:08 | 000,776,626 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat [2014.09.11 08:47:08 | 000,731,842 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2014.09.11 08:47:08 | 000,164,310 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat [2014.09.11 08:47:08 | 000,139,818 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2014.09.10 14:53:51 | 001,145,741 | ---- | M] () -- C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\Vertrag_UniBW_Sinnwell_MHSB1EW039EA976.pdf [2014.09.08 12:48:22 | 000,001,129 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.09.05 02:42:53 | 004,973,544 | ---- | M] () -- C:\Users\DieSinnnwells\Desktop\danieleAffen.avb [2014.09.04 22:14:24 | 000,034,646 | ---- | M] () -- C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\cc_20140904_221415.reg [2014.09.04 22:11:10 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2014.09.04 21:53:44 | 000,059,572 | ---- | M] () -- C:\0525d0a5-f51b-43ca-a1c4-c98e5dba42ec.dmp [2014.09.04 20:49:21 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_webinstr_01009.Wdf [2014.09.02 13:33:36 | 000,017,012 | ---- | M] () -- C:\Users\DieSinnnwells\Desktop\Sicherungskopie von To Do_as.wbk [2014.09.02 10:56:07 | 000,001,133 | ---- | M] () -- C:\Users\DieSinnnwells\Desktop\Cyberlink Power2Go.lnk [2014.08.28 07:45:50 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk [2014.08.28 07:38:51 | 000,499,368 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2014.08.22 09:14:31 | 000,022,706 | ---- | M] () -- C:\Users\DieSinnnwells\Desktop\babydi_tstudie_-_den_zucker_im_brei_suchen.pdf [2014.08.22 09:10:25 | 000,060,370 | ---- | M] () -- C:\Users\DieSinnnwells\Desktop\Newsletter_BABYDIAB.pdf [2014.08.18 23:45:19 | 000,076,918 | ---- | M] () -- C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\Antrag_101_Selbst.pdf [2014.08.18 21:18:06 | 000,058,162 | ---- | M] () -- C:\Users\DieSinnnwells\Desktop\Antrag_101_Selbst.pdf [2014.08.16 16:32:11 | 002,744,896 | ---- | M] () -- C:\Users\DieSinnnwells\Desktop\__Schnitt Daniele.avb [2014.08.15 09:57:11 | 000,002,469 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk [2014.08.15 00:19:45 | 000,001,123 | ---- | M] () -- C:\Users\DieSinnnwells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014.08.15 00:19:24 | 000,001,107 | ---- | M] () -- C:\Users\DieSinnnwells\Desktop\Dropbox.lnk [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.09.11 11:08:49 | 000,001,295 | ---- | C] () -- C:\Users\DieSinnnwells\Desktop\Revo Uninstaller.lnk [2014.09.11 09:00:37 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2014.09.11 09:00:17 | 000,022,704 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\EsgScanner.sys [2014.09.11 09:00:13 | 000,002,301 | ---- | C] () -- C:\Users\DieSinnnwells\Desktop\SpyHunter.lnk [2014.09.10 14:52:47 | 001,145,741 | ---- | C] () -- C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\Vertrag_UniBW_Sinnwell_MHSB1EW039EA976.pdf [2014.09.08 12:48:22 | 000,001,129 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.09.05 02:42:53 | 004,973,544 | ---- | C] () -- C:\Users\DieSinnnwells\Desktop\danieleAffen.avb [2014.09.04 22:14:18 | 000,034,646 | ---- | C] () -- C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\cc_20140904_221415.reg [2014.09.04 21:53:44 | 000,059,572 | ---- | C] () -- C:\0525d0a5-f51b-43ca-a1c4-c98e5dba42ec.dmp [2014.09.04 20:49:21 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_webinstr_01009.Wdf [2014.09.04 20:49:06 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2014.09.02 13:33:36 | 000,017,012 | ---- | C] () -- C:\Users\DieSinnnwells\Desktop\Sicherungskopie von To Do_as.wbk [2014.08.28 07:45:50 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk [2014.08.22 09:14:30 | 000,022,706 | ---- | C] () -- C:\Users\DieSinnnwells\Desktop\babydi_tstudie_-_den_zucker_im_brei_suchen.pdf [2014.08.22 09:10:23 | 000,060,370 | ---- | C] () -- C:\Users\DieSinnnwells\Desktop\Newsletter_BABYDIAB.pdf [2014.08.18 21:26:52 | 000,076,918 | ---- | C] () -- C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\Antrag_101_Selbst.pdf [2014.08.18 21:18:06 | 000,058,162 | ---- | C] () -- C:\Users\DieSinnnwells\Desktop\Antrag_101_Selbst.pdf [2014.08.15 15:27:11 | 002,744,896 | ---- | C] () -- C:\Users\DieSinnnwells\Desktop\__Schnitt Daniele.avb [2014.08.15 00:19:45 | 000,001,123 | ---- | C] () -- C:\Users\DieSinnnwells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014.04.29 18:32:07 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini [2014.04.28 13:16:02 | 000,019,474 | ---- | C] () -- C:\WINDOWS\prodsett_copy.ini [2014.03.18 16:24:24 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll [2014.01.10 02:42:48 | 000,175,616 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll [2013.12.21 01:02:44 | 000,280,064 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll [2013.12.21 01:02:40 | 000,182,272 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll [2013.12.21 01:02:40 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll [2013.11.14 12:03:26 | 000,243,288 | ---- | C] () -- C:\WINDOWS\SysWow64\qtmlClient.dll [2013.09.01 13:11:47 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2013.09.01 13:10:40 | 000,001,677 | ---- | C] () -- C:\WINDOWS\vm331Rmv.ini [2013.09.01 13:10:40 | 000,001,677 | ---- | C] () -- C:\WINDOWS\SysWow64\vm331Rmv.ini [2013.09.01 13:10:08 | 001,809,786 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2013.08.22 17:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat [2013.08.22 17:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT [2013.08.22 16:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2013.08.22 09:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin [2013.08.22 05:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll [2013.08.22 01:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2013.08.22 01:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat [2013.02.13 12:27:54 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2014.01.09 13:09:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014.04.06 18:31:39 | 021,268,952 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014.04.06 17:22:20 | 018,755,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013.08.22 11:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2013.08.22 04:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013.08.22 11:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014.04.03 21:36:43 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\Avid Technology [2014.03.04 14:17:39 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\Avid Technology Inc [2014.01.07 09:03:02 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\Canon [2014.09.04 08:33:41 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\Dropbox [2014.07.07 09:40:06 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\DVDVideoSoft [2014.01.03 13:32:05 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\HandBrake [2014.01.10 02:42:56 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\Leawo [2013.11.01 00:01:55 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\Lenovo [2013.11.27 10:06:41 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\MyPhoneExplorer [2013.10.23 22:00:42 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\Nitro [2014.09.08 15:43:27 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\Nitro PDF [2014.03.04 14:18:01 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\PACE Anti-Piracy [2014.01.10 14:03:45 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\Sony [2014.01.10 03:03:54 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\Sony Creative Software Inc [2014.04.03 21:17:58 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\SorensonMedia [2014.01.10 02:44:00 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\tiger-k [2014.01.03 13:28:45 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\TuneUp Software [2013.11.01 00:07:26 | 000,000,000 | ---D | M] -- C:\Users\DieSinnnwells\AppData\Roaming\WebApp ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 65536 bytes -> C:\Users\DieSinnnwells\Desktop\danieleAffen.avb:BINSTATE_RSRC @Alternate Data Stream - 65536 bytes -> C:\Users\DieSinnnwells\Desktop\__SCHNITTvv.avb:BINSTATE_RSRC @Alternate Data Stream - 65536 bytes -> C:\Users\DieSinnnwells\Desktop\__SCHNITT.avb:BINSTATE_RSRC @Alternate Data Stream - 65536 bytes -> C:\Users\DieSinnnwells\Desktop\__Schnitt Daniele.avb:BINSTATE_RSRC @Alternate Data Stream - 161 bytes -> C:\Users\DieSinnnwells\Dropbox\Dokumente Laptop\P1160684klein.jpg:com.dropbox.attributes @Alternate Data Stream - 1047 bytes -> C:\Users\DieSinnnwells\AppData\Local\h4FUwrDK:Q7XyeUI637PNQWgnQxGGdIdqyf < End of report > ADWCLEANER findet nix, Code:
ATTFilter # AdwCleaner v3.309 - Bericht erstellt am 11/09/2014 um 10:09:59
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : DieSinnnwells - SINNWELLNOTE
# Gestartet von : C:\Users\DieSinnnwells\Downloads\adwcleaner_3.309.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\STool
Schlüssel Gelöscht : HKLM\SOFTWARE\Upt
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\DieSinnnwells\AppData\Roaming\Mozilla\Firefox\Profiles\tdaqq3v8.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [10644 octets] - [08/09/2014 12:09:45]
AdwCleaner[R1].txt - [10432 octets] - [08/09/2014 12:35:50]
AdwCleaner[R2].txt - [1158 octets] - [11/09/2014 10:09:17]
AdwCleaner[S0].txt - [7637 octets] - [08/09/2014 12:36:37]
AdwCleaner[S1].txt - [1032 octets] - [11/09/2014 10:09:59]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1092 octets] ##########
Installierte Programme: Name Version Avid Codecs LE 2.4.0 SpyHunter 4.17.6.4336 Adobe Common File Installer 1.00.001 Microsoft Office OneNote MUI (German) 2007 12.0.6612.1000 Microsoft Office InfoPath MUI (German) 2007 12.0.6612.1000 Microsoft Office Access MUI (German) 2007 12.0.6612.1000 Microsoft Office Excel MUI (German) 2007 12.0.6612.1000 Microsoft Office PowerPoint MUI (German) 2007 12.0.6612.1000 Microsoft Office Publisher MUI (German) 2007 12.0.6612.1000 Microsoft Office Outlook MUI (German) 2007 12.0.6612.1000 Microsoft Office Office 64-bit Components 2007 12.0.6612.1000 Microsoft Office Shared 64-bit MUI (German) 2007 12.0.6612.1000 Microsoft Office Groove MUI (German) 2007 12.0.6612.1000 Microsoft Office Word MUI (German) 2007 12.0.6612.1000 Microsoft Office Proofing (German) 2007 12.0.4518.1014 Microsoft Office Shared MUI (German) 2007 12.0.6612.1000 Microsoft Office Proof (Italian) 2007 12.0.6612.1000 Microsoft Office Proof (German) 2007 12.0.6612.1000 Microsoft Office Proof (English) 2007 12.0.6612.1000 Microsoft Office Proof (French) 2007 12.0.6612.1000 Microsoft Office Enterprise 2007 12.0.6612.1000 Microsoft Office File Validation Add-In 14.0.5130.5003 Microsoft Office 15.0.4454.1510 Adobe Bridge 1.0 001.000.001 Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed 16.0.5.0046 Intel® Trusted Connect Service Client 1.27.798.1 PACE License Support Win64 2.0.0.0256 Intel(R) Update Manager 2.3.1338 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 10.0.40219 Microsoft Visual C++ 2005 Redistributable (x64) 8.0.61000 Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology 3.0.1306.0342 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 9.0.30729 NVIDIA PhysX 9.13.0604 Sony PDZK-MA2 v3.21 3.21 Adobe InDesign CS2 004.000.000 Microsoft Visual C++ 2005 Redistributable 8.0.59193 OneKey Recovery 5.70.0000 Visual Studio C++ 10.0 Runtime 10.0.0 Avid License Control 3.0.1 Apple Software Update 2.1.3.127 Dolby Home Theater v4 7.2.8000.17 Adobe Photoshop CS2 9.0 Java 7 Update 67 7.0.670 Skype™ 6.18 6.18.106 Apple Application Support 2.3.6 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 9.0.30729 Intel(R) WiDi 4.1.19.0 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 9.0.30729.6161 Adobe Acrobat 7.0 Professional - English, Français, Deutsch 7.0.0 Adobe Reader XI (11.0.09) - Deutsch 11.0.09 Avid FX (64 Bit) 6.4.0001 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 9.0.21022 Energy Manager 1.0.0.28 Adobe Stock Photos 1.0 1.0.1 Intel(R) PRO/Wireless Driver 16.01.5000.0577 Microsoft Office Live Add-in 1.5 2.0.4024.1 Shared C Run-time for x64 10.0.0 Microsoft Visual C++ 2005 Redistributable (x64) 8.0.56336 Adobe Help Center 1.0 1.0.1 YouCam 4.10.0000 Avid DVD by Sonic 6.4.4 Benutzerhandbuch 1.0.0.15 Alcor Micro USB Card Reader 3.1.1245.72250 Intel(R) Rapid Storage Technology 12.6.0.1033 Avid Media Composer 7.0.3 Intel® PROSet/Wireless WiFi Software 16.01.5000.0269 Microsoft Visual C++ 2005 Redistributable 8.0.61001 Sentinel Protection Installer 7.6.6 7.6.6 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 9.0.30729 Avid Editor Transcode 3.0.6 Microsoft .NET Framework 1.1 1.1.4322 PowerDVD 10.00.0000 Nitro Pro 8 8.0.10.7 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 9.0.30729 Java Auto Updater 2.1.67.1 Avira 1.1.21.25162 QuickTime 7 7.75.80.95 Wer kann mir helfen??? Danke 1000x, lg Arne |
Baum-Darstellung