| |
| |||||||
Log-Analyse und Auswertung: Schädling in Firefox / FlashWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.01.2015, 21:17
| #1 |
 |  Schädling in Firefox / Flash Guten Tag, ich habe seit einiger Zeit enorme Probleme mit meinem Net-book. Da ich stark auf das kleine Teil angewiesen bin, und nur sehr ungern formatieren möchte, hoffe ich Ihr könnt mir helfen  Wenn ich Firefox starte kommen bei mir dutzende Virenmeldungen von meinem G-Data Antiviren Programm. Ich habe einig hier empfohlene Programme checken lassen und es wurde auch einiges gefunden. Darunter Malwarebyte, SuperAntiSpyware und CC Cleaner. Allerdings scheinen immer noch Schädlinge vorhanden zu sein. Anbei mal meine Logfiles von AVZ Antiviral Toolkit. Vielen Dank bereits im Vorraus ! |
|
24.01.2015, 21:18
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Schädling in Firefox / Flash Hi und
__________________ Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
24.01.2015, 21:25
| #3 |
| | Schädling in Firefox / Flash Entschuldigung ! wird gemacht
__________________ Code:
ATTFilter <?xml version="1.0" encoding="WINDOWS-1251"?>
-<AVZ CompHash="068E7D2195E0926091011471DFAFF738" MainDBDate="24.01.2015 04:00:08" IsSRDisabled="False" Base64Mode="False" IsAdmin="True" IsWow64="True" Domain="WORKGROUP" Session="" ProfileDir="C:\Users\lenovo" OS_CSDV="Service Pack 1" BootMode="0" OS_ProductName="Windows 7 Home Premium" OS_Build="7601" OS_MiVer="1" OS_MjVer="6" WinDir="C:\Windows\" LogDate="24.01.2015 12:00:25" Version="4.43">
-<PROCESS>
<ITEM IsPE64="1" IsPE="1" Ver="7.3.0.140" OFN="AdminService.exe" Product="Bluetooth Software" Vendor="Atheros Commnucations" MD5="2C2D5D0D986AA1C3B767578E5CDD9E8B" ChangeDate="16.11.2011 10:46:20" CreateDate="16.11.2011 10:46:20" Attr="rsAh" Size="106144" CmdLine="" Hidden="1" LegalCopyright="Copyright (c) 2001-2011 Atheros Communications, Inc. All rights reserved." Descr="AdminService Application" CheckResult="-1" File="C:\Program Files (x86)\Bluetooth Suite\AdminService.exe" PID="1836"/>
<ITEM IsPE="1" MD5="13BFF97E926BF8D9C1230CECC371A0C0" ChangeDate="30.09.2010 13:00:28" CreateDate="06.05.2014 19:20:24" Attr="rsAh" Size="253264" CmdLine=""D:\1&1 Surf-Stick\AssistantServices.exe"" Hidden="0" LegalCopyright="" Descr="" CheckResult="-1" File="d:\1&1 surf-stick\assistantservices.exe" PID="2444"/>
<ITEM IsPE64="1" IsPE="1" Ver="7.3.0.140" OFN="AthBtTray.exe" Product="Bluetooth Software" Vendor="Atheros Commnucations" MD5="E49AE4396848D3BF94501AB780AC29DF" ChangeDate="16.11.2011 10:46:50" CreateDate="16.11.2011 10:46:50" Attr="rsAh" Size="657568" CmdLine="" Hidden="1" LegalCopyright="Copyright (c) 2001-2011 Atheros Communications, Inc. All rights reserved." Descr="Bluetooth Tray" CheckResult="-1" File="C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" PID="3788"/>
<ITEM IsPE64="1" IsPE="1" Ver="25.0.15008.184" OFN="AVKBap64.exe" Product="G Data Security Software" Vendor="G Data Software AG" MD5="5D18B8B9E8762EB7B3D68CFF65B754C0" ChangeDate="08.01.2015 03:04:22" CreateDate="08.01.2015 03:04:22" Attr="rsah" Size="481400" CmdLine="" Hidden="1" LegalCopyright="© G Data Software AG. All rights reserved." Descr="Behavioral Analysis Proxy" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe" PID="3612"/>
<ITEM IsPE="1" Ver="1.5.14287.174" OFN="AVKProxy.exe" Product="G Data Security Software" Vendor="G Data Software AG" MD5="8DFC779658F5227019615CDF54748652" ChangeDate="14.10.2014 01:54:44" CreateDate="14.10.2014 01:54:44" Attr="rsah" Size="2250360" CmdLine=""C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe"" Hidden="0" LegalCopyright="© G Data Software AG. All rights reserved." Descr="G Data AntiVirus Proxy Service" CheckResult="-1" File="c:\program files (x86)\common files\g data\avkproxy\avkproxy.exe" PID="1860"/>
<ITEM IsPE="1" Ver="25.0.13353.173" OFN="AVKService.exe" Product="G Data InternetSecurity" Vendor="G Data Software AG" MD5="56C6F2D7F1D515B4B534217443D3B67F" ChangeDate="19.12.2013 02:53:19" CreateDate="19.12.2013 02:53:19" Attr="rsah" Size="914552" CmdLine=""C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe"" Hidden="0" LegalCopyright="G Data Software AG. All rights reserved." Descr="G Data InternetSecurity Scheduler Service" CheckResult="-1" File="c:\program files (x86)\g data\internetsecurity\avk\avkservice.exe" PID="1892"/>
<ITEM IsPE="1" Ver="25.0.14140.245" OFN="AVKTray.exe" Product="G Data Security Software" Vendor="G Data Software AG" MD5="E2C460BE430173E81995BB1484FEEE0E" ChangeDate="20.05.2014 03:05:52" CreateDate="20.05.2014 03:05:52" Attr="rsah" Size="1725048" CmdLine=""C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe"" Hidden="0" LegalCopyright=" © G Data Software AG. All rights reserved." Descr="G Data Security Software" CheckResult="-1" File="c:\program files (x86)\g data\internetsecurity\avktray\avktray.exe" PID="4076"/>
<ITEM IsPE64="1" IsPE="1" Ver="27.0.14140.210" OFN="AVKWCtl.EXE" Product="G Data Security" Vendor="G Data Software AG" MD5="258B9C230D2A904349CDF18CAD6B22BE" ChangeDate="20.05.2014 02:30:41" CreateDate="20.05.2014 02:30:41" Attr="rsah" Size="2683760" CmdLine="" Hidden="1" LegalCopyright="© G Data Software AG. All rights reserved." Descr="G Data Filesystem Monitor Service" CheckResult="-1" File="C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe" PID="856"/>
<ITEM IsPE64="1" IsPE="1" Ver="7.3.0.140" OFN="BtvStack.exe.mui" Product="Bluetooth-Software" Vendor="Atheros Communications" MD5="25E7291B7CE28D71F1902756F05BEEC8" ChangeDate="16.11.2011 10:50:10" CreateDate="16.11.2011 10:50:10" Attr="rsAh" Size="792224" CmdLine="" Hidden="1" LegalCopyright="Copyright (c) 2001-2010 Atheros Communications, Inc. Alle Rechte vorbehalten." Descr="Bluetooth-Stack-Server" CheckResult="-1" File="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" PID="3868"/>
<ITEM IsPE="1" Ver="6.10.6.2" OFN="cjpcsc.exe" Product="REINER SCT cyberJack Base Components" Vendor="REINER SCT" MD5="84605AC538DEB9163C0B5DC3591CCF96" ChangeDate="21.05.2013 13:26:16" CreateDate="02.01.2014 16:34:11" Attr="rsAh" Size="515632" CmdLine="C:\Windows\SysWOW64\cjpcsc.exe" Hidden="0" LegalCopyright="Copyright (C) REINER SCT 1999 - 2013" Descr="cyberJack PC/SC COM Service" CheckResult="-1" File="c:\windows\syswow64\cjpcsc.exe" PID="1920"/>
<ITEM IsPE64="1" IsPE="1" Ver="1.0.14015.236" OFN="GdBgIn.exe" Product="G Data Security Software" Vendor="G Data Software AG" MD5="C5C5E1F65C3264FD55B966BFF6B1C9B3" ChangeDate="15.01.2014 03:56:15" CreateDate="15.01.2014 03:56:15" Attr="rsah" Size="775800" CmdLine="" Hidden="1" LegalCopyright="© G Data Software AG. All rights reserved." Descr="G Data AntiVirus Bankguard LDR Inj" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe" PID="108"/>
<ITEM IsPE="1" Ver="2.7.14140.226" Product="G Data Personal Firewall" Vendor="G Data Software AG" MD5="0B6307FB3D24EACBB86A51E285E1F384" ChangeDate="20.05.2014 02:46:50" CreateDate="20.05.2014 02:46:50" Attr="rsah" Size="1756792" CmdLine=""C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" " Hidden="0" LegalCopyright="Copyright G Data Software AG 2011" Descr="G Data Personal Firewall" CheckResult="-1" File="c:\program files (x86)\g data\internetsecurity\firewall\gdfirewalltray.exe" PID="4892"/>
<ITEM IsPE64="1" IsPE="1" Ver="4.1.14233.221" OFN="GDFwSvc.EXE" Product="G Data Personal Firewall" Vendor="G Data Software AG" MD5="56F6E95D62AFC30FD0250D031E5AA480" ChangeDate="21.08.2014 02:41:09" CreateDate="21.08.2014 02:41:09" Attr="rsah" Size="3228136" CmdLine="" Hidden="1" LegalCopyright="© G Data Software AG. All rights reserved." Descr="G Data Personal Firewall" CheckResult="-1" File="C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe" PID="2864"/>
<ITEM IsPE="1" Ver="1.0.14287.230" OFN="GDKBFltExe.exe" Product="G Data Security Software" Vendor="G Data Software AG" MD5="4E11D7B0F453458E4403BA291C4BB8B0" ChangeDate="14.10.2014 02:50:29" CreateDate="14.10.2014 02:50:29" Attr="rsah" Size="850040" CmdLine=""C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GDKBFltExe32.exe"" Hidden="0" LegalCopyright="© G Data Software AG. All rights reserved." Descr="G Data Security Software G Data GDKBFltExe" CheckResult="-1" File="c:\program files (x86)\common files\g data\avkproxy\gdkbfltexe32.exe" PID="3748"/>
<ITEM IsPE="1" Ver="1.4.14140.171" OFN="GDScan.exe" Product="G Data Security Software" Vendor="G Data Software AG" MD5="CC88D7254787D15B84377137BF739F90" ChangeDate="20.05.2014 08:37:50" CreateDate="20.05.2014 08:37:50" Attr="rsah" Size="700536" CmdLine=""C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe"" Hidden="0" LegalCopyright="© G Data Software AG. All rights reserved." Descr="G Data AntiVirus Scan Server" CheckResult="-1" File="c:\program files (x86)\common files\g data\gdscan\gdscan.exe" PID="768"/>
<ITEM IsPE="1" Ver="130.0.422.0" OFN="HPQTRA00.EXE" Product="HP Digital Imaging" Vendor="Hewlett-Packard Co." MD5="E986D1068AEF099CA3BE2AEAB4C8D643" ChangeDate="23.09.2009 21:42:26" CreateDate="23.09.2009 21:42:26" Attr="rsAh" Size="270336" CmdLine=""C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe" " Hidden="0" LegalCopyright="Copyright (C) Hewlett-Packard Co. 1995-2009" Descr="HP Digital Imaging Monitor" CheckResult="0" File="c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe" PID="4288"/>
<ITEM IsPE64="1" IsPE="1" MD5="9170A7ABB531E1B16DE0D31FAE3E7A8F" ChangeDate="01.07.2013 09:21:36" CreateDate="01.07.2013 09:21:36" Attr="rsAh" Size="1127736" CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="C:\Program Files\ShrewSoft\VPN Client\iked.exe" PID="1308"/>
<ITEM IsPE64="1" IsPE="1" MD5="F9B02C93EC02994B5AE885B54AA1D39E" ChangeDate="01.07.2013 09:21:36" CreateDate="01.07.2013 09:21:36" Attr="rsAh" Size="810808" CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe" PID="2056"/>
<ITEM IsPE="1" Ver="1.0.0.0" OFN="LPHotkey.exe" Product="LPHotkey" Vendor="LPHotkey" MD5="EEDEA8E1EAC3D8C6162CA0C04743405C" ChangeDate="23.12.2011 09:46:54" CreateDate="30.07.2012 12:13:47" Attr="rsAh" Size="84480" CmdLine=""C:\Program Files (x86)\Lenovo\LPHotkey\LPHotkey.exe" " Hidden="0" LegalCopyright="Copyright (C) 2011" Descr="LPHotkey" CheckResult="-1" File="c:\program files (x86)\lenovo\lphotkey\lphotkey.exe" PID="4592"/>
<ITEM IsPE="1" MD5="50E0B295BC2E9D6A0BE21DF77D24B5E1" ChangeDate="13.04.2012 14:41:14" CreateDate="13.04.2012 14:41:14" Attr="rsAh" Size="45448" CmdLine=""C:\QuickStartUtil\VAWinAgent.exe" " Hidden="0" LegalCopyright="" Descr="" CheckResult="-1" File="c:\quickstartutil\vawinagent.exe" PID="4660"/>
</PROCESS>
-<DLL>
<ITEM IsPE="1" Ver="3.5.14288.517" OFN="gdwfpcd.dll" Product="G Data Security Software" Vendor="G Data Software AG" MD5="92DD6C1A41FD5923906B6BED557E672F" ChangeDate="18.01.2015 19:42:26" CreateDate="15.10.2014 07:37:23" Attr="rsAh" Size="308856" Hidden="0" LegalCopyright="(C) G Data Software AG. All rights reserved." Descr="G Data WFP Callout Driver Interface" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G Data\AVKProxy\gdwfpcd.dll" IsDLL="1" UsedBy="1860"/>
<ITEM IsPE="1" Ver="2.6.13353.174" OFN="GDASpam.dll" Product="G Data Security Software" Vendor="G Data Software AG" MD5="7236FAFED818B453B28971736DFECD11" ChangeDate="19.12.2013 02:54:05" CreateDate="19.12.2013 02:54:05" Attr="rsah" Size="459384" Hidden="0" LegalCopyright="© G Data Software AG. All rights reserved." Descr="G Data Anti Spam Module" CheckResult="-1" File="C:\Program Files (x86)\G Data\InternetSecurity\ASK\GDASpam.dll" IsDLL="1" UsedBy="1860"/>
<ITEM IsPE="1" Ver="25.0.14020.178" OFN="FileBlSrv.dll" Product="G Data Security Software" Vendor="G Data Software AG" MD5="7812FBD5CBB105EFF6C3AFD52D343112" ChangeDate="20.01.2014 02:58:34" CreateDate="20.01.2014 02:58:34" Attr="rsah" Size="437880" Hidden="0" LegalCopyright="© G Data Software AG. All rights reserved." Descr="FileBlackList Server Dll (32-Bit)" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G Data\AVKProxy\FileBlSrv.dll" IsDLL="1" UsedBy="1860"/>
<ITEM IsPE="1" Ver="25.0.14211.187" OFN="SecSrv.dll" Product="G Data Security Software" Vendor="G Data Software AG" MD5="FCD1C3B2774E25A596D63AD02FD1AB9C" ChangeDate="30.07.2014 02:07:31" CreateDate="30.07.2014 02:07:31" Attr="rsah" Size="876664" Hidden="0" LegalCopyright="© G Data Software AG. All rights reserved." Descr="Security Server Dll (32 Bit)" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G Data\AVKProxy\SecSrv.dll" IsDLL="1" UsedBy="1860"/>
<ITEM IsPE="1" Ver="2.2.14211.178" OFN="avkpop3.dll" Product="G DATA Security Software" Vendor="G DATA Software AG" MD5="5B62ABBF0DA26D327C398EB0CE709C5B" ChangeDate="30.07.2014 01:58:44" CreateDate="30.07.2014 01:58:44" Attr="rsah" Size="382072" Hidden="0" LegalCopyright="© G DATA Software AG. All rights reserved." Descr="G DATA POP3 Scanner" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G Data\AVKProxy\avkpop3.dll" IsDLL="1" UsedBy="1860"/>
<ITEM IsPE="1" Ver="1.0.14233.181" OFN="SSLProxy.dll" Product="G Data Security Software" Vendor="G Data Software AG" MD5="08766D2642C66A868F6CD16E4BCCF556" ChangeDate="21.08.2014 02:01:35" CreateDate="21.08.2014 02:01:35" Attr="rsah" Size="2715768" Hidden="0" LegalCopyright="© G Data Software AG. All rights reserved." Descr="G Data SSL Scanner" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G Data\AVKProxy\SSLProxy.dll" IsDLL="1" UsedBy="1860,4076"/>
<ITEM IsPE="1" Ver="2.1.14211.178" OFN="avkimap.dll" Product="G DATA Security Software" Vendor="G DATA Software AG" MD5="5D46267885BA9358FB2DE2B53D123AC1" ChangeDate="30.07.2014 01:58:16" CreateDate="30.07.2014 01:58:16" Attr="rsah" Size="381048" Hidden="0" LegalCopyright="© G DATA Software AG. All rights reserved." Descr="G DATA IMAP Scanner" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G Data\AVKProxy\avkimap.dll" IsDLL="1" UsedBy="1860"/>
<ITEM IsPE="1" Ver="2.2.14211.178" OFN="avksmtp.dll" Product="G DATA Security Software" Vendor="G DATA Software AG" MD5="47CB61239E9948A1FF4B17FF34E5A0AB" ChangeDate="30.07.2014 01:58:55" CreateDate="30.07.2014 01:58:55" Attr="rsah" Size="389240" Hidden="0" LegalCopyright="© G DATA Software AG. All rights reserved." Descr="G DATA SMTP Scanner" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G Data\AVKProxy\avksmtp.dll" IsDLL="1" UsedBy="1860"/>
<ITEM IsPE="1" Ver="25.0.14287.175" OFN="AVKHttp.dll" Product="G Data Security Software" Vendor="G Data Software AG" MD5="B912F70600EBD88F857A68004566FD29" ChangeDate="14.10.2014 01:55:17" CreateDate="14.10.2014 01:55:17" Attr="rsah" Size="1100408" Hidden="0" LegalCopyright="© G Data Software AG. All rights reserved." Descr="G Data Security Software - Web Protection" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G Data\AVKProxy\avkhttp.dll" IsDLL="1" UsedBy="1860"/>
<ITEM IsPE="1" Ver="25.0.13354.260" OFN="kidsafe.dll" Product="G DATA Security Software" Vendor="G Data Software AG" MD5="538937CCC5C69218546338FF2409BD0C" ChangeDate="30.07.2014 09:45:41" CreateDate="30.07.2014 09:45:41" Attr="rsah" Size="617592" Hidden="0" LegalCopyright="Copyright (C) 2014" Descr="kidsafe Dynamic Link Library" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G Data\AVKProxy\kidsafe.dll" IsDLL="1" UsedBy="1860,4076"/>
<ITEM IsPE="1" Ver="25.0.13353.184" OFN="AVKBap32.dll" Product="G Data Security Software" Vendor="G Data Software AG" MD5="EE04471CB2330F44AC88481C5F160D1A" ChangeDate="19.12.2013 03:04:02" CreateDate="19.12.2013 03:04:02" Attr="rsah" Size="317048" Hidden="0" LegalCopyright="© G Data Software AG. All rights reserved." Descr="Behavioral Analysis Proxy" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap32.dll" IsDLL="1" UsedBy="1860"/>
<ITEM IsPE="1" Ver="25.0.14036.169" OFN="AVKRes.dll" Product="G Data Security Software" Vendor="G Data Software AG" MD5="329D5AF54C168B52DE08B0EDBAB9B4AA" ChangeDate="05.02.2014 15:55:04" CreateDate="05.02.2014 15:55:04" Attr="rsah" Size="1733752" Hidden="0" LegalCopyright="© G Data Software AG. All rights reserved." Descr="G Data Common Resources" CheckResult="-1" File="C:\Program Files (x86)\G Data\InternetSecurity\Common\AVKRes.dll" IsDLL="1" UsedBy="4076,4892"/>
<ITEM IsPE="1" Ver="1.2.14287.729" OFN="BanksafeLDR.dll" Product="G Data Security Software" Vendor="G Data Software AG" MD5="EADDFD595FA31CD67A799627004B6874" ChangeDate="14.10.2014 11:09:39" CreateDate="14.10.2014 11:09:39" Attr="rsah" Size="276088" Hidden="0" LegalCopyright="© G Data Software AG. All rights reserved." Descr="G Data Security Software G Data Bankguard LDR" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeLDR.dll" IsDLL="1" UsedBy="4076"/>
<ITEM IsPE="1" Ver="1.1.15008.231" OFN="ExploitProtectionLDR.dll" Product="G Data Security Software" Vendor="G Data Software AG" MD5="23B8AB4A98C2D892685FC13DDB47B053" ChangeDate="08.01.2015 03:51:46" CreateDate="08.01.2015 03:51:46" Attr="rsah" Size="539768" Hidden="0" LegalCopyright="© G Data Software AG. All rights reserved." Descr="G Data Security Software G Data Exploit Protection" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G DATA\AVKProxy\ExploitProtectionLDR.dll" IsDLL="1" UsedBy="4076"/>
<ITEM IsPE="1" Ver="2.0.0.95" OFN="Serial.DLL" Product="Franson Serial XP" MD5="890CB52E4FFFAB712A2AA671642E4F2E" ChangeDate="31.05.2007 08:38:16" CreateDate="02.01.2014 16:34:16" Attr="rsah" Size="167936" Hidden="0" LegalCopyright="Copyright 2003-2005" Descr="Franson Serial XP" CheckResult="-1" File="C:\Windows\SysWOW64\SerialXP.dll" IsDLL="1" UsedBy="1920"/>
<ITEM IsPE="1" Ver="6.10.3.2" OFN="cjpcsc32.dll" Product="REINER SCT cyberJack Base Components" Vendor="REINER SCT" MD5="A384F86342815110E79F3BA15AC76BBF" ChangeDate="19.10.2012 16:42:18" CreateDate="02.01.2014 16:34:11" Attr="rsAh" Size="787576" Hidden="0" LegalCopyright="Copyright (C) REINER SCT 1999 - 2012" Descr="Interface for cyberJack smartcard readers" CheckResult="-1" File="C:\Windows\SysWOW64\cjpcsc32.dll" IsDLL="1" UsedBy="1920"/>
<ITEM IsPE="1" Ver="2.2.7.0" OFN="cjeca32.dll" Product="cyberJack(R) Base Components" Vendor="Reiner Kartengerдte GmbH & Co.KG 1999-2012" MD5="0728A2A5D1F0A38A74DA13A4A2330C42" ChangeDate="17.05.2013 15:17:00" CreateDate="02.01.2014 16:34:11" Attr="rsah" Size="227672" Hidden="0" LegalCopyright="Copyright(C) Reiner Kartengerдte GmbH & Co.KG 1999-2013" Descr="Treiberkomponenete fьr cyberJack(R) Kartenleser" CheckResult="-1" File="C:\Windows\SysWOW64\cjeca32.dll" IsDLL="1" UsedBy="1920"/>
<ITEM IsPE="1" Ver="1.4.14140.170" OFN="ObjBrwse.DLL" Product="G Data Security Software" Vendor="G Data Software AG" MD5="970B8902849B5FE92DC0C0B1032C5032" ChangeDate="20.05.2014 01:50:40" CreateDate="20.05.2014 01:50:40" Attr="rsah" Size="959096" Hidden="0" LegalCopyright="© G Data Software AG. All rights reserved." Descr="Object Browser" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G Data\ObjBrwse.dll" IsDLL="1" UsedBy="4892"/>
<ITEM IsPE="1" Ver="1.0.14287.230" OFN="GDKBDFltDll.dll" Product="G Data Security Software" Vendor="G Data Software AG" MD5="80A245D43B275A84E022F996F197783D" ChangeDate="14.10.2014 02:50:14" CreateDate="14.10.2014 02:50:14" Attr="rsah" Size="145016" Hidden="0" LegalCopyright="© G Data Software AG. All rights reserved." Descr="G Data Security Software G Data GDKBDFltDll" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GDKBFltDll.dll" IsDLL="1" UsedBy="3748"/>
<ITEM IsPE="1" Ver="1.4.14211.169" OFN="AVKScanPS.dll" Product="G Data Security Software" Vendor="G Data Software AG" MD5="CE7CDB20CCEC68DFB1160D1AB3D9C8BC" ChangeDate="30.07.2014 01:49:51" CreateDate="30.07.2014 01:49:51" Attr="rsah" Size="1896056" Hidden="0" LegalCopyright="© G Data Software AG. All rights reserved." Descr="G Data Security Software PScanner Module" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G Data\GDScan\AVKScanPS.dll" IsDLL="1" UsedBy="768"/>
<ITEM IsPE="1" Ver="1.3.14030.165" OFN="AVKQt.dll" Product="G Data Security Software" Vendor="G Data Software AG" MD5="1F1411C3678037A4CEACD362CF0E704A" ChangeDate="30.01.2014 02:45:27" CreateDate="30.01.2014 02:45:27" Attr="rsah" Size="560248" Hidden="0" LegalCopyright="© G Data Software AG. All rights reserved." Descr="G Data Security Software Quarantine Module" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G Data\AVKScanP\AVKQt.dll" IsDLL="1" UsedBy="768"/>
<ITEM IsPE="1" Ver="25.0.14140.179" OFN="GdDeepAnalyse.dll" Product="G Data Security Software" Vendor="G Data Software AG" MD5="6553D33CFF0CCC7E22CD41F762AD5E85" ChangeDate="20.05.2014 01:59:40" CreateDate="20.05.2014 01:59:40" Attr="rsah" Size="574584" Hidden="0" LegalCopyright="© G Data Software AG. All rights reserved." Descr="G Data Security Software Analyser" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdDeepAnalyse.dll" IsDLL="1" UsedBy="768"/>
<ITEM IsPE="1" Ver="1.31.1.23420" OFN="EScanDLL.dll" Product="EScanDLL Dynamic Link Library" Vendor="G Data Software AG" MD5="474D4C092DCD6AA6DA30F4330E031812" ChangeDate="20.11.2014 10:58:59" CreateDate="08.04.2013 11:29:56" Attr="rsAh" Size="9287800" Hidden="0" LegalCopyright="Copyright (C) 2010-2014, G Data Software AG" Descr="EScanDLL Dynamic Link Library" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G Data\AVKScanP\G Data\GDAV.dll" IsDLL="1" UsedBy="768"/>
<ITEM IsPE="1" Ver="130.0.80.0" OFN="HPQUIO00.DLL" Product="HP Digital Imaging" Vendor="Hewlett-Packard Co." MD5="8C004F92FB604B10497A465A1B3F153B" ChangeDate="23.09.2009 21:42:26" CreateDate="23.09.2009 21:42:26" Attr="rsAh" Size="205824" Hidden="0" LegalCopyright="Copyright (C) Hewlett-Packard Co. 1995-2009" Descr="HP U/I COM Objects" CheckResult="-1" File="C:\Program Files (x86)\HP\Digital Imaging\bin\hpquio08.dll" IsDLL="1" UsedBy="4288"/>
<ITEM IsPE="1" Ver="130.0.0.0" OFN="HPQTRA00.DLL" Product="hp digital imaging - hp all-in-one series" Vendor="Hewlett-Packard Co." MD5="B945E7549C435BC963B4CE2F054EAB99" ChangeDate="23.09.2009 21:42:26" CreateDate="23.09.2009 21:42:26" Attr="rsAh" Size="48128" Hidden="0" LegalCopyright="Copyright (C) Hewlett-Packard Co. 1995-2009" Descr="CUE TrayApp Combined resource DLL" CheckResult="-1" File="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc" IsDLL="1" UsedBy="4288"/>
<ITEM IsPE="1" Ver="130.0.422.0" OFN="HPQTAO00.DLL" Product="HP Digital Imaging" Vendor="Hewlett-Packard Co." MD5="3DDA39A3E40CF44621CAD76B146F841D" ChangeDate="23.09.2009 21:42:26" CreateDate="23.09.2009 21:42:26" Attr="rsAh" Size="150528" Hidden="0" LegalCopyright="Copyright (C) Hewlett-Packard Co. 1995-2009" Descr="HP Digital Imaging Monitor Objects (CUE)" CheckResult="-1" File="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtao08.dll" IsDLL="1" UsedBy="4288"/>
<ITEM IsPE="1" Ver="130.0.422.0" OFN="HPOTRA00.DLL" Product="HP Digital Imaging" Vendor="Hewlett-Packard Co." MD5="045E0BFE691DC54DEAFB333DF08A48EB" ChangeDate="08.01.2010 18:35:16" CreateDate="08.01.2010 18:35:16" Attr="rsAh" Size="538112" Hidden="0" LegalCopyright="Copyright (C) Hewlett-Packard Co. 1995-2009" Descr="HP All-in-One TrayAppPlugin" CheckResult="-1" File="C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.dll" IsDLL="1" UsedBy="4288"/>
<ITEM IsPE="1" Ver="130.0.0.0" OFN="HPOTRA00.DLL" Product="hp digital imaging - hp all-in-one series" Vendor="Hewlett-Packard Co." MD5="6FA820679ED132E9726C6C620EDAC901" ChangeDate="08.01.2010 18:35:16" CreateDate="08.01.2010 18:35:16" Attr="rsAh" Size="32768" Hidden="0" LegalCopyright="Copyright (C) Hewlett-Packard Co. 1995-2009" Descr="AiO TrayAppPlugIn Combined resource DLL" CheckResult="-1" File="C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc" IsDLL="1" UsedBy="4288"/>
<ITEM IsPE="1" Ver="130.0.422.0" OFN="HPQTRADD.DLL" Product="HP Digital Imaging" Vendor="Hewlett-Packard Co." MD5="4046783139B577A68FF77CED93FD6D12" ChangeDate="08.01.2010 18:35:16" CreateDate="08.01.2010 18:35:16" Attr="rsAh" Size="274432" Hidden="0" LegalCopyright="Copyright (C) Hewlett-Packard Co. 1995-2009" Descr="HP Digital Imaging Monitor PlugIn (AiO)" CheckResult="-1" File="C:\Program Files (x86)\HP\Digital Imaging\bin\hpotradd.dll" IsDLL="1" UsedBy="4288"/>
<ITEM IsPE="1" Ver="130.0.465.0" OFN="HPQDDUSR.DLL" Product="HP Digital Imaging" Vendor="Hewlett-Packard Co." MD5="09A42CCAEC19241EE23CECD871BC2939" ChangeDate="23.09.2009 21:28:30" CreateDate="23.09.2009 21:28:30" Attr="rsAh" Size="49664" Hidden="0" LegalCopyright="Copyright (C) Hewlett-Packard Co. 1995-2009" Descr="HP CUE DeviceDiscovery User" CheckResult="-1" File="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddusr.dll" IsDLL="1" UsedBy="4288"/>
</DLL>
-<KERNELOBJ>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Windows\System32\Drivers\dump_amd_sata.sys" MemSize="018000" Base="3CC7000"/>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Windows\System32\Drivers\dump_diskdump.sys" MemSize="00A000" Base="53F5000"/>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Windows\System32\Drivers\dump_dumpfve.sys" MemSize="013000" Base="3BB0000"/>
<ITEM LegalCopyright="G Data Software AG 2009" Descr="Behavior Blocker" CheckResult="-1" File="C:\Windows\system32\drivers\GDBehave.sys" MemSize="010000" Base="18EB000"/>
<ITEM LegalCopyright="© G Data Software AG. All rights reserved." Descr="G Data Security Software G Data GDKBFlt" CheckResult="-1" File="C:\Windows\system32\drivers\GDKBFlt64.sys" MemSize="00A000" Base="3D7B000"/>
<ITEM LegalCopyright="(C) G Data Software AG. All rights reserved." Descr="G Data WFP Callout Driver (6.0)" CheckResult="-1" File="C:\Windows\system32\drivers\gdwfpcd64.sys" MemSize="012000" Base="3D69000"/>
<ITEM LegalCopyright="Copyright (C) 2009 G Data Software" Descr="G Data Rootkit Detector Driver" CheckResult="-1" File="C:\Windows\system32\drivers\GRD.sys" MemSize="01F000" Base="3D4A000"/>
<ITEM LegalCopyright="Copyright (c) G Data Software AG 2004-2010" Descr="Security Hook" CheckResult="-1" File="C:\Windows\system32\drivers\HookCentre.sys" MemSize="011000" Base="19BE000"/>
<ITEM LegalCopyright="G Data Software AG 2008" Descr="Filesystem MiniInterceptor (Mini Filter)" CheckResult="-1" File="C:\Windows\system32\drivers\MiniIcpt.sys" MemSize="026000" Base="1800000"/>
<ITEM LegalCopyright="(c) G Data Software AG 2010" Descr="WFP PktInterceptor 2 (Pkt2 Filter)" CheckResult="-1" File="C:\Windows\system32\drivers\PktIcpt.sys" MemSize="016000" Base="74E4000"/>
</KERNELOBJ>
-<Service>
<ITEM IsPE64="1" IsPE="1" Ver="7.3.0.140" OFN="AdminService.exe" Product="Bluetooth Software" Vendor="Atheros Commnucations" MD5="2C2D5D0D986AA1C3B767578E5CDD9E8B" ChangeDate="16.11.2011 10:46:20" CreateDate="16.11.2011 10:46:20" Attr="rsAh" Size="106144" CheckResult="-1" File="C:\Program Files (x86)\Bluetooth Suite\adminservice.exe" State="4" Type="16" Name="AtherosSvc"/>
<ITEM IsPE="1" Ver="1.5.14287.174" OFN="AVKProxy.exe" Product="G Data Security Software" Vendor="G Data Software AG" MD5="8DFC779658F5227019615CDF54748652" ChangeDate="14.10.2014 01:54:44" CreateDate="14.10.2014 01:54:44" Attr="rsah" Size="2250360" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe" State="4" Type="16" Name="AVKProxy"/>
<ITEM IsPE="1" Ver="25.0.13353.173" OFN="AVKService.exe" Product="G Data InternetSecurity" Vendor="G Data Software AG" MD5="56C6F2D7F1D515B4B534217443D3B67F" ChangeDate="19.12.2013 02:53:19" CreateDate="19.12.2013 02:53:19" Attr="rsah" Size="914552" CheckResult="-1" File="C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe" State="4" Type="16" Name="AVKService"/>
<ITEM IsPE64="1" IsPE="1" Ver="27.0.14140.210" OFN="AVKWCtl.EXE" Product="G Data Security" Vendor="G Data Software AG" MD5="258B9C230D2A904349CDF18CAD6B22BE" ChangeDate="20.05.2014 02:30:41" CreateDate="20.05.2014 02:30:41" Attr="rsah" Size="2683760" CheckResult="-1" File="C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe" State="4" Type="16" Name="AVKWCtl"/>
<ITEM IsPE="1" Ver="6.10.6.2" OFN="cjpcsc.exe" Product="REINER SCT cyberJack Base Components" Vendor="REINER SCT" MD5="84605AC538DEB9163C0B5DC3591CCF96" ChangeDate="21.05.2013 13:26:16" CreateDate="02.01.2014 16:34:11" Attr="rsAh" Size="515632" CheckResult="-1" File="C:\Windows\SysWOW64\cjpcsc.exe" State="4" Type="272" Name="cjpcsc"/>
<ITEM IsPE64="1" IsPE="1" Ver="4.1.14233.221" OFN="GDFwSvc.EXE" Product="G Data Personal Firewall" Vendor="G Data Software AG" MD5="56F6E95D62AFC30FD0250D031E5AA480" ChangeDate="21.08.2014 02:41:09" CreateDate="21.08.2014 02:41:09" Attr="rsah" Size="3228136" CheckResult="-1" File="C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe" State="4" Type="16" Name="GDFwSvc"/>
<ITEM IsPE="1" Ver="1.4.14140.171" OFN="GDScan.exe" Product="G Data Security Software" Vendor="G Data Software AG" MD5="CC88D7254787D15B84377137BF739F90" ChangeDate="20.05.2014 08:37:50" CreateDate="20.05.2014 08:37:50" Attr="rsah" Size="700536" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe" State="4" Type="16" Name="GDScan"/>
<ITEM IsPE64="1" IsPE="1" MD5="9170A7ABB531E1B16DE0D31FAE3E7A8F" ChangeDate="01.07.2013 09:21:36" CreateDate="01.07.2013 09:21:36" Attr="rsAh" Size="1127736" CheckResult="-1" File="C:\Program Files\ShrewSoft\VPN Client\iked.exe" State="4" Type="16" Name="iked"/>
<ITEM IsPE64="1" IsPE="1" MD5="F9B02C93EC02994B5AE885B54AA1D39E" ChangeDate="01.07.2013 09:21:36" CreateDate="01.07.2013 09:21:36" Attr="rsAh" Size="810808" CheckResult="-1" File="C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe" State="4" Type="16" Name="ipsecd"/>
<ITEM IsPE="1" MD5="13BFF97E926BF8D9C1230CECC371A0C0" ChangeDate="30.09.2010 13:00:28" CreateDate="06.05.2014 19:20:24" Attr="rsAh" Size="253264" CheckResult="-1" File="D:\1&1 Surf-Stick\AssistantServices.exe" State="4" Type="272" Name="UI Assistant Service"/>
<ITEM IsPE="1" Ver="35.0.0.5486" OFN="maintenanceservice.exe" Product="Firefox" Vendor="Mozilla Foundation" MD5="9E587AFE2AD4873C809F1E0C598AB435" ChangeDate="19.01.2015 19:04:12" CreateDate="19.09.2013 17:54:22" Attr="rsAh" Size="114800" CheckResult="-1" File="C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" State="1" Type="16" Name="MozillaMaintenance"/>
</Service>
-<Drivers>
<ITEM IsPE64="1" IsPE="1" Ver="1.0.14136.209" Product="G Data Security Software" Vendor="G Data Software AG" MD5="A90A90714221E50856FC009545E9A5CB" ChangeDate="18.01.2015 19:42:12" CreateDate="03.10.2013 13:30:05" Attr="rsAh" Size="55808" CheckResult="-1" File="C:\Windows\system32\drivers\GDBehave.sys" State="4" Type="1" Name="GDBehave"/>
<ITEM IsPE64="1" IsPE="1" Ver="1.0.14287.229" OFN="GDKBFlt.sys" Product="G Data Security Software" Vendor="G Data Software AG" MD5="3AEF393C011738ADDF09057E221EE7D8" ChangeDate="18.01.2015 19:42:31" CreateDate="13.04.2014 18:40:34" Attr="rsAh" Size="20992" CheckResult="-1" File="C:\Windows\system32\drivers\GDKBFlt64.sys" State="4" Type="1" Name="GDKBFlt"/>
<ITEM IsPE64="1" IsPE="1" Ver="1.0.14203.706" Product="G Data AntiVirus" Vendor="G Data Software AG" MD5="F5A571A95A3E22877D0CBC60F7D66E05" ChangeDate="18.01.2015 19:42:12" CreateDate="03.10.2013 13:30:05" Attr="rsAh" Size="142336" CheckResult="-1" File="C:\Windows\system32\drivers\MiniIcpt.sys" State="4" Type="1" Name="GDMnIcpt"/>
<ITEM IsPE64="1" IsPE="1" Ver="4.1.14140.218" Product="G Data InternetSecurity" Vendor="G Data Software AG" MD5="527B1CAA9661D518AC5182292C35AEC7" ChangeDate="18.01.2015 19:42:48" CreateDate="03.10.2013 13:30:52" Attr="rsAh" Size="64000" CheckResult="-1" File="C:\Windows\system32\drivers\PktIcpt.sys" State="4" Type="1" Name="GDPkIcpt"/>
<ITEM IsPE64="1" IsPE="1" Ver="3.5.14288.516" OFN="gdwfpcd.sys" Product="G Data Security Software" Vendor="G Data Software AG" MD5="606EFCD1F2DD9D50E3DB8FC53755C7D2" ChangeDate="18.01.2015 19:42:26" CreateDate="03.10.2013 13:30:13" Attr="rsAh" Size="64512" CheckResult="-1" File="C:\Windows\system32\drivers\gdwfpcd64.sys" State="4" Type="1" Name="gdwfpcd"/>
<ITEM IsPE64="1" IsPE="1" Ver="2.0.13353.191" OFN="GRD.sys" Product="G Data Rootkit Detector Driver" Vendor="G Data Software" MD5="57875BA7B65C5FE5A87630DC1544C420" ChangeDate="28.04.2014 17:08:24" CreateDate="29.01.2014 10:02:23" Attr="rsAh" Size="106272" CheckResult="-1" File="C:\Windows\system32\drivers\GRD.sys" State="4" Type="1" Name="GRD"/>
<ITEM IsPE64="1" IsPE="1" Ver="3.1.14140.209" OFN="HookCentre.sys" Vendor="G Data Software AG" MD5="EB6EB3DCC2AD18236EEC42B2FC7BD806" ChangeDate="18.01.2015 19:42:12" CreateDate="03.10.2013 13:30:05" Attr="rsAh" Size="61440" CheckResult="-1" File="C:\Windows\system32\drivers\HookCentre.sys" State="4" Type="1" Name="HookCentre"/>
<ITEM CheckResult="-1" File="C:\Users\Simone\AppData\Local\Temp\cpuz134\cpuz134_x64.sys" State="1" Type="1" Name="cpuz134"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\drivers\mbam.sys" State="1" Type="2" Name="MBAMProtector"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\drivers\MBAMSwissArmy.sys" State="1" Type="2" Name="MBAMSwissArmy"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\drivers\mwac.sys" State="1" Type="2" Name="MBAMWebAccessControl"/>
</Drivers>
-<AUTORUN>
<ITEM CheckResult="-1" File="C:\9f5f9d6e5fef036d77817ec1ae441c4a\DW\DW20.exe" Type="REG" Is64="0" X4="C:\9f5f9d6e5fef036d77817ec1ae441c4a\DW\DW20.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM IsPE="1" Ver="3.5.0.0" OFN="CLIStart.exe" Product="Catalyst® Control Center" Vendor="Advanced Micro Devices, Inc." MD5="9C05F95790617B3BAD23FB05EE8C9165" ChangeDate="26.03.2012 06:53:20" CreateDate="26.03.2012 06:53:20" Attr="rsAh" Size="343168" CheckResult="-1" File="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" Type="REG" Is64="0" X4=""C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun" X3="StartCCC" X2="Software\Microsoft\Windows\CurrentVersion\Run" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM IsPE64="1" IsPE="1" Ver="6.14.10.2001" OFN="atiacmxx.dll" Product="AMD Desktop Component" Vendor="Advanced Micro Devices, Inc." MD5="117FD367D6EE8CEBCB33EF68087C3D81" ChangeDate="26.03.2012 05:59:10" CreateDate="26.03.2012 05:59:10" Attr="rsAh" Size="837632" CheckResult="-1" File="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll" IsDLL="1" Type="REG" Is64="1" X4="Catalyst Context Menu extension" X3="{5E2121EE-0300-11D4-8D3B-444553540000}" X2="Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM IsPE64="1" IsPE="1" Ver="6.14.10.2001" OFN="Atiamaxx.dll" Product="AMD Desktop Component" Vendor="Advanced Micro Devices, Inc." MD5="E8176BA658759F1F8F2532D6EBF2B899" ChangeDate="26.03.2012 05:58:52" CreateDate="26.03.2012 05:58:52" Attr="rsAh" Size="571392" CheckResult="-1" File="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll" IsDLL="1" Type="REG" Is64="1" X4="Display CPL Extension" X3="{872A9397-E0D6-4e28-B64D-52B8D0A7EA35}" X2="Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM IsPE64="1" IsPE="1" Ver="7.3.0.140" OFN="AthBtTray.exe" Product="Bluetooth Software" Vendor="Atheros Commnucations" MD5="E49AE4396848D3BF94501AB780AC29DF" ChangeDate="16.11.2011 10:46:50" CreateDate="16.11.2011 10:46:50" Attr="rsAh" Size="657568" CheckResult="-1" File="C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" Type="REG" Is64="1" X4=""C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"" X3="AthBtTray" X2="Software\Microsoft\Windows\CurrentVersion\Run" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM IsPE64="1" IsPE="1" Ver="7.3.0.140" OFN="AthBtTray.exe.mui" Product="Bluetooth Software" Vendor="Atheros Commnucations" MD5="488ED7E65BB02D38F528EBA4FE08FAAF" ChangeDate="16.11.2011 10:49:40" CreateDate="16.11.2011 10:49:40" Attr="rsAh" Size="160928" CheckResult="-1" File="C:\Program Files (x86)\Bluetooth Suite\BtContextMenu.dll" IsDLL="1" Type="REG" Is64="1" X4="BtContextMenu" X3="{C865E0A2-40BF-4ca7-B3F3-162290A67572}" X2="Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM IsPE64="1" IsPE="1" Ver="7.3.0.140" OFN="BtvAppExt.dll.mui" Product="Bluetooth Software" Vendor="Atheros Commnucations" MD5="1522EF19C1E36909CED6E1810DC76D49" ChangeDate="16.11.2011 10:49:56" CreateDate="16.11.2011 10:49:56" Attr="rsAh" Size="182944" CheckResult="-1" File="C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll" IsDLL="1" Type="REG" Is64="1" X4="Atheros BT Extension" X3="{B8952421-0E55-400B-94A6-FA858FC0A39F}" X2="Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM IsPE64="1" IsPE="1" Ver="7.3.0.140" OFN="BtvStack.exe.mui" Product="Bluetooth-Software" Vendor="Atheros Communications" MD5="25E7291B7CE28D71F1902756F05BEEC8" ChangeDate="16.11.2011 10:50:10" CreateDate="16.11.2011 10:50:10" Attr="rsAh" Size="792224" CheckResult="-1" File="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" Type="REG" Is64="1" X4=""C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"" X3="AtherosBtStack" X2="Software\Microsoft\Windows\CurrentVersion\Run" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM IsPE64="1" IsPE="1" Ver="7.3.0.140" OFN="AthBtTray.exe.mui" Product="Bluetooth Software" Vendor="Atheros Commnucations" MD5="8CDA76D4CBC7911D765A5B7D534C3F58" ChangeDate="16.11.2011 11:00:58" CreateDate="16.11.2011 11:00:58" Attr="rsAh" Size="434848" CheckResult="-1" File="C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll" IsDLL="1" Type="REG" Is64="1" X4="FTShellContext extension" X3="{AFF81F7B-6942-40c4-AADA-7214EF7B6DD1}" X2="Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM IsPE="1" Ver="11.5.12.2126" Product="BusinessObjects Enterprise" Vendor="Business Objects" MD5="8D5DA4027CF3A577B0A405AAF4C775D3" ChangeDate="16.09.2010 02:23:30" CreateDate="16.09.2010 02:23:30" Attr="rsAh" Size="2674688" CheckResult="-1" File="C:\Program Files (x86)\Business Objects\BusinessObjects Enterprise 11.5\win32_x86\log_xn_system.dll" IsDLL="1" Type="REG" Is64="0" X4="C:\Program Files (x86)\Business Objects\BusinessObjects Enterprise 11.5\win32_x86\log_xn_system.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\BusinessObjects_MsiExec" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM IsPE="1" Ver="11.5.12.2126" Product="BusinessObjects Enterprise" Vendor="Business Objects" MD5="8D5DA4027CF3A577B0A405AAF4C775D3" ChangeDate="16.09.2010 02:23:30" CreateDate="16.09.2010 02:23:30" Attr="rsAh" Size="2674688" CheckResult="-1" File="C:\Program Files (x86)\Business Objects\BusinessObjects Enterprise 11.5\win32_x86\log_xn_system.dll" IsDLL="1" Type="REG" Is64="0" X4="C:\Program Files (x86)\Business Objects\BusinessObjects Enterprise 11.5\win32_x86\log_xn_system.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\BusinessObjects_setup" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM IsPE="1" Ver="11.5.12.2126" OFN="CRAXDRT.DLL" Product="Crystal Reports" Vendor="Business Objects" MD5="7FECB520BA5811D4478FF2B11EF34F8A" ChangeDate="16.09.2010 03:43:00" CreateDate="16.09.2010 03:43:00" Attr="rsAh" Size="8289792" CheckResult="-1" File="C:\Program Files (x86)\Business Objects\Common\3.5\bin\craxdrt.dll" IsDLL="1" Type="REG" Is64="0" X4="C:\Program Files (x86)\Business Objects\Common\3.5\bin\craxdrt.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Crystal_RDC" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM IsPE="1" Ver="1.5.14287.174" OFN="AVKProxy.exe" Product="G Data Security Software" Vendor="G Data Software AG" MD5="8DFC779658F5227019615CDF54748652" ChangeDate="14.10.2014 01:54:44" CreateDate="14.10.2014 01:54:44" Attr="rsah" Size="2250360" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe" Type="REG" Is64="0" X4="C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\AVKProxy" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM IsPE="1" Ver="1.4.14140.171" OFN="GDScan.exe" Product="G Data Security Software" Vendor="G Data Software AG" MD5="CC88D7254787D15B84377137BF739F90" ChangeDate="20.05.2014 08:37:50" CreateDate="20.05.2014 08:37:50" Attr="rsah" Size="700536" CheckResult="-1" File="C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe" Type="REG" Is64="0" X4="C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\GDScan" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\IPSEventLogMsg.dll" Type="REG" Is64="0" X4="%CommonProgramFiles%\Microsoft Shared\Ink\IPSEventLogMsg.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Handwriting Recognition" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Program Files (x86)\DVD" Type="REG" Is64="0" X4="%ProgramFiles%\DVD Maker\DVDMaker.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dvd Maker" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM IsPE="1" Ver="25.0.14140.245" OFN="AVKTray.exe" Product="G Data Security Software" Vendor="G Data Software AG" MD5="E2C460BE430173E81995BB1484FEEE0E" ChangeDate="20.05.2014 03:05:52" CreateDate="20.05.2014 03:05:52" Attr="rsah" Size="1725048" CheckResult="-1" File="C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" Type="REG" Is64="1" X4="C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" X3="Userinit" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM IsPE64="1" IsPE="1" Ver="27.0.14140.210" OFN="AVKWCtl.EXE" Product="G Data Security" Vendor="G Data Software AG" MD5="258B9C230D2A904349CDF18CAD6B22BE" ChangeDate="20.05.2014 02:30:41" CreateDate="20.05.2014 02:30:41" Attr="rsah" Size="2683760" CheckResult="-1" File="C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe" Type="REG" Is64="0" X4="C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\AVKWCtl" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM IsPE="1" Ver="1.0.13353.219" OFN="SOBFilesNSE.DLL" Product="G Data TotalCare" Vendor="G Data Software AG" MD5="1AAB2490C262D54B2260F687C1226949" ChangeDate="19.12.2013 03:39:50" CreateDate="19.12.2013 03:39:50" Attr="rsah" Size="210552" CheckResult="-1" File="C:\Program Files (x86)\G Data\InternetSecurity\AVK\SOBFilesNSE.dll" IsDLL="1" Type="REG" Is64="0" X4="SOBVirtualFolder Class" X3="{E5A82055-B4B3-449B-9202-C714068617F9}" X2="Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM IsPE="1" Ver="25.0.13353.266" OFN="AutorunDelayLoader.exe" Product="G Data AntiVirus" Vendor="G Data Software AG" MD5="A9F3C6135C9756E21A331F20437BC83E" ChangeDate="19.12.2013 04:26:34" CreateDate="19.12.2013 04:26:34" Attr="rsah" Size="431224" CheckResult="-1" File="C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe" Type="REG" Is64="0" X4=""C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe" /autostart" X3="G Data ASM" X2="Software\Microsoft\Windows\CurrentVersion\Run" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM IsPE="1" Ver="2.7.14140.226" Product="G Data Personal Firewall" Vendor="G Data Software AG" MD5="0B6307FB3D24EACBB86A51E285E1F384" ChangeDate="20.05.2014 02:46:50" CreateDate="20.05.2014 02:46:50" Attr="rsah" Size="1756792" CheckResult="-1" File="C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" Type="REG" Is64="0" X4="C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" X3="GDFirewallTray" X2="Software\Microsoft\Windows\CurrentVersion\Run" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM IsPE64="1" IsPE="1" Ver="4.1.14233.221" OFN="GDFwSvc.EXE" Product="G Data Personal Firewall" Vendor="G Data Software AG" MD5="56F6E95D62AFC30FD0250D031E5AA480" ChangeDate="21.08.2014 02:41:09" CreateDate="21.08.2014 02:41:09" Attr="rsah" Size="3228136" CheckResult="-1" File="C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe" Type="REG" Is64="0" X4="C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\GDFwSvc" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM IsPE="1" Ver="1.0.0.0" OFN="LPHotkey.exe" Product="LPHotkey" Vendor="LPHotkey" MD5="EEDEA8E1EAC3D8C6162CA0C04743405C" ChangeDate="23.12.2011 09:46:54" CreateDate="30.07.2012 12:13:47" Attr="rsAh" Size="84480" CheckResult="-1" File="C:\Program Files (x86)\Lenovo\LPHotkey\LPHotkey.exe" Type="REG" Is64="0" X4="C:\Program Files (x86)\Lenovo\LPHotkey\LPHotkey.exe" X3="LPHotkey" X2="Software\Microsoft\Windows\CurrentVersion\Run" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Program Files (x86)\Windows Defender\MpEvMsg.dll" Type="REG" Is64="0" X4="%ProgramFiles%\Windows Defender\MpEvMsg.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\WinDefend" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM MD5="" ChangeDate="06.06.2014 09:34:15" CreateDate="30.07.2012 12:32:32" Attr="rsah" Size="0" CheckResult="-1" File="C:\Program Files\Lenovo\OneKey App\OneKey Recovery" Type="REG" Is64="0" X4=""C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"" X3="UpdatePRCShortCut" X2="Software\Microsoft\Windows\CurrentVersion\Run" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM IsPE64="1" IsPE="1" Ver="15.0.4659.1000" OFN="LyncDesktopResources.dll" Product="Microsoft Office 2013" Vendor="Microsoft Corporation" MD5="F2AC5152AD34AFD1BCCCA6D3387AD69C" ChangeDate="16.09.2014 12:01:05" CreateDate="16.10.2014 16:29:06" Attr="rsAh" Size="537240" CheckResult="-1" File="C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1031\LYNCDESKTOPRESOURCES.DLL" IsDLL="1" Type="REG" Is64="0" X4="C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1031\LYNCDESKTOPRESOURCES.DLL" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\LyncPlatform" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM IsPE64="1" IsPE="1" Ver="15.0.4553.1000" OFN="UccApiRes.dll" Product="Microsoft Office 2013" Vendor="Microsoft Corporation" MD5="6753F93399B46EF6D28735EB2B26E7EA" ChangeDate="06.04.2014 18:06:56" CreateDate="06.04.2014 17:59:37" Attr="rsAh" Size="1287840" CheckResult="-1" File="C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1031\UCCAPIRES.DLL" IsDLL="1" Type="REG" Is64="0" X4="C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1031\UCCAPIRES.DLL" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Lync" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM IsPE="1" MD5="50E0B295BC2E9D6A0BE21DF77D24B5E1" ChangeDate="13.04.2012 14:41:14" CreateDate="13.04.2012 14:41:14" Attr="rsAh" Size="45448" CheckResult="-1" File="C:\QuickStartUtil\VAWinAgent.exe" Type="REG" Is64="0" X4="C:\QuickStartUtil\VAWinAgent.exe" X3="VAWinAgent" X2="Software\Microsoft\Windows\CurrentVersion\Run" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\Audiosrv.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\Audiosrv.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\Audiosrv.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\Audiosrv.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\AudioSrv\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\AxInstSV.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\AxInstSV.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\AxInstSV\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\AxInstSv.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\AxInstSv.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AxInstallService" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\DFDTS.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\DFDTS.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Disk Diagnostic" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\DispCI.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\DispCI.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Display" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\Drivers\BthUsb.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\Drivers\BthUsb.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHUSB" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\Drivers\Bthport.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\Drivers\Bthport.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHPORT" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\Drivers\Bthport.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\Drivers\Bthport.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHUSB" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\Drivers\Pcmcia.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\Drivers\Pcmcia.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\pcmcia" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\Drivers\VolSnap.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\Drivers\VolSnap.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Volsnap" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\Drivers\acpi.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\Drivers\acpi.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\ACPI" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\Drivers\hidbth.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\Drivers\hidbth.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\HidBth" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\LogiLDA.dll" Type="REG" Is64="1" X4="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch" X3="Logitech Download Assistant" X2="Software\Microsoft\Windows\CurrentVersion\Run" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\MsSpellCheckingFacility.dll" Type="REG" Is64="0" X4="%systemroot%\System32\MsSpellCheckingFacility.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Spell-Checking" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\MsSpellCheckingFacility.dll" Type="REG" Is64="0" X4="%systemroot%\System32\MsSpellCheckingFacility.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-SpellChecker" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\MsSpellCheckingFacility.dll" Type="REG" Is64="0" X4="%systemroot%\System32\MsSpellCheckingFacility.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Spell-Checking" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\MsSpellCheckingFacility.dll" Type="REG" Is64="0" X4="%systemroot%\System32\MsSpellCheckingFacility.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SpellChecker" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\RpcEpMap.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\RpcEpMap.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\RpcEptMapper\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\SCardSvr.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\SCardSvr.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\SCardSvr\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\SDRSVC.dll" Type="REG" Is64="0" X4="%Systemroot%\System32\SDRSVC.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\SDRSVC\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\TabSvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\TabSvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\TabletInputService\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll" Type="REG" Is64="1" X4="C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll" X3="DLLName" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4bcd6cde-777b-48b6-9804-43568e23545d}" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\UI0Detect.exe" Type="REG" Is64="0" X4="%SystemRoot%\System32\UI0Detect.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Interactive Services detection" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\VSSVC.EXE" Type="REG" Is64="0" X4="%SystemRoot%\System32\VSSVC.EXE" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSS" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\VSSVC.EXE" Type="REG" Is64="0" X4="%SystemRoot%\System32\VSSVC.EXE" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Security\VSSAudit" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\WUDFHost.exe" Type="REG" Is64="1" X4="C:\Windows\System32\WUDFHost.exe" X3="HostProcessImagePath" X2="Software\Microsoft\Windows NT\CurrentVersion\WUDF\Services\{193a1820-d9ac-4997-8c55-be817523f6aa}" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\WUDFSvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\WUDFSvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\wudfsvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\WerSvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\WerSvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\WerSvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\aelupsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\aelupsvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\AeLookupSvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\aelupsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\aelupsvc.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\AeLookupSvc" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\appidsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\appidsvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\AppIDSvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\appinfo.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\appinfo.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\Appinfo\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\bdesvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\bdesvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\BDESVC\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\bfe.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\bfe.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\BFE\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\browser.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\browser.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\Browser\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\certprop.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\certprop.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\CertPropSvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\certprop.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\certprop.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\SCPolicySvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\defragsvc.dll" Type="REG" Is64="0" X4="%Systemroot%\System32\defragsvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\defragsvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\dnsrslvr.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\dnsrslvr.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\Dnscache\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\dot3svc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\dot3svc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\dot3svc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\MTConfig.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\MTConfig.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\MTConfig" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\SynTP.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\SynTP.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\SynTP" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\Wdf01000.sys" Type="REG" Is64="0" X4="C:\Windows\System32\drivers\Wdf01000.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\wdf01000" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\amdk8.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\amdk8.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdK8" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\amdppm.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\amdppm.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdPPM" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\ati2erec.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\ati2erec.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\ATIeRecord" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\ati2erec.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\ati2erec.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\amdkmdag" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\ati2erec.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\ati2erec.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\amdkmdap" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\b57nd60a.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\b57nd60a.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\b57nd60a" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\btath_hcrp.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\btath_hcrp.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\BTATH_HCRP" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\bxvbda.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\bxvbda.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\b06bdrv" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\cjusb.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\cjusb.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\cjusb" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\evbda.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\evbda.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\ebdrv" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\fltmgr.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\fltmgr.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\FltMgr" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\i8042prt.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\i8042prt.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\i8042prt" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\iaStorV.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\iaStorV.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStorV" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\intelppm.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\intelppm.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\intelppm" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\ipmidrv.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\ipmidrv.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPMIDRV" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\isapnp.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\isapnp.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\isapnp" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\kbdclass.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\kbdclass.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdclass" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\kbdhid.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\kbdhid.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdhid" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\mouclass.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\mouclass.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\mouclass" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\mouhid.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\mouhid.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\mouhid" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\mpio.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\mpio.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\mpio" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\nvstor.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\nvstor.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\nvstor" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\parport.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\parport.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Parport" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\processr.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\processr.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Processor" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\sbp2port.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\sbp2port.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\sbp2port" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\serial.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\serial.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Serial" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\sermouse.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\sermouse.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\sermouse" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\tpm.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\tpm.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\TPM" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\tsusbflt.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\tsusbflt.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\TsUsbFlt" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\vgapnp.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\vgapnp.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\vga" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\wacompen.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\wacompen.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\WacomPen" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\drivers\wd.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\drivers\wd.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Wd" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\eapsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\eapsvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\EapHost\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\gpsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\gpsvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\gpsvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\ikeext.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\ikeext.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\IKEEXT\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\iphlpsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\iphlpsvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\ipnathlp.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\ipnathlp.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\ipsecsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\ipsecsvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\iscsiexe.dll" Type="REG" Is64="0" X4="%systemroot%\System32\iscsiexe.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\MSiSCSI" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\iscsilog.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\iscsilog.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\iScsiPrt" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\lltdsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\lltdsvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\lltdsvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\lmhsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\lmhsvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\lmhosts\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\lsasrv.dll" Type="REG" Is64="0" X4="%windir%\System32\lsasrv.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\lsasrv.dll" Type="REG" Is64="0" X4="%windir%\System32\lsasrv.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\mctadmin.exe" Type="REG" Is64="0" X4="C:\Windows\System32\mctadmin.exe" X3="mctadmin" X2="S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce" X1="HKEY_USERS" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\mctadmin.exe" Type="REG" Is64="0" X4="C:\Windows\System32\mctadmin.exe" X3="mctadmin" X2="S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce" X1="HKEY_USERS" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\mdsched.exe" Type="REG" Is64="0" X4="%SystemRoot%\System32\mdsched.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Schedule" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\netman.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\netman.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\Netman\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\nlasvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\nlasvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\pcasvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\pcasvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\PcaSvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\profsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\profsvc.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User Profiles Service" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\profsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\profsvc.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Profsvc" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\qmgr.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\qmgr.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\BITS\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\rasauto.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\rasauto.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\RasAuto\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\rasmans.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\rasmans.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\RasMan\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\relpost.exe" Type="REG" Is64="0" X4="%SystemRoot%\System32\relpost.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Results" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\samsrv.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\samsrv.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Directory-Services-SAM" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\samsrv.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\samsrv.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\snmptrap.exe" Type="REG" Is64="0" X4="%SystemRoot%\System32\snmptrap.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\SNMPTRAP" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\ssdpsrv.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\ssdpsrv.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\SSDPSRV\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\sstpsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\sstpsvc.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-RasSstp" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\swprv.dll" Type="REG" Is64="0" X4="%Systemroot%\System32\swprv.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\swprv\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\tbssvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\tbssvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\TBS\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\tcpmon.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\tcpmon.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\termsrv.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\termsrv.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\TermService\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\trkwks.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\trkwks.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\TrkWks\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\umpnpmgr.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\umpnpmgr.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\PlugPlayManager" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\umpo.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\umpo.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Power" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\uxsms.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\uxsms.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\UxSms\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\vds.exe" Type="REG" Is64="0" X4="%SystemRoot%\System32\vds.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Virtual Disk Service" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\wbiosrvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\wbiosrvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\WbioSrvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\wecsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\wecsvc.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\wecsvc" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\wercplsupport.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\wercplsupport.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\wercplsupport\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\wersvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\wersvc.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Hang" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\wersvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\wersvc.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\WerSvc" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\wevtsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\wevtsvc.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Security\Microsoft-Windows-Eventlog" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\wevtsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\wevtsvc.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Eventlog" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\wiaservc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\wiaservc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\stisvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\wiaservc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\wiaservc.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\win32k.sys" Type="REG" Is64="0" X4="\SystemRoot\System32\win32k.sys" X3="Kmode" X2="System\CurrentControlSet\Control\Session Manager\SubSystems" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\win32k.sys" Type="REG" Is64="0" X4="%SystemRoot%\System32\win32k.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Win32k" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\winlogon.exe" Type="REG" Is64="0" X4="%SystemRoot%\System32\winlogon.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\winlogon.exe" Type="REG" Is64="0" X4="%SystemRoot%\System32\winlogon.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wlclntfy" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\wkssvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\wkssvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\wlansvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\wlansvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\Wlansvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\wscsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\wscsvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\wscsvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\wscsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\wscsvc.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\SecurityCenter" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\System32\wwansvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\System32\wwansvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\WwanSvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\BlbEvents.dll" Type="REG" Is64="0" X4="%windir%\system32\BlbEvents.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Backup" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\EncIcons.dll" Type="REG" Is64="1" X4="VeriFace file icon extension" X3="{DF4F5AE4-E795-4C12-BC26-7726C27F71AE}" X2="Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\FntCache.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\FntCache.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\FontCache\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\HPZinw12.dll" Type="REG" Is64="0" X4="C:\Windows\system32\HPZinw12.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\Net Driver HPZ12\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\HPZipm12.dll" Type="REG" Is64="0" X4="C:\Windows\system32\HPZipm12.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\Pml Driver HPZ12\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
Geändert von cosinus (24.01.2015 um 21:36 Uhr) |
|
24.01.2015, 21:26
| #4 |
| | Schädling in Firefox / FlashCode:
ATTFilter <ITEM CheckResult="-1" File="C:\Windows\system32\IcnOvrly.dll" Type="REG" Is64="1" X4="VeriFace Enc" X3="{771C7324-DA80-49D3-8017-753B0AF60951}" X2="Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\ListSvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\ListSvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\HomeGroupListener\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\Mcx2Svc.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\Mcx2Svc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\Mcx2Svc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\SimpleExt.dll" Type="REG" Is64="1" X4="IkeyShlExt extension" X3="{F1E551D1-822B-40e6-B4D8-A9B4A48AA07A}" X2="Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\WINSAT.EXE" Type="REG" Is64="0" X4="%SystemRoot%\system32\WINSAT.EXE" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-WindowsSystemAssessmentTool" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\WUDFPlatform.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\WUDFPlatform.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DriverFrameworks-UserMode" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\Wat\WatUX.exe" Type="REG" Is64="0" X4="%SystemRoot%\system32\Wat\WatUX.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Activation Technologies" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\bthserv.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\bthserv.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\bthserv\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\certprop.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\certprop.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SCPNP" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\cofiredm.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\cofiredm.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Client" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\cofiredm.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\cofiredm.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Server" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\csrsrv.dll" Type="REG" Is64="0" X4="%windir%\system32\csrsrv.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Subsys-SMSS" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\defragsvc.dll" Type="REG" Is64="0" X4="%systemroot%\system32\defragsvc.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Defrag" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\dfdts.dll" Type="REG" Is64="0" X4="%windir%\system32\dfdts.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DiskDiagnostic" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\dps.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\dps.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\DPS\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\drivers\HTTP.SYS" Type="REG" Is64="0" X4="%SystemRoot%\system32\drivers\HTTP.SYS" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HttpEvent" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\drivers\fltmgr.sys" Type="REG" Is64="0" X4="%SystemRoot%\system32\drivers\fltmgr.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FilterManager" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\drivers\fvevol.sys" Type="REG" Is64="0" X4="%SystemRoot%\system32\drivers\fvevol.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-Driver" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\drivers\ntfs.sys" Type="REG" Is64="0" X4="%SystemRoot%\system32\drivers\ntfs.sys" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Ntfs" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\dwm.exe" Type="REG" Is64="0" X4="%SystemRoot%\system32\dwm.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Desktop Window Manager" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\eapsvc.dll" Type="REG" Is64="0" X4="%systemroot%\system32\eapsvc.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EapHost" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\fdPHost.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\fdPHost.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\fdPHost\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\fdphost.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\fdphost.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FunctionDiscoveryHost" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\fdrespub.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\fdrespub.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\FDResPub\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\fdrespub.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\fdrespub.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ResourcePublication" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\fveapi.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\fveapi.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-API" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\fxsevent.dll" Type="REG" Is64="0" X4="%systemroot%\system32\fxsevent.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Fax" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\gpsvc.dll" Type="REG" Is64="0" X4="%systemroot%\system32\gpsvc.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-GroupPolicy" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\ipbusenum.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\ipbusenum.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\IPBusEnum\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\ipbusenum.dll" Type="REG" Is64="0" X4="%systemroot%\system32\ipbusenum.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-IPBusEnum" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\iphlpsvc.dll" Type="REG" Is64="0" X4="%windir%\system32\iphlpsvc.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Iphlpsvc" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\iscsiexe.dll" Type="REG" Is64="0" X4="%systemroot%\system32\iscsiexe.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\MSiSCSI\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\kmsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\kmsvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\hkmsvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\lpksetup.exe" Type="REG" Is64="0" X4="%SystemRoot%\system32\lpksetup.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-LanguagePackSetup" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\lsm.exe" Type="REG" Is64="0" X4="%SystemRoot%\system32\lsm.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\LSM" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\lsm.exe" Type="REG" Is64="0" X4="%SystemRoot%\system32\lsm.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-LocalSessionManager" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\microsoft-windows-hal-events.dll" Type="REG" Is64="0" X4="%systemroot%\system32\microsoft-windows-hal-events.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HAL" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\microsoft-windows-kernel-power-events.dll" Type="REG" Is64="0" X4="%systemroot%\system32\microsoft-windows-kernel-power-events.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Power" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\microsoft-windows-kernel-processor-power-events.dll" Type="REG" Is64="0" X4="%systemroot%\system32\microsoft-windows-kernel-processor-power-events.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Processor-Power" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\mmcss.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\mmcss.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\MMCSS\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\mmcss.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\mmcss.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\THREADORDER\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\mpssvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\mpssvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\mpssvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\mpssvc.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Firewall" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\msdtckrm.dll" Type="REG" Is64="0" X4="%systemroot%\system32\msdtckrm.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\KtmRm\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\nsisvc.dll" Type="REG" Is64="0" X4="%systemroot%\system32\nsisvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\nsi\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\oobe\winsetup.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\oobe\winsetup.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Setup" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\p2psvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\p2psvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\p2psvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\pnrpauto.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\pnrpauto.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\PNRPAutoReg\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\pnrpsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\pnrpsvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\p2pimsvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\pnrpsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\pnrpsvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\PNRPsvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\profsvc.dll" Type="REG" Is64="0" X4="%systemroot%\system32\profsvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\ProfSvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\psxss.exe" Type="REG" Is64="0" X4="%SystemRoot%\system32\psxss.exe" X3="Posix" X2="System\CurrentControlSet\Control\Session Manager\SubSystems" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\qagentRT.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\qagentRT.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\napagent\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\qmgr.dll" Type="REG" Is64="0" X4="%systemroot%\system32\qmgr.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Bits-Client" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\recovery.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\recovery.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Recovery" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\regsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\regsvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\rpcss.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\rpcss.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\DcomLaunch\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\rpcss.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\rpcss.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\RpcSs\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\schedsvc.dll" Type="REG" Is64="0" X4="%systemroot%\system32\schedsvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\Schedule\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\schedsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\schedsvc.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TaskScheduler" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\sdclt.exe" Type="REG" Is64="0" X4="%SystemRoot%\system32\sdclt.exe" X3="" X2="SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\sdengin2.dll" Type="REG" Is64="0" X4="%systemroot%\system32\sdengin2.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Backup" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\seclogon.dll" Type="REG" Is64="0" X4="%windir%\system32\seclogon.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\seclogon\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\sensrsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\sensrsvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\SensrSvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\services.exe" Type="REG" Is64="0" X4="%SystemRoot%\system32\services.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Service Control Manager" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\sppsvc.exe" Type="REG" Is64="0" X4="%windir%\system32\sppsvc.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Protection Platform Service" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\sppsvc.exe" Type="REG" Is64="0" X4="%windir%\system32\sppsvc.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service\KmsRequests" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\sppuinotify.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\sppuinotify.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\sppuinotify\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\srcore.dll" Type="REG" Is64="0" X4="%systemroot%\system32\srcore.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\System Restore" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\srvsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\srvsvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\sstpsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\sstpsvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\sstpsvc.dll" Type="REG" Is64="0" X4="%systemroot%\system32\sstpsvc.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\RasSstp" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\sysmain.dll" Type="REG" Is64="0" X4="%systemroot%\system32\sysmain.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\SysMain\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\sysmain.dll" Type="REG" Is64="0" X4="%systemroot%\system32\sysmain.dll" X3="Library" X2="SYSTEM\CurrentControlSet\Services\rdyboost\Performance" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\tbssvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\tbssvc.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TBS" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\termsrv.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\termsrv.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-RemoteConnectionManager" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\termsrv.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\termsrv.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\TermService" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\themeservice.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\themeservice.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\Themes\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\umpnpmgr.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\umpnpmgr.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\PlugPlay\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\umpnpmgr.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\umpnpmgr.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-UserPnp" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\umpo.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\umpo.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\Power\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\w32time.dll" Type="REG" Is64="0" X4="%systemroot%\system32\w32time.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\W32Time\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\w32time.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\w32time.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Time-Service" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\w32time.dll" Type="REG" Is64="0" X4="%Systemroot%\system32\w32time.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\W32Time" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\w32time.dll" Type="REG" Is64="0" X4="%systemroot%\system32\w32time.dll" X3="DllName" X2="SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\w32time.dll" Type="REG" Is64="0" X4="%systemroot%\system32\w32time.dll" X3="DllName" X2="SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\wbem\WMIsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\wbem\WMIsvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\wecsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\wecsvc.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\Wecsvc\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\wecsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\wecsvc.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EventCollector" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\wecsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\wecsvc.dll" X3="DisplayNameFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\HardwareEvents" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\wecsvc.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\wecsvc.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-EventCollector" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\winlogon.exe" Type="REG" Is64="0" X4="%SystemRoot%\system32\winlogon.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Winlogon" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\winsrv.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\winsrv.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Winsrv" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\wlansvc.dll" Type="REG" Is64="0" X4="%windir%\system32\wlansvc.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WLAN-AutoConfig" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\wpdbusenum.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\wpdbusenum.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\WPDBusEnum\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\wsepno.dll" Type="REG" Is64="0" X4="%SystemRoot%\system32\wsepno.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Search Service Profile Notification" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\wuaueng.dll" Type="REG" Is64="0" X4="%systemroot%\system32\wuaueng.dll" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\wuauserv\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="C:\Windows\system32\wuaueng.dll" Type="REG" Is64="0" X4="%systemroot%\system32\wuaueng.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WindowsUpdateClient" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM IsPE="1" MD5="79DE5E0997A94ED1D336B314005C4543" ChangeDate="30.09.2010 13:00:28" CreateDate="06.05.2014 19:20:26" Attr="rsAh" Size="139088" CheckResult="-1" File="D:\1&1 Surf-Stick\UIExec.exe" Type="REG" Is64="0" X4=""D:\\1&1 Surf-Stick\UIExec.exe"" X3="UIExec" X2="Software\Microsoft\Windows\CurrentVersion\Run" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM CheckResult="-1" File="Maker\DVDMaker.exe" Type="REG" Is64="0" X4="%ProgramFiles%\DVD Maker\DVDMaker.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dvd Maker" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
<ITEM CheckResult="-1" File="auditcse.dll" Type="REG" Is64="1" X4="auditcse.dll" X3="DLLName" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}" X1="HKEY_LOCAL_MACHINE" Enabled="1"/>
<ITEM IsPE="1" Ver="25.0.14136.253" OFN="AvkCKS.exe" Product="G DATA Security Software" Vendor="G DATA Software AG" MD5="2A9DD1ECE8ACD1B74BA43CC2CB2E99B4" ChangeDate="01.07.2014 13:41:33" CreateDate="01.07.2014 13:41:33" Attr="rsah" Size="296568" CheckResult="-1" File="c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe" Type="REG" Is64="1" X4="c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe" X3="Userinit" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/>
</AUTORUN>
-<BHO>
<ITEM IsPE="1" Ver="7.3.0.140" OFN="IESpeakDoc.dll" Product="Bluetooth Software" Vendor="Atheros Commnucations" MD5="2CA438EE560F8BFC4F94838D53724F38" ChangeDate="16.11.2011 10:56:52" CreateDate="16.11.2011 10:56:52" Attr="rsAh" Size="64672" LegalCopyright="Copyright (c) 2001-2011 Atheros Communications, Inc. All rights reserved." Descr="Bluetooth IE PlugIn" CheckResult="-1" File="C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll" IsDLL="1" Enabled="1" CLSID="{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" BHOType="1"/>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{2670000A-7350-4f3c-8081-5663EE0C6C49}" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions" BHOType="3"/>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{7815BE26-237D-41A8-A98F-F7BD75F71086}" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions" BHOType="3"/>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions" BHOType="3"/>
</BHO>
-<ExplorerExt>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="WebCheck" ExtType="1"/>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{5E2121EE-0300-11D4-8D3B-444553540000}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Catalyst Context Menu extension" ExtType="1"/>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{B41DB860-64E4-11D2-9906-E49FADC173CA}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="WinRAR shell extension" ExtType="1"/>
<ITEM IsPE="1" Ver="1.0.13353.219" OFN="SOBFilesNSE.DLL" Product="G Data TotalCare" Vendor="G Data Software AG" MD5="1AAB2490C262D54B2260F687C1226949" ChangeDate="19.12.2013 03:39:50" CreateDate="19.12.2013 03:39:50" Attr="rsah" Size="210552" LegalCopyright="© G Data Software AG. All rights reserved." Descr="G Data Cloud NSE" CheckResult="-1" File="C:\Program Files (x86)\G Data\InternetSecurity\AVK\SOBFilesNSE.dll" IsDLL="1" Enabled="1" CLSID="{E5A82055-B4B3-449B-9202-C714068617F9}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="SOBVirtualFolder Class" ExtType="1"/>
</ExplorerExt>
-<PrintEXT>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="hpinksts5912LM.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="HPDiscoPM5912.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="localspl.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="FXSMON.DLL" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="hpf3lw73.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="rc4mon64.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="tcpmon.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="stkMonitor.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="usbmon.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="WSDMon.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="inetpp.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Providers"/>
</PrintEXT>
-<TaskScheduler>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe" Enabled="49894208" FullCmd=" "%ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe" " SHPath="C:\Windows\system32\Tasks\Lenovo\" Status="23651728" JobName="Lenovo Customer Feedback Program"/>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File=" aitagent " Enabled="49894208" FullCmd=" aitagent " SHPath="C:\Windows\system32\Tasks\Microsoft\Windows\Application Experience\" Status="23650952" JobName="AitAgent"/>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Windows\ehome\mcupdate" Enabled="49894208" FullCmd=" %SystemRoot%\ehome\mcupdate $(Arg0)" SHPath="C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\" Status="23650952" JobName="mcupdate"/>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Windows\ehome\mcupdate" Enabled="49894208" FullCmd=" %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15" SHPath="C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\" Status="23650952" JobName="mcupdate_scheduled"/>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Windows\ehome\ehrec" Enabled="49894208" FullCmd=" %SystemRoot%\ehome\ehrec /RestartRecording" SHPath="C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\" Status="23650952" JobName="RecordingRestart"/>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Windows\ehome\ehrec" Enabled="49894208" FullCmd=" %SystemRoot%\ehome\ehrec /StartRecording" SHPath="C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\" Status="23650952" JobName="StartRecording"/>
<ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Windows\system32\OFFICEICON.vbs" Enabled="49894208" FullCmd=" C:\Windows\system32\OFFICEICON.vbs " SHPath="C:\Windows\system32\Tasks\" Status="23652116" JobName="OFFICE2010ACT"/>
</TaskScheduler>
-<SPI>
<ITEM IsPE="1" Ver="6.1.7601.18685" OFN="nlaapi.dll" Product="Microsoft® Windows® Operating System" Vendor="Microsoft Corporation" MD5="FE48346938C1CDDDF4E4097DB9B99764" ChangeDate="06.12.2014 04:50:19" CreateDate="15.01.2015 23:38:06" Attr="rsAh" Size="52224" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Network Location Awareness 2" CheckResult="-1" File="C:\Windows\system32\NLAapi.dll" IsDLL="1" SPINaim="@%SystemRoot%\system32\nlasvc.dll,-1000" SPIType="1"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="napinsp.dll.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="0B7E85364CB878E2AD531DB7B601A9E5" ChangeDate="14.07.2009 02:16:02" CreateDate="14.07.2009 00:54:55" Attr="rsAh" Size="52224" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Descr="E-Mail-Namenshimanbieter" CheckResult="-1" File="C:\Windows\system32\napinsp.dll" IsDLL="1" SPINaim="@%SystemRoot%\system32\napinsp.dll,-1000" SPIType="1"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="pnrpnsp.dll.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="5CF640EDDB1E40A5AB1BB743BCDEC610" ChangeDate="14.07.2009 02:16:12" CreateDate="14.07.2009 00:55:50" Attr="rsAh" Size="65024" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Descr="PNRP-Namespaceanbieter" CheckResult="-1" File="C:\Windows\system32\pnrpnsp.dll" IsDLL="1" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1000" SPIType="1"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="pnrpnsp.dll.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="5CF640EDDB1E40A5AB1BB743BCDEC610" ChangeDate="14.07.2009 02:16:12" CreateDate="14.07.2009 00:55:50" Attr="rsAh" Size="65024" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Descr="PNRP-Namespaceanbieter" CheckResult="-1" File="C:\Windows\system32\pnrpnsp.dll" IsDLL="1" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1001" SPIType="1"/>
<ITEM IsPE="1" Ver="6.1.7601.18254" OFN="mswsock.dll.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="E94C583CDE2348950155F2AF2876F34D" ChangeDate="08.09.2013 03:03:58" CreateDate="21.10.2013 15:25:54" Attr="rsAh" Size="231424" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" CheckResult="-1" File="C:\Windows\System32\mswsock.dll" IsDLL="1" SPINaim="@%SystemRoot%\system32\wshtcpip.dll,-60103" SPIType="1"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="winrnr" Product="Microsoft® Windows® Operating System" Vendor="Microsoft Corporation" MD5="5DF5D8CFD9B9573FA3B2C89D9061A240" ChangeDate="14.07.2009 02:16:19" CreateDate="14.07.2009 00:37:57" Attr="rsAh" Size="20992" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="LDAP RnR Provider DLL" CheckResult="-1" File="C:\Windows\System32\winrnr.dll" IsDLL="1" SPINaim="NTDS" SPIType="1"/>
<ITEM IsPE="1" Ver="6.1.7601.17514" OFN="wshbth.dll" Product="Microsoft® Windows® Operating System" Vendor="Microsoft Corporation" MD5="AC122407B29378FF9646F03404AC7C54" ChangeDate="21.11.2010 04:24:50" CreateDate="21.11.2010 04:24:50" Attr="rsAh" Size="36352" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Windows Sockets Helper DLL" CheckResult="-1" File="C:\Windows\system32\wshbth.dll" IsDLL="1" SPINaim="Bluetooth-Namespace" SPIType="1"/>
<ITEM IsPE="1" Ver="6.1.7601.18254" OFN="mswsock.dll.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="E94C583CDE2348950155F2AF2876F34D" ChangeDate="08.09.2013 03:03:58" CreateDate="21.10.2013 15:25:54" Attr="rsAh" Size="231424" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" IsDLL="1" SPINaim="@%SystemRoot%\System32\wship6.dll,-60100" SPIType="3"/>
<ITEM IsPE="1" Ver="6.1.7601.18254" OFN="mswsock.dll.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="E94C583CDE2348950155F2AF2876F34D" ChangeDate="08.09.2013 03:03:58" CreateDate="21.10.2013 15:25:54" Attr="rsAh" Size="231424" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" IsDLL="1" SPINaim="@%SystemRoot%\System32\wship6.dll,-60101" SPIType="3"/>
<ITEM IsPE="1" Ver="6.1.7601.18254" OFN="mswsock.dll.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="E94C583CDE2348950155F2AF2876F34D" ChangeDate="08.09.2013 03:03:58" CreateDate="21.10.2013 15:25:54" Attr="rsAh" Size="231424" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" IsDLL="1" SPINaim="@%SystemRoot%\System32\wship6.dll,-60102" SPIType="3"/>
<ITEM IsPE="1" Ver="6.1.7601.18254" OFN="mswsock.dll.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="E94C583CDE2348950155F2AF2876F34D" ChangeDate="08.09.2013 03:03:58" CreateDate="21.10.2013 15:25:54" Attr="rsAh" Size="231424" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" IsDLL="1" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60100" SPIType="3"/>
<ITEM IsPE="1" Ver="6.1.7601.18254" OFN="mswsock.dll.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="E94C583CDE2348950155F2AF2876F34D" ChangeDate="08.09.2013 03:03:58" CreateDate="21.10.2013 15:25:54" Attr="rsAh" Size="231424" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" IsDLL="1" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60101" SPIType="3"/>
<ITEM IsPE="1" Ver="6.1.7601.18254" OFN="mswsock.dll.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="E94C583CDE2348950155F2AF2876F34D" ChangeDate="08.09.2013 03:03:58" CreateDate="21.10.2013 15:25:54" Attr="rsAh" Size="231424" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" IsDLL="1" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60102" SPIType="3"/>
<ITEM IsPE="1" Ver="6.1.7601.18254" OFN="mswsock.dll.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="E94C583CDE2348950155F2AF2876F34D" ChangeDate="08.09.2013 03:03:58" CreateDate="21.10.2013 15:25:54" Attr="rsAh" Size="231424" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" IsDLL="1" SPINaim="@%SystemRoot%\System32\wshqos.dll,-100" SPIType="3"/>
<ITEM IsPE="1" Ver="6.1.7601.18254" OFN="mswsock.dll.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="E94C583CDE2348950155F2AF2876F34D" ChangeDate="08.09.2013 03:03:58" CreateDate="21.10.2013 15:25:54" Attr="rsAh" Size="231424" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" IsDLL="1" SPINaim="@%SystemRoot%\System32\wshqos.dll,-101" SPIType="3"/>
<ITEM IsPE="1" Ver="6.1.7601.18254" OFN="mswsock.dll.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="E94C583CDE2348950155F2AF2876F34D" ChangeDate="08.09.2013 03:03:58" CreateDate="21.10.2013 15:25:54" Attr="rsAh" Size="231424" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" IsDLL="1" SPINaim="@%SystemRoot%\System32\wshqos.dll,-102" SPIType="3"/>
<ITEM IsPE="1" Ver="6.1.7601.18254" OFN="mswsock.dll.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="E94C583CDE2348950155F2AF2876F34D" ChangeDate="08.09.2013 03:03:58" CreateDate="21.10.2013 15:25:54" Attr="rsAh" Size="231424" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" IsDLL="1" SPINaim="@%SystemRoot%\System32\wshqos.dll,-103" SPIType="3"/>
<ITEM IsPE="1" Ver="6.1.7601.18254" OFN="mswsock.dll.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="E94C583CDE2348950155F2AF2876F34D" ChangeDate="08.09.2013 03:03:58" CreateDate="21.10.2013 15:25:54" Attr="rsAh" Size="231424" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" IsDLL="1" SPINaim="MSAFD RfComm [Bluetooth]" SPIType="3"/>
</SPI>
-<PORTS>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="0.0.0.0" RemotePort="0" LocalPort="135" PortType="1"/>
<ITEM CheckResult="-1" File="System.exe" RemoteHost="0.0.0.0" RemotePort="0" LocalPort="139" PortType="1"/>
<ITEM CheckResult="-1" File="System.exe" RemoteHost="0.0.0.0" RemotePort="0" LocalPort="445" PortType="1"/>
<ITEM CheckResult="-1" File="wmpnetwk.exe" RemoteHost="0.0.0.0" RemotePort="0" LocalPort="554" PortType="1"/>
<ITEM CheckResult="-1" File="System.exe" RemoteHost="0.0.0.0" RemotePort="0" LocalPort="2869" PortType="1"/>
<ITEM CheckResult="-1" File="System.exe" RemoteHost="0.0.0.0" RemotePort="0" LocalPort="5357" PortType="1"/>
<ITEM CheckResult="-1" File="System.exe" RemoteHost="0.0.0.0" RemotePort="0" LocalPort="10243" PortType="1"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="WinInit.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="B5C5DCAD3899512020D135600129D665" ChangeDate="14.07.2009 02:14:45" CreateDate="14.07.2009 00:36:49" Attr="rsAh" Size="96256" CheckResult="0" File="C:\Windows\system32\wininit.exe" RemoteHost="0.0.0.0" RemotePort="0" LocalPort="49152" PortType="1"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="0.0.0.0" RemotePort="0" LocalPort="49153" PortType="1"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="0.0.0.0" RemotePort="0" LocalPort="49154" PortType="1"/>
<ITEM CheckResult="-1" File="lsass.exe" RemoteHost="0.0.0.0" RemotePort="0" LocalPort="49155" PortType="1"/>
<ITEM CheckResult="-1" File="services.exe" RemoteHost="0.0.0.0" RemotePort="0" LocalPort="49157" PortType="1"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="0.0.0.0" RemotePort="0" LocalPort="49158" PortType="1"/>
<ITEM CheckResult="-1" File="spoolsv.exe" RemoteHost="0.0.0.0" RemotePort="0" LocalPort="49160" PortType="1"/>
<ITEM IsPE="1" Ver="1.5.14287.174" OFN="AVKProxy.exe" Product="G Data Security Software" Vendor="G Data Software AG" MD5="8DFC779658F5227019615CDF54748652" ChangeDate="14.10.2014 01:54:44" CreateDate="14.10.2014 01:54:44" Attr="rsah" Size="2250360" CheckResult="-1" File="c:\program files (x86)\common files\g data\avkproxy\avkproxy.exe" RemoteHost="0.0.0.0" RemotePort="0" LocalPort="49161" PortType="1"/>
<ITEM IsPE="1" Ver="1.5.14287.174" OFN="AVKProxy.exe" Product="G Data Security Software" Vendor="G Data Software AG" MD5="8DFC779658F5227019615CDF54748652" ChangeDate="14.10.2014 01:54:44" CreateDate="14.10.2014 01:54:44" Attr="rsah" Size="2250360" CheckResult="-1" File="c:\program files (x86)\common files\g data\avkproxy\avkproxy.exe" RemoteHost="0.0.0.0" RemotePort="0" LocalPort="49165" PortType="1"/>
<ITEM IsPE="1" Ver="1.5.14287.174" OFN="AVKProxy.exe" Product="G Data Security Software" Vendor="G Data Software AG" MD5="8DFC779658F5227019615CDF54748652" ChangeDate="14.10.2014 01:54:44" CreateDate="14.10.2014 01:54:44" Attr="rsah" Size="2250360" CheckResult="-1" File="c:\program files (x86)\common files\g data\avkproxy\avkproxy.exe" RemoteHost="0.0.0.0" RemotePort="0" LocalPort="49169" PortType="1"/>
<ITEM IsPE="1" Ver="1.5.14287.174" OFN="AVKProxy.exe" Product="G Data Security Software" Vendor="G Data Software AG" MD5="8DFC779658F5227019615CDF54748652" ChangeDate="14.10.2014 01:54:44" CreateDate="14.10.2014 01:54:44" Attr="rsah" Size="2250360" CheckResult="-1" File="c:\program files (x86)\common files\g data\avkproxy\avkproxy.exe" RemoteHost="0.0.0.0" RemotePort="0" LocalPort="49173" PortType="1"/>
<ITEM IsPE="1" Ver="1.5.14287.174" OFN="AVKProxy.exe" Product="G Data Security Software" Vendor="G Data Software AG" MD5="8DFC779658F5227019615CDF54748652" ChangeDate="14.10.2014 01:54:44" CreateDate="14.10.2014 01:54:44" Attr="rsah" Size="2250360" CheckResult="-1" File="c:\program files (x86)\common files\g data\avkproxy\avkproxy.exe" RemoteHost="0.0.0.0" RemotePort="0" LocalPort="49177" PortType="1"/>
<ITEM IsPE="1" Ver="1.5.14287.174" OFN="AVKProxy.exe" Product="G Data Security Software" Vendor="G Data Software AG" MD5="8DFC779658F5227019615CDF54748652" ChangeDate="14.10.2014 01:54:44" CreateDate="14.10.2014 01:54:44" Attr="rsah" Size="2250360" CheckResult="-1" File="c:\program files (x86)\common files\g data\avkproxy\avkproxy.exe" RemoteHost="0.0.0.0" RemotePort="0" LocalPort="49181" PortType="1"/>
<ITEM IsPE="1" Ver="1.5.14287.174" OFN="AVKProxy.exe" Product="G Data Security Software" Vendor="G Data Software AG" MD5="8DFC779658F5227019615CDF54748652" ChangeDate="14.10.2014 01:54:44" CreateDate="14.10.2014 01:54:44" Attr="rsah" Size="2250360" CheckResult="-1" File="c:\program files (x86)\common files\g data\avkproxy\avkproxy.exe" RemoteHost="0.0.0.0" RemotePort="0" LocalPort="49185" PortType="1"/>
<ITEM IsPE="1" Ver="1.5.14287.174" OFN="AVKProxy.exe" Product="G Data Security Software" Vendor="G Data Software AG" MD5="8DFC779658F5227019615CDF54748652" ChangeDate="14.10.2014 01:54:44" CreateDate="14.10.2014 01:54:44" Attr="rsah" Size="2250360" CheckResult="-1" File="c:\program files (x86)\common files\g data\avkproxy\avkproxy.exe" RemoteHost="0.0.0.0" RemotePort="0" LocalPort="49189" PortType="1"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="" RemotePort="0" LocalPort="68" PortType="2"/>
<ITEM CheckResult="-1" File="System.exe" RemoteHost="" RemotePort="0" LocalPort="137" PortType="2"/>
<ITEM CheckResult="-1" File="System.exe" RemoteHost="" RemotePort="0" LocalPort="138" PortType="2"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="" RemotePort="0" LocalPort="427" PortType="2"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="" RemotePort="0" LocalPort="427" PortType="2"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="" RemotePort="0" LocalPort="500" PortType="2"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="" RemotePort="0" LocalPort="1900" PortType="2"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="" RemotePort="0" LocalPort="1900" PortType="2"/>
<ITEM CheckResult="-1" File="HPNetworkCommunicatorCom.exe" RemoteHost="" RemotePort="0" LocalPort="3702" PortType="2"/>
<ITEM CheckResult="-1" File="HPNetworkCommunicatorCom.exe" RemoteHost="" RemotePort="0" LocalPort="3702" PortType="2"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="" RemotePort="0" LocalPort="3702" PortType="2"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="" RemotePort="0" LocalPort="3702" PortType="2"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="" RemotePort="0" LocalPort="3702" PortType="2"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="" RemotePort="0" LocalPort="3702" PortType="2"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="" RemotePort="0" LocalPort="3702" PortType="2"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="" RemotePort="0" LocalPort="3702" PortType="2"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="" RemotePort="0" LocalPort="4500" PortType="2"/>
<ITEM CheckResult="-1" File="wmpnetwk.exe" RemoteHost="" RemotePort="0" LocalPort="5004" PortType="2"/>
<ITEM CheckResult="-1" File="wmpnetwk.exe" RemoteHost="" RemotePort="0" LocalPort="5005" PortType="2"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="" RemotePort="0" LocalPort="5355" PortType="2"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="" RemotePort="0" LocalPort="50177" PortType="2"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="" RemotePort="0" LocalPort="54432" PortType="2"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="" RemotePort="0" LocalPort="54921" PortType="2"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="" RemotePort="0" LocalPort="54922" PortType="2"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="" RemotePort="0" LocalPort="59195" PortType="2"/>
<ITEM IsPE="1" Ver="6.1.7600.16385" OFN="svchost.exe.mui" Product="Betriebssystem Microsoft® Windows®" Vendor="Microsoft Corporation" MD5="54A47F6B5E09A77E61649109C6A08866" ChangeDate="14.07.2009 02:14:41" CreateDate="14.07.2009 00:19:28" Attr="rsAh" Size="20992" CheckResult="0" File="C:\Windows\system32\svchost.exe" RemoteHost="" RemotePort="0" LocalPort="62387" PortType="2"/>
<ITEM CheckResult="-1" File="HPNetworkCommunicatorCom.exe" RemoteHost="" RemotePort="0" LocalPort="64600" PortType="2"/>
</PORTS>
<DPF> </DPF>
-<CPL>
<ITEM IsPE="1" Ver="6.8.8.11" OFN="cjtpl.cpl" Product="REINER SCT cyberJack Base Components" Vendor=" REINER SCT" MD5="834E9C474EE36B17C1F3F205158A9A90" ChangeDate="09.11.2009 10:48:40" CreateDate="02.01.2014 16:34:42" Attr="rsAh" Size="61952" LegalCopyright="Copyright (C) REINER SCT 1999 - 2007" Descr="cyberJack Control Panel Extention" CheckResult="-1" File="C:\Windows\system32\cjtpl.cpl" IsDLL="1" Enabled="1"/>
</CPL>
<ActiveSetup> </ActiveSetup>
<HOSTS> </HOSTS>
-<ProtocolExt>
<ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/octet-stream"/>
<ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-complus"/>
<ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-msdownload"/>
</ProtocolExt>
-<NET_SHARE>
<ITEM Name="ADMIN$" Connections="0" Path="C:\Windows"/>
<ITEM Name="C$" Connections="0" Path="C:\"/>
<ITEM Name="D$" Connections="0" Path="D:\"/>
<ITEM Name="Fax - HP Officejet Pro 8600" Connections="0" Path="Fax - HP Officejet Pro 8600,LocalsplOnly"/>
<ITEM Name="HP Officejet Pro 8600" Connections="0" Path="HP Officejet Pro 8600,LocalsplOnly"/>
<ITEM Name="IPC$" Connections="0" Path=""/>
<ITEM Name="print$" Connections="0" Path="C:\Windows\system32\spool\drivers"/>
<ITEM Name="Users" Connections="0" Path="C:\Users"/>
</NET_SHARE>
-<WMI_INFO>
-<SecurityCenter>
<AntiVirusProduct> </AntiVirusProduct>
<FireWallProduct> </FireWallProduct>
</SecurityCenter>
-<SecurityCenter2>
-<AntiVirusProduct>
<Data Name="G DATA INTERNET SECURITY" ProductState="270336" pathToSignedProductExe="C:\Program Files (x86)\G Data\InternetSecurity\AVK\avkwscpe.exe"/>
</AntiVirusProduct>
-<FireWallProduct>
<Data Name="G DATA Personal Firewall" ProductState="266256" pathToSignedProductExe="C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe"/>
</FireWallProduct>
-<AntiSpywareProduct>
<Data Name="G DATA INTERNET SECURITY" ProductState="270336" pathToSignedProductExe="C:\Program Files (x86)\G Data\InternetSecurity\AVK\avkwscpe.exe"/>
<Data Name="Windows Defender" ProductState="397568" pathToSignedProductExe="%ProgramFiles%\Windows Defender\MSASCui.exe"/>
</AntiSpywareProduct>
</SecurityCenter2>
</WMI_INFO>
-<NET_DIAG>
-<DNS>
<Host Name="yandex.ru" PingInfo="0,65,213.180.193.11" Ping="1" IP="213.180.193.11,213.180.204.11,93.158.134.11"/>
<Host Name="google.ru" PingInfo="0,327,109.193.193.44" Ping="1" IP="109.193.193.44,109.193.193.30,109.193.193.55,109.193.193.24,109.193.193.45,109.193.193.29,109.193.193.35,109.193.193.20,109.193.193.34,109.193.193.49,109.193.193.40,109.193.193.59,109.193.193.39,109.193.193.25,109.193.193.50,109.193.193.54"/>
<Host Name="google.com" PingInfo="0,26,109.193.193.54" Ping="1" IP="109.193.193.54,109.193.193.34,109.193.193.44,109.193.193.35,109.193.193.49,109.193.193.55,109.193.193.45,109.193.193.40,109.193.193.50,109.193.193.29,109.193.193.59,109.193.193.39,109.193.193.24,109.193.193.25,109.193.193.30,109.193.193.20"/>
<Host Name="www.kaspersky.com" PingInfo="0,60,93.159.228.16" Ping="1" IP="93.159.228.16"/>
<Host Name="www.kaspersky.ru" PingInfo="11010,0,0.0.0.0" Ping="0" IP="77.74.178.20"/>
<Host Name="dnl-03.geo.kaspersky.com" PingInfo="0,16,195.122.169.18" Ping="1" IP="195.122.169.18"/>
<Host Name="dnl-11.geo.kaspersky.com" PingInfo="0,17,80.239.197.100" Ping="1" IP="80.239.197.100"/>
<Host Name="activation-v2.kaspersky.com" PingInfo="11010,0,0.0.0.0" Ping="0" IP="195.27.252.50"/>
<Host Name="odnoklassniki.ru" PingInfo="0,71,217.20.147.94" Ping="1" IP="217.20.147.94"/>
<Host Name="vk.com" PingInfo="0,50,87.240.131.119" Ping="1" IP="87.240.131.119,87.240.131.120,87.240.131.97"/>
<Host Name="vkontakte.ru" PingInfo="0,51,95.213.4.246" Ping="1" IP="95.213.4.246,95.213.4.245,95.213.4.247"/>
<Host Name="twitter.com" PingInfo="0,164,199.16.156.6" Ping="1" IP="199.16.156.6,199.16.156.102,199.16.156.70,199.16.156.230"/>
<Host Name="facebook.com" PingInfo="0,131,173.252.120.6" Ping="1" IP="173.252.120.6"/>
<Host Name="ru-ru.facebook.com" PingInfo="0,12,31.13.93.3" Ping="1" IP="31.13.93.3"/>
</DNS>
-<IE_Setup>
<Key Name="AutoConfigURL" RegKey="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" VAL=""/>
<Key Name="AutoConfigProxy" RegKey="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" VAL="wininet.dll"/>
<Key Name="ProxyOverride" RegKey="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" VAL=""/>
<Key Name="ProxyServer" RegKey="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" VAL=""/>
<Key Name="" RegKey="HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies" VAL=""/>
</IE_Setup>
-<TCP_IP>
<Interface Domain="dkb-service.de" Name="LAN-Verbindung* 15" DhcpServer="255.255.255.255" NameServer="" DefaultGateway="" SubnetMask="255.255.255.128" IPAddress="10.27.254.51"/>
<Interface Domain="dkb-service.de" Name="LAN-Verbindung* 13" DhcpServer="255.255.255.255" NameServer="" DefaultGateway="" SubnetMask="255.255.255.128" IPAddress="10.27.254.85"/>
</TCP_IP>
<TCP_IP_PR> </TCP_IP_PR>
</NET_DIAG>
-<WMI_INFO>
-<SecurityCenter>
<AntiVirusProduct> </AntiVirusProduct>
<FireWallProduct> </FireWallProduct>
</SecurityCenter>
-<SecurityCenter2>
-<AntiVirusProduct>
<Data Name="G DATA INTERNET SECURITY" ProductState="270336" pathToSignedProductExe="C:\Program Files (x86)\G Data\InternetSecurity\AVK\avkwscpe.exe"/>
</AntiVirusProduct>
-<FireWallProduct>
<Data Name="G DATA Personal Firewall" ProductState="266256" pathToSignedProductExe="C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe"/>
</FireWallProduct>
-<AntiSpywareProduct>
<Data Name="G DATA INTERNET SECURITY" ProductState="270336" pathToSignedProductExe="C:\Program Files (x86)\G Data\InternetSecurity\AVK\avkwscpe.exe"/>
<Data Name="Windows Defender" ProductState="397568" pathToSignedProductExe="%ProgramFiles%\Windows Defender\MSASCui.exe"/>
</AntiSpywareProduct>
</SecurityCenter2>
</WMI_INFO>
-<NET_DIAG>
-<DNS>
<Host Name="yandex.ru" PingInfo="0,65,213.180.193.11" Ping="1" IP="213.180.193.11,93.158.134.11,213.180.204.11"/>
<Host Name="google.ru" PingInfo="0,10,109.193.193.30" Ping="1" IP="109.193.193.30,109.193.193.20,109.193.193.40,109.193.193.29,109.193.193.55,109.193.193.25,109.193.193.54,109.193.193.34,109.193.193.50,109.193.193.59,109.193.193.24,109.193.193.44,109.193.193.39,109.193.193.49,109.193.193.45,109.193.193.35"/>
<Host Name="google.com" PingInfo="0,9,109.193.193.40" Ping="1" IP="109.193.193.40,109.193.193.49,109.193.193.20,109.193.193.45,109.193.193.55,109.193.193.29,109.193.193.50,109.193.193.25,109.193.193.54,109.193.193.39,109.193.193.59,109.193.193.44,109.193.193.34,109.193.193.30,109.193.193.35,109.193.193.24"/>
<Host Name="www.kaspersky.com" PingInfo="0,14,195.27.252.18" Ping="1" IP="195.27.252.18"/>
<Host Name="www.kaspersky.ru" PingInfo="0,14,195.27.252.110" Ping="1" IP="195.27.252.110"/>
<Host Name="dnl-03.geo.kaspersky.com" PingInfo="0,21,212.73.221.199" Ping="1" IP="212.73.221.199"/>
<Host Name="dnl-11.geo.kaspersky.com" PingInfo="0,12,80.239.169.132" Ping="1" IP="80.239.169.132"/>
<Host Name="activation-v2.kaspersky.com" PingInfo="11010,0,0.0.0.0" Ping="0" IP="195.27.252.50"/>
<Host Name="odnoklassniki.ru" PingInfo="0,62,217.20.147.94" Ping="1" IP="217.20.147.94"/>
<Host Name="vk.com" PingInfo="0,50,87.240.143.241" Ping="1" IP="87.240.143.241,87.240.131.99,87.240.131.117"/>
<Host Name="vkontakte.ru" PingInfo="0,48,95.213.4.248" Ping="1" IP="95.213.4.248,95.213.4.247,95.213.4.246"/>
<Host Name="twitter.com" PingInfo="0,129,199.16.156.102" Ping="1" IP="199.16.156.102,199.16.156.198,199.16.156.70,199.16.156.230"/>
<Host Name="facebook.com" PingInfo="0,115,173.252.120.6" Ping="1" IP="173.252.120.6"/>
<Host Name="ru-ru.facebook.com" PingInfo="0,12,31.13.93.3" Ping="1" IP="31.13.93.3"/>
</DNS>
-<IE_Setup>
<Key Name="AutoConfigURL" RegKey="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" VAL=""/>
<Key Name="AutoConfigProxy" RegKey="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" VAL="wininet.dll"/>
<Key Name="ProxyOverride" RegKey="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" VAL=""/>
<Key Name="ProxyServer" RegKey="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" VAL=""/>
<Key Name="" RegKey="HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies" VAL=""/>
</IE_Setup>
-<TCP_IP>
<Interface Domain="dkb-service.de" Name="LAN-Verbindung* 15" DhcpServer="255.255.255.255" NameServer="" DefaultGateway="" SubnetMask="255.255.255.128" IPAddress="10.27.254.51"/>
<Interface Domain="dkb-service.de" Name="LAN-Verbindung* 13" DhcpServer="255.255.255.255" NameServer="" DefaultGateway="" SubnetMask="255.255.255.128" IPAddress="10.27.254.85"/>
</TCP_IP>
<TCP_IP_PR> </TCP_IP_PR>
</NET_DIAG>
-<IPU>
<ITEM X2="Remotedesktopdienste" X1="TermService" Code="1"/>
<ITEM X2="SSDP-Suche" X1="SSDPSRV" Code="1"/>
<ITEM X2="Aufgabenplanung" X1="Schedule" Code="1"/>
<ITEM Code="2"/>
<ITEM Code="3"/>
<ITEM Code="5"/>
<ITEM X1="1" Code="8"/>
<ITEM X2="Remotedesktopdienste" X1="TermService" Code="1"/>
<ITEM X2="SSDP-Suche" X1="SSDPSRV" Code="1"/>
<ITEM X2="Aufgabenplanung" X1="Schedule" Code="1"/>
<ITEM Code="2"/>
<ITEM Code="3"/>
<ITEM Code="5"/>
<ITEM X1="1" Code="8"/>
</IPU>
-<WIZARD-TSW>
<ITEM Fixed="0" Level="3" ID="58"/>
<ITEM Fixed="0" Level="3" ID="59"/>
<ITEM Fixed="0" Level="2" ID="61"/>
</WIZARD-TSW>
</AVZ>[/
|
|
24.01.2015, 21:37
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schädling in Firefox / Flash Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.01.2015, 03:38
| #6 |
| | Schädling in Firefox / Flash Hallo, unglücklicherweise habe ich sonst gar keine logs ... von Malwarebytes konnte ich nur das hier finden: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 15.01.2015 23:44:39, SYSTEM, LENOVO-PC, Protection, Malware Protection, Starting, Protection, 15.01.2015 23:44:39, SYSTEM, LENOVO-PC, Protection, Malware Protection, Started, Protection, 15.01.2015 23:44:39, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Starting, Protection, 15.01.2015 23:44:39, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Started, Update, 15.01.2015 23:44:51, SYSTEM, LENOVO-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.1.14.1, Update, 15.01.2015 23:44:51, SYSTEM, LENOVO-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, Update, 15.01.2015 23:45:04, SYSTEM, LENOVO-PC, Manual, Malware Database, 2014.11.20.6, 2015.1.15.15, Protection, 15.01.2015 23:45:04, SYSTEM, LENOVO-PC, Protection, Refresh, Starting, Protection, 15.01.2015 23:45:04, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Stopping, Protection, 15.01.2015 23:45:04, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Stopped, Protection, 15.01.2015 23:45:19, SYSTEM, LENOVO-PC, Protection, Refresh, Success, Protection, 15.01.2015 23:45:19, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Starting, Protection, 15.01.2015 23:45:20, SYSTEM, LENOVO-PC, Protection, Malicious Website Protection, Started, (end) Hier kommt Farbar FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01 Ran by lenovo (administrator) on LENOVO-PC on 25-01-2015 03:10:33 Running from C:\Users\lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EWEGQBEU Loaded Profiles: lenovo (Available profiles: lenovo & Simone) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AMD) C:\Windows\System32\atieclxx.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Program Files\ShrewSoft\VPN Client\iked.exe () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe () D:\1&1 Surf-Stick\AssistantServices.exe () C:\QuickStartUtil\VAWinService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (LPHotkey) C:\Program Files (x86)\Lenovo\LPHotkey\LPHotkey.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe () C:\QuickStartUtil\VAWinAgent.exe (Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltSur64.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\GUI\GDSC.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_125_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-05-26] (Alcor Micro Corp.) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [792224 2011-11-16] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-11-16] (Atheros Commnucations) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2841896 2011-10-28] (Synaptics Incorporated) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2012-03-01] (Conexant Systems, Inc.) HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [408872 2011-10-28] (Synaptics) HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-07-30] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-07-30] (Lenovo(beijing) Limited) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-26] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [554832 2011-07-25] (Vimicro) HKLM-x32\...\Run: [LPHotkey] => C:\Program Files (x86)\Lenovo\LPHotkey\LPHotkey.exe [84480 2011-12-23] (LPHotkey) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.) HKLM-x32\...\Run: [VAWinAgent] => C:\QuickStartUtil\VAWinAgent.exe [45448 2012-04-13] () HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-30] (Lenovo) HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG) HKLM-x32\...\Run: [UIExec] => D:\\1&1 Surf-Stick\UIExec.exe [139088 2010-09-30] () HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe, HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-10] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-10] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-21-2971336435-624878665-679844752-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-2971336435-624878665-679844752-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-2971336435-624878665-679844752-1000\...\MountPoints2: {1e7591cb-7320-11e3-8a71-e611572e6f9a} - E:\smoney.exe HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-10] (Microsoft Corporation) <==== ATTENTION Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2971336435-624878665-679844752-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-2971336435-624878665-679844752-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2971336435-624878665-679844752-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENE SearchScopes: HKU\S-1-5-21-2971336435-624878665-679844752-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENE BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKU\S-1-5-21-2971336435-624878665-679844752-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf) Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2 FireFox: ======== FF ProfilePath: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: HQ-Video-Pro-1.5c - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\Extensions\BUEOFMG63663698@KOF20424187.com [2015-01-15] FF Extension: YouTube Unblocker - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\Extensions\youtubeunblocker@unblocker.yt [2015-01-18] FF Extension: browser service - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\Extensions\{314095e2-14d2-447f-a39f-f56dcb3b88a5}.xpi [2015-01-18] FF Extension: {ba37e407-ead4-41e2-bf06-e2050f70a71f} - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\Extensions\{ba37e407-ead4-41e2-bf06-e2050f70a71f}.xpi [2015-01-08] FF Extension: Adblock Plus - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-30] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-06-15] FF HKU\S-1-5-21-2971336435-624878665-679844752-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2011-11-16] (Atheros Commnucations) [File not signed] R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG) R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG) R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG) R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [515632 2013-05-21] (REINER SCT) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG) R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-23] (Hewlett-Packard Co.) [File not signed] R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] () R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed] R2 UI Assistant Service; D:\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] () R2 VideAceWindowsService; C:\QuickStartUtil\VAWinService.exe [91464 2011-03-25] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-11-16] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT) R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [65536 2012-03-02] (Fresco Logic) R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2015-01-18] (G Data Software AG) R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2015-01-18] (G Data Software AG) R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2015-01-18] (G Data Software AG) R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2015-01-18] (G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-01-18] (G Data Software AG) R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-04-28] (G Data Software) R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2015-01-18] (G Data Software AG) S3 cpuz134; \??\C:\Users\Simone\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-25 03:10 - 2015-01-25 03:10 - 00000000 ____D () C:\FRST 2015-01-25 01:00 - 2015-01-25 01:00 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-25 01:00 - 2015-01-25 01:00 - 00000000 _____ () C:\Windows\setupact.log 2015-01-24 20:42 - 2015-01-24 20:42 - 00075288 _____ () C:\Users\lenovo\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-24 20:35 - 2015-01-24 20:35 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-24 20:35 - 2015-01-24 20:35 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-01-24 20:35 - 2015-01-24 20:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-24 20:35 - 2015-01-24 20:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-24 20:34 - 2015-01-24 20:34 - 00243728 _____ () C:\Users\lenovo\Downloads\Firefox Setup Stub 35.0.exe 2015-01-24 20:33 - 2015-01-24 20:33 - 00017766 _____ () C:\Users\lenovo\Documents\cc_20150124_203311.reg 2015-01-24 10:34 - 2015-01-24 10:43 - 00000000 ____D () C:\AVZ 2015-01-24 10:33 - 2015-01-24 10:35 - 00000000 ____D () C:\Users\lenovo\Downloads\avz4 2015-01-19 18:45 - 2015-01-19 18:46 - 09370136 _____ () C:\Users\lenovo\Downloads\avz4.zip 2015-01-18 22:02 - 2015-01-18 22:02 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-01-18 21:58 - 2015-01-18 21:58 - 05317104 _____ (Piriform Ltd) C:\Users\lenovo\Downloads\ccsetup501.exe 2015-01-18 21:57 - 2015-01-25 02:00 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e6ea361f-0ce1-4629-930e-6796927f147b.job 2015-01-18 21:57 - 2015-01-24 21:57 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f1646c2d-18ae-49da-86d4-8806874ba122.job 2015-01-18 21:57 - 2015-01-18 21:57 - 00003590 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e6ea361f-0ce1-4629-930e-6796927f147b 2015-01-18 21:57 - 2015-01-18 21:57 - 00003516 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f1646c2d-18ae-49da-86d4-8806874ba122 2015-01-18 21:55 - 2015-01-18 21:55 - 20774168 _____ (SUPERAntiSpyware) C:\Users\lenovo\Downloads\SUPERAntiSpyware.exe 2015-01-18 21:45 - 2015-01-18 21:45 - 00290816 _____ (SUPERAntiSpyware.com) C:\Users\lenovo\Downloads\SASUNINST64.EXE 2015-01-18 19:42 - 2015-01-18 19:42 - 00001989 _____ () C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk 2015-01-18 19:42 - 2015-01-18 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY 2015-01-18 18:46 - 2015-01-18 18:53 - 00000000 ____D () C:\AdwCleaner 2015-01-18 18:46 - 2015-01-18 18:46 - 00000000 ____D () C:\Windows\ERUNT 2015-01-18 18:41 - 2015-01-18 18:45 - 01707939 _____ (Thisisu) C:\Users\lenovo\Downloads\JRT.exe 2015-01-18 18:40 - 2015-01-18 18:41 - 02186752 _____ () C:\Users\lenovo\Downloads\AdwCleaner_4.108.exe 2015-01-15 23:44 - 2015-01-24 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-15 23:44 - 2015-01-15 23:44 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-15 23:43 - 2015-01-16 00:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-15 23:43 - 2015-01-15 23:43 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-15 23:41 - 2015-01-15 23:42 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\lenovo\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-15 23:38 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-15 23:38 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-15 23:38 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-01-15 23:38 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-01-15 23:38 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-15 23:38 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-15 23:38 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-15 23:38 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-15 23:37 - 2015-01-15 23:37 - 00000000 __SHD () C:\Users\lenovo\AppData\Local\EmieBrowserModeList 2015-01-15 23:37 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-15 23:37 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-15 23:37 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-15 23:37 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-15 23:37 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-15 23:37 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-15 23:37 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-15 22:28 - 2015-01-15 22:28 - 00000000 ____D () C:\Windows\system32\appraiser 2015-01-08 02:48 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-01-08 02:48 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-01-08 01:30 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-01-08 01:30 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-01-08 01:30 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-01-08 01:30 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-01-08 01:30 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-01-08 01:30 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-01-08 01:30 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-01-08 01:30 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-01-08 01:30 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-01-08 01:30 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-01-08 01:30 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-01-08 01:30 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-01-08 01:30 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-01-08 01:30 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-01-08 01:30 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-01-08 01:30 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-01-08 01:30 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-01-08 01:30 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-01-08 01:30 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-01-08 01:30 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-01-08 01:30 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-01-08 01:30 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-01-08 01:30 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-01-08 01:30 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-01-08 01:30 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-01-08 01:30 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-01-08 01:30 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-01-08 01:30 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-01-08 01:30 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-01-08 01:30 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-01-08 01:30 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-01-08 01:30 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-01-08 01:30 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-01-08 01:30 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-01-08 01:30 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-01-08 01:30 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-01-08 01:30 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-01-08 01:30 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-01-08 01:30 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-01-08 01:30 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-01-08 01:30 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-01-08 01:30 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-01-08 01:30 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-01-08 01:30 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-01-08 01:30 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-01-08 01:30 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-01-08 01:30 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-01-08 01:30 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-01-08 01:30 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-01-08 01:30 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-01-08 01:30 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-01-08 01:30 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-01-08 01:30 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-01-08 01:30 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-01-08 01:28 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-01-08 01:28 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-01-08 01:28 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-01-08 01:28 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-01-08 01:28 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-01-08 01:28 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-01-08 01:28 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-01-08 01:28 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-01-08 01:28 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-01-08 01:28 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-01-08 01:28 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-01-08 01:28 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2015-01-08 01:28 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2015-01-08 01:28 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2015-01-08 01:28 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2015-01-08 01:28 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2015-01-08 01:28 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2015-01-08 01:28 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2015-01-08 01:28 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2015-01-08 01:28 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2015-01-08 01:28 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2015-01-08 01:28 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2015-01-08 01:28 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2015-01-08 01:26 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-01-08 01:26 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-25 03:00 - 2012-07-30 11:51 - 02053761 _____ () C:\Windows\WindowsUpdate.log 2015-01-24 21:00 - 2013-09-06 08:51 - 00000000 ____D () C:\Users\lenovo\AppData\Local\VirtualStore 2015-01-24 20:47 - 2013-09-06 08:51 - 01648255 _____ () C:\FaceProv.log 2015-01-24 20:42 - 2014-06-06 09:32 - 00000000 ____D () C:\Files 2015-01-24 20:31 - 2009-07-14 05:45 - 00036368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-24 20:31 - 2009-07-14 05:45 - 00036368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-24 20:26 - 2012-07-30 12:30 - 00000000 ____D () C:\ProgramData\VeriFace 2015-01-24 20:24 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-24 20:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-24 12:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-01-18 22:49 - 2014-06-21 10:14 - 00000000 ____D () C:\Users\lenovo\AppData\Local\CrashDumps 2015-01-18 22:49 - 2014-01-19 14:36 - 00000000 ____D () C:\Windows\Minidump 2015-01-18 22:02 - 2014-04-19 13:23 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-01-18 22:02 - 2014-04-19 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-01-18 22:02 - 2014-04-19 13:23 - 00000000 ____D () C:\Program Files\CCleaner 2015-01-18 19:53 - 2014-01-02 15:18 - 00000000 ____D () C:\Program Files (x86)\StarMoney Business 6.0 2015-01-18 19:42 - 2014-04-13 18:40 - 00020992 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys 2015-01-18 19:42 - 2013-10-03 13:30 - 00142336 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys 2015-01-18 19:42 - 2013-10-03 13:30 - 00064512 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys 2015-01-18 19:42 - 2013-10-03 13:30 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys 2015-01-18 19:42 - 2013-10-03 13:30 - 00061440 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys 2015-01-18 19:42 - 2013-10-03 13:30 - 00055808 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys 2015-01-15 22:31 - 2013-10-04 20:39 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-01-15 22:28 - 2014-05-18 19:08 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-01-15 22:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-01-15 22:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2014-07-18 00:15 - 2014-07-18 00:15 - 0007602 _____ () C:\Users\lenovo\AppData\Local\Resmon.ResmonCfg 2014-06-25 20:14 - 2014-06-25 20:14 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-06-15 23:25 - 2014-06-15 23:40 - 0001292 _____ () C:\ProgramData\hpzinstall.log ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-24 12:44 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by lenovo at 2015-01-25 03:12:39
Running from C:\Users\lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EWEGQBEU
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1&1 Surf-Stick (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - )
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
8600_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8600_Readme (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.4.42.69356 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.42.69356 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{7F1DFA4D-90E8-D120-FA5A-3592A17D49A8}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Atheros WLAN Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Benutzerhandbuch (x32 Version: 1.0.0.6 - Lenovo) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.3.0.140 - Atheros Communications)
BPDSoftware (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.28.0 - Conexant)
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.7 - REINER SCT)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.4.1 - Lenovo)
Energy Management (x32 Version: 7.0.4.1 - Lenovo) Hidden
Fresco Logic USB3.0 Host Controller (HKLM\...\{E9E06C3D-C5EB-40FF-B7A3-03610079C3F9}) (Version: 3.5.36.0 - Fresco Logic Inc.)
G DATA INTERNET SECURITY (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.2.4 - G DATA Software AG)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro K8600 (HKLM\...\{5FA67C2B-DAAB-4F7B-AE09-CA97FE73EA59}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
K8600 (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
Kindle Converter (HKLM-x32\...\kindleConverter) (Version: 1.2.1 - eBook Converter)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.0927.1 - Lenovo EasyCamera)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3712 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3712 - CyberLink Corp.) Hidden
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0011.00 - Lenovo Group Limited)
LPHotkey (HKLM-x32\...\{3E4A591C-891D-4567-B330-528F471A6768}) (Version: 1.00.0000 - Lenovo)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0000 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MPM (HKLM-x32\...\{BAB0F8F5-282A-45F1-B31A-EB894827456B}) (Version: 1.00.0000 - Hewlett-Packard)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.579.000 - Hewlett-Packard) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
ProductContext (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
QuickStart (HKLM-x32\...\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}) (Version: 3.0.36.238 - VideACE Co.)
QuickStart (x32 Version: 3.0.36.238 - VideACE Co.) Hidden
SAP GUI for Windows 7.30 (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 3 - SAP AG)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - )
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
StarMoney (x32 Version: 4.0.1.51 - StarFinanz) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.49.86082 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.31.1 - Synaptics Incorporated)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.0906 - Lenovo)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
WinRAR 5.11 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {083CF582-A853-4900-B46D-E944D76889C0} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {0C71EDA6-E17A-4125-A519-6BCA4A6F9E61} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {2ECA1482-7A79-4019-B2D9-A726A63B597F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {66759173-C8E0-4F0E-BF78-ABD5FF131289} - System32\Tasks\SUPERAntiSpyware Scheduled Task f1646c2d-18ae-49da-86d4-8806874ba122 => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: {6BB27783-8B6A-44A1-9C0E-A5AD7114ADD5} - System32\Tasks\OFFICE2010ACT => C:\Windows\system32\OFFICEICON.vbs [2012-02-23] ()
Task: {BEBF544F-19A5-489D-87FF-1065527A434F} - System32\Tasks\SUPERAntiSpyware Scheduled Task e6ea361f-0ce1-4629-930e-6796927f147b => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: {EACC9082-B0FB-46A4-8634-85C599DF9A01} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e6ea361f-0ce1-4629-930e-6796927f147b.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f1646c2d-18ae-49da-86d4-8806874ba122.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==================== Loaded Modules (whitelisted) =============
2014-04-06 17:41 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-07-01 09:21 - 2013-07-01 09:21 - 01127736 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe
2013-07-01 00:16 - 2013-07-01 00:16 - 00628224 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll
2013-07-01 00:15 - 2013-07-01 00:15 - 00022016 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll
2013-07-01 00:15 - 2013-07-01 00:15 - 00018432 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll
2013-07-01 00:16 - 2013-07-01 00:16 - 00039936 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
2013-07-01 00:16 - 2013-07-01 00:16 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll
2013-07-01 00:16 - 2013-07-01 00:16 - 00116736 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll
2013-07-01 00:17 - 2013-07-01 00:17 - 00029184 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
2013-07-01 00:17 - 2013-07-01 00:17 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
2013-07-01 00:17 - 2013-07-01 00:17 - 00035840 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
2013-07-01 09:21 - 2013-07-01 09:21 - 00810808 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
2014-05-06 19:20 - 2010-09-30 13:00 - 00253264 _____ () D:\1&1 Surf-Stick\AssistantServices.exe
2011-03-25 16:55 - 2011-03-25 16:55 - 00091464 _____ () C:\QuickStartUtil\VAWinService.exe
2014-05-20 02:38 - 2014-05-20 02:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2012-07-30 12:30 - 2012-07-30 12:29 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2012-07-30 12:30 - 2012-07-30 12:29 - 00628064 _____ () C:\Windows\system32\SimpleExt.dll
2008-12-20 02:20 - 2012-07-30 12:34 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-04-19 15:22 - 2012-07-30 12:34 - 01516592 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2012-03-10 15:31 - 2012-07-30 12:34 - 00012336 _____ () C:\Program Files (x86)\Lenovo\Energy Management\de-DE\EMWpfUI.resources.dll
2008-12-20 02:20 - 2012-07-30 12:34 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-04-13 14:41 - 2012-04-13 14:41 - 00045448 _____ () C:\QuickStartUtil\VAWinAgent.exe
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2012-03-26 06:04 - 2012-03-26 06:04 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-01-02 16:34 - 2007-05-31 08:38 - 00167936 ____N () C:\Windows\SysWOW64\SerialXP.dll
2011-03-25 16:55 - 2011-03-25 16:55 - 00157000 _____ () C:\QuickStartUtil\libexpat.dll
2011-03-25 16:55 - 2011-03-25 16:55 - 00061768 _____ () C:\QuickStartUtil\netProfileDatabase.DLL
2012-07-30 12:29 - 2012-07-30 12:29 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2971336435-624878665-679844752-500 - Administrator - Disabled)
Gast (S-1-5-21-2971336435-624878665-679844752-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2971336435-624878665-679844752-1007 - Limited - Enabled)
lenovo (S-1-5-21-2971336435-624878665-679844752-1000 - Administrator - Enabled) => C:\Users\lenovo
Patrik (S-1-5-21-2971336435-624878665-679844752-1001 - Limited - Enabled)
Simone (S-1-5-21-2971336435-624878665-679844752-1002 - Administrator - Enabled) => C:\Users\Simone
==================== Faulty Device Manager Devices =============
Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Shrew Soft Virtual Adapter #2
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: BCM20702A0
Description: BCM20702A0
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/24/2015 08:26:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/24/2015 03:08:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/24/2015 00:47:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (01/24/2015 10:24:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2015 06:44:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/18/2015 09:49:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/18/2015 07:58:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/24/2015 08:25:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/24/2015 08:25:44 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (01/24/2015 08:24:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (01/24/2015 08:24:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2
Error: (01/24/2015 08:24:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SAS Core Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/24/2015 08:24:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/24/2015 05:40:25 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\Drivers\utexnzy4.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (01/24/2015 05:40:25 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\Drivers\utexnzy4.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (01/24/2015 03:07:41 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (01/24/2015 03:07:37 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Microsoft Office Sessions:
=========================
Error: (01/24/2015 08:26:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/24/2015 03:08:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/24/2015 00:47:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe
Error: (01/24/2015 10:24:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2015 06:44:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/18/2015 09:49:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/18/2015 07:58:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: AMD E2-1800 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 49%
Total physical RAM: 3658.36 MB
Available physical RAM: 1843.36 MB
Total Pagefile: 7314.91 MB
Available Pagefile: 4429.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:269.09 GB) (Free:183.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:16.29 GB) (Free:11.8 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 60DDD15E)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=269.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=12.5 GB) - (Type=12)
==================== End Of Log ============================
Virenprüfung von Web-Inhalten Adresse: hxxp://downvideoplayer.com/favicon.ico Status: Der Zugriff wurde verweigert. |
|
25.01.2015, 17:56
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schädling in Firefox / Flash Bitte mit MBAR scannen: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.01.2015, 19:51
| #8 |
| | Schädling in Firefox / Flash Hmmm ... Hat nichts gefunden :/ Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org
Database version:
main: v2015.01.25.10
rootkit: v2015.01.14.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
lenovo :: LENOVO-PC [administrator]
25.01.2015 19:24:32
mbar-log-2015-01-25 (19-24-32).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 375826
Time elapsed: 22 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
25.01.2015, 20:56
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schädling in Firefox / Flash Adware/Junkware/Toolbars entfernen (alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!) 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.01.2015, 20:12
| #10 |
| | Schädling in Firefox / Flash Okay los gehts AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 26/01/2015 um 00:10:50
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-25.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : lenovo - LENOVO-PC
# Gestartet von : C:\Users\lenovo\Downloads\AdwCleaner_4.109.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0 (x86 de)
[47g3g4is.default\prefs.js] - Zeile gelöscht : user_pref("extensions.aBUEOFMG63663698KOF20424187com62204.62204.cookie.previous_page.value", "%22hxxp%3A//www.search.smartshopping.com/websearch1.php%3Fkeywords%3Dtrojaner+board%26uid%3D3f85D97EER8sy7[...]
[47g3g4is.default\prefs.js] - Zeile gelöscht : user_pref("extensions.aBUEOFMG63663698KOF20424187com62204.62204.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A[...]
*************************
AdwCleaner[R0].txt - [3070 octets] - [18/01/2015 18:47:22]
AdwCleaner[R1].txt - [1394 octets] - [25/01/2015 23:47:42]
AdwCleaner[S0].txt - [2697 octets] - [18/01/2015 18:53:33]
AdwCleaner[S1].txt - [1333 octets] - [26/01/2015 00:10:50]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1393 octets] ##########
[/CODE] Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by lenovo on 26.01.2015 at 0:21:29,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.01.2015 at 0:38:00,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01 Ran by lenovo (administrator) on LENOVO-PC on 26-01-2015 20:03:02 Running from C:\Users\lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LE9PAV57 Loaded Profiles: lenovo (Available profiles: lenovo & Simone) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Program Files\ShrewSoft\VPN Client\iked.exe () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe () D:\1&1 Surf-Stick\AssistantServices.exe () C:\QuickStartUtil\VAWinService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (LPHotkey) C:\Program Files (x86)\Lenovo\LPHotkey\LPHotkey.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe () C:\QuickStartUtil\VAWinAgent.exe (Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltSur64.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_125_ActiveX.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-05-26] (Alcor Micro Corp.) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [792224 2011-11-16] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-11-16] (Atheros Commnucations) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2841896 2011-10-28] (Synaptics Incorporated) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2012-03-01] (Conexant Systems, Inc.) HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [408872 2011-10-28] (Synaptics) HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-07-30] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-07-30] (Lenovo(beijing) Limited) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-26] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [554832 2011-07-25] (Vimicro) HKLM-x32\...\Run: [LPHotkey] => C:\Program Files (x86)\Lenovo\LPHotkey\LPHotkey.exe [84480 2011-12-23] (LPHotkey) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.) HKLM-x32\...\Run: [VAWinAgent] => C:\QuickStartUtil\VAWinAgent.exe [45448 2012-04-13] () HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-30] (Lenovo) HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG) HKLM-x32\...\Run: [UIExec] => D:\\1&1 Surf-Stick\UIExec.exe [139088 2010-09-30] () HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe, HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-10] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-10] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-21-2971336435-624878665-679844752-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-2971336435-624878665-679844752-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-2971336435-624878665-679844752-1000\...\MountPoints2: {1e7591cb-7320-11e3-8a71-e611572e6f9a} - E:\smoney.exe HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-10] (Microsoft Corporation) <==== ATTENTION Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2971336435-624878665-679844752-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-2971336435-624878665-679844752-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2971336435-624878665-679844752-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENE BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKU\S-1-5-21-2971336435-624878665-679844752-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf) Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2 FireFox: ======== FF ProfilePath: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: HQ-Video-Pro-1.5c - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\Extensions\BUEOFMG63663698@KOF20424187.com [2015-01-15] FF Extension: YouTube Unblocker - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\Extensions\youtubeunblocker@unblocker.yt [2015-01-18] FF Extension: browser service - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\Extensions\{314095e2-14d2-447f-a39f-f56dcb3b88a5}.xpi [2015-01-18] FF Extension: {ba37e407-ead4-41e2-bf06-e2050f70a71f} - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\Extensions\{ba37e407-ead4-41e2-bf06-e2050f70a71f}.xpi [2015-01-08] FF Extension: Adblock Plus - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-30] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-06-15] FF HKU\S-1-5-21-2971336435-624878665-679844752-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2011-11-16] (Atheros Commnucations) [File not signed] R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG) R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG) R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG) R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [515632 2013-05-21] (REINER SCT) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG) R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-23] (Hewlett-Packard Co.) [File not signed] R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] () R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] () R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed] R2 UI Assistant Service; D:\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] () R2 VideAceWindowsService; C:\QuickStartUtil\VAWinService.exe [91464 2011-03-25] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-11-16] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT) R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [65536 2012-03-02] (Fresco Logic) R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2015-01-18] (G Data Software AG) R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2015-01-18] (G Data Software AG) R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2015-01-18] (G Data Software AG) R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2015-01-18] (G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-01-18] (G Data Software AG) R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-04-28] (G Data Software) R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2015-01-18] (G Data Software AG) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-26] (Malwarebytes Corporation) S3 cpuz134; \??\C:\Users\Simone\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-26 00:38 - 2015-01-26 01:14 - 00000760 _____ () C:\Users\lenovo\Desktop\JRT.txt 2015-01-26 00:18 - 2015-01-26 00:18 - 00001473 _____ () C:\Users\lenovo\Desktop\AdwCleaner[S1].txt 2015-01-25 23:46 - 2015-01-25 23:46 - 02194432 _____ () C:\Users\lenovo\Downloads\AdwCleaner_4.109.exe 2015-01-25 19:24 - 2015-01-25 19:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-01-25 19:17 - 2015-01-25 19:49 - 00000000 ____D () C:\Users\lenovo\Desktop\mbar 2015-01-25 19:03 - 2015-01-26 00:11 - 00000682 _____ () C:\Windows\PFRO.log 2015-01-25 19:03 - 2015-01-25 19:03 - 00327648 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-25 03:35 - 2015-01-25 03:35 - 00001629 _____ () C:\Users\lenovo\Desktop\G DATA Protokoll ID 2931.html 2015-01-25 03:20 - 2015-01-25 03:20 - 00001367 _____ () C:\Users\lenovo\Desktop\2222.txt 2015-01-25 03:19 - 2015-01-25 03:19 - 00001367 _____ () C:\Users\lenovo\Desktop\1234.txt 2015-01-25 03:18 - 2015-01-26 20:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-25 03:16 - 2015-01-25 19:22 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-25 03:16 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-25 03:16 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-25 03:10 - 2015-01-26 20:03 - 00000000 ____D () C:\FRST 2015-01-25 01:00 - 2015-01-26 19:59 - 00000168 _____ () C:\Windows\setupact.log 2015-01-25 01:00 - 2015-01-25 01:00 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-24 20:42 - 2015-01-24 20:42 - 00075288 _____ () C:\Users\lenovo\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-24 20:35 - 2015-01-24 20:35 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-24 20:35 - 2015-01-24 20:35 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-01-24 20:35 - 2015-01-24 20:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-24 20:35 - 2015-01-24 20:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-24 20:34 - 2015-01-24 20:34 - 00243728 _____ () C:\Users\lenovo\Downloads\Firefox Setup Stub 35.0.exe 2015-01-24 20:33 - 2015-01-24 20:33 - 00017766 _____ () C:\Users\lenovo\Documents\cc_20150124_203311.reg 2015-01-24 10:34 - 2015-01-24 10:43 - 00000000 ____D () C:\AVZ 2015-01-24 10:33 - 2015-01-24 10:35 - 00000000 ____D () C:\Users\lenovo\Downloads\avz4 2015-01-19 18:45 - 2015-01-19 18:46 - 09370136 _____ () C:\Users\lenovo\Downloads\avz4.zip 2015-01-18 22:02 - 2015-01-18 22:02 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-01-18 21:58 - 2015-01-18 21:58 - 05317104 _____ (Piriform Ltd) C:\Users\lenovo\Downloads\ccsetup501.exe 2015-01-18 21:57 - 2015-01-25 21:57 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f1646c2d-18ae-49da-86d4-8806874ba122.job 2015-01-18 21:57 - 2015-01-25 02:00 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e6ea361f-0ce1-4629-930e-6796927f147b.job 2015-01-18 21:57 - 2015-01-18 21:57 - 00003590 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e6ea361f-0ce1-4629-930e-6796927f147b 2015-01-18 21:57 - 2015-01-18 21:57 - 00003516 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f1646c2d-18ae-49da-86d4-8806874ba122 2015-01-18 21:55 - 2015-01-18 21:55 - 20774168 _____ (SUPERAntiSpyware) C:\Users\lenovo\Downloads\SUPERAntiSpyware.exe 2015-01-18 21:45 - 2015-01-18 21:45 - 00290816 _____ (SUPERAntiSpyware.com) C:\Users\lenovo\Downloads\SASUNINST64.EXE 2015-01-18 19:42 - 2015-01-18 19:42 - 00001989 _____ () C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk 2015-01-18 19:42 - 2015-01-18 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY 2015-01-18 18:46 - 2015-01-26 00:10 - 00000000 ____D () C:\AdwCleaner 2015-01-18 18:46 - 2015-01-18 18:46 - 00000000 ____D () C:\Windows\ERUNT 2015-01-18 18:41 - 2015-01-18 18:45 - 01707939 _____ (Thisisu) C:\Users\lenovo\Downloads\JRT.exe 2015-01-18 18:40 - 2015-01-18 18:41 - 02186752 _____ () C:\Users\lenovo\Downloads\AdwCleaner_4.108.exe 2015-01-15 23:44 - 2015-01-25 03:16 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-15 23:44 - 2015-01-25 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-15 23:43 - 2015-01-25 03:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-15 23:43 - 2015-01-15 23:43 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-15 23:41 - 2015-01-15 23:42 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\lenovo\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-15 23:38 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-15 23:38 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-15 23:38 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-01-15 23:38 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-01-15 23:38 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-15 23:38 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-15 23:38 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-15 23:38 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-15 23:37 - 2015-01-15 23:37 - 00000000 __SHD () C:\Users\lenovo\AppData\Local\EmieBrowserModeList 2015-01-15 23:37 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-15 23:37 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-15 23:37 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-15 23:37 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-15 23:37 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-15 23:37 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-15 23:37 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-15 22:28 - 2015-01-15 22:28 - 00000000 ____D () C:\Windows\system32\appraiser 2015-01-08 02:48 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-01-08 02:48 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-01-08 01:30 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-01-08 01:30 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-01-08 01:30 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-01-08 01:30 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-01-08 01:30 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-01-08 01:30 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-01-08 01:30 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-01-08 01:30 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-01-08 01:30 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-01-08 01:30 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-01-08 01:30 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-01-08 01:30 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-01-08 01:30 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-01-08 01:30 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-01-08 01:30 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-01-08 01:30 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-01-08 01:30 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-01-08 01:30 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-01-08 01:30 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-01-08 01:30 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-01-08 01:30 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-01-08 01:30 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-01-08 01:30 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-01-08 01:30 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-01-08 01:30 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-01-08 01:30 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-01-08 01:30 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-01-08 01:30 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-01-08 01:30 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-01-08 01:30 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-01-08 01:30 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-01-08 01:30 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-01-08 01:30 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-01-08 01:30 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-01-08 01:30 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-01-08 01:30 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-01-08 01:30 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-01-08 01:30 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-01-08 01:30 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-01-08 01:30 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-01-08 01:30 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-01-08 01:30 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-01-08 01:30 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-01-08 01:30 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-01-08 01:30 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-01-08 01:30 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-01-08 01:30 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-01-08 01:30 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-01-08 01:30 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-01-08 01:30 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-01-08 01:30 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-01-08 01:30 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-01-08 01:30 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-01-08 01:30 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-01-08 01:28 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-01-08 01:28 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-01-08 01:28 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-01-08 01:28 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-01-08 01:28 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-01-08 01:28 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-01-08 01:28 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-01-08 01:28 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-01-08 01:28 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-01-08 01:28 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-01-08 01:28 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-01-08 01:28 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2015-01-08 01:28 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2015-01-08 01:28 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2015-01-08 01:28 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2015-01-08 01:28 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2015-01-08 01:28 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2015-01-08 01:28 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2015-01-08 01:28 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2015-01-08 01:28 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2015-01-08 01:28 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2015-01-08 01:28 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2015-01-08 01:28 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2015-01-08 01:26 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-01-08 01:26 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-26 20:03 - 2012-07-30 11:51 - 01059931 _____ () C:\Windows\WindowsUpdate.log 2015-01-26 20:00 - 2013-09-06 08:51 - 01658521 _____ () C:\FaceProv.log 2015-01-26 20:00 - 2012-07-30 12:30 - 00000000 ____D () C:\ProgramData\VeriFace 2015-01-26 19:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-26 00:19 - 2009-07-14 05:45 - 00036368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-26 00:19 - 2009-07-14 05:45 - 00036368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-24 21:00 - 2013-09-06 08:51 - 00000000 ____D () C:\Users\lenovo\AppData\Local\VirtualStore 2015-01-24 20:42 - 2014-06-06 09:32 - 00000000 ____D () C:\Files 2015-01-24 20:24 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-24 12:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-01-18 22:49 - 2014-06-21 10:14 - 00000000 ____D () C:\Users\lenovo\AppData\Local\CrashDumps 2015-01-18 22:49 - 2014-01-19 14:36 - 00000000 ____D () C:\Windows\Minidump 2015-01-18 22:02 - 2014-04-19 13:23 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-01-18 22:02 - 2014-04-19 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-01-18 22:02 - 2014-04-19 13:23 - 00000000 ____D () C:\Program Files\CCleaner 2015-01-18 19:53 - 2014-01-02 15:18 - 00000000 ____D () C:\Program Files (x86)\StarMoney Business 6.0 2015-01-18 19:42 - 2014-04-13 18:40 - 00020992 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys 2015-01-18 19:42 - 2013-10-03 13:30 - 00142336 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys 2015-01-18 19:42 - 2013-10-03 13:30 - 00064512 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys 2015-01-18 19:42 - 2013-10-03 13:30 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys 2015-01-18 19:42 - 2013-10-03 13:30 - 00061440 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys 2015-01-18 19:42 - 2013-10-03 13:30 - 00055808 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys 2015-01-15 22:31 - 2013-10-04 20:39 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-01-15 22:28 - 2014-05-18 19:08 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-01-15 22:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-01-15 22:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2014-07-18 00:15 - 2014-07-18 00:15 - 0007602 _____ () C:\Users\lenovo\AppData\Local\Resmon.ResmonCfg 2014-06-25 20:14 - 2014-06-25 20:14 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-06-15 23:25 - 2014-06-15 23:40 - 0001292 _____ () C:\ProgramData\hpzinstall.log Some content of TEMP: ==================== C:\Users\lenovo\AppData\Local\Temp\Quarantine.exe C:\Users\lenovo\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-24 12:44 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by lenovo at 2015-01-26 20:05:58
Running from C:\Users\lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LE9PAV57
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1&1 Surf-Stick (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - )
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
8600_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8600_Readme (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.4.42.69356 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.42.69356 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{7F1DFA4D-90E8-D120-FA5A-3592A17D49A8}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Atheros WLAN Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Benutzerhandbuch (x32 Version: 1.0.0.6 - Lenovo) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.3.0.140 - Atheros Communications)
BPDSoftware (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.28.0 - Conexant)
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.7 - REINER SCT)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.4.1 - Lenovo)
Energy Management (x32 Version: 7.0.4.1 - Lenovo) Hidden
Fresco Logic USB3.0 Host Controller (HKLM\...\{E9E06C3D-C5EB-40FF-B7A3-03610079C3F9}) (Version: 3.5.36.0 - Fresco Logic Inc.)
G DATA INTERNET SECURITY (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.2.4 - G DATA Software AG)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro K8600 (HKLM\...\{5FA67C2B-DAAB-4F7B-AE09-CA97FE73EA59}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
K8600 (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
Kindle Converter (HKLM-x32\...\kindleConverter) (Version: 1.2.1 - eBook Converter)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.0927.1 - Lenovo EasyCamera)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3712 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3712 - CyberLink Corp.) Hidden
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0011.00 - Lenovo Group Limited)
LPHotkey (HKLM-x32\...\{3E4A591C-891D-4567-B330-528F471A6768}) (Version: 1.00.0000 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0000 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MPM (HKLM-x32\...\{BAB0F8F5-282A-45F1-B31A-EB894827456B}) (Version: 1.00.0000 - Hewlett-Packard)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.579.000 - Hewlett-Packard) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
ProductContext (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
QuickStart (HKLM-x32\...\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}) (Version: 3.0.36.238 - VideACE Co.)
QuickStart (x32 Version: 3.0.36.238 - VideACE Co.) Hidden
SAP GUI for Windows 7.30 (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 3 - SAP AG)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - )
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
StarMoney (x32 Version: 4.0.1.51 - StarFinanz) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.49.86082 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.31.1 - Synaptics Incorporated)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.0906 - Lenovo)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
WinRAR 5.11 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {083CF582-A853-4900-B46D-E944D76889C0} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {0C71EDA6-E17A-4125-A519-6BCA4A6F9E61} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {2ECA1482-7A79-4019-B2D9-A726A63B597F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {66759173-C8E0-4F0E-BF78-ABD5FF131289} - System32\Tasks\SUPERAntiSpyware Scheduled Task f1646c2d-18ae-49da-86d4-8806874ba122 => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: {6BB27783-8B6A-44A1-9C0E-A5AD7114ADD5} - System32\Tasks\OFFICE2010ACT => C:\Windows\system32\OFFICEICON.vbs [2012-02-23] ()
Task: {BEBF544F-19A5-489D-87FF-1065527A434F} - System32\Tasks\SUPERAntiSpyware Scheduled Task e6ea361f-0ce1-4629-930e-6796927f147b => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: {EACC9082-B0FB-46A4-8634-85C599DF9A01} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e6ea361f-0ce1-4629-930e-6796927f147b.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f1646c2d-18ae-49da-86d4-8806874ba122.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==================== Loaded Modules (whitelisted) =============
2014-04-06 17:41 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-07-01 09:21 - 2013-07-01 09:21 - 01127736 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe
2013-07-01 00:16 - 2013-07-01 00:16 - 00628224 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll
2013-07-01 00:15 - 2013-07-01 00:15 - 00022016 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll
2013-07-01 00:15 - 2013-07-01 00:15 - 00018432 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll
2013-07-01 00:16 - 2013-07-01 00:16 - 00039936 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
2013-07-01 00:16 - 2013-07-01 00:16 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll
2013-07-01 00:16 - 2013-07-01 00:16 - 00116736 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll
2013-07-01 00:17 - 2013-07-01 00:17 - 00029184 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
2013-07-01 00:17 - 2013-07-01 00:17 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
2013-07-01 00:17 - 2013-07-01 00:17 - 00035840 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
2013-07-01 09:21 - 2013-07-01 09:21 - 00810808 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
2014-05-06 19:20 - 2010-09-30 13:00 - 00253264 _____ () D:\1&1 Surf-Stick\AssistantServices.exe
2011-03-25 16:55 - 2011-03-25 16:55 - 00091464 _____ () C:\QuickStartUtil\VAWinService.exe
2012-07-30 12:30 - 2012-07-30 12:29 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2014-05-20 02:38 - 2014-05-20 02:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2008-12-20 02:20 - 2012-07-30 12:34 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-04-19 15:22 - 2012-07-30 12:34 - 01516592 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2012-03-10 15:31 - 2012-07-30 12:34 - 00012336 _____ () C:\Program Files (x86)\Lenovo\Energy Management\de-DE\EMWpfUI.resources.dll
2008-12-20 02:20 - 2012-07-30 12:34 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2012-04-13 14:41 - 2012-04-13 14:41 - 00045448 _____ () C:\QuickStartUtil\VAWinAgent.exe
2012-03-26 06:04 - 2012-03-26 06:04 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-01-02 16:34 - 2007-05-31 08:38 - 00167936 ____N () C:\Windows\SysWOW64\SerialXP.dll
2011-03-25 16:55 - 2011-03-25 16:55 - 00157000 _____ () C:\QuickStartUtil\libexpat.dll
2011-03-25 16:55 - 2011-03-25 16:55 - 00061768 _____ () C:\QuickStartUtil\netProfileDatabase.DLL
2012-07-30 12:29 - 2012-07-30 12:29 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2015-01-24 20:35 - 2015-01-09 10:05 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2971336435-624878665-679844752-500 - Administrator - Disabled)
Gast (S-1-5-21-2971336435-624878665-679844752-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2971336435-624878665-679844752-1007 - Limited - Enabled)
lenovo (S-1-5-21-2971336435-624878665-679844752-1000 - Administrator - Enabled) => C:\Users\lenovo
Patrik (S-1-5-21-2971336435-624878665-679844752-1001 - Limited - Enabled)
Simone (S-1-5-21-2971336435-624878665-679844752-1002 - Administrator - Enabled) => C:\Users\Simone
==================== Faulty Device Manager Devices =============
Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Shrew Soft Virtual Adapter #2
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: BCM20702A0
Description: BCM20702A0
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/26/2015 08:01:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17496 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 170c
Startzeit: 01d0399a6cf9677f
Endzeit: 2326
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (01/26/2015 08:01:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/26/2015 08:00:51 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/26/2015 08:00:49 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (01/26/2015 07:59:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Microsoft Office Sessions:
=========================
Error: (01/26/2015 08:01:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17496170c01d0399a6cf9677f2326C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (01/26/2015 08:01:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: AMD E2-1800 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 70%
Total physical RAM: 3658.36 MB
Available physical RAM: 1093.89 MB
Total Pagefile: 7314.91 MB
Available Pagefile: 3709.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:269.09 GB) (Free:183.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:16.29 GB) (Free:11.8 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 60DDD15E)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=269.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=12.5 GB) - (Type=12)
==================== End Of Log ============================
|
|
26.01.2015, 21:27
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schädling in Firefox / Flash Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-10] (Microsoft Corporation) <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
Hosts:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.01.2015, 00:50
| #12 |
| | Schädling in Firefox / FlashCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by lenovo at 2015-01-27 00:45:30 Run:1
Running from C:\Users\lenovo\Downloads
Loaded Profiles: lenovo (Available profiles: lenovo & Simone)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-10] (Microsoft Corporation) <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
Hosts:
*****************
HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 131.1 MB temporary data.
The system needed a reboot.
==== End of Fixlog 00:45:53 ====
|
|
27.01.2015, 09:17
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schädling in Firefox / Flash Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.01.2015, 22:58
| #14 |
| | Schädling in Firefox / Flash Okay also erstmal mbam, Eset kommt sobald er durchgelaufen ist Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 27.01.2015 Scan Time: 21:06:33 Logfile: text1.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.01.27.09 Rootkit Database: v2015.01.14.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: lenovo Scan Type: Threat Scan Result: Completed Objects Scanned: 376058 Time Elapsed: 28 min, 12 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 23 PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\api, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\core, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\defaults, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\defaults\preferences, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\plugins, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\userCode, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\api, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\core, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\defaults, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\defaults\preferences, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\locale, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\locale\en-US, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\skin, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\locale, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\locale\en-US, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\skin, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], Files: 156 PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome.manifest, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\install.rdf, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\0264001bffc9dd65253a4b074a50ea55.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\0e088239fe83325404c57e7bae52c59f.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\6aa39a780762f79f4e51774b036c0e1c.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\8e502a060b060805091206faa3b36a4d.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\9d28ed172372e46158e5cfdaa72b4f9b.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\9e1058dcfa2e2a85131c08dccbe0bf1f.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\background.html, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\browser.xul, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\dialog.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\options.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\options.xul, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\search_dialog.xul, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\api\522a6a98b1091e11331c0506330e18b9.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\api\013649ac92e79a17cf21626e0145c1d9.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\api\05eafa6a31e9b083ac4265014f8f1cfe.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\api\0c723c80ff6813382c9ea5624e646520.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\api\25e7d5c692208448e79711eb475dfa7e.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\api\28cba8fd1c6d126f0d49e3b9dd35f61f.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\api\38f63a6ea194798a312cf830f18e0167.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\api\40175c6965fee0f4f1a862516479b3da.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\api\4f719ec2401c078848f9a8586d23a337.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\api\88389d9a273630367b933723e20be067.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\api\a36be1dcaac100c12ef20c915bd1cd0e.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\api\afae5bcec1d0f5cab3c508661a81b3be.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\api\b0f1299b6f1a3130c14aa59513075148.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\api\e46811493b5cdb851b1af528b0f26239.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\api\e6ebc65b304990843e785ace0079a146.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\api\e982138e82effc2050edca74682492c4.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\core\ba94b2301aee62d853f2364edbcb2fef.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\core\046e96f05f30fb3e18aa418c8f00fb42.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\core\07c68224cf0824b26e7673c65224d372.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\core\387ff3cfbc4e52231a0de12f9aa7d7ae.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\core\3889ceb96d0c6ff96eb4983d751b3faf.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\core\467f9a8f89651dc9e96ec075c1f92ea2.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\core\74add5b8effcdf130185188ee581940f.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\core\7e00f2f827b33e87d2f4d9e716813f7a.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\core\7f42e9a04ecda730909286a29bbaa6de.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\core\7fda898663a2925835e31686231f066b.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\core\80f081331dc897714b0eb5e2358aceb5.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\core\818cac7da22e4fb71a62ee6ef672d298.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\core\83a5a7addba1620526dc1cdefc00b316.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\core\9e65211e43f10cd24ac14a4fa4284db6.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\core\bc0e1cf5c6bc30fe02b9ab1c7127c384.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\core\c20ec01935f4538a59bc1c7f2812a32f.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\core\c3bf512c5c030eaff59485e895f99282.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\core\cf738454c1256931a900f29ff52778e3.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\core\e13f3dbf33ce8002c22563263ab671a9.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\core\ef8caa6770b77109d96d864c6a7e6441.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\chrome\content\core\installer.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\defaults\preferences\prefs.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\manifest.xml, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\plugins.json, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\plugins\119.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\plugins\13.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\plugins\14.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\plugins\16.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\plugins\17.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\plugins\195.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\plugins\220.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\plugins\221.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\plugins\246.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\plugins\345.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\plugins\354.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\plugins\4.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\plugins\47.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\plugins\64.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\plugins\7.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\plugins\78.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\plugins\9.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\plugins\91.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\userCode\background.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\extensionData\userCode\extension.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome.manifest, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\install.rdf, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\api.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\background.html, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\baseObject.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\browser.xul, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\dialog.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\ffCoreFilesIndex.txt, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\main.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\migration.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\options.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\options.xul, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\platformVersion.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\search_dialog.xul, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\setup.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\api\asyncDB.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\api\background.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\api\browserAction.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\api\contextMenu.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\api\dbManager.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\api\dom_bg.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\api\fileManager.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\api\firefox.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\api\firefoxNotifications.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\api\firefoxOmnibox.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\api\message.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\api\pageAction.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\api\request.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\api\tabs.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\api\webRequest.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\api\windowsMessagingHandler.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\core\addressBarChangeObserver.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\core\console.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\core\consts.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\core\delegate.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\core\extensionDataStore.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\core\folderIOWrapper.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\core\httpObserver.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\core\IDBWrapper.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\core\installer.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\core\logFile.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\core\prefs.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\core\progressListenerObserver.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\core\registry.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\core\reloadObserver.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\core\reports.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\core\requestObject.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\core\searchSettings.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\core\uninstallObserver.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\core\updateManager.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\core\utils.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\chrome\content\core\xhr.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\defaults\preferences\prefs.js, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\locale\en-US\translations.dtd, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\skin\button1.png, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\skin\button2.png, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\skin\button3.png, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\skin\button4.png, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\skin\button5.png, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\skin\crossrider_statusbar.png, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\skin\icon24.png, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\skin\icon48.png, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\skin\panelarrow-up.png, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\skin\popup.html, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\skin\skin.css, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\firefox-production\skin\update.css, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\locale\en-US\translations.dtd, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\skin\button1.png, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\skin\button2.png, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\skin\button3.png, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\skin\button4.png, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\skin\button5.png, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\skin\crossrider_statusbar.png, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\skin\icon128.png, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\skin\icon16.png, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\skin\icon24.png, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\skin\icon48.png, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\skin\panelarrow-up.png, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\skin\popup.html, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\skin\skin.css, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], PUP.Optional.CrossRider.A, C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47g3g4is.default\extensions\BUEOFMG63663698@KOF20424187.com\skin\update.css, Quarantined, [c99c8c70cfbaab8b650ad3a56c97dc24], Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b649375be6a6474791339293ba8f417f
# engine=22176
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-27 09:38:22
# local_time=2015-01-27 10:38:22 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 19787 174024552 0 0
# scanned=132448
# found=1
# cleaned=1
# scan_time=3502
sh=72DBF7896EDE9C8A956BBEC460AEF550FFA3CC9D ft=1 fh=15d2f84eb4cedb61 vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Simone\Downloads\ReimageRepair.exe"
|
|
28.01.2015, 09:41
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schädling in Firefox / Flash Nur Reste, wurden ja gelöscht. Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Schädling in Firefox / Flash |
| antiviren, bereits, checken, einiger, firefox, flash, formatiere, formatieren, g-data, gen, guten, hoffe, kleine, logfiles, meldungen, probleme, programme, schei, schädling, schädlinge, stark, starte, superantispyware, virenmeldungen, vorhanden |
Linear-Darstellung
