| |
| |||||||
Log-Analyse und Auswertung: Träges System, Veränderungen, mehrere unbekannte ProzesseWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.02.2015, 22:58
| #1 |
 |  Träges System, Veränderungen, mehrere unbekannte Prozesse Hallo alle miteinander! Ich bin neu hier, daher hoffe ich das ich den Thread richtig erstellt habe... Seit einiger Zeit läuft mein System merkwürdig und wesentlich langsamer als zuvor. Habe zuerst mal die Festplatte bereinigt und einen Virenscan gemacht (ohne Funde), das brachte allerdings auch nicht sehr viel. Konkrete Veränderungen: Wenn ich mich anmelde wird das Design geändert (obwohl ich jedes Mal ein anderes aktiviere) Der Laptop schaltet ohne erkennbaren Grund den Lüfter voll ein und scheint immer wieder voll ausgelastet zu sein (ohne das ich den Grund dafür nachvollziehen kann). Obwohl ich ein installiertes AdBlockPlus habe, öffnet sich seit kurzem Werbung im Firefox. Es werden ohne mein Zutun Webseiteninhalte auf den PC gespeichert (Facebook Chat). Firefox und andere Programme stürzen ohne erkennbaren Grund ab und ich hatte einen au_.exe Prozess im Task Manager, den ich nicht kenne (und der angeblich Spyware ist). MBAM Logfile: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 28.02.2015 Suchlauf-Zeit: 18:28:40 Logdatei: mbam funde.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.28.04 Rootkit Datenbank: v2015.02.25.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: ********* Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 514595 Verstrichene Zeit: 1 Std, 19 Min, 4 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 4 PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [973df23113773303b3326357877c6c94], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [4e8659ca1d6d88aea440e5d5f40ff40c], PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, In Quarantäne, [13c11b08ff8b1125e4cc8c20679c837d], PUP.Optional.ReMarkit.A, HKU\S-1-5-21-3005992195-605650759-3539824770-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re_markit, In Quarantäne, [be16061d39512c0a2da5199bc53e29d7], Registrierungswerte: 1 PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, amt, In Quarantäne, [4e8659ca1d6d88aea440e5d5f40ff40c] Registrierungsdaten: 4 PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.awesomehp.com/web/?type=ds&ts=1391198468&from=amt&uid=HitachiXHTS727575A9E364_J3740084HR7RMEHR7RMEX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.awesomehp.com/web/?type=ds&ts=1391198468&from=amt&uid=HitachiXHTS727575A9E364_J3740084HR7RMEHR7RMEX&q={searchTerms}),Ersetzt,[c70da77cf496fc3a6bd0587222e3d927] PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.awesomehp.com/?type=hp&ts=1391198468&from=amt&uid=HitachiXHTS727575A9E364_J3740084HR7RMEHR7RMEX, Gut: (www.google.com), Schlecht: (hxxp://www.awesomehp.com/?type=hp&ts=1391198468&from=amt&uid=HitachiXHTS727575A9E364_J3740084HR7RMEHR7RMEX),Ersetzt,[4a8aee35fc8eba7c2b0b3e8ce322758b] PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.awesomehp.com/?type=hp&ts=1391198468&from=amt&uid=HitachiXHTS727575A9E364_J3740084HR7RMEHR7RMEX, Gut: (www.google.com), Schlecht: (hxxp://www.awesomehp.com/?type=hp&ts=1391198468&from=amt&uid=HitachiXHTS727575A9E364_J3740084HR7RMEHR7RMEX),Ersetzt,[b51f83a0ddadbd79f34a1dad41c4f010] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[40949d865b2f241267829142d62ffe02] Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 2 PUP.PSWTool.ProductKey, C:\Users\*********\Downloads\produkey_setup_1.67_win32.zip, In Quarantäne, [10c451d20a803402090cadd234cc3ac6], PUP.Optional.OpenCandy, C:\Users\*********\Downloads\SetupImgBurn_2.5.8.0.exe, In Quarantäne, [dcf8be65dcae0b2b89e605f5e71e7888], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter OTL logfile created on: 28.02.2015 21:19:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*********\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17633) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,94 Gb Total Physical Memory | 14,44 Gb Available Physical Memory | 90,64% Memory free 31,87 Gb Paging File | 30,44 Gb Available in Paging File | 95,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 675,26 Gb Total Space | 93,43 Gb Free Space | 13,84% Space Free | Partition Type: NTFS Drive E: | 1,99 Gb Total Space | 1,96 Gb Free Space | 98,61% Space Free | Partition Type: FAT32 Drive G: | 21,08 Gb Total Space | 3,25 Gb Free Space | 15,41% Space Free | Partition Type: NTFS Drive H: | 963,96 Mb Total Space | 287,65 Mb Free Space | 29,84% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: ********* | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2015.02.28 20:35:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*********\Desktop\OTL.exe PRC - [2014.11.21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe ========== Modules (No Company Name) ========== MOD - [2013.09.05 00:14:10 | 004,300,456 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ========== Services (SafeList) ========== SRV:64bit: - [2015.01.12 03:34:30 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2014.10.13 06:57:46 | 000,743,688 | ---- | M] (DEVGURU Co., LTD.) [On_Demand | Stopped] -- C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe -- (ss_conn_service) SRV:64bit: - [2014.03.06 15:06:20 | 001,008,344 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2014.01.31 18:52:35 | 000,239,616 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2013.10.11 13:42:42 | 003,671,792 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:64bit: - [2013.10.11 13:42:20 | 000,284,912 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2013.10.11 13:41:56 | 000,631,024 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2013.10.11 13:41:28 | 000,154,864 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2013.07.29 04:01:08 | 000,772,064 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2013.05.27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2013.03.27 10:28:38 | 001,327,104 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent) SRV:64bit: - [2013.02.28 23:41:37 | 000,327,680 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV) SRV:64bit: - [2012.12.10 14:31:44 | 000,803,872 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R) SRV:64bit: - [2012.12.10 14:31:28 | 000,732,160 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:64bit: - [2012.09.12 18:07:06 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2012.09.07 20:10:00 | 000,033,600 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2012.07.20 16:09:08 | 000,494,456 | R--- | M] (DigitalPersona, Inc.) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost) SRV:64bit: - [2012.07.19 07:47:50 | 002,714,232 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2012.03.14 22:23:06 | 000,152,992 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2015.02.25 17:37:50 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2015.02.17 15:54:34 | 001,074,480 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe -- (FlexNet Licensing Service) SRV - [2015.02.09 18:46:07 | 005,436,176 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer) SRV - [2015.02.05 17:26:09 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014.12.19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2014.12.11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2014.11.21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe -- (MBAMService) SRV - [2014.11.21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe -- (MBAMScheduler) SRV - [2014.04.20 15:15:58 | 000,233,552 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe -- (AVP15.0.0) SRV - [2014.04.11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2014.04.09 14:16:34 | 001,448,248 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2014.03.20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2014.02.10 13:56:28 | 000,683,296 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2014.02.09 20:12:16 | 001,128,312 | ---- | M] (Infineon Technologies AG) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe -- (IFXSpMgtSrv) SRV - [2014.02.09 20:12:16 | 000,984,440 | ---- | M] (Infineon Technologies AG) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe -- (IFXTCS) SRV - [2014.02.09 20:12:16 | 000,212,344 | ---- | M] (Infineon Technologies AG) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService) SRV - [2014.01.31 15:22:31 | 000,366,040 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2014.01.31 15:22:30 | 000,279,000 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2014.01.31 15:22:30 | 000,165,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2014.01.31 15:22:30 | 000,131,032 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2013.11.04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2013.08.21 12:32:28 | 000,210,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2013.08.21 12:32:24 | 000,524,456 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2013.07.18 10:38:16 | 001,143,432 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2013.03.01 02:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2012.10.18 20:01:07 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2012.09.04 15:45:00 | 000,477,088 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK) SRV - [2012.08.07 13:15:50 | 000,378,488 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService) SRV - [2012.07.25 17:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service) SRV - [2012.07.25 17:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc) SRV - [2012.07.19 07:29:58 | 002,342,008 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2012.07.13 12:07:22 | 000,270,336 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2012.03.09 19:22:42 | 000,117,552 | ---- | M] (Portrait Displays, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2010.10.20 07:06:04 | 001,250,592 | ---- | M] (SafeNet, Inc) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2010.10.20 01:03:02 | 000,374,048 | ---- | M] (SafeNet, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer) SRV - [2010.10.20 01:00:02 | 000,292,128 | ---- | M] (SafeNet, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe -- (SentinelSecurityRuntime) ========== Driver Services (SafeList) ========== DRV:64bit: - [2015.02.28 20:51:26 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV:64bit: - [2015.02.12 16:53:24 | 000,141,440 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2014.11.21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl) DRV:64bit: - [2014.11.21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2014.10.13 06:57:48 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2014.10.13 06:57:48 | 000,110,336 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2014.10.08 13:47:23 | 000,793,800 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2014.10.08 13:47:23 | 000,141,320 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt) DRV:64bit: - [2014.08.21 18:38:00 | 000,795,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2014.08.21 18:38:00 | 000,358,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2014.08.21 18:38:00 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2014.07.02 10:03:45 | 000,555,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2014.07.02 09:39:56 | 000,598,808 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2014.07.02 09:39:56 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2014.07.02 09:39:56 | 000,184,144 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2014.07.02 09:39:56 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2014.07.02 09:39:56 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2014.07.02 09:39:40 | 000,172,760 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums) DRV:64bit: - [2014.05.02 12:02:50 | 000,495,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2014.04.10 16:25:34 | 000,243,808 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\klhk.sys -- (klhk) DRV:64bit: - [2014.03.28 16:51:04 | 000,028,768 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:64bit: - [2014.03.26 16:05:28 | 000,179,296 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:64bit: - [2014.03.25 15:26:04 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:64bit: - [2014.02.25 12:09:02 | 000,030,304 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2014.02.20 11:59:04 | 000,457,824 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2014.02.12 15:59:18 | 000,386,680 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2014.02.09 20:12:19 | 000,044,576 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\psd.sys -- (PersonalSecureDrive) DRV:64bit: - [2014.01.31 18:52:56 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2014.01.31 18:52:35 | 012,760,576 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2014.01.31 18:52:35 | 000,619,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2014.01.31 15:39:19 | 000,176,880 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2014.01.31 15:22:30 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2013.11.04 08:20:48 | 000,026,936 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2013.08.21 15:32:28 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvolwin7.sys -- (Sftvol) DRV:64bit: - [2013.08.21 15:32:26 | 000,029,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirwin7.sys -- (Sftredir) DRV:64bit: - [2013.08.21 15:32:24 | 000,768,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfswin7.sys -- (Sftfs) DRV:64bit: - [2013.08.21 15:32:24 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaywin7.sys -- (Sftplay) DRV:64bit: - [2013.08.08 16:11:00 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2013.07.29 04:01:24 | 000,164,832 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2013.07.29 04:01:24 | 000,164,832 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2013.07.01 09:25:12 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:64bit: - [2013.07.01 09:25:10 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:64bit: - [2013.05.20 01:04:36 | 000,020,048 | ---- | M] (Iomega Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vNICdrv.sys -- (vNICdrv) DRV:64bit: - [2013.04.24 07:12:06 | 000,129,792 | ---- | M] (Gemalto) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GemCCID.sys -- (GemCCID) DRV:64bit: - [2013.04.12 14:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd) DRV:64bit: - [2013.03.27 11:05:38 | 000,091,432 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpeOpal.sys -- (MfeEpeOpal) DRV:64bit: - [2013.03.27 11:03:08 | 000,158,760 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc) DRV:64bit: - [2013.03.23 22:37:30 | 000,026,208 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci) DRV:64bit: - [2013.03.01 02:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2013.02.28 23:41:37 | 000,543,744 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2013.02.12 05:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2012.11.20 13:14:40 | 001,866,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2012.10.18 20:01:07 | 000,568,640 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.09.30 10:24:08 | 011,523,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2012.09.07 20:11:00 | 000,043,328 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2012.09.07 20:11:00 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2012.09.04 15:25:14 | 000,064,832 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.02 04:07:18 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN) DRV:64bit: - [2011.12.26 21:37:42 | 000,090,608 | ---- | M] (CyberLink) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive) DRV:64bit: - [2011.07.25 17:44:58 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.07.25 17:44:58 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.05.13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.05.13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:64bit: - [2011.05.13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2011.05.13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2011.05.13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.11 00:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010.11.11 00:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:64bit: - [2010.11.11 00:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2009.09.17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.02.17 11:18:48 | 000,069,192 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2009.02.17 11:17:16 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV - [2012.07.26 13:38:00 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391198468&from=amt&uid=HitachiXHTS727575A9E364_J3740084HR7RMEHR7RMEX&q={searchTerms} IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391198468&from=amt&uid=HitachiXHTS727575A9E364_J3740084HR7RMEHR7RMEX&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3005992195-605650759-3539824770-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-3005992195-605650759-3539824770-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-3005992195-605650759-3539824770-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3005992195-605650759-3539824770-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3005992195-605650759-3539824770-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "AT" FF - prefs.js..browser.search.highlightCount: 0 FF - prefs.js..browser.search.isUS: false FF - prefs.js..browser.search.region: "AT" FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.16.0 FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.1.8 FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2014.2.7 FF - prefs.js..extensions.enabledAddons: virtual_keyboard%40kaspersky.com:4.0.10.15 FF - prefs.js..extensions.enabledAddons: content_blocker%40kaspersky.com:4.0.10.15 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:4.0.10.15 FF - prefs.js..extensions.enabledAddons: online_banking%40kaspersky.com:4.0.10.15 FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:2.0 FF - prefs.js..extensions.enabledAddons: fireforce%40scrt.ch:2.2 FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.6.10 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@kaspersky.com/content_blocker: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014.10.08 13:47:29 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@kaspersky.com/online_banking: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014.10.08 13:47:29 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@kaspersky.com/virtual_keyboard: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014.10.08 13:47:29 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2013.01.19 15:34:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014.01.07 22:23:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014.12.14 13:07:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014.10.08 13:47:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014.10.08 13:47:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014.10.08 13:47:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014.10.08 13:47:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014.10.08 13:47:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.17 18:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\Extensions [2015.02.28 18:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\gi23ph1m.default\extensions [2012.10.27 17:56:21 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\gi23ph1m.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2014.01.22 15:30:17 | 000,000,000 | ---D | M] (Block site) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\gi23ph1m.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015.01.06 21:49:00 | 000,052,316 | ---- | M] () (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\firefox\profiles\gi23ph1m.default\extensions\fireforce@scrt.ch.xpi [2015.01.31 01:23:29 | 000,393,078 | ---- | M] () (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\firefox\profiles\gi23ph1m.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015.01.15 19:04:16 | 000,985,112 | ---- | M] () (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\firefox\profiles\gi23ph1m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015.02.25 17:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2015.02.25 17:37:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2014.12.14 13:07:48 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 11.0\ACROBAT\BROWSER\WCFIREFOXEXTN [2014.10.08 13:47:29 | 000,000,000 | ---D | M] (Chặn quảng cáo) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\ANTI_BANNER@KASPERSKY.COM [2014.10.08 13:47:29 | 000,000,000 | ---D | M] (Ngăn chặn trang web nguy hiểm) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM [2014.10.08 13:47:29 | 000,000,000 | ---D | M] (An toàn giao dịch tài chính) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\ONLINE_BANKING@KASPERSKY.COM [2014.10.08 13:47:29 | 000,000,000 | ---D | M] (Công cụ kiểm tra liên kết của Kaspersky) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\URL_ADVISOR@KASPERSKY.COM [2014.10.08 13:47:29 | 000,000,000 | ---D | M] (Bàn phím ảo) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM [2014.01.07 22:23:30 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX O1 HOSTS File: ([2014.03.28 19:07:25 | 000,000,850 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 10.0.0.42 BRN30055C09D9CB O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) O2:64bit: - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKU\S-1-5-21-3005992195-605650759-3539824770-1001\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-3005992195-605650759-3539824770-1001\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\*********\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 16 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\Program Files (x86)\Internet Explorer\Citavi Picker\ShowContextMenu.html () O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Zu Anti-Banner hinzufügen - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm () O8 - Extra context menu item: &Citavi Picker... - C:\Program Files (x86)\Internet Explorer\Citavi Picker\ShowContextMenu.html () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Zu Anti-Banner hinzufügen - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm () O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9:64bit: - Extra Button: Link-Untersuchung - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: Link-Untersuchung - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3005992195-605650759-3539824770-1001\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3005992195-605650759-3539824770-1001\..Trusted Domains: security_Capture.exe ([]about in Vertrauenswürdige Sites) O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1362838867134 (MUCatalogWebControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{148EEE73-5FAC-4283-88E4-9605D77F02E1}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15AFA637-BDF3-43BE-B870-2968A81E7FB7}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A919D833-78FF-4579-888F-D25A828CA3CF}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C23788C9-0567-48BF-9233-5274FCBB25D1}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF80E091-7F4B-4833-819F-88405D224247}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - ("C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe") - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{caed7ac8-004d-11e4-8713-e006e6afdb49}\Shell - "" = AutoRun O33 - MountPoints2\{caed7ac8-004d-11e4-8713-e006e6afdb49}\Shell\AutoRun\command - "" = D:\MMMTest.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015.02.28 20:51:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*********\Desktop\OTL.exe [2015.02.28 20:44:34 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\Spyware Tools [2015.02.28 20:39:32 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\USB3 Sicherung [2015.02.28 19:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID [2015.02.28 19:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID [2015.02.28 19:31:22 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\MyPhoneExplorer [2015.02.28 19:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer [2015.02.28 19:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPhoneExplorer [2015.02.28 19:07:08 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\Kaspersky Rescue [2015.02.28 18:44:15 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\Gelber Kingston [2015.02.28 18:28:14 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys [2015.02.28 18:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2015.02.28 18:27:59 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys [2015.02.28 18:27:59 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys [2015.02.28 18:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2015.02.28 18:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BIPA FotoShop [2015.02.28 18:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\BIPA [2015.02.28 18:03:39 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\hps-install [2015.02.28 17:31:04 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\Pwd forgot kaspersky [2015.02.25 17:37:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2015.02.25 17:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2015.02.25 10:58:21 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\restoration [2015.02.25 10:57:26 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\autopsy [2015.02.25 10:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\Autopsy-3.1.1 [2015.02.25 10:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autopsy [2015.02.21 20:32:21 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\USB Stick Post [2015.02.21 11:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB [2015.02.21 11:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ISO to USB [2015.02.19 11:19:46 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\********* AustroControl [2015.02.17 16:22:28 | 000,000,000 | ---D | C] -- C:\Users\*********\Documents\ArcGIS [2015.02.17 16:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ESRI [2015.02.17 15:54:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared [2015.02.17 15:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS [2015.02.17 15:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 4.0 [2015.02.17 15:49:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Data Dynamics [2015.02.17 15:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tom Sawyer Software [2015.02.17 15:49:24 | 000,000,000 | ---D | C] -- C:\Python27 [2015.02.17 15:49:24 | 000,000,000 | ---D | C] -- \Python27 [2015.02.17 15:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcGIS [2015.02.17 15:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcGIS [2015.02.17 15:47:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcGIS 10.2.2 [2015.02.14 19:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox [2015.02.14 19:21:49 | 000,000,000 | RH-D | C] -- C:\ESD [2015.02.14 19:21:49 | 000,000,000 | RH-D | C] -- \ESD [2015.02.14 12:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL [2015.02.14 12:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL [2015.02.13 23:35:57 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\********* FHTW IWIW [2015.02.13 22:35:54 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\Ayudarum Job I u II [2015.02.13 20:23:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PHP [2015.02.13 19:52:21 | 000,000,000 | ---D | C] -- C:\inetpub [2015.02.13 19:52:21 | 000,000,000 | ---D | C] -- \inetpub [2015.02.12 16:53:24 | 000,204,264 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\VBoxNetFltNobj.dll [2015.02.12 16:53:24 | 000,141,440 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\drivers\VBoxNetAdp.sys [2015.02.12 13:27:44 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\10.9 Heiratsproblem-Dateien [2015.02.12 10:35:48 | 006,041,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2015.02.12 10:35:48 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll [2015.02.12 10:35:47 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll [2015.02.11 09:38:29 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\perftrack.dll [2015.02.11 09:38:29 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\powertracker.dll [2015.02.11 08:18:29 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll [2015.02.11 08:18:29 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2015.02.11 08:18:28 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2015.02.11 08:18:28 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe [2015.02.11 08:18:28 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll [2015.02.11 08:18:28 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2015.02.11 08:18:28 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll [2015.02.11 08:18:28 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll [2015.02.11 08:18:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll [2015.02.11 08:18:28 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2015.02.11 08:18:27 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2015.02.11 08:18:27 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll [2015.02.11 08:18:27 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2015.02.11 08:18:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll [2015.02.11 08:18:26 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe [2015.02.11 08:18:26 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2015.02.11 08:18:26 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll [2015.02.11 08:18:26 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2015.02.11 08:18:26 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll [2015.02.11 08:18:26 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2015.02.11 08:18:26 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2015.02.11 08:18:25 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2015.02.11 08:18:25 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll [2015.02.11 08:18:25 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll [2015.02.11 08:18:25 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll [2015.02.11 08:18:25 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2015.02.11 08:18:24 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2015.02.11 08:18:24 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2015.02.11 08:18:23 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll [2015.02.11 08:18:22 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2015.02.11 08:18:22 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll [2015.02.11 08:18:22 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll [2015.02.11 08:17:57 | 000,894,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\appraiser.dll [2015.02.11 08:17:57 | 000,609,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\generaltel.dll [2015.02.11 08:17:56 | 001,098,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll [2015.02.11 08:17:56 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\invagent.dll [2015.02.11 08:17:55 | 001,239,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aitstatic.exe [2015.02.11 08:17:55 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\devinv.dll [2015.02.11 08:17:55 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll [2015.02.11 08:17:55 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepic.dll [2015.02.11 08:17:46 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2015.02.11 08:17:32 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll [2015.02.11 08:17:11 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll [2015.02.11 08:17:11 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\adtschema.dll [2015.02.11 08:17:11 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adtschema.dll [2015.02.11 08:17:10 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll [2015.02.11 08:17:10 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\auditpol.exe [2015.02.11 08:17:10 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\auditpol.exe [2015.02.11 08:17:10 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll [2015.02.11 08:17:10 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll [2015.02.11 08:17:09 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msaudite.dll [2015.02.11 08:17:09 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msaudite.dll [2015.02.11 08:17:09 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msobjs.dll [2015.02.11 08:17:09 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msobjs.dll [2015.02.11 08:17:02 | 001,480,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll [2015.02.11 08:16:58 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll [2015.02.11 08:16:43 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\scesrv.dll [2015.02.11 08:16:43 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\scesrv.dll [2015.02.11 08:16:39 | 005,554,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2015.02.11 08:16:38 | 003,972,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2015.02.11 08:16:38 | 003,917,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2015.02.11 08:16:37 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll [2015.02.11 08:16:37 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rstrui.exe [2015.02.11 08:16:37 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srclient.dll [2015.02.03 23:20:28 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2015.02.03 23:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2015.02.03 23:20:26 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Notepad++ [2015.02.03 23:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++ [2015.02.03 15:50:09 | 000,000,000 | ---D | C] -- C:\Users\*********\.jmc [2015.02.03 15:49:57 | 000,000,000 | ---D | C] -- C:\Users\*********\.eclipse [2015.02.03 15:35:21 | 000,111,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll [2015.02.03 15:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit [2015.02.03 15:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java [1 C:\Users\*********\Desktop\*.tmp files -> C:\Users\*********\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2015.02.28 20:51:26 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys [2015.02.28 20:49:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2015.02.28 20:49:02 | 4225,265,661 | -HS- | M] () -- C:\hiberfil.sys [2015.02.28 20:42:26 | 001,703,554 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2015.02.28 20:42:26 | 000,736,966 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2015.02.28 20:42:26 | 000,683,928 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2015.02.28 20:42:26 | 000,159,896 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2015.02.28 20:42:26 | 000,130,708 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2015.02.28 20:35:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*********\Desktop\OTL.exe [2015.02.28 20:29:00 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2015.02.28 20:26:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2015.02.28 20:23:16 | 000,004,340 | ---- | M] () -- C:\Users\*********\AppData\Roaming\LTspiceIV.ini [2015.02.28 20:18:08 | 000,018,490 | ---- | M] () -- C:\Users\*********\Desktop\cc_20150228_201805.reg [2015.02.28 20:01:57 | 000,031,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2015.02.28 20:01:57 | 000,031,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2015.02.28 19:58:12 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2015.02.28 17:55:07 | 000,000,656 | ---- | M] () -- C:\Users\*********\Desktop\cc_20150228_175504.reg [2015.02.28 17:53:52 | 000,440,218 | ---- | M] () -- C:\Users\*********\Desktop\cc_20150228_175347.reg [2015.02.28 14:40:09 | 000,089,009 | ---- | M] () -- C:\Users\*********\Desktop\Google plant Riesenglashaus - news.ORF.pdf [2015.02.28 14:36:42 | 000,017,887 | ---- | M] () -- C:\Users\*********\Desktop\Probleme wegen falscher Bonitätsauskünfte - help.ORF.pdf [2015.02.28 14:34:54 | 000,027,320 | ---- | M] () -- C:\Users\*********\Desktop\Die Tücken des Kreditscorings - help.ORF.pdf [2015.02.27 20:35:49 | 000,000,682 | ---- | M] () -- C:\windows\BRRBCOM.INI [2015.02.27 18:54:32 | 020,163,714 | ---- | M] () -- C:\Users\*********\Desktop\House_of_Cards_Vienna_vs_Washington_DC_Side_by_Side_hd720.mp4 [2015.02.27 08:00:07 | 000,000,336 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleFor*********.job [2015.02.26 18:11:47 | 000,066,950 | ---- | M] () -- C:\Users\*********\Desktop\google meldung 2.JPG [2015.02.26 13:59:54 | 000,026,962 | ---- | M] () -- C:\Users\*********\Desktop\newsletter abbestellung springer bauwesen 26_02_2015_2.JPG [2015.02.26 13:58:33 | 000,139,042 | ---- | M] () -- C:\Users\*********\Desktop\newsletter abbestellung springer bauwesen 26_02_2015.JPG [2015.02.25 21:52:18 | 000,700,226 | ---- | M] () -- C:\Users\*********\Desktop\ba1_*********.pdf [2015.02.25 21:46:29 | 000,078,876 | ---- | M] () -- C:\Users\*********\Desktop\google meldung.JPG [2015.02.25 21:10:26 | 000,000,475 | ---- | M] () -- C:\- [2015.02.25 20:58:13 | 000,009,152 | ---- | M] () -- C:\Users\*********\Desktop\perlc.m [2015.02.25 10:57:44 | 000,000,036 | ---- | M] () -- C:\.superId [2015.02.25 10:56:28 | 000,001,887 | ---- | M] () -- C:\Users\*********\Desktop\Autopsy 3.1.1.lnk [2015.02.25 10:32:28 | 000,105,574 | ---- | M] () -- C:\Users\*********\Desktop\Personen am Institut für Information Engineering & Security - Fachhochschule Technikum Wien_Lehrende MIT_BIT.pdf [2015.02.23 16:10:00 | 000,202,766 | ---- | M] () -- C:\Users\*********\Desktop\Stellenmarkt Start _ LinkedIn.pdf [2015.02.22 09:25:26 | 003,175,734 | ---- | M] () -- C:\Users\*********\Desktop\20150222_092526.jpg [2015.02.21 16:10:34 | 000,221,611 | ---- | M] () -- C:\Users\*********\Desktop\E-Ladestation_Uebersicht_Gesamt.pdf [2015.02.21 12:43:36 | 000,121,302 | ---- | M] () -- C:\Users\*********\Desktop\guterBundeslandFilter.JPG [2015.02.19 19:48:28 | 000,317,678 | ---- | M] () -- C:\Users\*********\Desktop\Raspberry Pi_ Webserver Nginx installieren » Jan Karres.pdf [2015.02.19 18:41:31 | 000,184,218 | ---- | M] () -- C:\Users\*********\Desktop\sguat@job.JPG [2015.02.18 12:09:45 | 000,764,996 | ---- | M] () -- C:\Users\*********\Desktop\Raspberry Pi_ Owncloud-Alternative Seafile Server installieren » Jan Karres.pdf [2015.02.18 11:53:39 | 000,267,494 | ---- | M] () -- C:\Users\*********\Desktop\E3.pdf [2015.02.18 10:30:12 | 000,101,629 | ---- | M] () -- C:\Users\*********\Desktop\Stromtankstellen Februar 2014_bearbeitet_*********.pdf [2015.02.18 10:20:27 | 000,486,288 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2015.02.18 10:14:36 | 003,129,148 | ---- | M] () -- C:\Users\*********\Desktop\20150218_101435.jpg [2015.02.18 04:48:35 | 002,797,455 | ---- | M] () -- C:\Users\*********\Desktop\20150218_044835.jpg [2015.02.17 17:40:22 | 002,330,405 | ---- | M] () -- C:\Users\*********\Desktop\20150217_174022.jpg [2015.02.17 17:36:34 | 002,917,757 | ---- | M] () -- C:\Users\*********\Desktop\20150217_173634.jpg [2015.02.17 17:21:54 | 004,910,216 | ---- | M] () -- C:\Users\*********\Desktop\20150217_172154.jpg [2015.02.17 17:18:36 | 020,956,479 | ---- | M] () -- C:\Users\*********\Desktop\20150217_171825.mp4 [2015.02.17 10:10:38 | 003,217,659 | ---- | M] () -- C:\Users\*********\Desktop\20150217_101038.jpg [2015.02.16 16:02:28 | 000,083,599 | ---- | M] () -- C:\Users\*********\Desktop\Stromtankstellen Februar 2014.pdf [2015.02.16 14:11:00 | 007,601,042 | ---- | M] () -- C:\Users\*********\Desktop\de_Buch 30 Jahre ASFINAG.pdf [2015.02.15 14:22:26 | 000,425,203 | ---- | M] () -- C:\Users\*********\Desktop\IMG-20150215-WA0000.jpg [2015.02.14 19:34:55 | 006,428,671 | ---- | M] () -- C:\Users\*********\Desktop\20150214_193455.jpg [2015.02.14 19:29:24 | 000,301,066 | ---- | M] () -- C:\Users\*********\Desktop\IMG-20150214-WA0001.jpg [2015.02.14 17:23:30 | 000,074,555 | ---- | M] () -- C:\Users\*********\Desktop\stromtankstellen standorte stand august 2012_63554.pdf [2015.02.14 16:54:09 | 000,285,813 | ---- | M] () -- C:\Users\*********\Desktop\20140203_Ladestationen_SMATRICS.pdf [2015.02.14 12:43:54 | 001,343,488 | ---- | M] () -- C:\Users\*********\Documents\Erevolution.accdb [2015.02.14 12:20:35 | 000,348,160 | ---- | M] () -- C:\Users\*********\Documents\Database3.accdb [2015.02.14 12:20:01 | 000,352,256 | ---- | M] () -- C:\Users\*********\Documents\Database2.accdb [2015.02.14 10:23:06 | 000,318,703 | ---- | M] () -- C:\Users\*********\Desktop\IMG-20150214-WA0000.jpg [2015.02.13 22:00:43 | 000,000,023 | ---- | M] () -- C:\windows\ODBCINST.INI [2015.02.13 20:36:13 | 001,736,652 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2015.02.13 19:15:02 | 002,829,909 | ---- | M] () -- C:\Users\*********\Desktop\20150213_191503.jpg [2015.02.13 10:35:15 | 000,001,136 | ---- | M] () -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015.02.12 16:53:24 | 000,204,264 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\VBoxNetFltNobj.dll [2015.02.12 16:53:24 | 000,141,440 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\drivers\VBoxNetAdp.sys [2015.02.12 13:27:44 | 000,005,261 | ---- | M] () -- C:\Users\*********\Desktop\10.9 Heiratsproblem.html [2015.02.11 10:48:10 | 000,008,878 | ---- | M] () -- C:\windows\SysWow64\SystemData.xml [2015.02.11 10:35:53 | 004,684,472 | ---- | M] () -- C:\Users\*********\Desktop\13agelenkbus_144346.jpg [2015.02.11 10:35:13 | 000,325,934 | ---- | M] () -- C:\Users\*********\Desktop\modalsplit_144345.jpg [2015.02.11 10:34:48 | 000,621,349 | ---- | M] () -- C:\Users\*********\Desktop\jahreskarte-verkaufszahlen_144344.jpg [2015.02.11 10:07:41 | 001,680,212 | ---- | M] () -- C:\Users\*********\Desktop\jahreskarten anzahl wr linien.pdf [2015.02.11 10:07:16 | 000,539,155 | ---- | M] () -- C:\Users\*********\Desktop\falschparker wr linien.pdf [2015.02.11 10:06:59 | 000,633,643 | ---- | M] () -- C:\Users\*********\Desktop\multisensueller infopoint wr linien.pdf [2015.02.06 16:17:16 | 005,069,971 | ---- | M] () -- C:\Users\*********\Desktop\20150206_161716.jpg [2015.02.05 17:26:09 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2015.02.05 17:26:09 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2015.02.04 04:16:29 | 000,609,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\generaltel.dll [2015.02.04 04:16:20 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\invagent.dll [2015.02.04 04:16:16 | 000,414,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\devinv.dll [2015.02.04 04:16:14 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\appraiser.dll [2015.02.04 04:16:13 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll [2015.02.04 04:16:13 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepic.dll [2015.02.04 04:13:28 | 001,098,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll [2015.02.03 15:34:39 | 000,111,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll [2015.02.02 19:50:30 | 000,396,735 | ---- | M] () -- C:\Users\*********\Desktop\IMG-20150202-WA0001.jpg [2015.02.02 19:50:30 | 000,296,853 | ---- | M] () -- C:\Users\*********\Desktop\IMG-20150202-WA0000.jpg [2015.01.29 22:31:20 | 003,415,388 | ---- | M] () -- C:\Users\*********\Desktop\20150129_223120.jpg [1 C:\Users\*********\Desktop\*.tmp files -> C:\Users\*********\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2015.02.28 20:18:06 | 000,018,490 | ---- | C] () -- C:\Users\*********\Desktop\cc_20150228_201805.reg [2015.02.28 17:55:05 | 000,000,656 | ---- | C] () -- C:\Users\*********\Desktop\cc_20150228_175504.reg [2015.02.28 17:53:49 | 000,440,218 | ---- | C] () -- C:\Users\*********\Desktop\cc_20150228_175347.reg [2015.02.28 14:40:09 | 000,089,009 | ---- | C] () -- C:\Users\*********\Desktop\Google plant Riesenglashaus - news.ORF.pdf [2015.02.28 14:36:42 | 000,017,887 | ---- | C] () -- C:\Users\*********\Desktop\Probleme wegen falscher Bonitätsauskünfte - help.ORF.pdf [2015.02.28 14:34:54 | 000,027,320 | ---- | C] () -- C:\Users\*********\Desktop\Die Tücken des Kreditscorings - help.ORF.pdf [2015.02.27 18:53:11 | 020,163,714 | ---- | C] () -- C:\Users\*********\Desktop\House_of_Cards_Vienna_vs_Washington_DC_Side_by_Side_hd720.mp4 [2015.02.26 18:11:47 | 000,066,950 | ---- | C] () -- C:\Users\*********\Desktop\google meldung 2.JPG [2015.02.26 13:59:54 | 000,026,962 | ---- | C] () -- C:\Users\*********\Desktop\newsletter abbestellung springer bauwesen 26_02_2015_2.JPG [2015.02.26 13:55:53 | 000,139,042 | ---- | C] () -- C:\Users\*********\Desktop\newsletter abbestellung springer bauwesen 26_02_2015.JPG [2015.02.26 11:44:03 | 000,700,226 | ---- | C] () -- C:\Users\*********\Desktop\ba1_*********.pdf [2015.02.25 21:46:29 | 000,078,876 | ---- | C] () -- C:\Users\*********\Desktop\google meldung.JPG [2015.02.25 21:10:03 | 000,000,475 | ---- | C] () -- C:\- [2015.02.25 21:10:03 | 000,000,475 | ---- | C] () -- \- [2015.02.25 20:58:12 | 000,009,152 | ---- | C] () -- C:\Users\*********\Desktop\perlc.m [2015.02.25 10:57:44 | 000,000,036 | ---- | C] () -- C:\.superId [2015.02.25 10:57:44 | 000,000,036 | ---- | C] () -- \.superId [2015.02.25 10:56:28 | 000,001,887 | ---- | C] () -- C:\Users\*********\Desktop\Autopsy 3.1.1.lnk [2015.02.25 10:32:28 | 000,105,574 | ---- | C] () -- C:\Users\*********\Desktop\Personen am Institut für Information Engineering & Security - Fachhochschule Technikum Wien_Lehrende MIT_BIT.pdf [2015.02.23 16:10:00 | 000,202,766 | ---- | C] () -- C:\Users\*********\Desktop\Stellenmarkt Start _ LinkedIn.pdf [2015.02.22 09:25:26 | 003,175,734 | ---- | C] () -- C:\Users\*********\Desktop\20150222_092526.jpg [2015.02.21 12:43:35 | 000,121,302 | ---- | C] () -- C:\Users\*********\Desktop\guterBundeslandFilter.JPG [2015.02.19 19:48:28 | 000,317,678 | ---- | C] () -- C:\Users\*********\Desktop\Raspberry Pi_ Webserver Nginx installieren » Jan Karres.pdf [2015.02.19 18:41:13 | 000,184,218 | ---- | C] () -- C:\Users\*********\Desktop\sguat@job.JPG [2015.02.18 12:09:45 | 000,764,996 | ---- | C] () -- C:\Users\*********\Desktop\Raspberry Pi_ Owncloud-Alternative Seafile Server installieren » Jan Karres.pdf [2015.02.18 11:48:26 | 000,267,494 | ---- | C] () -- C:\Users\*********\Desktop\E3.pdf [2015.02.18 10:14:36 | 003,129,148 | ---- | C] () -- C:\Users\*********\Desktop\20150218_101435.jpg [2015.02.18 04:48:35 | 002,797,455 | ---- | C] () -- C:\Users\*********\Desktop\20150218_044835.jpg [2015.02.17 17:40:22 | 002,330,405 | ---- | C] () -- C:\Users\*********\Desktop\20150217_174022.jpg [2015.02.17 17:36:34 | 002,917,757 | ---- | C] () -- C:\Users\*********\Desktop\20150217_173634.jpg [2015.02.17 17:21:54 | 004,910,216 | ---- | C] () -- C:\Users\*********\Desktop\20150217_172154.jpg [2015.02.17 17:18:36 | 020,956,479 | ---- | C] () -- C:\Users\*********\Desktop\20150217_171825.mp4 [2015.02.17 10:10:38 | 003,217,659 | ---- | C] () -- C:\Users\*********\Desktop\20150217_101038.jpg [2015.02.16 18:53:18 | 000,221,611 | ---- | C] () -- C:\Users\*********\Desktop\E-Ladestation_Uebersicht_Gesamt.pdf [2015.02.16 18:14:25 | 000,101,629 | ---- | C] () -- C:\Users\*********\Desktop\Stromtankstellen Februar 2014_bearbeitet_*********.pdf [2015.02.16 14:10:58 | 007,601,042 | ---- | C] () -- C:\Users\*********\Desktop\de_Buch 30 Jahre ASFINAG.pdf [2015.02.15 14:22:26 | 000,425,203 | ---- | C] () -- C:\Users\*********\Desktop\IMG-20150215-WA0000.jpg [2015.02.15 12:55:34 | 000,083,599 | ---- | C] () -- C:\Users\*********\Desktop\Stromtankstellen Februar 2014.pdf [2015.02.14 19:34:55 | 006,428,671 | ---- | C] () -- C:\Users\*********\Desktop\20150214_193455.jpg [2015.02.14 19:29:24 | 000,301,066 | ---- | C] () -- C:\Users\*********\Desktop\IMG-20150214-WA0001.jpg [2015.02.14 17:23:29 | 000,074,555 | ---- | C] () -- C:\Users\*********\Desktop\stromtankstellen standorte stand august 2012_63554.pdf [2015.02.14 16:54:08 | 000,285,813 | ---- | C] () -- C:\Users\*********\Desktop\20140203_Ladestationen_SMATRICS.pdf [2015.02.14 12:20:35 | 001,343,488 | ---- | C] () -- C:\Users\*********\Documents\Erevolution.accdb [2015.02.14 12:20:01 | 000,348,160 | ---- | C] () -- C:\Users\*********\Documents\Database3.accdb [2015.02.14 12:16:00 | 000,352,256 | ---- | C] () -- C:\Users\*********\Documents\Database2.accdb [2015.02.14 10:23:06 | 000,318,703 | ---- | C] () -- C:\Users\*********\Desktop\IMG-20150214-WA0000.jpg [2015.02.13 20:40:56 | 000,000,023 | ---- | C] () -- C:\windows\ODBCINST.INI [2015.02.13 19:15:02 | 002,829,909 | ---- | C] () -- C:\Users\*********\Desktop\20150213_191503.jpg [2015.02.13 10:43:51 | 000,000,336 | ---- | C] () -- C:\windows\tasks\HPCeeScheduleFor*********.job [2015.02.12 13:27:44 | 000,005,261 | ---- | C] () -- C:\Users\*********\Desktop\10.9 Heiratsproblem.html [2015.02.11 10:35:53 | 004,684,472 | ---- | C] () -- C:\Users\*********\Desktop\13agelenkbus_144346.jpg [2015.02.11 10:35:12 | 000,325,934 | ---- | C] () -- C:\Users\*********\Desktop\modalsplit_144345.jpg [2015.02.11 10:34:47 | 000,621,349 | ---- | C] () -- C:\Users\*********\Desktop\jahreskarte-verkaufszahlen_144344.jpg [2015.02.11 10:07:41 | 001,680,212 | ---- | C] () -- C:\Users\*********\Desktop\jahreskarten anzahl wr linien.pdf [2015.02.11 10:07:16 | 000,539,155 | ---- | C] () -- C:\Users\*********\Desktop\falschparker wr linien.pdf [2015.02.11 10:06:59 | 000,633,643 | ---- | C] () -- C:\Users\*********\Desktop\multisensueller infopoint wr linien.pdf [2015.02.06 16:17:16 | 005,069,971 | ---- | C] () -- C:\Users\*********\Desktop\20150206_161716.jpg [2015.02.05 16:38:51 | 000,000,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk [2015.02.03 11:34:02 | 000,237,568 | ---- | C] () -- C:\windows\SysWow64\glut32.dll [2015.02.02 19:50:30 | 000,396,735 | ---- | C] () -- C:\Users\*********\Desktop\IMG-20150202-WA0001.jpg [2015.02.02 19:50:30 | 000,296,853 | ---- | C] () -- C:\Users\*********\Desktop\IMG-20150202-WA0000.jpg [2015.01.29 22:31:20 | 003,415,388 | ---- | C] () -- C:\Users\*********\Desktop\20150129_223120.jpg [2015.01.06 18:50:50 | 000,000,030 | ---- | C] () -- C:\windows\Gnucleus.INI [2014.12.14 11:53:45 | 000,000,076 | ---- | C] () -- C:\Users\*********\AppData\Roaming\mbam.context.scan [2014.12.09 17:40:40 | 000,000,781 | ---- | C] () -- C:\Users\*********\Draft1.op.raw [2014.12.09 17:40:00 | 000,001,210 | ---- | C] () -- C:\Users\*********\Draft1.raw [2014.12.09 17:37:31 | 000,001,664 | ---- | C] () -- C:\Users\*********\Draft1.asc [2014.12.09 17:04:02 | 000,004,340 | ---- | C] () -- C:\Users\*********\AppData\Roaming\LTspiceIV.ini [2014.10.21 13:05:45 | 000,000,446 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2014.04.16 17:00:51 | 000,000,719 | ---- | C] () -- C:\Users\*********\AppData\Local\recently-used.xbel [2014.02.18 15:35:17 | 000,000,682 | ---- | C] () -- C:\windows\BRRBCOM.INI [2014.02.18 15:34:08 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL [2014.02.18 15:34:06 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI [2014.02.12 15:32:47 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2014.01.31 21:03:18 | 000,032,256 | ---- | C] () -- C:\windows\SysWow64\AVSredirect.dll [2013.12.30 10:52:44 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2013.10.12 17:00:56 | 000,000,248 | ---- | C] () -- C:\windows\hbcikrnl.ini [2013.09.11 22:32:06 | 000,038,912 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll [2013.07.25 20:41:24 | 000,995,342 | ---- | C] () -- C:\windows\SysWow64\amdocl_as32.exe [2013.07.25 20:41:24 | 000,798,734 | ---- | C] () -- C:\windows\SysWow64\amdocl_ld32.exe [2013.06.04 23:16:27 | 000,000,000 | ---- | C] () -- C:\Users\*********\dlmgr_.pro [2013.06.02 19:01:44 | 000,000,021 | ---- | C] () -- C:\windows\progman.ini [2013.04.18 18:06:46 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2013.04.18 18:06:46 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2013.04.18 18:06:46 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2013.04.18 18:06:46 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2013.03.01 02:47:36 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll [2012.11.07 21:04:25 | 000,001,096 | ---- | C] () -- C:\Users\*********\Dokumente - Verknüpfung.lnk [2012.11.04 14:22:28 | 000,007,168 | ---- | C] () -- C:\Users\*********\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.20 15:04:45 | 000,007,618 | ---- | C] () -- C:\Users\*********\AppData\Local\Resmon.ResmonCfg [2012.10.17 17:35:04 | 4225,265,661 | -HS- | C] () -- \hiberfil.sys [2011.02.11 06:13:49 | 000,383,786 | RHS- | C] () -- \bootmgr [2007.11.07 08:12:28 | 000,232,960 | ---- | C] () -- \VC_RED.MSI [2007.11.07 08:09:22 | 001,442,522 | ---- | C] () -- \VC_RED.cab [2007.11.07 08:03:18 | 000,562,688 | ---- | C] () -- \install.exe [2007.11.07 08:03:18 | 000,097,296 | ---- | C] () -- \install.res.1036.dll [2007.11.07 08:03:18 | 000,096,272 | ---- | C] () -- \install.res.3082.dll [2007.11.07 08:03:18 | 000,096,272 | ---- | C] () -- \install.res.1031.dll [2007.11.07 08:03:18 | 000,095,248 | ---- | C] () -- \install.res.1040.dll [2007.11.07 08:03:18 | 000,091,152 | ---- | C] () -- \install.res.1033.dll [2007.11.07 08:03:18 | 000,081,424 | ---- | C] () -- \install.res.1041.dll [2007.11.07 08:03:18 | 000,079,888 | ---- | C] () -- \install.res.1042.dll [2007.11.07 08:03:18 | 000,076,304 | ---- | C] () -- \install.res.1028.dll [2007.11.07 08:03:18 | 000,075,792 | ---- | C] () -- \install.res.2052.dll [2007.11.07 08:00:40 | 000,005,686 | ---- | C] () -- \vcredist.bmp [2007.11.07 08:00:40 | 000,001,110 | ---- | C] () -- \globdata.ini [2007.11.07 08:00:40 | 000,000,843 | ---- | C] () -- \install.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014.06.25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014.12.14 12:43:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ControlCenter4 [2013.05.11 16:14:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DigitalPersona [2014.02.12 17:42:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Infineon [2014.12.14 12:44:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SoftGrid Client [2013.05.11 16:14:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Synaptics [2014.01.31 22:34:05 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\.marble [2015.02.11 16:32:07 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Ahnenblatt [2014.01.21 20:38:57 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Audacity [2015.02.25 10:58:56 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\autopsy [2014.05.21 13:53:44 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2014.03.16 21:46:10 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\ControlCenter4 [2014.10.08 20:13:56 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\DeepBurner [2012.10.17 17:35:25 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\DigitalPersona [2015.02.28 17:28:51 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Dropbox [2012.10.30 21:23:08 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\e-academy Inc [2014.10.20 19:57:41 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\emIDE [2015.02.17 16:22:28 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\ESRI [2015.01.12 10:47:12 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\fltk.org [2015.01.23 19:08:11 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\gramps [2015.01.07 15:12:46 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\ImgBurn [2012.10.17 17:35:43 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Infineon [2015.02.28 19:43:09 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\MyPhoneExplorer [2014.04.24 20:44:50 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\MySQL [2015.02.03 23:20:38 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Notepad++ [2014.03.16 21:16:57 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Nuance [2014.11.27 17:06:50 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\NuGet [2014.10.17 16:07:48 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Oracle [2013.05.04 10:05:09 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\PDAppFlex [2014.06.10 15:32:23 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Python [2015.02.11 09:45:17 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Samsung [2015.01.06 18:39:51 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Shareaza [2015.02.28 20:47:58 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\SoftGrid Client [2015.02.03 13:40:11 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\SPB_16.6 [2014.12.18 11:19:11 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Subversion [2014.08.21 09:09:42 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Swiss Academic Software [2012.10.17 17:38:36 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Synaptics [2014.01.15 19:59:45 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\TeamViewer [2012.10.18 12:27:10 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Thunderbird [2015.01.29 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\uTorrent [2015.01.08 22:51:40 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Wireshark [2013.01.05 10:57:09 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\XnView [2014.03.16 21:17:01 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Zeon ========== Purity Check ========== < End of report > |
|
28.02.2015, 23:00
| #2 |
| | OTL Logfile 2 (Extras) und OTL Logfile 2 (Extras):
__________________Code:
ATTFilter OTL Extras logfile created on: 28.02.2015 21:19:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*******\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,94 Gb Total Physical Memory | 14,44 Gb Available Physical Memory | 90,64% Memory free
31,87 Gb Paging File | 30,44 Gb Available in Paging File | 95,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 675,26 Gb Total Space | 93,43 Gb Free Space | 13,84% Space Free | Partition Type: NTFS
Drive E: | 1,99 Gb Total Space | 1,96 Gb Free Space | 98,61% Space Free | Partition Type: FAT32
Drive G: | 21,08 Gb Total Space | 3,25 Gb Free Space | 15,41% Space Free | Partition Type: NTFS
Drive H: | 963,96 Mb Total Space | 287,65 Mb Free Space | 29,84% Space Free | Partition Type: NTFS
Computer Name: LAPTOP | User Name: ******* | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-3005992195-605650759-3539824770-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07BE5662-1DB6-49A5-A29D-7BA89246BD96}" = lport=6919 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{151529A1-9923-46DC-AE16-EA75CAC8D9D5}" = lport=6915 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{1666E853-DB1D-4D51-B31D-EEE60B032E9E}" = lport=6916 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{2E5D4E28-384D-4FD4-8E1C-DBADB5609532}" = lport=6920 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{34A14184-81AB-4CDE-B008-40C6F1F77AED}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{3F2A369C-12E4-4619-A4BA-54E7838E74D6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{55412513-C00C-44E1-A7C2-F1B0619376DE}" = lport=6920 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{5814554E-E9B5-47B7-B892-FB67D0CBE5D3}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{5D900AF3-6BBC-4BAC-ADB8-5DF202351AF7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{652B856D-6CC4-4315-A044-7C3151DF4F20}" = lport=6918 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{65DF24D9-0089-47F4-A696-A0BD7E9136C4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73FF7F4D-664C-4A50-BDA7-B58A790A44A1}" = lport=3306 | protocol=6 | dir=in | name=mysql_svr |
"{8F81EEB5-F191-4BCD-BDCE-88098B821D1F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{96DFDA8A-151F-41D7-8F52-B8BA02B9EA1E}" = lport=3029 | protocol=6 | dir=in | name=dk2 network server |
"{98885D2E-F7A3-4D3A-BFD6-49F6F5AB75C6}" = lport=6916 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{A27A0966-54AB-4F04-BAB0-C6430FB91800}" = lport=6918 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{A35C5B89-F19C-482F-A1DF-5B6CAEE50D9F}" = lport=6915 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{A4A45A56-D49B-49CC-A796-E7A4E7C0EA2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA6450BC-477B-4B25-9817-6B7BA1EF6100}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AD768DD5-2D49-4399-91FD-94AD5FB1D551}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE66D6AC-9C8D-442D-A09C-B711C7F3A150}" = lport=6919 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{B19AEC57-7809-49A7-B5FD-DC690E89745C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B284C7A4-2C39-468F-8C70-AA5FF9193E3B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C41ED3CF-8914-4A03-A51A-9DBF134E7B18}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E6018AA5-C5A6-4452-B332-0154AB1EFDB5}" = lport=6917 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{EA6CBF66-9E3A-4D83-8E6F-2F92838DB953}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F0D6027D-6EB4-48C4-8C2B-EAD9FB6D8423}" = lport=6917 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{FACB2262-5429-4B9C-8739-E1B030F6B0E3}" = lport=3306 | protocol=6 | dir=in | name=mysql_svr |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BA2888-DF66-4B3D-B629-57FCE72803EC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{0C7F5A43-4442-4792-9DF4-548E8576EF4F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0CDF1F62-9015-4298-9F7C-40D8759CDF6C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0ED93ACC-F1DC-4EE6-BBC4-58CB1F095778}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0EE1EF94-D249-4E8F-A9B3-F5EBDB8CC84B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{1C9B6172-46F1-454B-BDA1-00BDF65A7B7F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1F1C6D81-E5FC-43BE-A2BA-DA4FEB5933D3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{20986C79-609F-4CE8-98AF-E7C7706C279C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{21110E76-E00F-4889-A66D-B17527158160}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C5690D1-3E4B-4D72-93F6-FFFA02C60DF9}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{2E264D75-2FD0-41D5-9B26-DE1F54610D17}" = dir=in | app=c:\orcad\orcad_16.6_lite\openaccess\bin\win32\opt\oadmturboserver.exe |
"{2FDBDD4B-8E74-4231-A453-71B0F2AF6BD6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2FDD10A9-6EE6-489C-B1B8-CB0701758EA0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3450D298-5BBB-4490-B556-149C542D60E9}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{446F3281-B1D4-46C1-8EC7-114886B4EF9A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4480071D-D61C-4C17-8330-08759D6C1BE2}" = dir=in | app=c:\orcad\orcad_16.6_lite\tools\capture\capture.exe |
"{465CBCDD-9DE0-4178-8C82-740D5F8E330E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{48678519-8E49-4431-A6E0-B68FBD58705E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4A9CDC91-BD27-4F8F-893D-4ADBF876D403}" = dir=in | app=c:\orcad\orcad_16.6_lite\tools\specctra\bin\specctra.exe |
"{4B9AE086-FFAD-4E59-B78C-7D340B2AA9D3}" = dir=in | app=c:\orcad\orcad_16.6_lite\tools\pcb\bin\smpd.exe |
"{5309C6C7-93CA-4EE3-8C7F-E7630C6D5DD4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{5889CE6D-2404-4AAA-8E36-919491511CA9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{7FC03905-43D1-4DB0-8F83-7F3CCB54C604}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{854A6702-4A75-4A3A-924D-4FC98898FF4E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{860C61B6-E419-418B-970D-F2CBBFBDECE1}" = dir=in | app=c:\orcad\orcad_16.6_lite\tools\bin\cdsmps.exe |
"{896DD03E-1E71-41A0-9190-477F9781D82F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{91359B2A-374B-4D73-AA0A-45D3AAE0CA03}" = dir=in | app=c:\orcad\orcad_16.6_lite\tools\pcb\bin\allegro.exe |
"{9138E59B-1A60-49E3-9023-2A6636E7E33E}" = protocol=6 | dir=out | app=system |
"{93377AF6-329C-4BB4-9BFA-8D2CF379F473}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{93CE8346-816C-4323-899D-8EC57955F70D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{96D676CA-9410-4B74-A5BA-E5BF975CE9E4}" = dir=in | app=c:\orcad\orcad_16.6_lite\openaccess\bin\win32\opt\oafslockd.exe |
"{99432132-25F3-41F4-8B6E-8DEE63A5CD99}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A0BA69D2-0710-44C8-B1E8-32A2433608A1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{A347F6AD-00A2-4AE3-9E76-AEC692748421}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{A51C69B0-4A07-4BBB-B3A4-13E75AD70358}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{A6A85F6E-0DD9-4845-B316-D85277C27E9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A82D8171-55AF-40BA-9D83-95E412D4B890}" = dir=in | app=c:\orcad\orcad_16.6_lite\tools\bin\cdsmsgserver.exe |
"{ACE46909-49FB-4AC1-A13F-8937F692A0F6}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{B5D0A4E8-F9FF-475C-B2A0-A33A02B6109A}" = dir=in | app=c:\orcad\orcad_16.6_lite\tools\pcb\bin\mpiexec.exe |
"{B849D2A8-92BC-4AA1-8163-00960DE68D94}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{BAAB1766-1EFC-43C7-8BD9-59CE833B151B}" = dir=in | app=c:\orcad\orcad_16.6_lite\tools\pcb\bin\productserver.exe |
"{BD1289A4-61A5-4B68-9362-9070D5CF8CD3}" = protocol=6 | dir=in | app=c:\users\*******\appdata\roaming\dropbox\bin\dropbox.exe |
"{BDD52FEB-9ADF-4B98-8B18-B330F662DA43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE64CA5D-DD87-4453-B2B3-9BF0A6D7964E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{BF31CDF6-2A84-4F9C-9378-63053FFCCF9D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C7ABABD8-C2C5-473E-BB47-286D641011A5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{CA17B8A4-17F4-44E1-88EE-529115786948}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D2987DA0-7276-4AC7-81EC-61BB89F3BA4A}" = protocol=17 | dir=in | app=c:\users\*******\appdata\roaming\dropbox\bin\dropbox.exe |
"{DC5A356C-BE26-4106-8759-48C5FE05B7E3}" = dir=in | app=c:\orcad\orcad_16.6_lite\tools\jre\bin\javaw.exe |
"{E29449B4-7CDE-46D8-8067-F600074A7160}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E5E9E453-0F43-4636-BD92-3F52A7B9BC92}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E7AF02A7-3989-4315-B5A0-75D27F2D735A}" = dir=in | app=c:\orcad\orcad_16.6_lite\tools\bin\cdsnameserver.exe |
"{E902BC90-6389-4FFB-AF97-AEE15346A760}" = dir=in | app=c:\orcad\orcad_16.6_lite\tools\bin\clsbd.exe |
"{EC87A9FB-B976-4BDF-9FFF-78E46C4767BE}" = dir=in | app=c:\program files (x86)\airport\apagent.exe |
"{F1987D66-A92A-4D18-AEE5-184E2D96317C}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{F3572E2D-A186-4DF5-8901-85E4B94504CB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F5168683-8E30-4809-9C0C-9AFFE3800D04}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{F79E1D61-7921-4672-9F35-BD6D1DC96776}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FDA1EDCF-FF4B-4D60-A8F4-D7B8226BDD4B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{67F36BEC-A8D2-46EB-AD94-17EE437BEDBF}C:\program files (x86)\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
"TCP Query User{F999D6B2-231F-49AE-996D-84D96174D590}C:\keil\uv4\uv4.exe" = protocol=6 | dir=in | app=c:\keil\uv4\uv4.exe |
"UDP Query User{00F7730C-3637-4099-AE40-5E8904B00C1E}C:\keil\uv4\uv4.exe" = protocol=17 | dir=in | app=c:\keil\uv4\uv4.exe |
"UDP Query User{51EA1137-3C27-4446-98C2-4434FAE7D1B6}C:\program files (x86)\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C6B9E76-7617-4661-BE60-65C77CC10C06}" = Autopsy
"{0D432429-C79C-462D-ABD8-4D82B83A954B}" = Microsoft SQL Server System CLR Types (x64)
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{14833517-FFF2-014B-877B-381CB696D123}" = ccc-utility64
"{180500C1-57BB-3AA8-8E55-DCD5ECD16537}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1DB0C90B-2A9F-3A1E-B1DF-616C5A2A1417}" = Microsoft .NET Framework 4.5.2 (DEU)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{26A24AE4-039D-4CA4-87B4-2F86418031F0}" = Java 8 Update 31 (64-bit)
"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}" = Drive Encryption For HP ProtectTools
"{28D85F24-B685-3364-BB7C-284C88C2FFE5}" = Microsoft Visual Studio Team Foundation Server 2012 Storyboarding
"{29AB47F0-C5A3-401F-8A84-3324F2DC8E46}" = Privacy Manager for HP ProtectTools
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{30C8A133-BD06-35FF-9DCC-DD05E9F7C0B0}" = Visual Studio 2012 Prerequisites - DEU Language Pack
"{3181229B-05DA-46F9-B8D4-4966BDA99A74}" = Intel® PROSet/Wireless WiFi Software
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3674F088-9B90-473A-AAC3-20A00D8D810C}" = Microsoft Web Deploy 3.5
"{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{3DF89DED-B76F-4561-AED7-6E38154E10E8}" = HP ProtectTools Security Manager
"{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components
"{426B43EC-284B-8DAB-5419-D8418C7C3D26}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
"{572E796D-C52B-3797-A685-2FB6F895D4BE}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61862D7C-CDBC-48D5-8AE1-3B8BD1E23BC5}" = Visual Studio 2012 Prerequisites
"{6472F9D8-9116-3889-A4F7-61544A752CE3}" = Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - DEU
"{64A3A4F4-B792-11D6-A78A-00B0D0180310}" = Java SE Development Kit 8 Update 31 (64-bit)
"{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}" = Microsoft-System-CLR-Typen für SQL Server 2012 (x64)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6F280399-F8BD-4F2E-BCA4-207BEBCDE33A}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{73468C65-BC53-4D88-9246-75A5BB014DA2}" = JavaScript Tooling
"{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84642787-58C0-44AE-8B26-E2F544E380A1}" = HP Power Assistant
"{8877CE8C-7F87-4962-8BCF-DFAA2980D2CE}" = Microsoft Visual Studio 2012 IntelliTrace Core amd64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D00DBC4-DEB4-4910-9D7C-30A5C6898195}" = Microsoft Application Virtualization Desktop Client
"{8E16BB50-E49A-3647-BD4D-4D150DCCBFAE}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}" = Microsoft SQL Server 2012 Native Client
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.2 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}" = Microsoft SQL Server Compact 4.0 SP1 x64 DEU
"{9910B791-30D3-419C-B39E-4974206931A9}" = Microsoft Visual Studio 2012-Leistungserfassungstools - DEU
"{993F6DDC-63F8-4BCD-9B28-D941971A9CAC}" = Windows XP Targeting with C++
"{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = Broadcom Bluetooth Software
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{A751060D-97A3-4804-B07F-F0A0AACBCC76}" = Microsoft Visual Studio 2012 IntelliTraceLoc
"{A8DDCED9-79D2-35AA-91CD-CA64444E1CA3}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - DEU
"{AA51ED2E-DCE7-415F-9C32-CB9B561D216D}" = Validity Fingerprint Sensor Driver
"{AAFF73AD-3432-3575-ABD1-14E48EF2F4CB}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.60610
"{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}" = Microsoft SQL Server 2012 Command Line Utilities
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B632465A-857D-4FC2-A76E-B1F3693527D8}" = MySQL Workbench 6.2 CE
"{B64F0818-316F-4237-8CB4-35BC2DA784C2}" = HP 3D DriveGuard
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{c7565395-3662-4b78-8c42-e7cf02c6edd7}" = Intel(R) PRO/Wireless Driver
"{C77B266C-A228-3952-981A-3C23D7D614A5}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C8400C5F-04A8-3B74-B247-B0F2CEA8A907}" = Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727
"{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D3A775F2-2674-4452-8D80-1FC1446052EE}" = Face Recognition for HP ProtectTools
"{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}" = Microsoft SQL Server 2012 Management Objects (x64)
"{DE192347-4F1B-C580-6291-6707F03A9748}" = AMD Accelerated Video Transcoding
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{E890076A-6721-4145-B9C4-B4AACFDE6830}" = Microsoft Visual Studio 2012-Leistungserfassungstools
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF18EF0F-96D3-4A6B-9600-2197F1720A15}" = Microsoft SQL Server 2012 Express LocalDB
"{F053F74A-A631-4CFA-A271-6D0747599BC9}" = Oracle VM VirtualBox 4.3.22
"{F75C607F-9341-47B3-83FC-CC66B9C519E8}" = Embedded Security for HP ProtectTools
"{F778BE47-F12E-36E1-8D6F-BD2FEF779F22}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{FA00A3CC-7440-4938-A271-F186F50DD40D}" = Intel® Trusted Connect Service Client
"{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86
"B52717176FE34BE856BA6AFDB17D684B819C9D8A" = Windows-Treiberpaket - Hewlett-Packard Image (05/24/2012 11.5.0.116)
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.26
"Face Recognition for HP ProtectTools" = Face Recognition for HP ProtectTools
"HPProtectTools" = HP ProtectTools Security Manager
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{03E87F9E-F5E4-45F4-91EC-A328295D6C06}" = Windows Azure Tools für LightSwitch HTML Client für Visual Studio 2012 (DEU)
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{046806D1-0A38-3FCA-AF84-F71C50A0C363}" = Microsoft Visual Studio Premium 2012
"{05E1731A-5DD6-314E-889F-265C006C8EF9}" = Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
"{07AC2D83-E795-4AD5-970D-B9BD14A1E411}" = Microsoft ASP.NET MVC 3 - DEU
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{093C9565-E907-4ED8-8201-4C1DD25D34DF}" = Devenv-Ressourcen für Microsoft Visual Studio 2012
"{0A3925EA-5B0E-401B-A189-7419149747B2}" = Adobe AIR
"{0B6F9FD2-E845-4938-B6EA-F643413F5BBF}" = Microsoft Visual C++ 2012 x86-x64 Compilers
"{0bc17680-a2d9-42c0-9c26-0b8ecac2b473}" = Microsoft Visual Studio Ultimate 2012
"{0BCC836F-0B28-4090-B58A-64883BAA3B2F}" = WCF Data Services 5.0 (for OData v3) Primary Components
"{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}" = Blend for Visual Studio SDK for Silverlight 5
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0EEB6DAC-32D5-4D1A-B795-7023D6AB9F13}" = Blend for Visual Studio 2012 DEU resources
"{105fa5c4-72e1-41f2-a82c-884d8aa4b381}" = Intel® PROSet/Wireless Software
"{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}" = Theft Recovery for HP ProtectTools
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{13BD574A-7F41-420A-B486-7A2D4CEB7F3B}" = Tools for .Net 3.5 - DEU Lang Pack
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{148878BD-A2A5-4CF1-A103-2BA632F41953}" = WCF Data Services Tools for Microsoft Visual Studio 2012
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{1690CE56-2231-4E59-9006-A0876D949EA8}" = Tools for .Net 3.5
"{179324FF-7B16-4BA8-9836-055CAAEE4F08}" = SDFormatter
"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1AD308F4-8A23-435E-A231-D9CF142561EA}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - DEU
"{1C76B100-2EAB-4A89-A7E5-37F24F147ECF}" = Microsoft Visual C++ 2012 32bit Compilers - DEU Resources
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1DB43E5A-2F24-4F51-92B0-A2C0EBF5C742}" = Microsoft Report Viewer Add-On for Visual Studio 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
"{23544215-E6E6-448B-B6E9-6268D5B3E74D}" = HP SoftPaq Download Manager
"{23F9C27A-E520-4C87-AF99-E5A7D021F24A}" = Visual Studio Extensions for Windows Library for JavaScript
"{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}" = HP ESU for Microsoft Windows 7
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.0
"{2583CDBA-8A53-4622-BB67-1D163714C1B4}" = Python 3.4.2
"{259B1F5A-1932-19DD-DAEE-02B62B307943}" = CCC Help Portuguese
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{28C7A4BB-3966-4373-8376-C11F38290630}" = Microsoft SQL Server 2012 T-SQL Language Service
"{29675C9D-025B-43F2-BFEB-D5FADE06770F}" = Microsoft Visual Studio 2012-Vorbereitung
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2B231D3B-39B5-301A-9891-0847433885BC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools DEU Language Pack
"{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components
"{2CB523DF-A3C2-4A7C-8848-53898F6D6F87}" = PreEmptive Analytics Client German Language Pack
"{2F6CE32A-018D-4656-895B-9E5E20D7740A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{2F8F489A-0476-3129-857B-A553F38B192D}" = Microsoft Visual C++ 2012 Core Libraries
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3226C9CF-31C7-4FF4-8F41-D5A65795EE80}" = Microsoft ASP.NET MVC 4 Runtime - DEU
"{32AA0D69-0E45-4331-A435-74716E4EA0AC}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools - DEU
"{330E5D98-20D2-4CA4-AE51-FCB8AA80F634}" = Microsoft Visual Studio 2012 Devenv
"{342C9BB8-65A0-46DE-AB7A-8031E151AF69}" = Microsoft Application Virtualization Desktop Client
"{3609B8F2-9BC8-463D-BB3D-A0511F529D57}" = Microsoft Visual C++ 2012 Compilers - DEU Resources
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{36B650AB-8FCE-40FC-8763-49FA2EA42713}" = Microsoft Visual C++ 2012 Compilers
"{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition
"{37E53780-3944-4A6A-842F-727128E8616E}" = Blend for Visual Studio SDK for .NET 4.5
"{393D3402-F9CB-9EF0-0F8C-B88CF6D81A06}" = CCC Help Turkish
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP HD Webcam Driver
"{3A523AF9-D32F-4C85-8388-0335731F3405}" = WCF RIA Services V1.0 SP2
"{3A61A282-4F08-4D43-920C-DC30ECE528E8}" = HP System Default Settings
"{3c3aafc8-d898-43ec-998f-965ffdae065a}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E24A4D9-7CA0-378E-A9EB-74A20A496F6E}" = Microsoft LightSwitch für Visual Studio 2012 CoreRes - DEU
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{40D341E0-4ABC-F44D-F5EB-5301D815DBE6}" = CCC Help Thai
"{42E10F0D-7227-4710-94FB-7C3AED8CC118}" = Microsoft Visual Studio 2012 IntelliTrace Core x86
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{438363A8-F486-4C37-834C-4955773CB3D3}" = HP Setup
"{451526FA-52D1-41F2-B7E2-96343EC95853}" = Windows Azure Tools for LightSwitch HTML Client for Visual Studio 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}" = Microsoft-System-CLR-Typen für SQL Server 2012
"{4C61712E-E526-CA9E-0CF2-427A6B2EEF75}" = CCC Help German
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection
"{4FD71717-B797-49E9-A8BC-C5EF29FE9693}" = Microsoft LightSwitch for Visual Studio 2012 v3.0 CoreRes - DEU
"{52AA45A4-EA94-FD74-18E1-D977D67C1725}" = CCC Help Czech
"{5349BA81-6F03-E8C1-F9A7-1B4610DD2835}" = CCC Help Russian
"{53C48A27-4079-49EB-8E73-76BA85D2BF6F}" = HP Hotkey Support
"{53E61A77-48E2-EF39-4BA8-230B5AD51C94}" = Catalyst Control Center Localization All
"{5416E28E-43F0-4223-BB41-078C28E5EE40}" = Catalyst Control Center - Branding
"{576C5AF1-5298-4770-8AE0-9148AA22E74E}" = Microsoft NuGet - Visual Studio 2012
"{57711B81-6A37-4018-9B13-9C6F192F8408}" = DAS
"{57F20F04-014D-453F-B6A3-AE9485C4DFAB}" = Blend for Visual Studio 2012
"{57F7960D-04B6-E1BC-DE09-7120CAC1ED2E}" = CCC Help Norwegian
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5D80483C-D297-4E04-9EDF-DD58521E9565}" = Microsoft Application Virtualization Desktop Client
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{653C1B5A-3287-47B1-8613-0745D4E771C4}" = Kaspersky Internet Security
"{658A8756-7B1E-44FD-A434-D777DD906232}" = HP Software Setup
"{67D857F0-03BA-4865-A578-7950B2D7625C}" = JavaScript Tooling
"{6855A047-B750-40B5-83B2-8EA44B208DEC}" = Microsoft Visual Studio 2012 IntelliTraceFrontEndLoc
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AB10109-C8E3-424E-A3F0-BEEBE1CC6722}" = ArcGIS 10.2.2 for Desktop - Sprachpaket Deutsch
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B5FEDC9-AC82-4F3F-AA55-F21881802F56}" = WCF Data Services 5.0 (for OData v3) DEU Language Pack
"{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}" = Microsoft SQL Server 2012 Management Objects
"{6C44519A-497D-382C-8596-E972C77057C2}" = Microsoft Portable Library Multi-Targeting Pack
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = HP File Sanitizer
"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
"{6E356EEF-203C-451B-9144-CBF099E3738A}" = Advanced Archive Password Recovery
"{6F066545-40A2-4C38-A8F7-78581CC5C442}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{70D065C3-77E5-45E9-A75C-EEB2E84EA869}" = Erforderliche Komponenten für SSDT
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7437A4B9-314F-3B8F-827B-22909146E471}" = Microsoft LightSwitch for Visual Studio 2012 Core
"{747A4BBA-B9D7-4DD5-BC62-5104E2A06066}" = Microsoft ASP.NET and Web Tools 2012.3 - Visual Studio 2012
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{761CB033-D425-4A16-954D-EA8DEF4D053B}" = ArcGIS 10.2.2 for Desktop
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{778EACF8-06C1-47AA-9284-91550E9BAD39}" = Samsung Easy Color Manager
"{77E2D875-FD9E-3DEE-9A84-C34FDECB4ECA}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.60610
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80054F6B-11DA-40F6-8306-F9AB2F9074EB}" = Microsoft Visual Studio 2012 Tools für SQL Server Compact 4.0 SP1 DEU
"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
"{834B6E00-F509-40F2-A677-E86261184576}" = Blend for Visual Studio Add-in for Adobe FXG Import
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{839D6461-E9B0-B5BF-AF9D-9D51203B7CFD}" = CCC Help Polish
"{854F1B9B-58A6-3A59-AAAD-5B476076E20F}" = CCC Help Greek
"{86756584-C41A-4CA3-B42D-4768C7720F56}" = Microsoft Web Deploy dbSqlPackage Provider - DEU
"{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B2A1CFD-8F88-4081-9E18-99395CC27EE6}" = HP Documentation
"{8BAB88C4-5024-3236-84B5-115054CD32B3}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - DEU
"{8BF20A72-0286-4E87-B071-E33D4B43DA97}" = Microsoft Report Viewer Add-On für Visual Studio 2012
"{8D00DBC4-DEB4-4910-9D7C-30A5C6898195}" = Microsoft Application Virtualization Desktop Client
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EA792A5-38AA-4F0E-8DFE-D1BAF1145431}" = Microsoft Silverlight 4 SDK - Deutsch
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90849941-4C23-3054-B575-3833700DF788}" = Microsoft Help Viewer 2.0 Language Pack - DEU
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{9211FD43-E0BA-2273-4D6D-8993FF5B5684}" = CCC Help Danish
"{93489CA8-6656-33A0-A5AC-E0EDEDB17C3E}" = Microsoft Visual Studio Professional 2012
"{938526B1-772C-45E3-813A-2E15048DE74E}" = Dotfuscator and Analytics Community Edition Language Pack
"{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}" = Microsoft ASP.NET Web Pages - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{954D9E32-BE47-43F4-9BFF-6DB46F17EAF2}" = Sentinel Protection Installer 7.6.3
"{96348BB1-CFA9-2D28-D588-472EA613DE03}" = AMD Catalyst Control Center
"{96F50F87-0F15-4F93-9FE6-387DD9CFB077}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - ENU
"{98B45D1C-6EB1-460D-A87D-2B60678DC105}" = Microsoft .NET Framework 4.5 SDK - DEU Lang Pack
"{99711F2D-A379-C8B2-D321-0C111ED3A3E3}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF1DDB6-20E6-4C6A-865F-BEFC6E2350E7}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - DEU
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CE13D8B-6288-4A2C-99D2-414D77B9A830}" = WCF Data Services Tools for Visual Studio 11 DEU Language Pack
"{A3A6D5EA-B6B5-3C05-BDA8-EAB99C09CDDC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools
"{A6478DC9-0CC5-658D-C237-051D672979F1}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA68AAAE-41F0-40B5-8896-5947F5FD6889}" = AirPort
"{AAC80D3B-9F42-4E52-8357-7CB4A3EC7B80}" = Microsoft ASP.NET Web Pages 2 Runtime - DEU
"{AB127859-6D32-4E23-AA93-537501EC0C9E}" = Microsoft LightSwitch for Visual Studio 2012 v3.0 Core
"{AB639FD7-CC4E-E5BB-8951-D852ABB56D8E}" = LocalESPCui for de-de
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) - Deutsch
"{ACA8E43D-F399-D543-A074-1F8484927FB2}" = CCC Help Spanish
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B2BDC072-BE01-432D-B281-30891D597FBB}" = Entity Framework Designer für Visual Studio 2012 - DEU
"{B33EA6ED-6F46-3BE1-98D2-F43D2A82EE39}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer deu Resources
"{B40E950B-300A-41B5-A6C1-2FEBEEA1BEEA}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - ENU
"{B500893E-BE12-3B58-449E-3B4D84FA0F7B}" = CCC Help Korean
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD87E147-2948-4E49-9FD9-890A4AE4300A}" = Microsoft Visual Studio 2012 Shell-(Mindest)-Ressourcen
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BD9DC17D-C48D-3B1B-944A-D0DE74FC74BC}" = Microsoft Visual C++ 2012 Extended Libraries
"{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}" = LocalESPC
"{BE4F3A79-8954-499C-AEF9-E8A3BC235677}" = JavaScript Tooling
"{C0ED9561-8312-457C-BB1B-BDC7EE034CED}" = HP Connection Manager
"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
"{C1FBB37F-F1DE-2594-A3F9-C2EEF125F7B9}" = CCC Help Chinese Traditional
"{C23073D8-0F3F-4876-91DE-168A6D0256E3}" = Microsoft Visual Studio 2012 IntelliTrace Front End x86
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C45793DF-BFB5-0F4A-438E-925EC40C233C}" = CCC Help Swedish
"{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime
"{C55A1CA0-D868-ED3C-E7B8-1510EFE6474C}" = Catalyst Control Center Graphics Previews Common
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CC0A85B2-734A-45B3-B678-05F6A6499AC7}" = Citavi 4
"{CEEDB2C4-46BE-4340-BAB9-F30110D9BBB8}" = Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20627.00)
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1" = ISO to USB
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}" = HP Software Framework
"{D32EF103-4016-4C15-BCB0-700C0A7A2309}" = Microsoft ASP.NET MVC 3
"{D3F1C46B-4DAD-439D-B940-E8144DD9B69A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update - DEU
"{D5B63991-A0E5-B050-C607-EE0711D0310C}" = Catalyst Control Center InstallProxy
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{D8E25567-CCB3-ECD1-24C0-A1963EAD9A03}" = CCC Help French
"{D95449D0-6CA6-0091-430E-3317B2B0893E}" = CCC Help Japanese
"{D9C4202E-6D51-4B06-A8F1-22316E654BCA}" = Universal Adb Driver
"{DDC1078D-00E9-CB9D-EA5B-EE695A38D346}" = Windows Runtime Intellisense Content - de-de
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E02793D2-41F7-4CF3-A5BA-147A01064C7A}" = Microsoft ASP.NET and Web Tools 2012.3 - Visual Studio 2012 - deu
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{E98A9C92-E767-475B-8BC6-8780A86DDC72}" = Brother MFL-Pro Suite DCP-9020CDW
"{EA33215B-1391-314B-8752-C4C448304AC5}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - deu
"{EA63C5C1-EBBC-477C-9CC7-41454DDFAFF2}" = Microsoft ASP.NET Web Pages 2 Runtime
"{ECB0B61B-5F85-3343-AF48-958B74376A94}" = Microsoft Visual Studio Ultimate 2012 - DEU
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{EFA87714-E75A-3BFC-A698-A3AABA5A8A0C}" = Microsoft Visual Studio Ultimate 2012
"{F0298562-01E6-857F-CF19-EF33FE53BF4D}" = Catalyst Control Center Profiles Mobile
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F24F876B-7D71-4BD6-88E9-614D3BB84239}" = Alcor Micro Smart Card Reader Driver
"{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}" = Microsoft Silverlight 5 SDK - DEU
"{F361FE04-789E-42F3-BBAB-E7B380AA5E06}" = Windows XP Targeting with C++
"{F37E0CBD-8684-0BD9-C5EA-F3EC7C5551FF}" = CCC Help English
"{F4B22AFD-39BC-3F2D-2BFE-C682B33F07ED}" = CCC Help Italian
"{F4FD5690-F64D-34C9-B728-B641DFDFEAE3}" = Microsoft Visual Studio Premium 2012 - DEU
"{F56A0341-F545-3EFB-A7B4-25CD67D04022}" = Microsoft Visual Studio Professional 2012 - DEU
"{F6F1EE45-97E9-48A3-94B2-044B0A3C08D3}" = Microsoft SQL Server Data Tools - DEU (11.1.20627.00)
"{FA14A869-BBCA-02CA-3954-67D38C1A1E7D}" = CCC Help Dutch
"{FAAF1F09-C00D-49B2-86B0-CE1A318F705D}" = Microsoft Visual Studio 2012 IntelliTraceLoc
"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"{FF52F406-7B27-A62F-E8F2-FD83E51AA37A}" = CCC Help Chinese Standard
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFC6E93A-B9AD-3F20-9B06-EE20E24AAEAF}" = Microsoft Visual C++ 2012 Core Libraries
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Ahnenblatt_is1" = Ahnenblatt 2.86
"ArcGIS 10.2.2 for Desktop" = ArcGIS 10.2.2 for Desktop
"ArcGIS 10.2.2 for Desktop - Sprachpaket Deutsch" = ArcGIS 10.2.2 for Desktop - Sprachpaket Deutsch
"DAS" = DAS
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"ImgBurn" = ImgBurn
"InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}" = Theft Recovery for HP ProtectTools
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}" = Kaspersky Internet Security
"Keil µVision4" = Keil µVision4
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.4.1028
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"Microsoft Help Viewer 2.0 Language Pack - DEU" = Microsoft Help Viewer 2.0 Language Pack - DEU
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 36.0 (x86 de)" = Mozilla Firefox 36.0 (x86 de)
"Mozilla Thunderbird 31.5.0 (x86 de)" = Mozilla Thunderbird 31.5.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NAVIGON Fresh" = NAVIGON Fresh 3.5.1
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PDF Complete" = PDF Complete Corporate Edition
"PlanePlotter_is1" = PlanePlotter 6.4.2.5
"SZCCID" = Alcor Micro Smart Card Reader Driver
"TeamViewer" = TeamViewer 10
"VIP Access SDK" = VIP Access SDK (1.1.0.7)
"VLC media player" = VLC media player
"WinLiveSuite" = Windows Live Essentials
"Winmail Opener" = Winmail Opener 1.4
"WinPcapInst" = WinPcap 4.1.3
"Wireshark" = Wireshark 1.12.3 (32-bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3005992195-605650759-3539824770-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12C79350-444D-48E0-B05C-1E610FF17F1A}" = OrCAD 16.6 Lite
"DAS" = DAS
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.02.2015 12:46:30 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.0.5531,
Zeitstempel: 0x54eb029a Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.0.5531,
Zeitstempel: 0x54eaf3b7 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001e02 ID des fehlerhaften
Prozesses: 0x1534 Startzeit der fehlerhaften Anwendung: 0x01d0537424928638 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll Berichtskennung:
5818832d-bf69-11e4-a098-b4b52f36a635
Error - 28.02.2015 12:46:37 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.0.5531,
Zeitstempel: 0x54eb029a Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.0.5531,
Zeitstempel: 0x54eaf3b7 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001e02 ID des fehlerhaften
Prozesses: 0x2758 Startzeit der fehlerhaften Anwendung: 0x01d053742427684c Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll Berichtskennung:
5bdcde85-bf69-11e4-a098-b4b52f36a635
Error - 28.02.2015 12:46:37 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.0.5531,
Zeitstempel: 0x54eb029a Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.0.5531,
Zeitstempel: 0x54eaf3b7 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001e02 ID des fehlerhaften
Prozesses: 0x2af4 Startzeit der fehlerhaften Anwendung: 0x01d05375f99f32fc Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll Berichtskennung:
5c061169-bf69-11e4-a098-b4b52f36a635
Error - 28.02.2015 13:21:11 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.0.5531,
Zeitstempel: 0x54eb029a Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.0.5531,
Zeitstempel: 0x54eaf3b7 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001e02 ID des fehlerhaften
Prozesses: 0x15fc Startzeit der fehlerhaften Anwendung: 0x01d0537877489a7b Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll Berichtskennung:
306886f8-bf6e-11e4-a098-b4b52f36a635
Error - 28.02.2015 13:21:18 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.0.5531,
Zeitstempel: 0x54eb029a Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.0.5531,
Zeitstempel: 0x54eaf3b7 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001e02 ID des fehlerhaften
Prozesses: 0x1a9c Startzeit der fehlerhaften Anwendung: 0x01d053787786b5d4 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll Berichtskennung:
3426d580-bf6e-11e4-a098-b4b52f36a635
Error - 28.02.2015 13:21:24 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.0.5531,
Zeitstempel: 0x54eb029a Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.0.5531,
Zeitstempel: 0x54eaf3b7 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001e02 ID des fehlerhaften
Prozesses: 0x251c Startzeit der fehlerhaften Anwendung: 0x01d05378776d3a04 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll Berichtskennung:
37df5792-bf6e-11e4-a098-b4b52f36a635
Error - 28.02.2015 14:58:03 | Computer Name = Laptop | Source = Application Virtualization Client | ID = 3131
Description = {tid=934:usr=*******} Fehler bei der Anforderung des Desktopkonfigurationsservers
für URL {rtsp://10.128.0.120:554/} mit Header {Host: 10.128.0.120 Content-Type:
text/xml AppV-Op: Refresh } (Rückgabecode 12E0170A-0000000B).
Error - 28.02.2015 15:01:03 | Computer Name = Laptop | Source = Application Virtualization Client | ID = 3131
Description = {tid=934:usr=*******} Fehler bei der Anforderung des Desktopkonfigurationsservers
für URL {rtsp://10.128.0.120:554/} mit Header {Host: 10.128.0.120 Content-Type:
text/xml AppV-Op: Refresh } (Rückgabecode 12E0170A-0000000B).
Error - 28.02.2015 15:04:03 | Computer Name = Laptop | Source = Application Virtualization Client | ID = 3131
Description = {tid=934:usr=*******} Fehler bei der Anforderung des Desktopkonfigurationsservers
für URL {rtsp://10.128.0.120:554/} mit Header {Host: 10.128.0.120 Content-Type:
text/xml AppV-Op: Refresh } (Rückgabecode 12E0170A-0000000B).
Error - 28.02.2015 15:07:03 | Computer Name = Laptop | Source = Application Virtualization Client | ID = 3131
Description = {tid=934:usr=*******} Fehler bei der Anforderung des Desktopkonfigurationsservers
für URL {rtsp://10.128.0.120:554/} mit Header {Host: 10.128.0.120 Content-Type:
text/xml AppV-Op: Refresh } (Rückgabecode 12E0170A-0000000B).
[ Hewlett-Packard Events ]
Error - 05.12.2013 13:14:27 | Computer Name = Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectAsync()
bei HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan, Boolean isAsync) Message: One HP Active Check Local Mode job
already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectAsync()
bei HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan, Boolean isAsync) Source: HP.ActiveCheckLocalMode.SessionManager
Name:
hpsa_service.exe Version: 07.00.00.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\hpsa_service.exe Format: de-DE RAM: 8125 Ram Utilization: TargetSite:
Void UpdateAndDetectAsync()
Error - 12.12.2013 13:30:43 | Computer Name = Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectAsync()
bei HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan, Boolean isAsync) Message: One HP Active Check Local Mode job
already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectAsync()
bei HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan, Boolean isAsync) Source: HP.ActiveCheckLocalMode.SessionManager
Name:
hpsa_service.exe Version: 07.00.00.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\hpsa_service.exe Format: de-DE RAM: 8125 Ram Utilization: 40 TargetSite:
Void UpdateAndDetectAsync()
Error - 15.12.2013 10:13:57 | Computer Name = Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectAsync()
bei HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan, Boolean isAsync) Message: One HP Active Check Local Mode job
already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectAsync()
bei HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan, Boolean isAsync) Source: HP.ActiveCheckLocalMode.SessionManager
Name:
hpsa_service.exe Version: 07.00.00.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\hpsa_service.exe Format: de-DE RAM: 8125 Ram Utilization: 40 TargetSite:
Void UpdateAndDetectAsync()
Error - 15.12.2013 10:14:28 | Computer Name = Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectAsync()
bei HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan, Boolean isAsync) Message: One HP Active Check Local Mode job
already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectAsync()
bei HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan, Boolean isAsync) Source: HP.ActiveCheckLocalMode.SessionManager
Name:
hpsa_service.exe Version: 07.00.00.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\hpsa_service.exe Format: de-DE RAM: 8125 Ram Utilization: 40 TargetSite:
Void UpdateAndDetectAsync()
Error - 20.12.2013 04:25:26 | Computer Name = Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectAsync()
bei HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan, Boolean isAsync) Message: One HP Active Check Local Mode job
already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectAsync()
bei HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan, Boolean isAsync) Source: HP.ActiveCheckLocalMode.SessionManager
Name:
hpsa_service.exe Version: 07.00.00.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\hpsa_service.exe Format: de-DE RAM: 8125 Ram Utilization: 40 TargetSite:
Void UpdateAndDetectAsync()
Error - 27.12.2013 06:30:11 | Computer Name = Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectAsync()
bei HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan, Boolean isAsync) Message: One HP Active Check Local Mode job
already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectAsync()
bei HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan, Boolean isAsync) Source: HP.ActiveCheckLocalMode.SessionManager
Name:
hpsa_service.exe Version: 07.00.00.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\hpsa_service.exe Format: de-DE RAM: 8125 Ram Utilization: 40 TargetSite:
Void UpdateAndDetectAsync()
Error - 03.01.2014 07:33:32 | Computer Name = Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectAsync()
bei HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan, Boolean isAsync) Message: One HP Active Check Local Mode job
already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectAsync()
bei HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan, Boolean isAsync) Source: HP.ActiveCheckLocalMode.SessionManager
Name:
hpsa_service.exe Version: 07.00.00.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\hpsa_service.exe Format: de-DE RAM: 8125 Ram Utilization: 30 TargetSite:
Void UpdateAndDetectAsync()
Error - 05.01.2014 11:09:57 | Computer Name = Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectAsync()
bei HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan, Boolean isAsync) Message: One HP Active Check Local Mode job
already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectAsync()
bei HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan, Boolean isAsync) Source: HP.ActiveCheckLocalMode.SessionManager
Name:
hpsa_service.exe Version: 07.00.00.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\hpsa_service.exe Format: de-DE RAM: 8125 Ram Utilization: 50 TargetSite:
Void UpdateAndDetectAsync()
Error - 09.01.2014 13:50:45 | Computer Name = Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectAsync()
bei HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan, Boolean isAsync) Message: One HP Active Check Local Mode job
already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectAsync()
bei HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan, Boolean isAsync) Source: HP.ActiveCheckLocalMode.SessionManager
Name:
hpsa_service.exe Version: 07.00.00.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\hpsa_service.exe Format: de-DE RAM: 16317 Ram Utilization: 20 TargetSite:
Void UpdateAndDetectAsync()
Error - 17.01.2014 10:13:20 | Computer Name = Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.DetectAsync()
bei HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan, Boolean isAsync) Message: One HP Active Check Local Mode job
already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.DetectAsync()
bei HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan, Boolean isAsync) Source: HP.ActiveCheckLocalMode.SessionManager
Name:
hpsa_service.exe Version: 07.00.00.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\hpsa_service.exe Format: de-DE RAM: 16317 Ram Utilization: TargetSite:
Void DetectAsync()
[ HP Connection Manager Events ]
Error - 24.02.2015 03:53:59 | Computer Name = Laptop | Source = hpMobile | ID = 5
Description = 2015.02.24 08:53:59.770|0000141C|Error |[HP.Mobile]Wlan::b{void()}|Die
Daten sind unzulässig. (Ausnahme von HRESULT: 0x8007000D)
[ HP Power Assistant Events ]
Error - 28.02.2015 15:47:14 | Computer Name = Laptop | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 28.02.2015 15:47:18 | Computer Name = Laptop | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 28.02.2015 15:47:23 | Computer Name = Laptop | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 28.02.2015 15:47:28 | Computer Name = Laptop | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 28.02.2015 15:47:33 | Computer Name = Laptop | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 28.02.2015 15:47:38 | Computer Name = Laptop | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 28.02.2015 15:47:43 | Computer Name = Laptop | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 28.02.2015 15:47:48 | Computer Name = Laptop | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 28.02.2015 15:47:53 | Computer Name = Laptop | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 28.02.2015 15:47:58 | Computer Name = Laptop | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
[ HP Software Framework Events ]
Error - 28.02.2015 15:47:14 | Computer Name = Laptop | Source = CaslSmBios | ID = 5
Description = 2015.02.28 20:47:14.028|0000211C|Error |[CaslWmi]A::A{bool(object,hpCasl.CaslEventArgs&)}|Error
e_INVALID_XML converting PMC bytes to XML.
Error - 28.02.2015 15:47:18 | Computer Name = Laptop | Source = CaslSmBios | ID = 5
Description = 2015.02.28 20:47:18.957|0000211C|Error |[CaslWmi]A::A{bool(object,hpCasl.CaslEventArgs&)}|Error
e_INVALID_XML converting PMC bytes to XML.
Error - 28.02.2015 15:47:23 | Computer Name = Laptop | Source = CaslSmBios | ID = 5
Description = 2015.02.28 20:47:23.903|0000211C|Error |[CaslWmi]A::A{bool(object,hpCasl.CaslEventArgs&)}|Error
e_INVALID_XML converting PMC bytes to XML.
Error - 28.02.2015 15:47:28 | Computer Name = Laptop | Source = CaslSmBios | ID = 5
Description = 2015.02.28 20:47:28.848|0000211C|Error |[CaslWmi]A::A{bool(object,hpCasl.CaslEventArgs&)}|Error
e_INVALID_XML converting PMC bytes to XML.
Error - 28.02.2015 15:47:33 | Computer Name = Laptop | Source = CaslSmBios | ID = 5
Description = 2015.02.28 20:47:33.793|0000211C|Error |[CaslWmi]A::A{bool(object,hpCasl.CaslEventArgs&)}|Error
e_INVALID_XML converting PMC bytes to XML.
Error - 28.02.2015 15:47:38 | Computer Name = Laptop | Source = CaslSmBios | ID = 5
Description = 2015.02.28 20:47:38.723|0000211C|Error |[CaslWmi]A::A{bool(object,hpCasl.CaslEventArgs&)}|Error
e_INVALID_XML converting PMC bytes to XML.
Error - 28.02.2015 15:47:43 | Computer Name = Laptop | Source = CaslSmBios | ID = 5
Description = 2015.02.28 20:47:43.668|0000211C|Error |[CaslWmi]A::A{bool(object,hpCasl.CaslEventArgs&)}|Error
e_INVALID_XML converting PMC bytes to XML.
Error - 28.02.2015 15:47:48 | Computer Name = Laptop | Source = CaslSmBios | ID = 5
Description = 2015.02.28 20:47:48.597|0000211C|Error |[CaslWmi]A::A{bool(object,hpCasl.CaslEventArgs&)}|Error
e_INVALID_XML converting PMC bytes to XML.
Error - 28.02.2015 15:47:53 | Computer Name = Laptop | Source = CaslSmBios | ID = 5
Description = 2015.02.28 20:47:53.543|0000211C|Error |[CaslWmi]A::A{bool(object,hpCasl.CaslEventArgs&)}|Error
e_INVALID_XML converting PMC bytes to XML.
Error - 28.02.2015 15:47:58 | Computer Name = Laptop | Source = CaslSmBios | ID = 5
Description = 2015.02.28 20:47:58.502|0000211C|Error |[CaslWmi]A::A{bool(object,hpCasl.CaslEventArgs&)}|Error
e_INVALID_XML converting PMC bytes to XML.
[ System Events ]
Error - 28.02.2015 15:50:10 | Computer Name = Laptop | Source = DCOM | ID = 10005
Description =
Error - 28.02.2015 15:50:10 | Computer Name = Laptop | Source = DCOM | ID = 10005
Description =
Error - 28.02.2015 15:50:13 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 28.02.2015 15:50:13 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 28.02.2015 15:50:13 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 28.02.2015 15:50:13 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 28.02.2015 15:50:13 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 28.02.2015 15:50:13 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 28.02.2015 15:52:52 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 28.02.2015 16:07:41 | Computer Name = Laptop | Source = DCOM | ID = 10010
Description =
< End of report >
LG |
|
01.03.2015, 08:01
| #3 |
| /// the machine /// TB-Ausbilder    | Träges System, Veränderungen, mehrere unbekannte Prozesse hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
01.03.2015, 09:25
| #4 |
| | FRSTFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015 Ran by *********** (administrator) on LAPTOP on 01-03-2015 09:18:23 Running from C:\Users\***********\Desktop Loaded Profiles: *********** (Available profiles: *********** & Administrator) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-02-28] (IDT, Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816240 2014-07-02] (Synaptics Incorporated) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-10-18] (Intel Corporation) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2014-01-31] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2014-08-21] (Intel Corporation) HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12313720 2012-08-07] (Hewlett-Packard) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [IFXSPMGT] => C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1128312 2014-02-09] (Infineon Technologies AG) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-02-10] (Hewlett-Packard Company) HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2014-04-09] (Hewlett-Packard Development Company, L.P.) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe",C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] HKU\S-1-5-21-3005992195-605650759-3539824770-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-3005992195-605650759-3539824770-1001\...\MountPoints2: {caed7ac8-004d-11e4-8713-e006e6afdb49} - D:\MMMTest.EXE Lsa: [Notification Packages] DPPassFilter scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\***********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\***********\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***********\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***********\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***********\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391198468&from=amt&uid=HitachiXHTS727575A9E364_J3740084HR7RMEHR7RMEX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391198468&from=amt&uid=HitachiXHTS727575A9E364_J3740084HR7RMEHR7RMEX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-3005992195-605650759-3539824770-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-3005992195-605650759-3539824770-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\SYSTEM32\mscoree.dll (Microsoft Corporation) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-3005992195-605650759-3539824770-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1362838867134 Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: 10.0.0.42 BRN30055C09D9CB Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\gi23ph1m.default FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com () FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin HKU\.DEFAULT: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll (Digital Persona, Inc.) FF user.js: detected! => C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\gi23ph1m.default\user.js FF Extension: HP Detect - C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\gi23ph1m.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012-10-27] FF Extension: Block site - C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\gi23ph1m.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2014-01-22] FF Extension: Fireforce - C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\gi23ph1m.default\Extensions\fireforce@scrt.ch.xpi [2015-01-06] FF Extension: FlashGot - C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\gi23ph1m.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-05-14] FF Extension: Adblock Plus - C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\gi23ph1m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-17] FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-01-19] FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-01-07] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-07-09] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-30] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-30] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-09-30] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-09-30] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-09-30] Chrome: ======= CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03] CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\dpchrome.crx [2012-07-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed] R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [494456 2012-07-20] (DigitalPersona, Inc.) S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477088 2012-09-04] (Hewlett-Packard Company) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-02-10] (Hewlett-Packard Company) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1128312 2014-02-09] (Infineon Technologies AG) R2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [984440 2014-02-09] (Infineon Technologies AG) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2014-01-31] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2014-01-31] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2013-03-27] () [File not signed] S4 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14362 2015-02-13] () [File not signed] S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] () R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc) R2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [212344 2014-02-09] (Infineon Technologies AG) R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed] S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374048 2010-10-20] (SafeNet, Inc.) R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1250592 2010-10-20] (SafeNet, Inc) R2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292128 2010-10-20] (SafeNet, Inc.) S3 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2013-02-28] (IDT, Inc.) [File not signed] S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2014-07-02] (Broadcom Corporation.) S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-02] (Broadcom Corporation.) R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-09-04] (Hewlett-Packard Company) S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [129792 2013-04-24] (Gemalto) S3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2013-03-23] (JMicron Technology Corp.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-08] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-08] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [91432 2013-03-27] (McAfee, Inc.) R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158760 2013-03-27] (McAfee, Inc.) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2014-02-09] (Infineon Technologies AG) S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19032 2013-07-01] () S3 pwdspio; C:\windows\system32\pwdspio.sys [12384 2013-07-01] () R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.) R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-08-21] (Microsoft Corporation) R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-08-21] (Microsoft Corporation) R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29864 2013-08-21] (Microsoft Corporation) R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-08-21] (Microsoft Corporation) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-20] () R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-02-12] (Duplex Secure Ltd.) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115488 2014-05-16] (Oracle Corporation) S3 vNICdrv; C:\Windows\System32\DRIVERS\vNICdrv.sys [20048 2013-05-20] (Iomega Corporation) S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-26] (Microsoft Corporation) S3 ARCVCAM; system32\DRIVERS\ArcSoftVCapture.sys [X] S3 clwvd; system32\DRIVERS\clwvd.sys [X] S3 cpuz130; \??\C:\Users\***********\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-01 09:18 - 2015-03-01 09:18 - 00035544 _____ () C:\Users\***********\Desktop\FRST.txt 2015-03-01 09:18 - 2015-03-01 09:18 - 00000000 ____D () C:\FRST 2015-03-01 09:13 - 2015-03-01 09:13 - 02092544 _____ (Farbar) C:\Users\***********\Desktop\FRST64.exe 2015-02-28 23:03 - 2015-02-28 23:03 - 00000000 ____D () C:\Users\***********\Desktop\Spyware Reports 2015-02-28 22:29 - 2015-02-28 22:29 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\***********\Downloads\tdsskiller44.exe 2015-02-28 21:59 - 2015-02-28 21:59 - 00843046 _____ () C:\Users\***********\Desktop\MyPhoneExplorer Client.apk 2015-02-28 21:44 - 2015-02-28 21:46 - 00000040 _____ () C:\Users\***********\Desktop\trojaner-board.txt 2015-02-28 20:44 - 2015-02-28 23:03 - 00000000 ____D () C:\Users\***********\Desktop\Spyware Tools 2015-02-28 20:39 - 2015-02-28 20:39 - 00000000 ____D () C:\Users\***********\Desktop\USB3 Sicherung 2015-02-28 20:18 - 2015-02-28 20:18 - 00018490 _____ () C:\Users\***********\Desktop\cc_20150228_201805.reg 2015-02-28 20:16 - 2015-02-28 20:16 - 00000000 ____D () C:\Users\***********\Downloads\backups 2015-02-28 20:12 - 2015-02-28 20:12 - 00019867 _____ () C:\Users\***********\Desktop\hijackthis.log 2015-02-28 19:36 - 2015-02-28 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2015-02-28 19:36 - 2015-02-28 19:36 - 00000000 ____D () C:\Program Files\CPUID 2015-02-28 19:31 - 2015-02-28 21:58 - 00000000 ____D () C:\Users\***********\AppData\Roaming\MyPhoneExplorer 2015-02-28 19:31 - 2015-02-28 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer 2015-02-28 19:31 - 2015-02-28 19:31 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer 2015-02-28 19:07 - 2015-02-28 20:46 - 00000000 ____D () C:\Users\***********\Desktop\Kaspersky Rescue 2015-02-28 18:51 - 2015-02-28 18:51 - 00387584 _____ () C:\Users\***********\Downloads\rescue2usb.exe 2015-02-28 18:44 - 2015-02-28 18:45 - 00000000 ____D () C:\Users\***********\Desktop\Gelber Kingston 2015-02-28 18:28 - 2015-02-28 22:45 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-28 18:28 - 2015-02-28 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-28 18:27 - 2015-02-28 18:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-28 18:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-02-28 18:27 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-02-28 18:07 - 2015-02-28 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BIPA FotoShop 2015-02-28 18:04 - 2015-02-28 18:04 - 00000000 ____D () C:\Program Files\BIPA 2015-02-28 18:03 - 2015-02-28 18:03 - 00000000 ____D () C:\Users\***********\AppData\Roaming\hps-install 2015-02-28 18:02 - 2015-02-28 18:02 - 00003116 _____ () C:\windows\System32\Tasks\{99339292-F8F1-4835-BD1B-CD76D09C16A5} 2015-02-28 17:55 - 2015-02-28 17:55 - 00000656 _____ () C:\Users\***********\Desktop\cc_20150228_175504.reg 2015-02-28 17:53 - 2015-02-28 17:53 - 00440218 _____ () C:\Users\***********\Desktop\cc_20150228_175347.reg 2015-02-28 17:35 - 2015-02-28 17:35 - 00000400 _____ () C:\Users\***********\Downloads\setup.log.full 2015-02-28 17:35 - 2015-02-28 17:35 - 00000400 _____ () C:\Users\***********\Downloads\setup.log 2015-02-28 17:31 - 2015-02-28 17:31 - 00000000 ____D () C:\Users\***********\Desktop\Pwd forgot kaspersky 2015-02-28 17:05 - 2015-02-28 17:05 - 00000000 ____D () C:\Users\***********\Downloads\passOff2015 2015-02-27 18:53 - 2015-02-27 18:54 - 20163714 _____ () C:\Users\***********\Desktop\House_of_Cards_Vienna_vs_Washington_DC_Side_by_Side_hd720.mp4 2015-02-26 20:34 - 2015-02-26 20:34 - 01190544 _____ ( ) C:\Users\***********\Downloads\hwmonitor_1.26-setup.exe 2015-02-26 11:47 - 2015-02-26 11:47 - 00003918 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{34EF64D1-2FC7-47A6-BCB4-40D5E60123B1} 2015-02-25 21:10 - 2015-02-25 21:10 - 00000475 _____ () C:\- 2015-02-25 20:58 - 2015-02-25 20:58 - 00009152 _____ () C:\Users\***********\Desktop\perlc.m 2015-02-25 18:19 - 2015-01-09 00:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls 2015-02-25 18:19 - 2015-01-09 00:43 - 00419936 _____ () C:\windows\system32\locale.nls 2015-02-25 17:37 - 2015-02-25 17:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-02-25 17:35 - 2015-02-25 17:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-02-25 10:58 - 2015-02-25 10:58 - 00000000 ____D () C:\Users\***********\Desktop\restoration 2015-02-25 10:57 - 2015-02-25 10:58 - 00000000 ____D () C:\Users\***********\AppData\Roaming\autopsy 2015-02-25 10:57 - 2015-02-25 10:57 - 00000036 _____ () C:\.superId 2015-02-25 10:56 - 2015-02-25 10:56 - 00001887 _____ () C:\Users\***********\Desktop\Autopsy 3.1.1.lnk 2015-02-25 10:55 - 2015-02-25 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autopsy 2015-02-25 10:55 - 2015-02-25 10:56 - 00000000 ____D () C:\Program Files\Autopsy-3.1.1 2015-02-25 10:48 - 2015-02-25 10:50 - 294125568 _____ () C:\Users\***********\Downloads\autopsy-3.1.1-32bit.msi 2015-02-25 10:48 - 2015-02-25 10:49 - 298099712 _____ () C:\Users\***********\Downloads\autopsy-3.1.1-64bit.msi 2015-02-23 19:12 - 2015-02-23 19:12 - 00000367 _____ () C:\Users\***********\Downloads\link.kml 2015-02-23 18:48 - 2015-02-23 18:48 - 00000046 _____ () C:\Users\***********\Downloads\choord_b07b46f2e3e342b296d5e1940140a1dc.txt 2015-02-23 16:10 - 2015-02-23 16:10 - 00000500 _____ () C:\Users\***********\Desktop\Presentation content ADSC.txt 2015-02-21 20:32 - 2015-02-21 20:33 - 00000000 ____D () C:\Users\***********\Desktop\USB Stick Post 2015-02-21 20:31 - 2015-02-21 22:51 - 1051721728 _____ () C:\Users\***********\Downloads\ubuntu-14.04.2-desktop-i386.iso 2015-02-21 20:31 - 2015-02-21 20:50 - 1044381696 _____ () C:\Users\***********\Downloads\ubuntu-14.04.2-desktop-amd64.iso 2015-02-21 20:30 - 2015-02-21 20:30 - 01088905 _____ (pendrivelinux.com) C:\Users\***********\Downloads\Universal-USB-Installer-1.9.5.9.exe 2015-02-21 11:59 - 2015-02-21 11:59 - 00000000 ____D () C:\Users\***********\Downloads\AMD Driver 2015-02-21 11:58 - 2015-02-21 11:58 - 00001021 _____ () C:\Users\***********\Downloads\ISO to USB.lnk 2015-02-21 11:58 - 2015-02-21 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB 2015-02-21 11:58 - 2015-02-21 11:58 - 00000000 ____D () C:\Program Files (x86)\ISO to USB 2015-02-21 11:56 - 2015-02-21 11:56 - 01733751 _____ (isotousb.com ) C:\Users\***********\Downloads\isotousb_14setup.exe 2015-02-20 20:58 - 2015-02-20 20:59 - 23315064 _____ (Popcorn Official) C:\Users\***********\Downloads\Popcorn-Time-0.3.7.2-Setup.exe 2015-02-20 13:23 - 2015-02-20 13:23 - 00000000 ____D () C:\Users\***********\Downloads\win32 2015-02-20 10:38 - 2015-02-23 15:44 - 00000283 _____ () C:\Users\***********\Desktop\freelancer sms.txt 2015-02-19 21:01 - 2015-02-19 21:02 - 00000000 ____D () C:\Users\***********\Downloads\Seafile 2015-02-19 19:45 - 2015-02-19 19:45 - 00000025 _____ () C:\Users\***********\Desktop\Seafile admin.txt 2015-02-19 18:59 - 2015-02-19 18:59 - 00000020 _____ () C:\Users\***********\Desktop\duckdns.txt 2015-02-19 18:55 - 2015-02-19 18:55 - 00000038 _____ () C:\Users\***********\Desktop\twitter.txt 2015-02-19 11:19 - 2015-02-19 11:23 - 00000000 ____D () C:\Users\***********\Desktop\*********** AustroControl 2015-02-17 18:49 - 2015-02-17 18:49 - 00000216 _____ () C:\Users\***********\Desktop\Stipendien.txt 2015-02-17 17:18 - 2015-02-17 17:18 - 20956479 _____ () C:\Users\***********\Desktop\20150217_171825.mp4 2015-02-17 16:45 - 2015-02-17 16:45 - 00000031 _____ () C:\Users\***********\Downloads\choord_673610f4a47d420bb93d89a613d0e4ea.txt 2015-02-17 16:22 - 2015-02-17 16:22 - 00000000 ____D () C:\Users\***********\Documents\ArcGIS 2015-02-17 16:20 - 2015-02-17 16:20 - 00000000 ____D () C:\ProgramData\ESRI 2015-02-17 15:50 - 2015-02-17 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS 2015-02-17 15:49 - 2015-02-17 15:49 - 00000000 ____D () C:\Python27 2015-02-17 15:49 - 2015-02-17 15:49 - 00000000 ____D () C:\Program Files (x86)\ArcGIS 2015-02-17 15:47 - 2015-02-17 15:47 - 00000000 ____D () C:\Program Files (x86)\ArcGIS 10.2.2 2015-02-16 18:28 - 2015-02-16 18:28 - 00000194 _____ () C:\Users\***********\Desktop\Anzahl Tankstellen *********** und ich.txt 2015-02-16 11:14 - 2015-02-16 11:14 - 00000029 _____ () C:\Users\***********\Desktop\e-tankstellenfinder account.txt 2015-02-16 00:00 - 2015-02-16 00:29 - 00000276 _____ () C:\Users\***********\Desktop\Angaben laut Betreiber - Operator.txt 2015-02-15 15:17 - 2015-02-15 15:17 - 00000013 _____ () C:\Users\***********\Desktop\VMs pwds.txt 2015-02-15 13:22 - 2015-02-15 13:23 - 33467360 _____ (Hewlett-Packard ) C:\Users\***********\Downloads\sp58611.exe 2015-02-15 13:21 - 2015-02-15 13:26 - 170633776 _____ (Hewlett Packard ) C:\Users\***********\Downloads\sp49667.exe 2015-02-15 13:20 - 2015-02-15 13:20 - 09838408 _____ (Beats Electronics, LLC) C:\Users\***********\Downloads\Beats-Updater-Installer.exe 2015-02-14 22:25 - 2015-02-14 22:25 - 00000065 _____ () C:\Users\***********\Desktop\deutsche umlaute php.txt 2015-02-14 19:58 - 2015-02-14 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2015-02-14 19:58 - 2015-02-12 16:54 - 00921144 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxDrv.sys 2015-02-14 19:57 - 2015-02-12 16:53 - 00128592 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSBMon.sys 2015-02-14 19:50 - 2015-02-14 19:50 - 05487040 _____ (Microsoft Corporation) C:\Users\***********\Downloads\Windows8-Setup.exe 2015-02-14 19:21 - 2015-02-14 22:29 - 00000000 __RHD () C:\ESD 2015-02-14 19:19 - 2015-02-14 19:19 - 04954736 _____ (Microsoft Corporation) C:\Users\***********\Downloads\WindowsSetupBox.exe 2015-02-14 19:19 - 2015-02-14 19:19 - 01322960 _____ (Microsoft Corporation) C:\Users\***********\Downloads\mediacreationtool.exe 2015-02-14 17:15 - 2015-02-16 00:21 - 00014856 _____ () C:\Users\***********\Desktop\wien energie e-tankstellen.xlsx 2015-02-14 15:57 - 2015-02-26 19:28 - 00042432 _____ () C:\Users\***********\Desktop\Job I u II.xlsx 2015-02-14 12:52 - 2015-02-14 12:52 - 23900160 _____ () C:\Users\***********\Downloads\mysql-workbench-community-6.2.4-win32.msi 2015-02-14 12:49 - 2015-02-14 12:50 - 00887896 _____ (Microsoft Corporation) C:\Users\***********\Downloads\dotNetFx40_Client_setup.exe 2015-02-14 12:49 - 2015-02-14 12:49 - 07195928 _____ (Microsoft Corporation) C:\Users\***********\Downloads\vcredist_x64.exe 2015-02-14 12:39 - 2015-02-14 13:53 - 00000081 _____ () C:\Users\***********\Desktop\pwds.txt 2015-02-14 12:22 - 2015-02-14 12:22 - 26955776 _____ () C:\Users\***********\Downloads\mysql-workbench-community-6.2.4-winx64.msi 2015-02-14 12:20 - 2015-02-14 12:43 - 01343488 _____ () C:\Users\***********\Documents\Erevolution.accdb 2015-02-14 12:20 - 2015-02-14 12:20 - 00348160 _____ () C:\Users\***********\Documents\Database3.accdb 2015-02-14 12:16 - 2015-02-14 12:20 - 00352256 _____ () C:\Users\***********\Documents\Database2.accdb 2015-02-13 23:35 - 2015-02-13 23:36 - 00000000 ____D () C:\Users\***********\Desktop\*********** FHTW IWIW 2015-02-13 23:29 - 2015-02-13 23:30 - 110513864 _____ (Oracle Corporation) C:\Users\***********\Downloads\VirtualBox-4.3.22-98236-Win.exe 2015-02-13 23:28 - 2015-02-13 23:28 - 46286392 _____ (ownCloud) C:\Users\***********\Downloads\ownCloud-1.7.1.4382-setup.exe 2015-02-13 22:35 - 2015-02-15 12:28 - 00000000 ____D () C:\Users\***********\Desktop\Ayudarum Job I u II 2015-02-13 20:40 - 2015-02-13 22:00 - 00000023 _____ () C:\windows\ODBCINST.INI 2015-02-13 20:32 - 2015-02-13 20:32 - 00000000 ____D () C:\windows\System32\Tasks\MySQL 2015-02-13 20:23 - 2015-02-13 20:23 - 00000000 ____D () C:\Program Files (x86)\PHP 2015-02-13 19:55 - 2015-02-13 23:24 - 00000000 ____D () C:\Users\DefaultAppPool 2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Vorlagen 2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Startmenü 2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Netzwerkumgebung 2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Lokale Einstellungen 2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Eigene Dateien 2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Druckumgebung 2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Documents\Eigene Musik 2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Documents\Eigene Bilder 2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\AppData\Local\Verlauf 2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten 2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Anwendungsdaten 2015-02-13 19:55 - 2015-01-29 11:33 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Roaming\Hewlett-Packard 2015-02-13 19:55 - 2014-05-21 13:53 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Roaming\Macromedia 2015-02-13 19:55 - 2013-08-10 21:16 - 00000000 ____D () C:\Users\DefaultAppPool\Documents\Visual Studio 2012 2015-02-13 19:55 - 2012-10-17 00:48 - 00000000 ____D () C:\Users\DefaultAppPool\Documents\Visual Studio 2010 2015-02-13 19:55 - 2012-10-17 00:46 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Microsoft Help 2015-02-13 19:55 - 2011-02-11 06:19 - 00000020 ___SH () C:\Users\DefaultAppPool\ntuser.ini 2015-02-13 19:55 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-02-13 19:55 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-02-13 19:53 - 2015-02-13 23:12 - 00090949 _____ () C:\windows\iis7.log 2015-02-13 19:52 - 2015-02-13 19:52 - 00000000 ____D () C:\inetpub 2015-02-13 19:42 - 2015-02-13 23:44 - 00000000 ____D () C:\Users\***********\Downloads\eigene Cloud 2015-02-13 19:39 - 2015-02-13 23:52 - 00000000 ____D () C:\Users\***********\Downloads\Raspberry 2015-02-13 10:43 - 2015-02-27 08:00 - 00000336 _____ () C:\windows\Tasks\HPCeeScheduleFor***********.job 2015-02-13 10:43 - 2015-02-26 18:24 - 00003192 _____ () C:\windows\System32\Tasks\HPCeeScheduleFor*********** 2015-02-12 16:53 - 2015-02-12 16:53 - 00204264 _____ (Oracle Corporation) C:\windows\system32\VBoxNetFltNobj.dll 2015-02-12 16:53 - 2015-02-12 16:53 - 00156360 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxNetFlt.sys 2015-02-12 16:53 - 2015-02-12 16:53 - 00141440 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxNetAdp.sys 2015-02-12 13:27 - 2015-02-12 13:27 - 00005261 _____ () C:\Users\***********\Desktop\10.9 Heiratsproblem.html 2015-02-12 13:27 - 2015-02-12 13:27 - 00000000 ____D () C:\Users\***********\Desktop\10.9 Heiratsproblem-Dateien 2015-02-12 10:35 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2015-02-12 10:35 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2015-02-12 10:35 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2015-02-12 10:35 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2015-02-11 09:45 - 2015-02-11 09:46 - 42498888 _____ (Samsung Electronics Co., Ltd.) C:\Users\***********\Downloads\Kies3Setup.exe 2015-02-11 09:38 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll 2015-02-11 09:38 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll 2015-02-11 09:38 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll 2015-02-11 09:38 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll 2015-02-11 09:13 - 2015-02-11 09:13 - 00000102 _____ () C:\Users\***********\Desktop\Führerschein_Daten.txt 2015-02-11 08:30 - 2015-02-11 08:30 - 03472134 _____ () C:\Users\***********\Downloads\TCUnlock_v2.zip 2015-02-11 08:18 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2015-02-11 08:18 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2015-02-11 08:18 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2015-02-11 08:18 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2015-02-11 08:18 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2015-02-11 08:18 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2015-02-11 08:18 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2015-02-11 08:18 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2015-02-11 08:18 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2015-02-11 08:18 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2015-02-11 08:18 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2015-02-11 08:18 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2015-02-11 08:18 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2015-02-11 08:18 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2015-02-11 08:18 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2015-02-11 08:18 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2015-02-11 08:18 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2015-02-11 08:18 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2015-02-11 08:18 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2015-02-11 08:18 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2015-02-11 08:18 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2015-02-11 08:18 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2015-02-11 08:18 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2015-02-11 08:18 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2015-02-11 08:18 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2015-02-11 08:18 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2015-02-11 08:18 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2015-02-11 08:18 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2015-02-11 08:18 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2015-02-11 08:18 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2015-02-11 08:18 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2015-02-11 08:18 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2015-02-11 08:18 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2015-02-11 08:18 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2015-02-11 08:18 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2015-02-11 08:18 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2015-02-11 08:18 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2015-02-11 08:18 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2015-02-11 08:18 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-02-11 08:18 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2015-02-11 08:18 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2015-02-11 08:18 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2015-02-11 08:18 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2015-02-11 08:18 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2015-02-11 08:18 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2015-02-11 08:18 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2015-02-11 08:18 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2015-02-11 08:18 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2015-02-11 08:18 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2015-02-11 08:18 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2015-02-11 08:18 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2015-02-11 08:18 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2015-02-11 08:17 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll 2015-02-11 08:17 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll 2015-02-11 08:17 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2015-02-11 08:17 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll 2015-02-11 08:17 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2015-02-11 08:17 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll 2015-02-11 08:17 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2015-02-11 08:17 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe 2015-02-11 08:17 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2015-02-11 08:17 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2015-02-11 08:17 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2015-02-11 08:17 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2015-02-11 08:17 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2015-02-11 08:17 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2015-02-11 08:17 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2015-02-11 08:17 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe 2015-02-11 08:17 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll 2015-02-11 08:17 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll 2015-02-11 08:17 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2015-02-11 08:17 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe 2015-02-11 08:17 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2015-02-11 08:17 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2015-02-11 08:17 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll 2015-02-11 08:17 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll 2015-02-11 08:17 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll 2015-02-11 08:17 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys 2015-02-11 08:17 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2015-02-11 08:17 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2015-02-11 08:17 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2015-02-11 08:17 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2015-02-11 08:17 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2015-02-11 08:17 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2015-02-11 08:17 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2015-02-11 08:17 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2015-02-11 08:17 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2015-02-11 08:17 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2015-02-11 08:17 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2015-02-11 08:17 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2015-02-11 08:17 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll 2015-02-11 08:17 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2015-02-11 08:17 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2015-02-11 08:17 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2015-02-11 08:17 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll 2015-02-11 08:17 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll 2015-02-11 08:16 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-02-11 08:16 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-02-11 08:16 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-02-11 08:16 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-02-11 08:16 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2015-02-11 08:16 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2015-02-11 08:16 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2015-02-11 08:16 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2015-02-11 08:16 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll 2015-02-11 08:16 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll 2015-02-11 08:16 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll 2015-02-11 08:16 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll 2015-02-09 10:55 - 2015-02-09 11:03 - 00011469 _____ () C:\Users\***********\Desktop\Mac_Adress_Liste_WKO.xlsx 2015-02-09 10:12 - 2015-02-09 10:14 - 00000810 _____ () C:\Users\***********\Desktop\unbekannte stationen.txt 2015-02-05 16:38 - 2015-02-17 19:03 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-02-03 23:20 - 2015-02-03 23:20 - 00000000 ____D () C:\Users\***********\AppData\Roaming\Notepad++ 2015-02-03 23:20 - 2015-02-03 23:20 - 00000000 ____D () C:\Users\***********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2015-02-03 23:20 - 2015-02-03 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ 2015-02-03 23:20 - 2015-02-03 23:20 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2015-02-03 23:19 - 2015-02-03 23:20 - 07965917 _____ () C:\Users\***********\Downloads\npp.6.7.4.Installer.exe 2015-02-03 15:50 - 2015-02-03 15:50 - 00000000 ____D () C:\Users\***********\.jmc 2015-02-03 15:49 - 2015-02-03 15:49 - 00000000 ____D () C:\Users\***********\.eclipse 2015-02-03 15:35 - 2015-02-03 15:34 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll 2015-02-03 15:34 - 2015-02-03 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2015-02-03 15:33 - 2015-02-03 15:34 - 00000000 ____D () C:\Program Files\Java 2015-02-03 13:52 - 2015-02-03 14:11 - 1073741824 _____ () C:\Users\***********\Downloads\kubuntu-14.04.1-desktop-i386.iso 2015-02-03 11:34 - 2001-11-08 10:27 - 00237568 _____ () C:\windows\SysWOW64\glut32.dll 2015-01-31 17:48 - 2015-02-01 23:21 - 00000018 _____ () C:\Users\***********\Desktop\New Girl.txt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-01 09:18 - 2012-09-04 09:46 - 01622463 _____ () C:\windows\WindowsUpdate.log 2015-03-01 09:14 - 2012-05-17 20:15 - 00736966 _____ () C:\windows\system32\perfh007.dat 2015-03-01 09:14 - 2012-05-17 20:15 - 00159896 _____ () C:\windows\system32\perfc007.dat 2015-03-01 09:14 - 2009-07-14 06:13 - 01703554 _____ () C:\windows\system32\PerfStringBackup.INI 2015-03-01 09:13 - 2009-07-14 05:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-01 09:13 - 2009-07-14 05:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-01 09:11 - 2014-07-31 17:28 - 00000000 ___RD () C:\Users\***********\Dropbox 2015-03-01 09:11 - 2012-10-30 15:02 - 00000000 ____D () C:\Users\***********\AppData\Roaming\Dropbox 2015-03-01 09:11 - 2012-10-17 17:48 - 00000000 ____D () C:\Users\***********\AppData\Roaming\Skype 2015-03-01 09:10 - 2012-10-26 17:25 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-01 09:09 - 2014-09-30 17:29 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-03-01 09:09 - 2012-05-17 21:30 - 00000000 ____D () C:\ProgramData\PDFC 2015-03-01 09:07 - 2009-07-14 06:08 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT 2015-03-01 09:07 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-03-01 09:07 - 2009-07-14 05:51 - 00187145 _____ () C:\windows\setupact.log 2015-03-01 01:13 - 2012-11-14 15:03 - 00000000 ____D () C:\Users\***********\AppData\Roaming\SoftGrid Client 2015-03-01 00:29 - 2012-10-26 17:25 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-01 00:26 - 2013-12-15 15:12 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-02-28 21:52 - 2012-10-27 18:51 - 00000000 ___RD () C:\Users\***********\Desktop\*********** 2015-02-28 20:49 - 2010-11-21 04:47 - 00376414 _____ () C:\windows\PFRO.log 2015-02-28 20:47 - 2015-01-02 23:47 - 00000047 _____ () C:\Users\***********\Desktop\Bigbang.txt 2015-02-28 20:33 - 2012-10-17 17:38 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{58A1A065-50A4-4B53-A0F0-CCC392C0F426} 2015-02-28 20:23 - 2014-12-09 17:04 - 00004340 _____ () C:\Users\***********\AppData\Roaming\LTspiceIV.ini 2015-02-28 19:25 - 2012-10-18 19:54 - 00003148 _____ () C:\windows\System32\Tasks\SidebarExecute 2015-02-28 18:55 - 2013-11-28 22:15 - 00000350 _____ () C:\Users\***********\Desktop\TODO.txt 2015-02-28 18:28 - 2014-01-31 22:18 - 00000000 ____D () C:\Users\***********\AppData\Roaming\Malwarebytes 2015-02-28 18:27 - 2014-01-31 22:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-28 18:11 - 2013-04-06 21:43 - 00019748 _____ () C:\Users\***********\Downloads\hijackthis.log 2015-02-28 18:07 - 2013-01-19 14:44 - 00000000 ____D () C:\ProgramData\tmp 2015-02-28 17:57 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries 2015-02-28 14:54 - 2012-10-20 15:15 - 00000000 ____D () C:\Users\***********\Desktop\FH Technikum Wien_Intelligente Verkehrssysteme 2015-02-28 14:49 - 2014-01-08 07:48 - 00000000 ____D () C:\Users\***********\Documents\Citavi 4 2015-02-28 12:44 - 2014-12-18 11:23 - 00000000 ____D () C:\Users\***********\AppData\Local\TSVNCache 2015-02-28 08:10 - 2012-10-17 21:15 - 00000000 ____D () C:\Users\***********\Documents\Visual Studio 2010 2015-02-27 20:35 - 2014-02-18 15:35 - 00000682 _____ () C:\windows\BRRBCOM.INI 2015-02-27 19:01 - 2012-10-27 12:56 - 00000000 ____D () C:\Users\***********\AppData\Roaming\vlc 2015-02-27 12:29 - 2013-08-10 13:13 - 00000000 ____D () C:\Users\***********\Documents\Visual Studio 2012 2015-02-26 18:24 - 2012-10-18 17:32 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log 2015-02-25 20:51 - 2013-03-29 18:54 - 00000000 ____D () C:\Users\***********\AppData\Local\ActiveState 2015-02-25 18:30 - 2012-10-17 18:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-02-21 18:41 - 2015-01-22 21:36 - 00012192 _____ () C:\Users\***********\Desktop\Lotto.xlsx 2015-02-19 20:30 - 2014-05-26 18:28 - 00000000 ____D () C:\Users\***********\.VirtualBox 2015-02-19 12:04 - 2012-11-08 22:59 - 00000000 ____D () C:\Users\***********\Downloads\Windows 2015-02-18 10:20 - 2009-07-14 05:45 - 00486288 _____ () C:\windows\system32\FNTCACHE.DAT 2015-02-17 19:03 - 2013-01-30 14:43 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-02-17 16:52 - 2012-11-24 14:50 - 00000000 ____D () C:\Users\***********\AppData\Local\ESRI 2015-02-17 16:22 - 2012-11-24 14:50 - 00000000 ____D () C:\Users\***********\AppData\Roaming\ESRI 2015-02-17 16:22 - 2012-10-17 17:39 - 00145096 _____ () C:\Users\***********\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-17 16:10 - 2014-02-18 15:28 - 00000000 ____D () C:\ProgramData\FLEXnet 2015-02-15 16:51 - 2015-01-26 12:15 - 00000000 ____D () C:\Users\***********\Desktop\Ahnen 2015-02-15 15:11 - 2014-05-26 18:28 - 00000000 ____D () C:\Users\***********\VirtualBox VMs 2015-02-15 13:24 - 2012-05-17 21:34 - 00143262 _____ () C:\windows\DPINST.LOG 2015-02-15 13:22 - 2013-01-24 18:37 - 00000000 ____D () C:\Program Files\DIFX 2015-02-14 12:52 - 2013-08-10 09:08 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-14 06:52 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache 2015-02-13 23:05 - 2011-07-29 00:51 - 00000000 ____D () C:\swsetup 2015-02-13 23:05 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\SysWOW64\inetsrv 2015-02-13 23:05 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\inetsrv 2015-02-13 21:57 - 2014-04-24 20:35 - 00000000 ____D () C:\ProgramData\MySQL 2015-02-13 20:36 - 2012-05-17 21:21 - 01736652 _____ () C:\windows\SysWOW64\PerfStringBackup.INI 2015-02-13 10:34 - 2012-10-30 15:03 - 00000000 ____D () C:\Users\***********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-02-11 16:43 - 2015-01-23 17:41 - 00000000 ____D () C:\Users\***********\Documents\Ahnenblatt 2015-02-11 16:32 - 2015-01-23 17:41 - 00000000 ____D () C:\Users\***********\AppData\Roaming\Ahnenblatt 2015-02-11 10:48 - 2013-03-31 23:52 - 00008878 _____ () C:\windows\SysWOW64\SystemData.xml 2015-02-11 10:47 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\tracing 2015-02-11 10:02 - 2014-12-19 13:28 - 00000000 ____D () C:\Users\***********\Documents\SelfMV 2015-02-11 10:02 - 2014-12-19 09:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2015-02-11 09:45 - 2013-06-06 14:20 - 00000000 ____D () C:\Users\***********\AppData\Roaming\Samsung 2015-02-11 09:25 - 2014-12-11 23:23 - 00000000 ____D () C:\windows\system32\appraiser 2015-02-11 09:25 - 2014-05-06 10:21 - 00000000 ___SD () C:\windows\system32\CompatTel 2015-02-11 09:24 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions 2015-02-11 09:21 - 2012-10-17 00:14 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-11 09:19 - 2013-07-15 13:12 - 00000000 ____D () C:\windows\system32\MRT 2015-02-11 09:15 - 2012-10-16 23:55 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-02-05 18:33 - 2013-03-07 18:07 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2015-02-05 17:26 - 2013-12-15 15:12 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-02-05 17:26 - 2012-05-17 21:30 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-02-05 17:26 - 2012-05-17 21:30 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-05 16:36 - 2013-04-08 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON 2015-02-05 16:32 - 2014-08-21 20:34 - 00000000 ____D () C:\Users\***********\AppData\Local\Adobe 2015-02-04 11:24 - 2012-10-26 17:25 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-04 11:24 - 2012-10-26 17:25 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-03 15:50 - 2012-10-17 17:35 - 00000000 ____D () C:\Users\*********** 2015-02-03 13:40 - 2014-12-14 11:56 - 00000000 ____D () C:\Users\***********\AppData\Roaming\SPB_16.6 ==================== Files in the root of some directories ======= 2014-12-09 17:04 - 2015-02-28 20:23 - 0004340 _____ () C:\Users\***********\AppData\Roaming\LTspiceIV.ini 2014-12-14 11:53 - 2014-12-14 11:53 - 0000076 _____ () C:\Users\***********\AppData\Roaming\mbam.context.scan 2014-01-08 18:48 - 2014-01-24 16:04 - 0000300 _____ () C:\Users\***********\AppData\Local\Citavi Picker Internet Explorer Protocol.txt 2012-11-04 14:22 - 2012-11-15 13:59 - 0007168 _____ () C:\Users\***********\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-16 17:00 - 2014-04-16 17:00 - 0000719 _____ () C:\Users\***********\AppData\Local\recently-used.xbel 2012-10-20 15:04 - 2013-04-25 20:16 - 0007618 _____ () C:\Users\***********\AppData\Local\Resmon.ResmonCfg 2014-02-12 15:32 - 2014-02-12 15:48 - 0000125 ___SH () C:\ProgramData\.zreglib 2013-05-04 12:39 - 2013-05-23 20:46 - 0000122 _____ () C:\ProgramData\RegComSrv.txt Some content of TEMP: ==================== C:\Users\***********\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfsgeix.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-25 14:04 ==================== End Of Log ============================ |
|
01.03.2015, 09:26
| #5 |
| | Addition FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015
Ran by ********** at 2015-03-01 09:19:31
Running from C:\Users\**********\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Tools for .Net 3.5 - DEU Lang Pack (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Advanced Archive Password Recovery (HKLM-x32\...\{6E356EEF-203C-451B-9144-CBF099E3738A}) (Version: 4.54.55.1642 - Elcomsoft Co. Ltd.)
Ahnenblatt 2.86 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.86.0.1 - Dirk Böttcher)
AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.39.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.39.0 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{426B43EC-284B-8DAB-5419-D8418C7C3D26}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcGIS 10.2.2 for Desktop - Sprachpaket Deutsch (HKLM-x32\...\ArcGIS 10.2.2 for Desktop - Sprachpaket Deutsch) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2.2 for Desktop - Sprachpaket Deutsch (x32 Version: 10.2.3552 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS 10.2.2 for Desktop (HKLM-x32\...\ArcGIS 10.2.2 for Desktop) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2.2 for Desktop (x32 Version: 10.2.3552 - Environmental Systems Research Institute, Inc.) Hidden
Autopsy (HKLM\...\{0C6B9E76-7617-4661-BE60-65C77CC10C06}) (Version: 3.1.1 - The Sleuth Kit)
Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 DEU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5300 - Broadcom Corporation)
Brother MFL-Pro Suite DCP-9020CDW (HKLM-x32\...\{E98A9C92-E767-475B-8BC6-8780A86DDC72}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.3.0.15 - Swiss Academic Software)
CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Crystal Reports 2008 Runtime (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.0.0.683 - Business Objects)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.2106 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2531 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAS (HKLM-x32\...\DAS) (Version: 3.3.1 - )
DAS (HKU\S-1-5-21-3005992195-605650759-3539824770-1001\...\DAS) (Version: 3.3.1 - Infineon Technologies AG)
DAS (x32 Version: 3.3.1 - Infineon Technologies AG) Hidden
Devenv-Ressourcen für Microsoft Visual Studio 2012 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.1.0 - Hewlett-Packard Company)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition Language Pack (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.41.36204 - Hewlett-Packard Company)
Dropbox (HKU\S-1-5-21-3005992195-605650759-3539824770-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Embedded Security for HP ProtectTools (HKLM\...\{F75C607F-9341-47B3-83FC-CC66B9C519E8}) (Version: 7.0.100.3001 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Entity Framework Designer für Visual Studio 2012 - DEU (HKLM-x32\...\{B2BDC072-BE01-432D-B281-30891D597FBB}) (Version: 11.1.30729.00 - Microsoft Corporation)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{70D065C3-77E5-45E9-A75C-EEB2E84EA869}) (Version: 11.0.2100.60 - Microsoft Corporation)
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.2.2.4549 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.2.2.4549 - Hewlett-Packard Company) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hotfix für Microsoft Visual C# 2010 Express - DEU (KB2635973) (HKLM-x32\...\{D81641E8-ABF1-3D07-803B-60E8FC619368}.KB2635973) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual C++ 2010 Express - DEU (KB2635973) (HKLM-x32\...\{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}.KB2635973) (Version: 1 - Microsoft Corporation)
HP 3D DriveGuard (HKLM\...\{B64F0818-316F-4237-8CB4-35BC2DA784C2}) (Version: 5.1.12.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{C0ED9561-8312-457C-BB1B-BDC7EE034CED}) (Version: 4.7.4.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{8B2A1CFD-8F88-4081-9E18-99395CC27EE6}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
HP File Sanitizer (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 8.1.1.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1113.1_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{53C48A27-4079-49EB-8E73-76BA85D2BF6F}) (Version: 5.0.24.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{4F38594F-2C4A-4C42-B2C4-505E225F6F80}) (Version: 11.14.0004 - HP)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.2.1213 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{23544215-E6E6-448B-B6E9-6268D5B3E74D}) (Version: 3.5.0.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{3A61A282-4F08-4D43-920C-DC30ECE528E8}) (Version: 2.6.1 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.27.17 - Roxio)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.2 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.5.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 8 Update 31 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180310}) (Version: 8.0.310.13 - Oracle Corporation)
JavaScript Tooling (Version: 11.0.60315 - Microsoft Corporation) Hidden
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Keil µVision4 (HKLM-x32\...\Keil µVision4) (Version: - )
LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for de-de (x32 Version: 8.59.25584 - Microsoft) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{98B45D1C-6EB1-460D-A87D-2B60678DC105}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM\...\{8D00DBC4-DEB4-4910-9D7C-30A5C6898195}) (Version: 4.6.3.24870 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM-x32\...\{342C9BB8-65A0-46DE-AB7A-8031E151AF69}) (Version: 4.6.1.20870 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM-x32\...\{5D80483C-D297-4E04-9EDF-DD58521E9565}) (Version: 4.6.2.24020 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM-x32\...\{8D00DBC4-DEB4-4910-9D7C-30A5C6898195}) (Version: 4.6.3.24870 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 - DEU (HKLM-x32\...\{07AC2D83-E795-4AD5-970D-B9BD14A1E411}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages - DEU (HKLM-x32\...\{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK - Deutsch (HKLM-x32\...\{8EA792A5-38AA-4F0E-8DFE-D1BAF1145431}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK - DEU (HKLM-x32\...\{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{EF18EF0F-96D3-4A6B-9600-2197F1720A15}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{28C7A4BB-3966-4373-8376-C11F38290630}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (11.1.20627.00) (HKLM-x32\...\{F6F1EE45-97E9-48A3-94B2-044B0A3C08D3}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20627.00) (HKLM-x32\...\{CEEDB2C4-46BE-4340-BAB9-F30110D9BBB8}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C668416A-9213-4058-B7F2-01A42D85559D}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{0D432429-C79C-462D-ABD8-4D82B83A954B}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C# 2010 Express - DEU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{3c3aafc8-d898-43ec-998f-965ffdae065a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2012 (HKLM-x32\...\{0bc17680-a2d9-42c0-9c26-0b8ecac2b473}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - DEU (HKLM-x32\...\{86756584-C41A-4CA3-B42D-4768C7720F56}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Oracle VM VirtualBox 4.3.22 (HKLM\...\{F053F74A-A631-4CFA-A271-6D0747599BC9}) (Version: 4.3.22 - Oracle Corporation)
OrCAD 16.6 Lite (HKU\S-1-5-21-3005992195-605650759-3539824770-1001\...\{12C79350-444D-48E0-B05C-1E610FF17F1A}) (Version: 16.60.001 - Cadence Design Systems)
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.50 - PDF Complete, Inc)
PlanePlotter 6.4.2.5 (HKLM-x32\...\PlanePlotter_is1) (Version: - COAA)
PreEmptive Analytics Client German Language Pack (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
Privacy Manager for HP ProtectTools (HKLM\...\{29AB47F0-C5A3-401F-8A84-3324F2DC8E46}) (Version: 7.0.1.892 - Hewlett-Packard Company)
Python 3.4.2 (HKLM-x32\...\{2583CDBA-8A53-4622-BB67-1D163714C1B4}) (Version: 3.4.16349 - Python Software Foundation)
Samsung Easy Color Manager (HKLM-x32\...\{778EACF8-06C1-47AA-9284-91550E9BAD39}) (Version: 3.02.04 - Samsung Electronics Co., Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14074.11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14074.11 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Sentinel Protection Installer 7.6.3 (HKLM-x32\...\{954D9E32-BE47-43F4-9BFF-6DB46F17EAF2}) (Version: 7.6.3 - SafeNet, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sun ODF Plugin for Microsoft Office 3.2 (HKLM-x32\...\{BD136CE7-6666-4273-A056-8D92F8625AAB}) (Version: 3.2.9483 - Sun Microsystems)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.23 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38843 - TeamViewer)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.1.02 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.1.02 - Hewlett-Packard Company) Hidden
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Validity Fingerprint Sensor Driver (HKLM\...\{AA51ED2E-DCE7-415F-9C32-CB9B561D216D}) (Version: 4.4.228.0 - Validity Sensors, Inc.)
VIP Access SDK (1.1.0.7) (HKLM-x32\...\VIP Access SDK) (Version: 1.1.0.7 - Symantec Inc.)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2012 Update 4 (KB2707250) (HKLM-x32\...\{312d9252-c71c-4c84-b171-f4ad46e22098}) (Version: 11.0.61030 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WCF Data Services 5.0 (for OData v3) DEU Language Pack (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 11 DEU Language Pack (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
Windows-Treiberpaket - Hewlett-Packard Image (05/24/2012 11.5.0.116) (HKLM\...\B52717176FE34BE856BA6AFDB17D684B819C9D8A) (Version: 05/24/2012 11.5.0.116 - Hewlett-Packard)
Winmail Opener 1.4 (HKLM-x32\...\Winmail Opener) (Version: 1.4 - Eolsoft)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.12.3 (32-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.3 - The Wireshark developer community, hxxp://www.wireshark.org)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\**********\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
28-02-2015 14:45:29 Removed TortoiseSVN 1.8.10.26129 (64 bit)
28-02-2015 17:55:32 Removed WD My Cloud
28-02-2015 17:56:41 Removed BlueStacks Notification Center
28-02-2015 22:19:01 Removed MySQL Workbench 6.2 CE
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-03-28 19:07 - 00000850 ____A C:\windows\system32\Drivers\etc\hosts
10.0.0.42 BRN30055C09D9CB
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0C65CF07-8AC3-42A6-ADB5-25EC0DA34CDC} - System32\Tasks\{99339292-F8F1-4835-BD1B-CD76D09C16A5} => pcalua.exe -a "C:\Program Files (x86)\LTC\LTspiceIV\scad3.exe" -c -uninstall
Task: {166F2512-5713-4888-86E3-905C18B34901} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2061166D-AE18-43BA-87F2-2208F1C7FA21} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2A516365-DE54-4624-99E5-6BED9BC00F10} - System32\Tasks\{66447AA1-3C8E-4F0E-A1A3-E1BDC28208C5} => C:\Users\**********\Downloads\rtl1090\rtl1090.exe
Task: {385F9A42-08BC-4314-A57B-1210DA0D2CB9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {466D6EA5-0330-4E6D-BCE6-F7C31B3F8F1D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-26] (Google Inc.)
Task: {4A6ED720-6C50-4537-81E1-F0A2269DD653} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4C1B20A3-D397-41A2-A777-5BCC905DEF7F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {52E40D9C-7BEC-4846-86AD-D060AA24F42B} - System32\Tasks\HPCeeScheduleFor********** => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {6EACFEE3-EA93-43DC-BE8E-FCE2474338AE} - System32\Tasks\{351480D6-6012-4793-9E12-EA32AEBEEE0A} => pcalua.exe -a C:\Users\**********\Downloads\VirtualBox-4.3.16-95972-Win.exe -d C:\Users\**********\Downloads
Task: {8E6FC9EB-ACE2-4941-A655-0E411FE49CBF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {91C815ED-CF7A-4F63-9D67-AFD1538EC33A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {A0141749-DF32-43BD-8D93-D4FF25D44627} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-26] (Google Inc.)
Task: {C24ABC71-A336-4ABC-BFC4-F758ECDFA277} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CB21407E-871C-4918-BEDC-9CF86DAC2A31} - System32\Tasks\{044952C2-37A7-4EED-A8AC-037C704164B8} => pcalua.exe -a "C:\Users\**********\Desktop\BACKUPS\Thunderbird Backup\10.09.2012\restore.exe" -d "C:\Users\**********\Desktop\BACKUPS\Thunderbird Backup\10.09.2012"
Task: {DC0C0C17-BE5A-40FC-AD90-355E1756E222} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleFor**********.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) ==============
2012-01-17 16:57 - 2012-01-17 16:57 - 00298368 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2013-03-27 11:11 - 2013-03-27 11:11 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-10-12 10:03 - 2011-10-12 10:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll
2010-09-06 12:18 - 2010-09-06 12:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2013-03-27 10:26 - 2013-03-27 10:26 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2011-06-21 06:42 - 2011-06-21 06:42 - 00034304 _____ () C:\windows\System32\sst3cl6.dll
2011-06-21 01:23 - 2011-06-21 01:23 - 00826880 _____ () C:\windows\system32\spool\DRIVERS\x64\3\sst3cdu.dll
2013-03-27 10:28 - 2013-03-27 10:28 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2014-02-18 15:34 - 2005-04-22 05:36 - 00143360 ____R () C:\windows\system32\BrSNMP64.dll
2013-03-06 14:38 - 2013-03-06 14:38 - 03020504 _____ () c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-06-05 15:51 - 2013-06-05 15:51 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2013-06-05 15:51 - 2013-06-05 15:51 - 00024576 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll
2012-02-10 22:26 - 2012-02-10 22:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2014-03-06 14:00 - 2014-03-06 14:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2013-03-27 10:54 - 2013-03-27 10:54 - 02854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2013-03-27 10:26 - 2013-03-27 10:26 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2013-03-27 10:52 - 2013-03-27 10:52 - 03035136 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2013-03-27 10:57 - 2013-03-27 10:57 - 02867200 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2013-03-27 10:55 - 2013-03-27 10:55 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2013-03-27 10:30 - 2013-03-27 10:30 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2013-03-27 10:31 - 2013-03-27 10:31 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2014-10-16 18:56 - 2014-10-16 18:56 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ffecb320f1e95e8c90a5ce2ee658306d\IsdiInterop.ni.dll
2012-05-17 21:24 - 2012-10-18 20:01 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-03-19 07:00 - 2014-03-19 07:00 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2012-09-04 09:51 - 2014-01-31 15:22 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3005992195-605650759-3539824770-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\**********\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^**********^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AirPort Base Station Agent => "C:\Program Files (x86)\AirPort\APAgent.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: CLMLServer_For_P2G8 => "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
MSCONFIG\startupreg: CLVirtualDrive => "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: SoftGridTray => "C:\Program Files (x86)\Microsoft Application Virtualization Client\SFTTray.exe" /autostart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-3005992195-605650759-3539824770-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-3005992195-605650759-3539824770-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3005992195-605650759-3539824770-1003 - Limited - Enabled)
********** (S-1-5-21-3005992195-605650759-3539824770-1001 - Administrator - Enabled) => C:\Users\**********
==================== Faulty Device Manager Devices =============
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/01/2015 09:18:52 AM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=17C8:usr=**********}
Fehler bei der Anforderung des Desktopkonfigurationsservers für URL {rtsp://10.128.0.120:554/} mit Header {Host: 10.128.0.120
Content-Type: text/xml
AppV-Op: Refresh
} (Rückgabecode 12E0170A-0000000B).
Error: (03/01/2015 09:15:52 AM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=17C8:usr=**********}
Fehler bei der Anforderung des Desktopkonfigurationsservers für URL {rtsp://10.128.0.120:554/} mit Header {Host: 10.128.0.120
Content-Type: text/xml
AppV-Op: Refresh
} (Rückgabecode 12E0170A-0000000B).
Error: (03/01/2015 09:12:52 AM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=17C8:usr=**********}
Fehler bei der Anforderung des Desktopkonfigurationsservers für URL {rtsp://10.128.0.120:554/} mit Header {Host: 10.128.0.120
Content-Type: text/xml
AppV-Op: Refresh
} (Rückgabecode 12E0170A-0000000B).
Error: (03/01/2015 09:09:52 AM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=CFC:usr=**********}
Fehler bei der Anforderung des Desktopkonfigurationsservers für URL {rtsp://10.128.0.120:554/} mit Header {Host: 10.128.0.120
Content-Type: text/xml
AppV-Op: Refresh
} (Rückgabecode 12E0170A-0000000B).
Error: (02/28/2015 09:46:22 PM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=1B04:usr=**********}
Fehler bei der Anforderung des Desktopkonfigurationsservers für URL {rtsp://10.128.0.120:554/} mit Header {Host: 10.128.0.120
Content-Type: text/xml
AppV-Op: Refresh
} (Rückgabecode 12E0170A-0000000B).
Error: (02/28/2015 09:43:22 PM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=1164:usr=**********}
Fehler bei der Anforderung des Desktopkonfigurationsservers für URL {rtsp://10.128.0.120:554/} mit Header {Host: 10.128.0.120
Content-Type: text/xml
AppV-Op: Refresh
} (Rückgabecode 12E0170A-0000000B).
Error: (02/28/2015 09:40:22 PM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=1164:usr=**********}
Fehler bei der Anforderung des Desktopkonfigurationsservers für URL {rtsp://10.128.0.120:554/} mit Header {Host: 10.128.0.120
Content-Type: text/xml
AppV-Op: Refresh
} (Rückgabecode 12E0170A-0000000B).
Error: (02/28/2015 09:37:22 PM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=1164:usr=**********}
Fehler bei der Anforderung des Desktopkonfigurationsservers für URL {rtsp://10.128.0.120:554/} mit Header {Host: 10.128.0.120
Content-Type: text/xml
AppV-Op: Refresh
} (Rückgabecode 12E0170A-0000000B).
Error: (02/28/2015 08:07:03 PM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=934:usr=**********}
Fehler bei der Anforderung des Desktopkonfigurationsservers für URL {rtsp://10.128.0.120:554/} mit Header {Host: 10.128.0.120
Content-Type: text/xml
AppV-Op: Refresh
} (Rückgabecode 12E0170A-0000000B).
Error: (02/28/2015 08:04:03 PM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=934:usr=**********}
Fehler bei der Anforderung des Desktopkonfigurationsservers für URL {rtsp://10.128.0.120:554/} mit Header {Host: 10.128.0.120
Content-Type: text/xml
AppV-Op: Refresh
} (Rückgabecode 12E0170A-0000000B).
System errors:
=============
Error: (02/28/2015 09:35:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Software Protection" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/28/2015 09:35:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Software Protection erreicht.
Error: (02/28/2015 09:07:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
Error: (02/28/2015 08:52:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (02/28/2015 08:50:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (02/28/2015 08:50:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (02/28/2015 08:50:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (02/28/2015 08:50:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (02/28/2015 08:50:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (02/28/2015 08:50:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (03/01/2015 09:18:52 AM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=17C8:usr=**********}
rtsp://10.128.0.120:554/Host: 10.128.0.120
Content-Type: text/xml
AppV-Op: Refresh
12E0170A-0000000B
Error: (03/01/2015 09:15:52 AM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=17C8:usr=**********}
rtsp://10.128.0.120:554/Host: 10.128.0.120
Content-Type: text/xml
AppV-Op: Refresh
12E0170A-0000000B
Error: (03/01/2015 09:12:52 AM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=17C8:usr=**********}
rtsp://10.128.0.120:554/Host: 10.128.0.120
Content-Type: text/xml
AppV-Op: Refresh
12E0170A-0000000B
Error: (03/01/2015 09:09:52 AM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=CFC:usr=**********}
rtsp://10.128.0.120:554/Host: 10.128.0.120
Content-Type: text/xml
AppV-Op: Refresh
12E0170A-0000000B
Error: (02/28/2015 09:46:22 PM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=1B04:usr=**********}
rtsp://10.128.0.120:554/Host: 10.128.0.120
Content-Type: text/xml
AppV-Op: Refresh
12E0170A-0000000B
Error: (02/28/2015 09:43:22 PM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=1164:usr=**********}
rtsp://10.128.0.120:554/Host: 10.128.0.120
Content-Type: text/xml
AppV-Op: Refresh
12E0170A-0000000B
Error: (02/28/2015 09:40:22 PM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=1164:usr=**********}
rtsp://10.128.0.120:554/Host: 10.128.0.120
Content-Type: text/xml
AppV-Op: Refresh
12E0170A-0000000B
Error: (02/28/2015 09:37:22 PM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=1164:usr=**********}
rtsp://10.128.0.120:554/Host: 10.128.0.120
Content-Type: text/xml
AppV-Op: Refresh
12E0170A-0000000B
Error: (02/28/2015 08:07:03 PM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=934:usr=**********}
rtsp://10.128.0.120:554/Host: 10.128.0.120
Content-Type: text/xml
AppV-Op: Refresh
12E0170A-0000000B
Error: (02/28/2015 08:04:03 PM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=934:usr=**********}
rtsp://10.128.0.120:554/Host: 10.128.0.120
Content-Type: text/xml
AppV-Op: Refresh
12E0170A-0000000B
CodeIntegrity Errors:
===================================
Date: 2014-09-11 15:58:06.396
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 15:58:06.396
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 15:58:06.380
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 15:58:06.380
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 15:54:29.930
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 15:54:29.852
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-21 09:57:47.330
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-21 09:57:47.329
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-21 09:57:47.321
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-21 09:57:47.319
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz
Percentage of memory in use: 20%
Total physical RAM: 16317.53 MB
Available physical RAM: 12938.6 MB
Total Pagefile: 32633.24 MB
Available Pagefile: 28759.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:675.26 GB) (Free:91.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.96 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:21.08 GB) (Free:3.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: A7525909)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=675.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=23.1 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
01.03.2015, 15:54
| #6 |
| /// the machine /// TB-Ausbilder | Träges System, Veränderungen, mehrere unbekannte Prozesse hi, Scan mit Combofix
__________________ --> Träges System, Veränderungen, mehrere unbekannte Prozesse |
|
01.03.2015, 18:12
| #7 |
| | CombofixCode:
ATTFilter ComboFix 15-03-01.01 - ********* 01.03.2015 17:28:47.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.43.1031.18.16318.11964 [GMT 1:00]
ausgeführt von:: c:\users\*********\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\ntuser.pol
c:\programdata\Roaming
c:\users\*********\AppData\Local\assembly\tmp
c:\users\*********\AppData\Local\assembly\tmp\14RGBDP9\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\14RGBDP9\Microsoft.Office.Tools.Common.v4.0.Utilities.DLL
c:\users\*********\AppData\Local\assembly\tmp\1EUHQY1K\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\1EUHQY1K\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\1P7KP6W8\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\1P7KP6W8\Microsoft.VisualStudio.QualityTools.LoadTestExcelCommon.DLL
c:\users\*********\AppData\Local\assembly\tmp\35HC4EH4\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\35HC4EH4\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\4YVP6UW1\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\4YVP6UW1\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\554XZVQF\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\554XZVQF\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.resources.DLL
c:\users\*********\AppData\Local\assembly\tmp\5MFWIWP8\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\5MFWIWP8\Microsoft.Office.Tools.Common.v4.0.Utilities.DLL
c:\users\*********\AppData\Local\assembly\tmp\7BX2WSYS\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\7BX2WSYS\Microsoft.Office.Tools.Common.v4.0.Utilities.DLL
c:\users\*********\AppData\Local\assembly\tmp\80WL1T91\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\80WL1T91\Microsoft.Office.Tools.Common.v4.0.Utilities.DLL
c:\users\*********\AppData\Local\assembly\tmp\897XJ0XS\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\897XJ0XS\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\9E684I21\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\9E684I21\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\AYWR8ZAA\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\AYWR8ZAA\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\BP5DHMC0\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\BP5DHMC0\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\CAOX1UUW\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\CAOX1UUW\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\DATMF51J\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\DATMF51J\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\EN7DXYZ1\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\EN7DXYZ1\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\EWPN70QJ\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\EWPN70QJ\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\G3HLR6KM\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\G3HLR6KM\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\HBZ5MWSK\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\HBZ5MWSK\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\HZIGLB2B\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\HZIGLB2B\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\JM6FALKE\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\JM6FALKE\Microsoft.Office.Tools.Common.v4.0.Utilities.DLL
c:\users\*********\AppData\Local\assembly\tmp\L2K384M9\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\L2K384M9\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\LUGD8SWW\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\LUGD8SWW\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\MFJFVY35\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\MFJFVY35\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.resources.DLL
c:\users\*********\AppData\Local\assembly\tmp\MHWB8CXV\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\MHWB8CXV\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\N8ZWUYX1\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\N8ZWUYX1\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\OFL55JV0\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\OFL55JV0\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\Q8UQ9R5J\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\Q8UQ9R5J\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.resources.DLL
c:\users\*********\AppData\Local\assembly\tmp\RGDEPB1W\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\RGDEPB1W\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\TNP3GVIG\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\TNP3GVIG\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\U9RNZLTA\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\U9RNZLTA\Microsoft.Office.Tools.Common.v4.0.Utilities.DLL
c:\users\*********\AppData\Local\assembly\tmp\UV88NA16\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\UV88NA16\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\WTR8KVON\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\WTR8KVON\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\YA0U00KG\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\YA0U00KG\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\users\*********\AppData\Local\assembly\tmp\YUX6GY68\__AssemblyInfo__.ini
c:\users\*********\AppData\Local\assembly\tmp\YUX6GY68\Microsoft.VisualStudio.QualityTools.LoadTestExcelAddIn.DLL
c:\windows\tw32.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-02-01 bis 2015-03-01 ))))))))))))))))))))))))))))))
.
.
2015-03-01 16:42 . 2015-03-01 16:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-01 16:42 . 2015-03-01 16:42 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-03-01 08:18 . 2015-03-01 08:26 -------- d-----w- C:\FRST
2015-02-28 18:36 . 2015-02-28 18:36 -------- d-----w- c:\program files\CPUID
2015-02-28 18:31 . 2015-02-28 20:58 -------- d-----w- c:\users\*********\AppData\Roaming\MyPhoneExplorer
2015-02-28 18:31 . 2015-02-28 18:31 -------- d-----w- c:\program files (x86)\MyPhoneExplorer
2015-02-28 17:28 . 2015-03-01 09:26 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-28 17:27 . 2015-02-28 17:28 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2015-02-28 17:27 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-28 17:27 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-28 17:04 . 2015-02-28 17:04 -------- d-----w- c:\program files\BIPA
2015-02-28 17:03 . 2015-02-28 17:03 -------- d-----w- c:\users\*********\AppData\Roaming\hps-install
2015-02-28 16:46 . 2015-03-01 16:38 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0048D044-A903-4B71-AEC1-765876B95B43}\offreg.dll
2015-02-27 07:05 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0048D044-A903-4B71-AEC1-765876B95B43}\mpengine.dll
2015-02-25 16:35 . 2015-02-25 16:36 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2015-02-25 09:57 . 2015-02-25 09:58 -------- d-----w- c:\users\*********\AppData\Roaming\autopsy
2015-02-25 09:55 . 2015-02-25 09:56 -------- d-----w- c:\program files\Autopsy-3.1.1
2015-02-21 10:58 . 2015-02-21 10:58 -------- d-----w- c:\program files (x86)\ISO to USB
2015-02-17 15:20 . 2015-02-17 15:20 -------- d-----w- c:\programdata\ESRI
2015-02-17 14:54 . 2015-02-17 14:54 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2015-02-17 14:50 . 2015-02-17 15:21 -------- d-----w- c:\program files (x86)\Common Files\AnswerWorks 4.0
2015-02-17 14:49 . 2015-02-17 14:49 -------- d-----w- c:\program files (x86)\Common Files\Data Dynamics
2015-02-17 14:49 . 2015-02-17 14:49 -------- d-----w- c:\program files (x86)\Common Files\Tom Sawyer Software
2015-02-17 14:49 . 2015-02-17 14:50 -------- d-----w- c:\program files (x86)\Common Files\ArcGIS
2015-02-17 14:49 . 2015-02-17 14:49 -------- d-----w- C:\Python27
2015-02-17 14:49 . 2015-02-17 14:49 -------- d-----w- c:\program files (x86)\ArcGIS
2015-02-17 14:47 . 2015-02-17 14:47 -------- d-----w- c:\program files (x86)\ArcGIS 10.2.2
2015-02-14 18:58 . 2015-02-12 15:54 921144 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2015-02-14 18:57 . 2015-02-12 15:53 128592 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2015-02-14 18:21 . 2015-02-14 21:29 -------- d-----r- C:\ESD
2015-02-13 19:23 . 2015-02-13 19:23 -------- d-----w- c:\program files (x86)\PHP
2015-02-13 18:55 . 2015-02-13 22:24 -------- d-----w- c:\users\DefaultAppPool
2015-02-13 18:52 . 2015-02-13 18:52 -------- d-----w- C:\inetpub
2015-02-12 15:53 . 2015-02-12 15:53 204264 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2015-02-12 15:53 . 2015-02-12 15:53 156360 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2015-02-12 15:53 . 2015-02-12 15:53 141440 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2015-02-12 09:35 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-12 09:35 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-12 09:35 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-12 09:35 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-11 08:38 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-02-11 08:38 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-02-11 08:38 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-11 08:38 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-02-11 07:17 . 2015-02-04 03:16 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-11 07:16 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-11 07:16 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-02-11 07:16 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-11 07:16 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-11 07:16 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-11 07:16 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 07:16 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-11 07:16 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-11 07:16 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-11 07:16 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-11 07:16 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-11 07:16 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-03 22:20 . 2015-02-03 22:20 -------- d-----w- c:\users\*********\AppData\Roaming\Notepad++
2015-02-03 22:20 . 2015-02-03 22:20 -------- d-----w- c:\program files (x86)\Notepad++
2015-02-03 14:50 . 2015-02-03 14:50 -------- d-----w- c:\users\*********\.jmc
2015-02-03 14:49 . 2015-02-03 14:49 -------- d-----w- c:\users\*********\.eclipse
2015-02-03 14:35 . 2015-02-03 14:34 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-02-03 14:33 . 2015-02-03 14:34 -------- d-----w- c:\program files\Java
2015-02-03 10:34 . 2001-11-08 09:27 237568 ----a-w- c:\windows\SysWow64\glut32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-13 21:22 . 2013-08-10 12:14 3937472 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1031\ResourceCache.dll
2015-02-11 08:15 . 2012-10-16 22:55 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-05 16:26 . 2012-05-17 20:30 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 16:26 . 2012-05-17 20:30 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-22 23:41 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-19 03:06 . 2015-01-14 07:50 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 07:50 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 07:50 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-14 07:50 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-14 07:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-14 07:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\*********\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\*********\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\*********\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30873192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-10-18 56128]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2014-01-31 134616]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-08-21 292088]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2012-08-07 12313720]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-09-11 766208]
"IFXSPMGT"="c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2014-02-09 1128312]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2014-02-10 336672]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2014-04-09 185144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
c:\users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\*********\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-11 42555824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2014-3-6 1396440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2012-01-31 21:19 75648 ------w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
R2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftVCapture.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 clwvd;CyberLink Webcam Sharing Manager;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 cpuz130;cpuz130;c:\users\*********\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\*********\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys;c:\windows\SYSNATIVE\Drivers\GemCCID.sys [x]
R3 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 vNICdrv;Iomega Virtual Miniport;c:\windows\system32\DRIVERS\vNICdrv.sys;c:\windows\SYSNATIVE\DRIVERS\vNICdrv.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MySQL56;MySQL56;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56 [x]
R4 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys;c:\windows\SYSNATIVE\drivers\psd.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AVP15.0.0;Kaspersky Anti-Virus Service 15.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [x]
S2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfswin7.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaywin7.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirwin7.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvolwin7.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - CPUZ138
*Deregistered* - cpuz138
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 16:26]
.
2015-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-26 16:25]
.
2015-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-26 16:25]
.
2015-02-27 c:\windows\Tasks\HPCeeScheduleFor*********.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\*********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\*********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\*********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\*********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2012-03-14 15232]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-02-28 1664000]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391198468&from=amt&uid=HitachiXHTS727575A9E364_J3740084HR7RMEHR7RMEX&q={searchTerms}
uInternet Settings,ProxyOverride = *.local
IE: &Citavi Picker... - file://c:\program files (x86)\Internet Explorer\Citavi Picker\ShowContextMenu.html
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Zu Anti-Banner hinzufügen - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\*********\AppData\Roaming\Mozilla\Firefox\Profiles\gi23ph1m.default\
FF - user.js: plugin.state.npcontentblocker - 2
FF - user.js: plugin.state.nponlinebanking - 2
FF - user.js: plugin.state.npvkplugin - 2
FF - user.js: plugin.state.anti_banner_native_proxy - 2
FF - user.js: plugin.state.url_advisor - 2
FF - user.js: plugin.state.anti_banner_native_proxy - 2
FF - user.js: plugin.state.url_advisor - 2
FF - user.js: plugin.state.npcontentblocker - 2
FF - user.js: plugin.state.nponlinebanking - 2
FF - user.js: plugin.state.npvkplugin - 2
FF - user.js: plugin.state.npcontentblocker - 2
FF - user.js: plugin.state.nponlinebanking - 2
FF - user.js: plugin.state.npvkplugin - 2
FF - user.js: plugin.state.npcontentblocker - 2
FF - user.js: plugin.state.nponlinebanking - 2
FF - user.js: plugin.state.npvkplugin - 2
FF - user.js: plugin.state.npcontentblocker - 2
FF - user.js: plugin.state.nponlinebanking - 2
FF - user.js: plugin.state.npvkplugin - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL56]
"ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL56]
"ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3005992195-605650759-3539824770-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a9,5a,73,04,ad,36,93,4f,14,68,7d,75,3b,63,7e,52,45,70,9f,2c,73,9d,5e,
ad,cf,84,1a,8a,70,90,89,fd,07,ce,dd,57,8d,fb,9a,c4,ca,a8,07,f5,b7,53,ed,f8,\
"??"=hex:c1,0b,3d,a0,fe,00,9a,20,fe,c3,48,68,6f,d6,1c,0c
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-01 17:54:36
ComboFix-quarantined-files.txt 2015-03-01 16:54
.
Vor Suchlauf: 32 Verzeichnis(se), 95.687.950.336 Bytes frei
Nach Suchlauf: 41 Verzeichnis(se), 95.565.635.584 Bytes frei
.
- - End Of File - - 9000C9E57E56E0D09D8BCE75B373AA6B
|
|
02.03.2015, 08:23
| #8 |
| /// the machine /// TB-Ausbilder | Träges System, Veränderungen, mehrere unbekannte Prozesse Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.03.2015, 18:33
| #9 |
| | MbamCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 03.03.2015 Suchlauf-Zeit: 15:25:16 Logdatei: mbam suchlauf.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.03.03.03 Rootkit Datenbank: v2015.02.25.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: ******** Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 542914 Verstrichene Zeit: 1 Std, 8 Min, 37 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Tiefer Rootkit-Suchlauf: Aktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 2 Riskware.Tool.CK, C:\Users\********\Desktop\********\Downloads\CheatEngine54.exe, In Quarantäne, [57522bf7fc8e3df94a0df0a938ca42be], Adware.Clicker, C:\Users\********\Desktop\********\Downloads\unlocker1.8.7.exe, In Quarantäne, [5851de44206ada5caac5bce2f0128080], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.111 - Bericht erstellt 03/03/2015 um 18:11:45
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Lokal]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : ********* - LAPTOP
# Gestarted von : C:\Users\*********\Desktop\AdwCleaner_4.111.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Users\*********\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\*********\AppData\Roaming\download Manager
Datei Gelöscht : C:\Users\*********\AppData\Roaming\Mozilla\Firefox\Profiles\gi23ph1m.default\user.js
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\YourFileDownloader
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17631
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v36.0 (x86 de)
*************************
AdwCleaner[R0].txt - [2850 Bytes] - [31/01/2014 21:38:03]
AdwCleaner[R1].txt - [2913 Bytes] - [03/03/2015 18:02:45]
AdwCleaner[S0].txt - [2503 Bytes] - [31/01/2014 21:45:29]
AdwCleaner[S1].txt - [2661 Bytes] - [03/03/2015 18:11:45]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2720 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Professional x64
Ran by ********* on 03.03.2015 at 18:19:56,68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\*********\AppData\Roaming\mozilla\firefox\profiles\gi23ph1m.default\minidumps [126 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.03.2015 at 18:23:51,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by ********** (administrator) on LAPTOP on 03-03-2015 18:30:08
Running from C:\Users\**********\Desktop
Loaded Profiles: ********** (Available profiles: ********** & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\FreedomeService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\FreedomeAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-02-28] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816240 2014-07-02] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-10-18] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2014-01-31] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2014-08-21] (Intel Corporation)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12313720 2012-08-07] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IFXSPMGT] => C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1128312 2014-02-09] (Infineon Technologies AG)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-02-10] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2014-04-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [FreedomeAutoStart] => C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\Freedome.exe [1985064 2015-03-01] (F-Secure Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-3005992195-605650759-3539824770-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
Lsa: [Notification Packages] DPPassFilter scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\**********\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3005992195-605650759-3539824770-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3005992195-605650759-3539824770-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3005992195-605650759-3539824770-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3005992195-605650759-3539824770-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1362838867134
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\gi23ph1m.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\.DEFAULT: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll (Digital Persona, Inc.)
FF Extension: HP Detect - C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\gi23ph1m.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012-10-27]
FF Extension: Block site - C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\gi23ph1m.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2014-01-22]
FF Extension: Fireforce - C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\gi23ph1m.default\Extensions\fireforce@scrt.ch.xpi [2015-01-06]
FF Extension: FlashGot - C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\gi23ph1m.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-05-14]
FF Extension: Adblock Plus - C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\gi23ph1m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-17]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-01-19]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-01-07]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-07-09]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-09-30]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\dpchrome.crx [2012-07-20]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [494456 2012-07-20] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477088 2012-09-04] (Hewlett-Packard Company)
R2 Freedome Service; C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\FreedomeService.exe [109608 2015-03-01] (F-Secure Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-02-10] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1128312 2014-02-09] (Infineon Technologies AG)
R2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [984440 2014-02-09] (Infineon Technologies AG)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2014-01-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2014-01-31] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2013-03-27] () [File not signed]
S4 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14362 2015-02-13] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
R2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [212344 2014-02-09] (Infineon Technologies AG)
R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374048 2010-10-20] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1250592 2010-10-20] (SafeNet, Inc)
R2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292128 2010-10-20] (SafeNet, Inc.)
S3 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2013-02-28] (IDT, Inc.) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2014-07-02] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-02] (Broadcom Corporation.)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-09-04] (Hewlett-Packard Company)
S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [129792 2013-04-24] (Gemalto)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2013-03-23] (JMicron Technology Corp.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-08] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-08] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-03] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [91432 2013-03-27] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158760 2013-03-27] (McAfee, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2014-02-09] (Infineon Technologies AG)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19032 2013-07-01] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12384 2013-07-01] ()
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-08-21] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-08-21] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29864 2013-08-21] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-08-21] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-20] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-02-12] (Duplex Secure Ltd.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115488 2014-05-16] (Oracle Corporation)
S3 vNICdrv; C:\Windows\System32\DRIVERS\vNICdrv.sys [20048 2013-05-20] (Iomega Corporation)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-26] (Microsoft Corporation)
S3 ARCVCAM; system32\DRIVERS\ArcSoftVCapture.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 cpuz130; \??\C:\Users\**********\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-03 17:51 - 2015-03-03 17:51 - 00000114 _____ () C:\Users\**********\Desktop\Job I u II Tipps **********.txt
2015-03-03 15:21 - 2015-03-03 15:21 - 00000000 ____D () C:\Users\**********\Tracing
2015-03-03 14:03 - 2015-03-03 14:07 - 00000000 ____D () C:\Users\**********\AndroidStudioProjects
2015-03-03 14:03 - 2015-03-03 14:03 - 00000000 ____D () C:\Users\**********\.gradle
2015-03-03 14:00 - 2015-03-03 14:00 - 00000000 ____D () C:\Users\**********\AppData\Roaming\JetBrains
2015-03-03 14:00 - 2015-03-03 14:00 - 00000000 ____D () C:\Users\**********\.AndroidStudio
2015-03-03 14:00 - 2015-03-03 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-03-03 13:59 - 2015-01-30 10:02 - 00084992 _____ (Intel Corporation) C:\windows\system32\Drivers\IntelHaxm.sys
2015-03-03 13:53 - 2015-03-03 13:53 - 00000000 ____D () C:\Users\**********\AppData\Local\Android
2015-03-03 13:52 - 2015-03-03 13:52 - 00000000 ____D () C:\Program Files\Android
2015-03-03 13:19 - 2015-03-03 13:19 - 00000000 ____D () C:\Users\**********\Documents\NetBeansProjects
2015-03-03 13:18 - 2015-03-03 13:18 - 00000000 ____D () C:\Users\**********\AppData\Roaming\NetBeans
2015-03-03 13:18 - 2015-03-03 13:18 - 00000000 ____D () C:\Users\**********\AppData\Local\NetBeans
2015-03-03 13:16 - 2015-03-03 13:16 - 00002035 _____ () C:\Users\Public\Desktop\NetBeans IDE 8.0.2.lnk
2015-03-03 13:16 - 2015-03-03 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans
2015-03-03 13:14 - 2015-03-03 13:18 - 00000000 ____D () C:\Program Files\NetBeans 8.0.2
2015-03-03 13:13 - 2015-03-03 13:18 - 00000000 ____D () C:\Users\**********\.nbi
2015-03-03 13:10 - 2015-03-03 13:13 - 856233768 _____ (Google Inc.) C:\Users\**********\Downloads\android-studio-bundle-135.1740770-windows.exe
2015-03-03 13:09 - 2015-03-03 13:12 - 94134224 _____ () C:\Users\**********\Downloads\netbeans-8.0.2-javase-windows.exe
2015-03-03 09:13 - 2015-03-03 09:13 - 00483553 _____ () C:\Users\**********\Desktop\Träges System, Veränderungen, mehrere unbekannte Prozesse - Trojaner-Board.html
2015-03-03 09:13 - 2015-03-03 09:13 - 00062226 _____ () C:\Users\**********\Desktop\AdwCleaner Anleitung Browser-Viren entfernen.htm
2015-03-03 09:13 - 2015-03-03 09:13 - 00061514 _____ () C:\Users\**********\Desktop\Anleitung Malwarebytes Anti-Malware - Trojaner-Board.html
2015-03-03 09:13 - 2015-03-03 09:13 - 00000000 ____D () C:\Users\**********\Desktop\Träges System, Veränderungen, mehrere unbekannte Prozesse - Trojaner-Board-Dateien
2015-03-03 09:13 - 2015-03-03 09:13 - 00000000 ____D () C:\Users\**********\Desktop\Anleitung Malwarebytes Anti-Malware - Trojaner-Board-Dateien
2015-03-03 09:13 - 2015-03-03 09:13 - 00000000 ____D () C:\Users\**********\Desktop\AdwCleaner Anleitung Browser-Viren entfernen-Dateien
2015-03-02 23:44 - 2015-03-02 23:44 - 00018148 _____ () C:\Users\**********\Desktop\nkO+DuU4.htm
2015-03-02 18:47 - 2015-03-02 18:47 - 00000069 _____ () C:\Users\**********\Desktop\Jahrestag.txt
2015-03-01 18:22 - 2015-03-01 18:23 - 88989512 _____ () C:\Users\**********\Downloads\pCon.planner70setup.exe
2015-03-01 18:22 - 2015-03-01 18:23 - 63886592 _____ (AOMEI Technology Co., Ltd. ) C:\Users\**********\Downloads\Backupper22Full.exe
2015-03-01 18:18 - 2015-03-01 18:18 - 00002306 _____ () C:\Users\Public\Desktop\Freedome.lnk
2015-03-01 18:18 - 2015-03-01 18:18 - 00000000 ____D () C:\Users\**********\AppData\Local\F-Secure
2015-03-01 18:18 - 2015-03-01 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freedome
2015-03-01 18:16 - 2015-03-01 18:16 - 00033832 _____ (The OpenVPN Project) C:\windows\system32\Drivers\tap0901.sys
2015-03-01 18:16 - 2015-03-01 18:16 - 00000000 ____D () C:\ProgramData\F-Secure
2015-03-01 18:16 - 2015-03-01 18:16 - 00000000 ____D () C:\Program Files (x86)\F-Secure
2015-03-01 17:54 - 2015-03-01 18:11 - 00040034 _____ () C:\ComboFix.txt
2015-03-01 17:27 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-03-01 17:27 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-03-01 17:27 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-03-01 17:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-03-01 17:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-03-01 17:27 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-03-01 17:27 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-03-01 17:27 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-03-01 17:26 - 2015-03-01 17:55 - 00000000 ____D () C:\Qoobox
2015-03-01 17:26 - 2015-03-01 17:51 - 00000000 ____D () C:\windows\erdnt
2015-03-01 17:24 - 2015-03-01 17:24 - 05612482 ____R (Swearware) C:\Users\**********\Desktop\ComboFix.exe
2015-03-01 13:43 - 2015-03-01 13:44 - 35325480 _____ (F-Secure Corporation) C:\Users\**********\Downloads\Freedome649.exe
2015-03-01 11:18 - 2015-03-01 11:18 - 00000036 _____ () C:\Users\**********\Desktop\software auszutesten.txt
2015-03-01 09:19 - 2015-03-01 09:24 - 00056429 _____ () C:\Users\**********\Desktop\Addition.txt
2015-03-01 09:18 - 2015-03-03 18:30 - 00034798 _____ () C:\Users\**********\Desktop\FRST.txt
2015-03-01 09:18 - 2015-03-03 18:30 - 00000000 ____D () C:\FRST
2015-03-01 09:13 - 2015-03-01 09:13 - 02092544 _____ (Farbar) C:\Users\**********\Desktop\FRST64.exe
2015-02-28 23:03 - 2015-03-03 18:27 - 00000000 ____D () C:\Users\**********\Desktop\Spyware Reports
2015-02-28 22:29 - 2015-02-28 22:29 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\**********\Downloads\tdsskiller44.exe
2015-02-28 21:59 - 2015-02-28 21:59 - 00843046 _____ () C:\Users\**********\Desktop\MyPhoneExplorer Client.apk
2015-02-28 21:44 - 2015-02-28 21:46 - 00000040 _____ () C:\Users\**********\Desktop\trojaner-board.txt
2015-02-28 20:44 - 2015-02-28 23:03 - 00000000 ____D () C:\Users\**********\Desktop\Spyware Tools
2015-02-28 20:39 - 2015-02-28 20:39 - 00000000 ____D () C:\Users\**********\Desktop\USB3 Sicherung
2015-02-28 20:18 - 2015-02-28 20:18 - 00018490 _____ () C:\Users\**********\Desktop\cc_20150228_201805.reg
2015-02-28 20:16 - 2015-02-28 20:16 - 00000000 ____D () C:\Users\**********\Downloads\backups
2015-02-28 20:12 - 2015-02-28 20:12 - 00019867 _____ () C:\Users\**********\Desktop\hijackthis.log
2015-02-28 19:36 - 2015-02-28 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-02-28 19:36 - 2015-02-28 19:36 - 00000000 ____D () C:\Program Files\CPUID
2015-02-28 19:31 - 2015-02-28 21:58 - 00000000 ____D () C:\Users\**********\AppData\Roaming\MyPhoneExplorer
2015-02-28 19:31 - 2015-02-28 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2015-02-28 19:31 - 2015-02-28 19:31 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2015-02-28 19:07 - 2015-02-28 20:46 - 00000000 ____D () C:\Users\**********\Desktop\Kaspersky Rescue
2015-02-28 18:51 - 2015-02-28 18:51 - 00387584 _____ () C:\Users\**********\Downloads\rescue2usb.exe
2015-02-28 18:44 - 2015-02-28 18:45 - 00000000 ____D () C:\Users\**********\Desktop\Gelber Kingston
2015-02-28 18:28 - 2015-03-03 17:58 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-28 18:28 - 2015-02-28 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-28 18:27 - 2015-02-28 18:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-02-28 18:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-28 18:27 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-28 18:07 - 2015-02-28 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BIPA FotoShop
2015-02-28 18:04 - 2015-02-28 18:04 - 00000000 ____D () C:\Program Files\BIPA
2015-02-28 18:03 - 2015-02-28 18:03 - 00000000 ____D () C:\Users\**********\AppData\Roaming\hps-install
2015-02-28 18:02 - 2015-03-01 09:47 - 00003118 _____ () C:\windows\System32\Tasks\{99339292-F8F1-4835-BD1B-CD76D09C16A5}
2015-02-28 17:55 - 2015-02-28 17:55 - 00000656 _____ () C:\Users\**********\Desktop\cc_20150228_175504.reg
2015-02-28 17:53 - 2015-02-28 17:53 - 00440218 _____ () C:\Users\**********\Desktop\cc_20150228_175347.reg
2015-02-28 17:35 - 2015-02-28 17:35 - 00000400 _____ () C:\Users\**********\Downloads\setup.log.full
2015-02-28 17:35 - 2015-02-28 17:35 - 00000400 _____ () C:\Users\**********\Downloads\setup.log
2015-02-28 17:31 - 2015-02-28 17:31 - 00000000 ____D () C:\Users\**********\Desktop\Pwd forgot kaspersky
2015-02-28 17:05 - 2015-02-28 17:05 - 00000000 ____D () C:\Users\**********\Downloads\passOff2015
2015-02-27 18:53 - 2015-02-27 18:54 - 20163714 _____ () C:\Users\**********\Desktop\House_of_Cards_Vienna_vs_Washington_DC_Side_by_Side_hd720.mp4
2015-02-26 20:34 - 2015-02-26 20:34 - 01190544 _____ ( ) C:\Users\**********\Downloads\hwmonitor_1.26-setup.exe
2015-02-26 11:47 - 2015-02-26 11:47 - 00003918 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{34EF64D1-2FC7-47A6-BCB4-40D5E60123B1}
2015-02-25 21:10 - 2015-02-25 21:10 - 00000475 _____ () C:\-
2015-02-25 20:58 - 2015-02-25 20:58 - 00009152 _____ () C:\Users\**********\Desktop\perlc.m
2015-02-25 18:19 - 2015-01-09 00:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-25 18:19 - 2015-01-09 00:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-25 17:37 - 2015-02-25 17:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-25 17:35 - 2015-02-25 17:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-25 10:58 - 2015-02-25 10:58 - 00000000 ____D () C:\Users\**********\Desktop\restoration
2015-02-25 10:57 - 2015-02-25 10:58 - 00000000 ____D () C:\Users\**********\AppData\Roaming\autopsy
2015-02-25 10:57 - 2015-02-25 10:57 - 00000036 _____ () C:\.superId
2015-02-25 10:56 - 2015-02-25 10:56 - 00001887 _____ () C:\Users\**********\Desktop\Autopsy 3.1.1.lnk
2015-02-25 10:55 - 2015-02-25 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autopsy
2015-02-25 10:55 - 2015-02-25 10:56 - 00000000 ____D () C:\Program Files\Autopsy-3.1.1
2015-02-25 10:48 - 2015-02-25 10:50 - 294125568 _____ () C:\Users\**********\Downloads\autopsy-3.1.1-32bit.msi
2015-02-25 10:48 - 2015-02-25 10:49 - 298099712 _____ () C:\Users\**********\Downloads\autopsy-3.1.1-64bit.msi
2015-02-23 19:12 - 2015-02-23 19:12 - 00000367 _____ () C:\Users\**********\Downloads\link.kml
2015-02-23 18:48 - 2015-02-23 18:48 - 00000046 _____ () C:\Users\**********\Downloads\choord_b07b46f2e3e342b296d5e1940140a1dc.txt
2015-02-21 20:32 - 2015-02-21 20:33 - 00000000 ____D () C:\Users\**********\Desktop\USB Stick Post
2015-02-21 20:31 - 2015-02-21 22:51 - 1051721728 _____ () C:\Users\**********\Downloads\ubuntu-14.04.2-desktop-i386.iso
2015-02-21 20:31 - 2015-02-21 20:50 - 1044381696 _____ () C:\Users\**********\Downloads\ubuntu-14.04.2-desktop-amd64.iso
2015-02-21 20:30 - 2015-02-21 20:30 - 01088905 _____ (pendrivelinux.com) C:\Users\**********\Downloads\Universal-USB-Installer-1.9.5.9.exe
2015-02-21 11:59 - 2015-02-21 11:59 - 00000000 ____D () C:\Users\**********\Downloads\AMD Driver
2015-02-21 11:58 - 2015-02-21 11:58 - 00001021 _____ () C:\Users\**********\Downloads\ISO to USB.lnk
2015-02-21 11:58 - 2015-02-21 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB
2015-02-21 11:58 - 2015-02-21 11:58 - 00000000 ____D () C:\Program Files (x86)\ISO to USB
2015-02-21 11:56 - 2015-02-21 11:56 - 01733751 _____ (isotousb.com ) C:\Users\**********\Downloads\isotousb_14setup.exe
2015-02-20 20:58 - 2015-02-20 20:59 - 23315064 _____ (Popcorn Official) C:\Users\**********\Downloads\Popcorn-Time-0.3.7.2-Setup.exe
2015-02-20 13:23 - 2015-02-20 13:23 - 00000000 ____D () C:\Users\**********\Downloads\win32
2015-02-20 10:38 - 2015-02-23 15:44 - 00000283 _____ () C:\Users\**********\Desktop\freelancer sms.txt
2015-02-19 21:01 - 2015-02-19 21:02 - 00000000 ____D () C:\Users\**********\Downloads\Seafile
2015-02-19 19:45 - 2015-02-19 19:45 - 00000025 _____ () C:\Users\**********\Desktop\Seafile admin.txt
2015-02-19 18:59 - 2015-02-19 18:59 - 00000020 _____ () C:\Users\**********\Desktop\duckdns.txt
2015-02-19 18:55 - 2015-02-19 18:55 - 00000038 _____ () C:\Users\**********\Desktop\twitter.txt
2015-02-19 11:19 - 2015-02-19 11:23 - 00000000 ____D () C:\Users\**********\Desktop\********** AustroControl
2015-02-17 18:49 - 2015-02-17 18:49 - 00000216 _____ () C:\Users\**********\Desktop\Stipendien.txt
2015-02-17 17:18 - 2015-02-17 17:18 - 20956479 _____ () C:\Users\**********\Desktop\20150217_171825.mp4
2015-02-17 16:45 - 2015-02-17 16:45 - 00000031 _____ () C:\Users\**********\Downloads\choord_673610f4a47d420bb93d89a613d0e4ea.txt
2015-02-17 16:22 - 2015-02-17 16:22 - 00000000 ____D () C:\Users\**********\Documents\ArcGIS
2015-02-17 16:20 - 2015-02-17 16:20 - 00000000 ____D () C:\ProgramData\ESRI
2015-02-17 15:50 - 2015-02-17 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS
2015-02-17 15:49 - 2015-02-17 15:49 - 00000000 ____D () C:\Python27
2015-02-17 15:49 - 2015-02-17 15:49 - 00000000 ____D () C:\Program Files (x86)\ArcGIS
2015-02-17 15:47 - 2015-02-17 15:47 - 00000000 ____D () C:\Program Files (x86)\ArcGIS 10.2.2
2015-02-16 18:28 - 2015-02-16 18:28 - 00000194 _____ () C:\Users\**********\Desktop\Anzahl Tankstellen ********** und ich.txt
2015-02-16 11:14 - 2015-02-16 11:14 - 00000029 _____ () C:\Users\**********\Desktop\e-tankstellenfinder account.txt
2015-02-16 00:00 - 2015-02-16 00:29 - 00000276 _____ () C:\Users\**********\Desktop\Angaben laut Betreiber - Operator.txt
2015-02-15 15:17 - 2015-02-15 15:17 - 00000013 _____ () C:\Users\**********\Desktop\VMs pwds.txt
2015-02-15 13:22 - 2015-02-15 13:23 - 33467360 _____ (Hewlett-Packard ) C:\Users\**********\Downloads\sp58611.exe
2015-02-15 13:21 - 2015-02-15 13:26 - 170633776 _____ (Hewlett Packard ) C:\Users\**********\Downloads\sp49667.exe
2015-02-15 13:20 - 2015-02-15 13:20 - 09838408 _____ (Beats Electronics, LLC) C:\Users\**********\Downloads\Beats-Updater-Installer.exe
2015-02-14 22:25 - 2015-02-14 22:25 - 00000065 _____ () C:\Users\**********\Desktop\deutsche umlaute php.txt
2015-02-14 19:58 - 2015-02-14 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-02-14 19:58 - 2015-02-12 16:54 - 00921144 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxDrv.sys
2015-02-14 19:57 - 2015-02-12 16:53 - 00128592 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSBMon.sys
2015-02-14 19:50 - 2015-02-14 19:50 - 05487040 _____ (Microsoft Corporation) C:\Users\**********\Downloads\Windows8-Setup.exe
2015-02-14 19:21 - 2015-02-14 22:29 - 00000000 ___RD () C:\ESD
2015-02-14 19:19 - 2015-02-14 19:19 - 04954736 _____ (Microsoft Corporation) C:\Users\**********\Downloads\WindowsSetupBox.exe
2015-02-14 19:19 - 2015-02-14 19:19 - 01322960 _____ (Microsoft Corporation) C:\Users\**********\Downloads\mediacreationtool.exe
2015-02-14 17:15 - 2015-02-16 00:21 - 00014856 _____ () C:\Users\**********\Desktop\wien energie e-tankstellen.xlsx
2015-02-14 15:57 - 2015-03-02 20:57 - 00048378 _____ () C:\Users\**********\Desktop\Job I u II.xlsx
2015-02-14 12:52 - 2015-02-14 12:52 - 23900160 _____ () C:\Users\**********\Downloads\mysql-workbench-community-6.2.4-win32.msi
2015-02-14 12:49 - 2015-02-14 12:50 - 00887896 _____ (Microsoft Corporation) C:\Users\**********\Downloads\dotNetFx40_Client_setup.exe
2015-02-14 12:49 - 2015-02-14 12:49 - 07195928 _____ (Microsoft Corporation) C:\Users\**********\Downloads\vcredist_x64.exe
2015-02-14 12:39 - 2015-02-14 13:53 - 00000081 _____ () C:\Users\**********\Desktop\pwds.txt
2015-02-14 12:22 - 2015-02-14 12:22 - 26955776 _____ () C:\Users\**********\Downloads\mysql-workbench-community-6.2.4-winx64.msi
2015-02-14 12:20 - 2015-02-14 12:43 - 01343488 _____ () C:\Users\**********\Documents\Erevolution.accdb
2015-02-14 12:20 - 2015-02-14 12:20 - 00348160 _____ () C:\Users\**********\Documents\Database3.accdb
2015-02-14 12:16 - 2015-02-14 12:20 - 00352256 _____ () C:\Users\**********\Documents\Database2.accdb
2015-02-13 23:35 - 2015-02-13 23:36 - 00000000 ____D () C:\Users\**********\Desktop\********** FHTW IWIW
2015-02-13 23:29 - 2015-02-13 23:30 - 110513864 _____ (Oracle Corporation) C:\Users\**********\Downloads\VirtualBox-4.3.22-98236-Win.exe
2015-02-13 23:28 - 2015-02-13 23:28 - 46286392 _____ (ownCloud) C:\Users\**********\Downloads\ownCloud-1.7.1.4382-setup.exe
2015-02-13 22:35 - 2015-02-15 12:28 - 00000000 ____D () C:\Users\**********\Desktop\Ayudarum Job I u II
2015-02-13 20:40 - 2015-02-13 22:00 - 00000023 _____ () C:\windows\ODBCINST.INI
2015-02-13 20:32 - 2015-02-13 20:32 - 00000000 ____D () C:\windows\System32\Tasks\MySQL
2015-02-13 20:23 - 2015-02-13 20:23 - 00000000 ____D () C:\Program Files (x86)\PHP
2015-02-13 19:55 - 2015-02-13 23:24 - 00000000 ____D () C:\Users\DefaultAppPool
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Vorlagen
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Startmenü
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Netzwerkumgebung
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Lokale Einstellungen
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Eigene Dateien
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Druckumgebung
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Documents\Eigene Musik
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Documents\Eigene Bilder
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\AppData\Local\Verlauf
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Anwendungsdaten
2015-02-13 19:55 - 2015-01-29 11:33 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Roaming\Hewlett-Packard
2015-02-13 19:55 - 2014-05-21 13:53 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2015-02-13 19:55 - 2013-08-10 21:16 - 00000000 ____D () C:\Users\DefaultAppPool\Documents\Visual Studio 2012
2015-02-13 19:55 - 2012-10-17 00:48 - 00000000 ____D () C:\Users\DefaultAppPool\Documents\Visual Studio 2010
2015-02-13 19:55 - 2012-10-17 00:46 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2015-02-13 19:55 - 2011-02-11 06:19 - 00000020 ___SH () C:\Users\DefaultAppPool\ntuser.ini
2015-02-13 19:55 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-13 19:55 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-13 19:53 - 2015-02-13 23:12 - 00090949 _____ () C:\windows\iis7.log
2015-02-13 19:52 - 2015-02-13 19:52 - 00000000 ____D () C:\inetpub
2015-02-13 19:42 - 2015-02-13 23:44 - 00000000 ____D () C:\Users\**********\Downloads\eigene Cloud
2015-02-13 19:39 - 2015-02-13 23:52 - 00000000 ____D () C:\Users\**********\Downloads\Raspberry
2015-02-13 10:43 - 2015-03-02 18:24 - 00003192 _____ () C:\windows\System32\Tasks\HPCeeScheduleFor**********
2015-02-13 10:43 - 2015-03-02 18:24 - 00000336 _____ () C:\windows\Tasks\HPCeeScheduleFor**********.job
2015-02-12 16:53 - 2015-02-12 16:53 - 00204264 _____ (Oracle Corporation) C:\windows\system32\VBoxNetFltNobj.dll
2015-02-12 16:53 - 2015-02-12 16:53 - 00156360 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxNetFlt.sys
2015-02-12 16:53 - 2015-02-12 16:53 - 00141440 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxNetAdp.sys
2015-02-12 13:27 - 2015-02-12 13:27 - 00005261 _____ () C:\Users\**********\Desktop\10.9 Heiratsproblem.html
2015-02-12 13:27 - 2015-02-12 13:27 - 00000000 ____D () C:\Users\**********\Desktop\10.9 Heiratsproblem-Dateien
2015-02-12 10:35 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-12 10:35 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-12 10:35 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-12 10:35 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-11 09:45 - 2015-02-11 09:46 - 42498888 _____ (Samsung Electronics Co., Ltd.) C:\Users\**********\Downloads\Kies3Setup.exe
2015-02-11 09:38 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-11 09:38 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-11 09:38 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-11 09:38 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-11 09:13 - 2015-02-11 09:13 - 00000102 _____ () C:\Users\**********\Desktop\Führerschein_Daten.txt
2015-02-11 08:30 - 2015-02-11 08:30 - 03472134 _____ () C:\Users\**********\Downloads\TCUnlock_v2.zip
2015-02-11 08:18 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-11 08:18 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-11 08:18 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-11 08:18 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-11 08:18 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-11 08:18 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-11 08:18 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-11 08:18 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-11 08:18 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-11 08:18 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-11 08:18 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-11 08:18 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-11 08:18 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-11 08:18 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-11 08:18 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-11 08:18 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-11 08:18 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-11 08:18 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-11 08:18 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-11 08:18 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 08:18 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-11 08:18 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-11 08:18 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-11 08:18 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-02-11 08:18 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-02-11 08:18 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-11 08:18 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-11 08:18 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-11 08:18 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-11 08:18 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-02-11 08:18 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-11 08:18 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-02-11 08:18 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-11 08:18 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-11 08:18 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-11 08:18 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-11 08:18 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-11 08:18 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-11 08:18 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 08:18 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-02-11 08:18 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-11 08:18 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-11 08:18 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-11 08:18 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-11 08:18 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-11 08:18 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-02-11 08:18 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-11 08:18 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-11 08:18 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-11 08:18 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-11 08:18 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-11 08:18 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-11 08:17 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-11 08:17 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-11 08:17 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-11 08:17 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-11 08:17 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-11 08:17 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-11 08:17 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-11 08:17 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-11 08:17 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-11 08:17 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-11 08:17 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-11 08:17 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-11 08:17 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-11 08:17 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-11 08:17 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-11 08:17 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-11 08:17 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-11 08:17 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-11 08:17 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-11 08:17 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-11 08:17 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-11 08:17 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-11 08:17 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-11 08:17 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-11 08:17 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-11 08:17 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-11 08:17 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-11 08:17 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-11 08:17 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-11 08:17 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-11 08:17 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-11 08:17 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-11 08:17 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-11 08:17 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-11 08:17 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-11 08:17 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-02-11 08:17 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-02-11 08:17 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-11 08:17 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-02-11 08:17 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-02-11 08:17 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-02-11 08:17 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-02-11 08:17 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-11 08:17 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-02-11 08:16 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-11 08:16 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-11 08:16 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-11 08:16 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-11 08:16 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-11 08:16 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-11 08:16 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-11 08:16 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-11 08:16 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 08:16 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-11 08:16 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-11 08:16 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-09 10:55 - 2015-02-09 11:03 - 00011469 _____ () C:\Users\**********\Desktop\Mac_Adress_Liste_WKO.xlsx
2015-02-09 10:12 - 2015-02-09 10:14 - 00000810 _____ () C:\Users\**********\Desktop\unbekannte stationen.txt
2015-02-05 16:38 - 2015-02-17 19:03 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-02-03 23:20 - 2015-02-03 23:20 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Notepad++
2015-02-03 23:20 - 2015-02-03 23:20 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-02-03 23:20 - 2015-02-03 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-02-03 23:20 - 2015-02-03 23:20 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-02-03 23:19 - 2015-02-03 23:20 - 07965917 _____ () C:\Users\**********\Downloads\npp.6.7.4.Installer.exe
2015-02-03 15:50 - 2015-02-03 15:50 - 00000000 ____D () C:\Users\**********\.jmc
2015-02-03 15:49 - 2015-02-03 15:49 - 00000000 ____D () C:\Users\**********\.eclipse
2015-02-03 15:35 - 2015-02-03 15:34 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2015-02-03 15:34 - 2015-02-03 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-02-03 15:33 - 2015-02-03 15:34 - 00000000 ____D () C:\Program Files\Java
2015-02-03 13:52 - 2015-02-03 14:11 - 1073741824 _____ () C:\Users\**********\Downloads\kubuntu-14.04.1-desktop-i386.iso
2015-02-03 11:34 - 2001-11-08 10:27 - 00237568 _____ () C:\windows\SysWOW64\glut32.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-03 18:30 - 2012-09-04 09:46 - 01723448 _____ () C:\windows\WindowsUpdate.log
2015-03-03 18:26 - 2013-12-15 15:12 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-03 18:24 - 2014-09-30 17:29 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-03 18:19 - 2009-07-14 05:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-03 18:19 - 2009-07-14 05:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-03 18:16 - 2012-10-17 17:48 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Skype
2015-03-03 18:16 - 2012-05-17 21:30 - 00000000 ____D () C:\ProgramData\PDFC
2015-03-03 18:15 - 2014-07-31 17:28 - 00000000 ___RD () C:\Users\**********\Dropbox
2015-03-03 18:15 - 2012-10-30 15:02 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Dropbox
2015-03-03 18:12 - 2010-11-21 04:47 - 00378152 _____ () C:\windows\PFRO.log
2015-03-03 18:12 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-03 18:12 - 2009-07-14 05:51 - 00188444 _____ () C:\windows\setupact.log
2015-03-03 18:11 - 2014-01-31 21:38 - 00000000 ____D () C:\AdwCleaner
2015-03-03 18:03 - 2012-05-17 20:15 - 00736966 _____ () C:\windows\system32\perfh007.dat
2015-03-03 18:03 - 2012-05-17 20:15 - 00159896 _____ () C:\windows\system32\perfc007.dat
2015-03-03 18:03 - 2009-07-14 06:13 - 01703554 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-03 17:54 - 2009-07-14 06:08 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-03-03 15:21 - 2012-10-17 17:35 - 00000000 ____D () C:\Users\**********
2015-03-03 14:00 - 2012-11-12 21:24 - 00000000 ____D () C:\Users\**********\.android
2015-03-03 13:59 - 2012-09-04 09:51 - 00000000 ____D () C:\Program Files\Intel
2015-03-03 13:08 - 2014-10-13 11:16 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-03 13:08 - 2012-09-04 10:20 - 00000000 ____D () C:\ProgramData\Skype
2015-03-03 09:15 - 2012-10-27 18:51 - 00000000 ___RD () C:\Users\**********\Desktop\**********
2015-03-02 23:23 - 2012-10-17 17:38 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{58A1A065-50A4-4B53-A0F0-CCC392C0F426}
2015-03-02 10:11 - 2013-11-28 22:15 - 00000413 _____ () C:\Users\**********\Desktop\TODO.txt
2015-03-01 18:02 - 2012-10-26 17:25 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-01 18:02 - 2012-10-26 17:25 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-01 17:55 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-03-01 17:43 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2015-03-01 17:23 - 2014-10-21 13:15 - 00000000 ____D () C:\Users\**********\Downloads\flightradar24
2015-03-01 11:30 - 2014-08-21 20:34 - 00000000 ____D () C:\Users\**********\AppData\Local\Adobe
2015-03-01 11:30 - 2013-05-03 11:47 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-01 09:47 - 2012-10-26 17:25 - 00004118 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-01 09:47 - 2012-10-26 17:25 - 00003866 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-01 09:46 - 2014-10-21 13:10 - 00002956 _____ () C:\windows\System32\Tasks\{66447AA1-3C8E-4F0E-A1A3-E1BDC28208C5}
2015-03-01 09:46 - 2014-10-02 16:52 - 00003166 _____ () C:\windows\System32\Tasks\{351480D6-6012-4793-9E12-EA32AEBEEE0A}
2015-03-01 09:46 - 2012-10-18 12:19 - 00003278 _____ () C:\windows\System32\Tasks\{044952C2-37A7-4EED-A8AC-037C704164B8}
2015-03-01 09:32 - 2012-11-14 15:03 - 00000000 ____D () C:\Users\**********\AppData\Roaming\SoftGrid Client
2015-02-28 20:47 - 2015-01-02 23:47 - 00000047 _____ () C:\Users\**********\Desktop\Bigbang.txt
2015-02-28 20:23 - 2014-12-09 17:04 - 00004340 _____ () C:\Users\**********\AppData\Roaming\LTspiceIV.ini
2015-02-28 19:25 - 2012-10-18 19:54 - 00003148 _____ () C:\windows\System32\Tasks\SidebarExecute
2015-02-28 18:28 - 2014-01-31 22:18 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Malwarebytes
2015-02-28 18:27 - 2014-01-31 22:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-28 18:11 - 2013-04-06 21:43 - 00019748 _____ () C:\Users\**********\Downloads\hijackthis.log
2015-02-28 18:07 - 2013-01-19 14:44 - 00000000 ____D () C:\ProgramData\tmp
2015-02-28 17:57 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-28 14:54 - 2012-10-20 15:15 - 00000000 ____D () C:\Users\**********\Desktop\FH Technikum Wien_Intelligente Verkehrssysteme
2015-02-28 14:49 - 2014-01-08 07:48 - 00000000 ____D () C:\Users\**********\Documents\Citavi 4
2015-02-28 12:44 - 2014-12-18 11:23 - 00000000 ____D () C:\Users\**********\AppData\Local\TSVNCache
2015-02-28 08:10 - 2012-10-17 21:15 - 00000000 ____D () C:\Users\**********\Documents\Visual Studio 2010
2015-02-27 20:35 - 2014-02-18 15:35 - 00000682 _____ () C:\windows\BRRBCOM.INI
2015-02-27 19:01 - 2012-10-27 12:56 - 00000000 ____D () C:\Users\**********\AppData\Roaming\vlc
2015-02-27 12:29 - 2013-08-10 13:13 - 00000000 ____D () C:\Users\**********\Documents\Visual Studio 2012
2015-02-26 18:24 - 2012-10-18 17:32 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2015-02-25 20:51 - 2013-03-29 18:54 - 00000000 ____D () C:\Users\**********\AppData\Local\ActiveState
2015-02-25 18:30 - 2012-10-17 18:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-21 18:41 - 2015-01-22 21:36 - 00012192 _____ () C:\Users\**********\Desktop\Lotto.xlsx
2015-02-19 20:30 - 2014-05-26 18:28 - 00000000 ____D () C:\Users\**********\.VirtualBox
2015-02-19 12:04 - 2012-11-08 22:59 - 00000000 ____D () C:\Users\**********\Downloads\Windows
2015-02-18 10:20 - 2009-07-14 05:45 - 00486288 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-17 19:03 - 2013-01-30 14:43 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-02-17 16:52 - 2012-11-24 14:50 - 00000000 ____D () C:\Users\**********\AppData\Local\ESRI
2015-02-17 16:22 - 2012-11-24 14:50 - 00000000 ____D () C:\Users\**********\AppData\Roaming\ESRI
2015-02-17 16:22 - 2012-10-17 17:39 - 00145096 _____ () C:\Users\**********\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-17 16:10 - 2014-02-18 15:28 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-02-15 16:51 - 2015-01-26 12:15 - 00000000 ____D () C:\Users\**********\Desktop\Ahnen
2015-02-15 15:11 - 2014-05-26 18:28 - 00000000 ____D () C:\Users\**********\VirtualBox VMs
2015-02-15 13:24 - 2012-05-17 21:34 - 00143262 _____ () C:\windows\DPINST.LOG
2015-02-15 13:22 - 2013-01-24 18:37 - 00000000 ____D () C:\Program Files\DIFX
2015-02-14 12:52 - 2013-08-10 09:08 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-14 06:52 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2015-02-13 23:05 - 2011-07-29 00:51 - 00000000 ____D () C:\swsetup
2015-02-13 23:05 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\SysWOW64\inetsrv
2015-02-13 23:05 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\inetsrv
2015-02-13 21:57 - 2014-04-24 20:35 - 00000000 ____D () C:\ProgramData\MySQL
2015-02-13 20:36 - 2012-05-17 21:21 - 01736652 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-02-13 10:34 - 2012-10-30 15:03 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-11 16:43 - 2015-01-23 17:41 - 00000000 ____D () C:\Users\**********\Documents\Ahnenblatt
2015-02-11 16:32 - 2015-01-23 17:41 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Ahnenblatt
2015-02-11 10:48 - 2013-03-31 23:52 - 00008878 _____ () C:\windows\SysWOW64\SystemData.xml
2015-02-11 10:47 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\tracing
2015-02-11 10:02 - 2014-12-19 13:28 - 00000000 ____D () C:\Users\**********\Documents\SelfMV
2015-02-11 10:02 - 2014-12-19 09:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-02-11 09:45 - 2013-06-06 14:20 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Samsung
2015-02-11 09:25 - 2014-12-11 23:23 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-11 09:25 - 2014-05-06 10:21 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-11 09:24 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-02-11 09:21 - 2012-10-17 00:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 09:19 - 2013-07-15 13:12 - 00000000 ____D () C:\windows\system32\MRT
2015-02-11 09:15 - 2012-10-16 23:55 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-05 18:33 - 2013-03-07 18:07 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-05 17:26 - 2013-12-15 15:12 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 17:26 - 2012-05-17 21:30 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 17:26 - 2012-05-17 21:30 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 16:36 - 2013-04-08 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON
2015-02-03 13:40 - 2014-12-14 11:56 - 00000000 ____D () C:\Users\**********\AppData\Roaming\SPB_16.6
2015-02-01 23:21 - 2015-01-31 17:48 - 00000018 _____ () C:\Users\**********\Desktop\New Girl.txt
==================== Files in the root of some directories =======
2014-12-09 17:04 - 2015-02-28 20:23 - 0004340 _____ () C:\Users\**********\AppData\Roaming\LTspiceIV.ini
2014-12-14 11:53 - 2014-12-14 11:53 - 0000076 _____ () C:\Users\**********\AppData\Roaming\mbam.context.scan
2014-01-08 18:48 - 2014-01-24 16:04 - 0000300 _____ () C:\Users\**********\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2012-11-04 14:22 - 2012-11-15 13:59 - 0007168 _____ () C:\Users\**********\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-16 17:00 - 2014-04-16 17:00 - 0000719 _____ () C:\Users\**********\AppData\Local\recently-used.xbel
2012-10-20 15:04 - 2013-04-25 20:16 - 0007618 _____ () C:\Users\**********\AppData\Local\Resmon.ResmonCfg
2014-02-12 15:32 - 2014-02-12 15:48 - 0000125 ___SH () C:\ProgramData\.zreglib
2013-05-04 12:39 - 2013-05-23 20:46 - 0000122 _____ () C:\ProgramData\RegComSrv.txt
Some content of TEMP:
====================
C:\Users\**********\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzn0lbh.dll
C:\Users\**********\AppData\Local\Temp\Quarantine.exe
C:\Users\**********\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-25 14:04
==================== End Of Log ============================
--- --- --- |
|
03.03.2015, 18:34
| #10 |
| | FRST AdditionCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015
Ran by ********** at 2015-03-03 18:30:54
Running from C:\Users\**********\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Tools for .Net 3.5 - DEU Lang Pack (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Advanced Archive Password Recovery (HKLM-x32\...\{6E356EEF-203C-451B-9144-CBF099E3738A}) (Version: 4.54.55.1642 - Elcomsoft Co. Ltd.)
Ahnenblatt 2.86 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.86.0.1 - Dirk Böttcher)
AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.39.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.39.0 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{426B43EC-284B-8DAB-5419-D8418C7C3D26}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcGIS 10.2.2 for Desktop - Sprachpaket Deutsch (HKLM-x32\...\ArcGIS 10.2.2 for Desktop - Sprachpaket Deutsch) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2.2 for Desktop - Sprachpaket Deutsch (x32 Version: 10.2.3552 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS 10.2.2 for Desktop (HKLM-x32\...\ArcGIS 10.2.2 for Desktop) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2.2 for Desktop (x32 Version: 10.2.3552 - Environmental Systems Research Institute, Inc.) Hidden
Autopsy (HKLM\...\{0C6B9E76-7617-4661-BE60-65C77CC10C06}) (Version: 3.1.1 - The Sleuth Kit)
Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 DEU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5300 - Broadcom Corporation)
Brother MFL-Pro Suite DCP-9020CDW (HKLM-x32\...\{E98A9C92-E767-475B-8BC6-8780A86DDC72}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.3.0.15 - Swiss Academic Software)
CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Crystal Reports 2008 Runtime (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.0.0.683 - Business Objects)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.2106 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2531 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAS (HKLM-x32\...\DAS) (Version: 3.3.1 - )
DAS (HKU\S-1-5-21-3005992195-605650759-3539824770-1001\...\DAS) (Version: 3.3.1 - Infineon Technologies AG)
DAS (x32 Version: 3.3.1 - Infineon Technologies AG) Hidden
Devenv-Ressourcen für Microsoft Visual Studio 2012 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.1.0 - Hewlett-Packard Company)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition Language Pack (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.41.36204 - Hewlett-Packard Company)
Dropbox (HKU\S-1-5-21-3005992195-605650759-3539824770-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Embedded Security for HP ProtectTools (HKLM\...\{F75C607F-9341-47B3-83FC-CC66B9C519E8}) (Version: 7.0.100.3001 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Entity Framework Designer für Visual Studio 2012 - DEU (HKLM-x32\...\{B2BDC072-BE01-432D-B281-30891D597FBB}) (Version: 11.1.30729.00 - Microsoft Corporation)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{70D065C3-77E5-45E9-A75C-EEB2E84EA869}) (Version: 11.0.2100.60 - Microsoft Corporation)
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.2.2.4549 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.2.2.4549 - Hewlett-Packard Company) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Freedome (HKLM-x32\...\F-Secure Freedome) (Version: 1.0.649.0 - F-Secure Corporation)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hotfix für Microsoft Visual C# 2010 Express - DEU (KB2635973) (HKLM-x32\...\{D81641E8-ABF1-3D07-803B-60E8FC619368}.KB2635973) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual C++ 2010 Express - DEU (KB2635973) (HKLM-x32\...\{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}.KB2635973) (Version: 1 - Microsoft Corporation)
HP 3D DriveGuard (HKLM\...\{B64F0818-316F-4237-8CB4-35BC2DA784C2}) (Version: 5.1.12.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{C0ED9561-8312-457C-BB1B-BDC7EE034CED}) (Version: 4.7.4.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{8B2A1CFD-8F88-4081-9E18-99395CC27EE6}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
HP File Sanitizer (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 8.1.1.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1113.1_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{53C48A27-4079-49EB-8E73-76BA85D2BF6F}) (Version: 5.0.24.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{4F38594F-2C4A-4C42-B2C4-505E225F6F80}) (Version: 11.14.0004 - HP)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.2.1213 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{23544215-E6E6-448B-B6E9-6268D5B3E74D}) (Version: 3.5.0.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{3A61A282-4F08-4D43-920C-DC30ECE528E8}) (Version: 2.6.1 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.27.17 - Roxio)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.2 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.5.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 8 Update 31 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180310}) (Version: 8.0.310.13 - Oracle Corporation)
JavaScript Tooling (Version: 11.0.60315 - Microsoft Corporation) Hidden
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Keil µVision4 (HKLM-x32\...\Keil µVision4) (Version: - )
LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for de-de (x32 Version: 8.59.25584 - Microsoft) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{98B45D1C-6EB1-460D-A87D-2B60678DC105}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM\...\{8D00DBC4-DEB4-4910-9D7C-30A5C6898195}) (Version: 4.6.3.24870 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM-x32\...\{342C9BB8-65A0-46DE-AB7A-8031E151AF69}) (Version: 4.6.1.20870 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM-x32\...\{5D80483C-D297-4E04-9EDF-DD58521E9565}) (Version: 4.6.2.24020 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM-x32\...\{8D00DBC4-DEB4-4910-9D7C-30A5C6898195}) (Version: 4.6.3.24870 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 - DEU (HKLM-x32\...\{07AC2D83-E795-4AD5-970D-B9BD14A1E411}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages - DEU (HKLM-x32\...\{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK - Deutsch (HKLM-x32\...\{8EA792A5-38AA-4F0E-8DFE-D1BAF1145431}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK - DEU (HKLM-x32\...\{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{EF18EF0F-96D3-4A6B-9600-2197F1720A15}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{28C7A4BB-3966-4373-8376-C11F38290630}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (11.1.20627.00) (HKLM-x32\...\{F6F1EE45-97E9-48A3-94B2-044B0A3C08D3}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20627.00) (HKLM-x32\...\{CEEDB2C4-46BE-4340-BAB9-F30110D9BBB8}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C668416A-9213-4058-B7F2-01A42D85559D}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{0D432429-C79C-462D-ABD8-4D82B83A954B}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C# 2010 Express - DEU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{3c3aafc8-d898-43ec-998f-965ffdae065a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2012 (HKLM-x32\...\{0bc17680-a2d9-42c0-9c26-0b8ecac2b473}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - DEU (HKLM-x32\...\{86756584-C41A-4CA3-B42D-4768C7720F56}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Oracle VM VirtualBox 4.3.22 (HKLM\...\{F053F74A-A631-4CFA-A271-6D0747599BC9}) (Version: 4.3.22 - Oracle Corporation)
OrCAD 16.6 Lite (HKU\S-1-5-21-3005992195-605650759-3539824770-1001\...\{12C79350-444D-48E0-B05C-1E610FF17F1A}) (Version: 16.60.001 - Cadence Design Systems)
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.50 - PDF Complete, Inc)
PreEmptive Analytics Client German Language Pack (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
Privacy Manager for HP ProtectTools (HKLM\...\{29AB47F0-C5A3-401F-8A84-3324F2DC8E46}) (Version: 7.0.1.892 - Hewlett-Packard Company)
Python 3.4.2 (HKLM-x32\...\{2583CDBA-8A53-4622-BB67-1D163714C1B4}) (Version: 3.4.16349 - Python Software Foundation)
Samsung Easy Color Manager (HKLM-x32\...\{778EACF8-06C1-47AA-9284-91550E9BAD39}) (Version: 3.02.04 - Samsung Electronics Co., Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14074.11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14074.11 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Sentinel Protection Installer 7.6.3 (HKLM-x32\...\{954D9E32-BE47-43F4-9BFF-6DB46F17EAF2}) (Version: 7.6.3 - SafeNet, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Sun ODF Plugin for Microsoft Office 3.2 (HKLM-x32\...\{BD136CE7-6666-4273-A056-8D92F8625AAB}) (Version: 3.2.9483 - Sun Microsystems)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.23 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38843 - TeamViewer)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.1.02 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.1.02 - Hewlett-Packard Company) Hidden
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Validity Fingerprint Sensor Driver (HKLM\...\{AA51ED2E-DCE7-415F-9C32-CB9B561D216D}) (Version: 4.4.228.0 - Validity Sensors, Inc.)
VIP Access SDK (1.1.0.7) (HKLM-x32\...\VIP Access SDK) (Version: 1.1.0.7 - Symantec Inc.)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2012 Update 4 (KB2707250) (HKLM-x32\...\{312d9252-c71c-4c84-b171-f4ad46e22098}) (Version: 11.0.61030 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WCF Data Services 5.0 (for OData v3) DEU Language Pack (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 11 DEU Language Pack (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
Windows-Treiberpaket - Hewlett-Packard Image (05/24/2012 11.5.0.116) (HKLM\...\B52717176FE34BE856BA6AFDB17D684B819C9D8A) (Version: 05/24/2012 11.5.0.116 - Hewlett-Packard)
Winmail Opener 1.4 (HKLM-x32\...\Winmail Opener) (Version: 1.4 - Eolsoft)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.12.3 (32-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.3 - The Wireshark developer community, hxxp://www.wireshark.org)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\**********\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
28-02-2015 22:19:01 Removed MySQL Workbench 6.2 CE
01-03-2015 18:16:45 Gerätetreiber-Paketinstallation: F-Secure Corporation Netzwerkadapter
03-03-2015 08:27:15 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-03-01 17:42 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0C65CF07-8AC3-42A6-ADB5-25EC0DA34CDC} - System32\Tasks\{99339292-F8F1-4835-BD1B-CD76D09C16A5} => pcalua.exe -a "C:\Program Files (x86)\LTC\LTspiceIV\scad3.exe" -c -uninstall
Task: {166F2512-5713-4888-86E3-905C18B34901} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2061166D-AE18-43BA-87F2-2208F1C7FA21} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2A516365-DE54-4624-99E5-6BED9BC00F10} - System32\Tasks\{66447AA1-3C8E-4F0E-A1A3-E1BDC28208C5} => C:\Users\**********\Downloads\rtl1090\rtl1090.exe
Task: {385F9A42-08BC-4314-A57B-1210DA0D2CB9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {466D6EA5-0330-4E6D-BCE6-F7C31B3F8F1D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-26] (Google Inc.)
Task: {4A6ED720-6C50-4537-81E1-F0A2269DD653} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4C1B20A3-D397-41A2-A777-5BCC905DEF7F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {52E40D9C-7BEC-4846-86AD-D060AA24F42B} - System32\Tasks\HPCeeScheduleFor********** => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {6EACFEE3-EA93-43DC-BE8E-FCE2474338AE} - System32\Tasks\{351480D6-6012-4793-9E12-EA32AEBEEE0A} => pcalua.exe -a C:\Users\**********\Downloads\VirtualBox-4.3.16-95972-Win.exe -d C:\Users\**********\Downloads
Task: {8E6FC9EB-ACE2-4941-A655-0E411FE49CBF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {91C815ED-CF7A-4F63-9D67-AFD1538EC33A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {A0141749-DF32-43BD-8D93-D4FF25D44627} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-26] (Google Inc.)
Task: {C24ABC71-A336-4ABC-BFC4-F758ECDFA277} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CB21407E-871C-4918-BEDC-9CF86DAC2A31} - System32\Tasks\{044952C2-37A7-4EED-A8AC-037C704164B8} => pcalua.exe -a "C:\Users\**********\Desktop\BACKUPS\Thunderbird Backup\10.09.2012\restore.exe" -d "C:\Users\**********\Desktop\BACKUPS\Thunderbird Backup\10.09.2012"
Task: {DC0C0C17-BE5A-40FC-AD90-355E1756E222} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleFor**********.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) ==============
2012-01-17 16:57 - 2012-01-17 16:57 - 00298368 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2013-03-27 11:11 - 2013-03-27 11:11 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-10-12 10:03 - 2011-10-12 10:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll
2010-09-06 12:18 - 2010-09-06 12:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2013-03-27 10:26 - 2013-03-27 10:26 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2011-06-21 06:42 - 2011-06-21 06:42 - 00034304 _____ () C:\windows\System32\sst3cl6.dll
2011-06-21 01:23 - 2011-06-21 01:23 - 00826880 _____ () C:\windows\system32\spool\DRIVERS\x64\3\sst3cdu.dll
2013-03-27 10:28 - 2013-03-27 10:28 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2014-02-18 15:34 - 2005-04-22 05:36 - 00143360 ____R () C:\windows\system32\BrSNMP64.dll
2012-02-10 22:26 - 2012-02-10 22:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2013-06-05 15:51 - 2013-06-05 15:51 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2013-06-05 15:51 - 2013-06-05 15:51 - 00024576 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll
2013-03-06 14:38 - 2013-03-06 14:38 - 03020504 _____ () c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-03-06 14:00 - 2014-03-06 14:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2013-03-27 10:54 - 2013-03-27 10:54 - 02854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2013-03-27 10:26 - 2013-03-27 10:26 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2013-03-27 10:52 - 2013-03-27 10:52 - 03035136 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2013-03-27 10:57 - 2013-03-27 10:57 - 02867200 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2013-03-27 10:55 - 2013-03-27 10:55 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2013-03-27 10:30 - 2013-03-27 10:30 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2013-03-27 10:31 - 2013-03-27 10:31 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2014-10-16 18:56 - 2014-10-16 18:56 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ffecb320f1e95e8c90a5ce2ee658306d\IsdiInterop.ni.dll
2012-05-17 21:24 - 2012-10-18 20:01 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-03-19 07:00 - 2014-03-19 07:00 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2012-09-04 09:51 - 2014-01-31 15:22 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3005992195-605650759-3539824770-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\**********\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^**********^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AirPort Base Station Agent => "C:\Program Files (x86)\AirPort\APAgent.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: CLMLServer_For_P2G8 => "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
MSCONFIG\startupreg: CLVirtualDrive => "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: SoftGridTray => "C:\Program Files (x86)\Microsoft Application Virtualization Client\SFTTray.exe" /autostart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-3005992195-605650759-3539824770-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-3005992195-605650759-3539824770-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3005992195-605650759-3539824770-1003 - Limited - Enabled)
********** (S-1-5-21-3005992195-605650759-3539824770-1001 - Administrator - Enabled) => C:\Users\**********
==================== Faulty Device Manager Devices =============
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Intel(R) 82579LM Gigabit Network Connection
Description: Intel(R) 82579LM Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1cexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Intel(R) Centrino(R) Ultimate-N 6300 AGN
Description: Intel(R) Centrino(R) Ultimate-N 6300 AGN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Bluetooth-Gerät (PAN)
Description: Bluetooth-Gerät (PAN)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (03/03/2015 06:29:18 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-03-01 17:35:06.940
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-01 17:35:06.925
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-09-11 15:58:06.396
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 15:58:06.396
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 15:58:06.380
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 15:58:06.380
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 15:54:29.930
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 15:54:29.852
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-21 09:57:47.330
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-21 09:57:47.329
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz
Percentage of memory in use: 19%
Total physical RAM: 16317.53 MB
Available physical RAM: 13093.02 MB
Total Pagefile: 32633.24 MB
Available Pagefile: 28956.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:675.26 GB) (Free:81.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.96 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:21.08 GB) (Free:3.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: A7525909)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=675.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=23.1 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
04.03.2015, 08:43
| #11 |
| /// the machine /// TB-Ausbilder | Träges System, Veränderungen, mehrere unbekannte ProzesseESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.03.2015, 07:28
| #12 |
| | EsetCode:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8d927ac68214ed46b61bd70fefbaa049
# engine=22752
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-04 08:34:02
# local_time=2015-03-04 09:34:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1296 16777213 100 100 11025 29577524 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 93426 177131092 0 0
# scanned=375831
# found=1
# cleaned=0
# scan_time=5837
sh=848C686280EAA04B172FCCFFBD312132A0C46172 ft=1 fh=7764b0effb0b9556 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\***********\AppData\Local\Temp\OCS\ocs_v7f.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8d927ac68214ed46b61bd70fefbaa049
# engine=22758
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-05 03:18:28
# local_time=2015-03-05 04:18:28 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1296 16777213 100 100 35291 29601790 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 117692 177155358 0 0
# scanned=953153
# found=5
# cleaned=5
# scan_time=14423
sh=848C686280EAA04B172FCCFFBD312132A0C46172 ft=1 fh=7764b0effb0b9556 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\***********\AppData\Local\Temp\OCS\ocs_v7f.exe.vir"
sh=0DFF9EB79CA0C3879D8A119F83281C90FD06319B ft=1 fh=3da9cf8e2b07072d vn="Variante von Win32/MessengerPlus.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\***********\Desktop\***********\Downloads\Setup-MsgPlus-501.exe"
sh=B58770280408E2AFBC63EE11ECD6D86CBECB2F04 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NSW Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\Temp\ioc490A.tmp"
sh=B58770280408E2AFBC63EE11ECD6D86CBECB2F04 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NSW Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\Temp\iocA540.tmp"
sh=B58770280408E2AFBC63EE11ECD6D86CBECB2F04 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NSW Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\Temp\iocDFB4.tmp"
Code:
ATTFilter Results of screen317's Security Check version 0.99.96
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Visual Studio Extensions for Windows Library for JavaScript
JavaScript Tooling
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader XI
Mozilla Firefox (36.0)
Mozilla Thunderbird (31.5.0)
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Internet Security 15.0.0 avp.exe
Kaspersky Lab Kaspersky Internet Security 15.0.0 avpui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Code:
ATTFilter Scan result of Farbar RecHovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by ********* (administrator) on LAPTOP on 05-03-2015 07:25:48
Running from C:\Users\*********\Desktop
Loaded Profiles: ********* (Available profiles: ********* & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\FreedomeService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\FreedomeAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-02-28] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816240 2014-07-02] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-10-18] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2014-01-31] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2014-08-21] (Intel Corporation)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12313720 2012-08-07] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IFXSPMGT] => C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1128312 2014-02-09] (Infineon Technologies AG)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-02-10] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2014-04-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [FreedomeAutoStart] => C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\Freedome.exe [1985064 2015-03-01] (F-Secure Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-3005992195-605650759-3539824770-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
Lsa: [Notification Packages] DPPassFilter scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*********\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*********\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*********\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*********\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*********\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3005992195-605650759-3539824770-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3005992195-605650759-3539824770-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3005992195-605650759-3539824770-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3005992195-605650759-3539824770-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1362838867134
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\*********\AppData\Roaming\Mozilla\Firefox\Profiles\gi23ph1m.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\.DEFAULT: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll (Digital Persona, Inc.)
FF Extension: HP Detect - C:\Users\*********\AppData\Roaming\Mozilla\Firefox\Profiles\gi23ph1m.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012-10-27]
FF Extension: Block site - C:\Users\*********\AppData\Roaming\Mozilla\Firefox\Profiles\gi23ph1m.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2014-01-22]
FF Extension: Fireforce - C:\Users\*********\AppData\Roaming\Mozilla\Firefox\Profiles\gi23ph1m.default\Extensions\fireforce@scrt.ch.xpi [2015-01-06]
FF Extension: FlashGot - C:\Users\*********\AppData\Roaming\Mozilla\Firefox\Profiles\gi23ph1m.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-05-14]
FF Extension: Adblock Plus - C:\Users\*********\AppData\Roaming\Mozilla\Firefox\Profiles\gi23ph1m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-17]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-01-19]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-01-07]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-07-09]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-09-30]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\dpchrome.crx [2012-07-20]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [494456 2012-07-20] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477088 2012-09-04] (Hewlett-Packard Company)
R2 Freedome Service; C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\FreedomeService.exe [109608 2015-03-01] (F-Secure Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-02-10] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1128312 2014-02-09] (Infineon Technologies AG)
R2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [984440 2014-02-09] (Infineon Technologies AG)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2014-01-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2014-01-31] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2013-03-27] () [File not signed]
S4 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14362 2015-02-13] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
R2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [212344 2014-02-09] (Infineon Technologies AG)
R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374048 2010-10-20] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1250592 2010-10-20] (SafeNet, Inc)
R2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292128 2010-10-20] (SafeNet, Inc.)
S3 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2013-02-28] (IDT, Inc.) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2014-07-02] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-02] (Broadcom Corporation.)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-09-04] (Hewlett-Packard Company)
S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [129792 2013-04-24] (Gemalto)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2013-03-23] (JMicron Technology Corp.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-08] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-08] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [91432 2013-03-27] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158760 2013-03-27] (McAfee, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2014-02-09] (Infineon Technologies AG)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19032 2013-07-01] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12384 2013-07-01] ()
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-08-21] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-08-21] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29864 2013-08-21] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-08-21] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-20] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-02-12] (Duplex Secure Ltd.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115488 2014-05-16] (Oracle Corporation)
S3 vNICdrv; C:\Windows\System32\DRIVERS\vNICdrv.sys [20048 2013-05-20] (Iomega Corporation)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-26] (Microsoft Corporation)
S3 ARCVCAM; system32\DRIVERS\ArcSoftVCapture.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 cpuz130; \??\C:\Users\*********\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-05 07:25 - 2015-03-05 07:26 - 00035135 _____ () C:\Users\*********\Desktop\FRST.txt
2015-03-05 07:23 - 2015-03-05 07:23 - 00001021 _____ () C:\Users\*********\Desktop\checkup.txt
2015-03-05 07:17 - 2015-03-01 09:13 - 02092544 _____ (Farbar) C:\Users\*********\Desktop\FRST64.exe
2015-03-04 19:54 - 2015-03-04 19:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-04 18:53 - 2015-03-04 18:53 - 00852594 _____ () C:\Users\*********\Desktop\SecurityCheck.exe
2015-03-04 12:27 - 2015-03-04 12:28 - 25528687 _____ () C:\Users\*********\Downloads\Abgabe_Übergabe_final.zip
2015-03-04 12:06 - 2015-03-04 12:06 - 00535855 _____ () C:\Users\*********\Desktop\Träges System, Veränderungen, mehrere unbekannte Prozesse - Trojaner-Board.html
2015-03-04 12:06 - 2015-03-04 12:06 - 00000000 ____D () C:\Users\*********\Desktop\Träges System, Veränderungen, mehrere unbekannte Prozesse - Trojaner-Board-Dateien
2015-03-03 17:51 - 2015-03-03 17:51 - 00000114 _____ () C:\Users\*********\Desktop\Job I u II Tipps *********.txt
2015-03-03 15:21 - 2015-03-03 15:21 - 00000000 ____D () C:\Users\*********\Tracing
2015-03-03 14:03 - 2015-03-03 14:07 - 00000000 ____D () C:\Users\*********\AndroidStudioProjects
2015-03-03 14:03 - 2015-03-03 14:03 - 00000000 ____D () C:\Users\*********\.gradle
2015-03-03 14:00 - 2015-03-03 14:00 - 00000000 ____D () C:\Users\*********\AppData\Roaming\JetBrains
2015-03-03 14:00 - 2015-03-03 14:00 - 00000000 ____D () C:\Users\*********\.AndroidStudio
2015-03-03 14:00 - 2015-03-03 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-03-03 13:59 - 2015-01-30 10:02 - 00084992 _____ (Intel Corporation) C:\windows\system32\Drivers\IntelHaxm.sys
2015-03-03 13:53 - 2015-03-03 13:53 - 00000000 ____D () C:\Users\*********\AppData\Local\Android
2015-03-03 13:52 - 2015-03-03 13:52 - 00000000 ____D () C:\Program Files\Android
2015-03-03 13:19 - 2015-03-03 13:19 - 00000000 ____D () C:\Users\*********\Documents\NetBeansProjects
2015-03-03 13:18 - 2015-03-03 13:18 - 00000000 ____D () C:\Users\*********\AppData\Roaming\NetBeans
2015-03-03 13:18 - 2015-03-03 13:18 - 00000000 ____D () C:\Users\*********\AppData\Local\NetBeans
2015-03-03 13:16 - 2015-03-03 13:16 - 00002035 _____ () C:\Users\Public\Desktop\NetBeans IDE 8.0.2.lnk
2015-03-03 13:16 - 2015-03-03 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans
2015-03-03 13:14 - 2015-03-03 13:18 - 00000000 ____D () C:\Program Files\NetBeans 8.0.2
2015-03-03 13:13 - 2015-03-03 13:18 - 00000000 ____D () C:\Users\*********\.nbi
2015-03-03 13:10 - 2015-03-03 13:13 - 856233768 _____ (Google Inc.) C:\Users\*********\Downloads\android-studio-bundle-135.1740770-windows.exe
2015-03-03 13:09 - 2015-03-03 13:12 - 94134224 _____ () C:\Users\*********\Downloads\netbeans-8.0.2-javase-windows.exe
2015-03-02 23:44 - 2015-03-02 23:44 - 00018148 _____ () C:\Users\*********\Desktop\nkO+DuU4.htm
2015-03-02 18:47 - 2015-03-02 18:47 - 00000069 _____ () C:\Users\*********\Desktop\Jahrestag.txt
2015-03-01 18:22 - 2015-03-01 18:23 - 88989512 _____ () C:\Users\*********\Downloads\pCon.planner70setup.exe
2015-03-01 18:22 - 2015-03-01 18:23 - 63886592 _____ (AOMEI Technology Co., Ltd. ) C:\Users\*********\Downloads\Backupper22Full.exe
2015-03-01 18:18 - 2015-03-01 18:18 - 00002306 _____ () C:\Users\Public\Desktop\Freedome.lnk
2015-03-01 18:18 - 2015-03-01 18:18 - 00000000 ____D () C:\Users\*********\AppData\Local\F-Secure
2015-03-01 18:18 - 2015-03-01 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freedome
2015-03-01 18:16 - 2015-03-01 18:16 - 00033832 _____ (The OpenVPN Project) C:\windows\system32\Drivers\tap0901.sys
2015-03-01 18:16 - 2015-03-01 18:16 - 00000000 ____D () C:\ProgramData\F-Secure
2015-03-01 18:16 - 2015-03-01 18:16 - 00000000 ____D () C:\Program Files (x86)\F-Secure
2015-03-01 17:54 - 2015-03-01 18:11 - 00040034 _____ () C:\ComboFix.txt
2015-03-01 17:27 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-03-01 17:27 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-03-01 17:27 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-03-01 17:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-03-01 17:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-03-01 17:27 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-03-01 17:27 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-03-01 17:27 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-03-01 17:26 - 2015-03-01 17:55 - 00000000 ____D () C:\Qoobox
2015-03-01 17:26 - 2015-03-01 17:51 - 00000000 ____D () C:\windows\erdnt
2015-03-01 17:24 - 2015-03-01 17:24 - 05612482 ____R (Swearware) C:\Users\*********\Desktop\ComboFix.exe
2015-03-01 13:43 - 2015-03-01 13:44 - 35325480 _____ (F-Secure Corporation) C:\Users\*********\Downloads\Freedome649.exe
2015-03-01 11:18 - 2015-03-01 11:18 - 00000036 _____ () C:\Users\*********\Desktop\software auszutesten.txt
2015-03-01 09:18 - 2015-03-05 07:25 - 00000000 ____D () C:\FRST
2015-02-28 22:29 - 2015-02-28 22:29 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\*********\Downloads\tdsskiller44.exe
2015-02-28 21:59 - 2015-02-28 21:59 - 00843046 _____ () C:\Users\*********\Desktop\MyPhoneExplorer Client.apk
2015-02-28 21:44 - 2015-02-28 21:46 - 00000040 _____ () C:\Users\*********\Desktop\trojaner-board.txt
2015-02-28 20:44 - 2015-03-05 07:24 - 00000000 ____D () C:\Users\*********\Desktop\Spyware Tools
2015-02-28 20:39 - 2015-02-28 20:39 - 00000000 ____D () C:\Users\*********\Desktop\USB3 Sicherung
2015-02-28 20:18 - 2015-02-28 20:18 - 00018490 _____ () C:\Users\*********\Desktop\cc_20150228_201805.reg
2015-02-28 20:16 - 2015-02-28 20:16 - 00000000 ____D () C:\Users\*********\Downloads\backups
2015-02-28 20:12 - 2015-02-28 20:12 - 00019867 _____ () C:\Users\*********\Desktop\hijackthis.log
2015-02-28 19:36 - 2015-02-28 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-02-28 19:36 - 2015-02-28 19:36 - 00000000 ____D () C:\Program Files\CPUID
2015-02-28 19:31 - 2015-02-28 21:58 - 00000000 ____D () C:\Users\*********\AppData\Roaming\MyPhoneExplorer
2015-02-28 19:31 - 2015-02-28 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2015-02-28 19:31 - 2015-02-28 19:31 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2015-02-28 19:07 - 2015-02-28 20:46 - 00000000 ____D () C:\Users\*********\Desktop\Kaspersky Rescue
2015-02-28 18:51 - 2015-02-28 18:51 - 00387584 _____ () C:\Users\*********\Downloads\rescue2usb.exe
2015-02-28 18:44 - 2015-02-28 18:45 - 00000000 ____D () C:\Users\*********\Desktop\Gelber Kingston
2015-02-28 18:28 - 2015-03-04 19:28 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-28 18:28 - 2015-02-28 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-28 18:27 - 2015-02-28 18:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-02-28 18:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-28 18:27 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-28 18:07 - 2015-02-28 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BIPA FotoShop
2015-02-28 18:04 - 2015-02-28 18:04 - 00000000 ____D () C:\Program Files\BIPA
2015-02-28 18:03 - 2015-02-28 18:03 - 00000000 ____D () C:\Users\*********\AppData\Roaming\hps-install
2015-02-28 18:02 - 2015-03-01 09:47 - 00003118 _____ () C:\windows\System32\Tasks\{99339292-F8F1-4835-BD1B-CD76D09C16A5}
2015-02-28 17:55 - 2015-02-28 17:55 - 00000656 _____ () C:\Users\*********\Desktop\cc_20150228_175504.reg
2015-02-28 17:53 - 2015-02-28 17:53 - 00440218 _____ () C:\Users\*********\Desktop\cc_20150228_175347.reg
2015-02-28 17:35 - 2015-02-28 17:35 - 00000400 _____ () C:\Users\*********\Downloads\setup.log.full
2015-02-28 17:35 - 2015-02-28 17:35 - 00000400 _____ () C:\Users\*********\Downloads\setup.log
2015-02-28 17:31 - 2015-02-28 17:31 - 00000000 ____D () C:\Users\*********\Desktop\Pwd forgot kaspersky
2015-02-28 17:05 - 2015-02-28 17:05 - 00000000 ____D () C:\Users\*********\Downloads\passOff2015
2015-02-27 18:53 - 2015-02-27 18:54 - 20163714 _____ () C:\Users\*********\Desktop\House_of_Cards_Vienna_vs_Washington_DC_Side_by_Side_hd720.mp4
2015-02-26 20:34 - 2015-02-26 20:34 - 01190544 _____ ( ) C:\Users\*********\Downloads\hwmonitor_1.26-setup.exe
2015-02-26 11:47 - 2015-02-26 11:47 - 00003918 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{34EF64D1-2FC7-47A6-BCB4-40D5E60123B1}
2015-02-25 21:10 - 2015-02-25 21:10 - 00000475 _____ () C:\-
2015-02-25 20:58 - 2015-02-25 20:58 - 00009152 _____ () C:\Users\*********\Desktop\perlc.m
2015-02-25 18:19 - 2015-01-09 00:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-25 18:19 - 2015-01-09 00:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-25 17:37 - 2015-02-25 17:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-25 17:35 - 2015-02-25 17:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-25 10:58 - 2015-02-25 10:58 - 00000000 ____D () C:\Users\*********\Desktop\restoration
2015-02-25 10:57 - 2015-02-25 10:58 - 00000000 ____D () C:\Users\*********\AppData\Roaming\autopsy
2015-02-25 10:57 - 2015-02-25 10:57 - 00000036 _____ () C:\.superId
2015-02-25 10:56 - 2015-02-25 10:56 - 00001887 _____ () C:\Users\*********\Desktop\Autopsy 3.1.1.lnk
2015-02-25 10:55 - 2015-02-25 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autopsy
2015-02-25 10:55 - 2015-02-25 10:56 - 00000000 ____D () C:\Program Files\Autopsy-3.1.1
2015-02-25 10:48 - 2015-02-25 10:50 - 294125568 _____ () C:\Users\*********\Downloads\autopsy-3.1.1-32bit.msi
2015-02-25 10:48 - 2015-02-25 10:49 - 298099712 _____ () C:\Users\*********\Downloads\autopsy-3.1.1-64bit.msi
2015-02-23 19:12 - 2015-02-23 19:12 - 00000367 _____ () C:\Users\*********\Downloads\link.kml
2015-02-23 18:48 - 2015-02-23 18:48 - 00000046 _____ () C:\Users\*********\Downloads\choord_b07b46f2e3e342b296d5e1940140a1dc.txt
2015-02-21 20:32 - 2015-02-21 20:33 - 00000000 ____D () C:\Users\*********\Desktop\USB Stick Post
2015-02-21 20:31 - 2015-02-21 22:51 - 1051721728 _____ () C:\Users\*********\Downloads\ubuntu-14.04.2-desktop-i386.iso
2015-02-21 20:31 - 2015-02-21 20:50 - 1044381696 _____ () C:\Users\*********\Downloads\ubuntu-14.04.2-desktop-amd64.iso
2015-02-21 20:30 - 2015-02-21 20:30 - 01088905 _____ (pendrivelinux.com) C:\Users\*********\Downloads\Universal-USB-Installer-1.9.5.9.exe
2015-02-21 11:59 - 2015-02-21 11:59 - 00000000 ____D () C:\Users\*********\Downloads\AMD Driver
2015-02-21 11:58 - 2015-02-21 11:58 - 00001021 _____ () C:\Users\*********\Downloads\ISO to USB.lnk
2015-02-21 11:58 - 2015-02-21 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB
2015-02-21 11:58 - 2015-02-21 11:58 - 00000000 ____D () C:\Program Files (x86)\ISO to USB
2015-02-21 11:56 - 2015-02-21 11:56 - 01733751 _____ (isotousb.com ) C:\Users\*********\Downloads\isotousb_14setup.exe
2015-02-20 20:58 - 2015-02-20 20:59 - 23315064 _____ (Popcorn Official) C:\Users\*********\Downloads\Popcorn-Time-0.3.7.2-Setup.exe
2015-02-20 13:23 - 2015-02-20 13:23 - 00000000 ____D () C:\Users\*********\Downloads\win32
2015-02-20 10:38 - 2015-02-23 15:44 - 00000283 _____ () C:\Users\*********\Desktop\freelancer sms.txt
2015-02-19 21:01 - 2015-02-19 21:02 - 00000000 ____D () C:\Users\*********\Downloads\Seafile
2015-02-19 19:45 - 2015-02-19 19:45 - 00000025 _____ () C:\Users\*********\Desktop\Seafile admin.txt
2015-02-19 18:59 - 2015-02-19 18:59 - 00000020 _____ () C:\Users\*********\Desktop\duckdns.txt
2015-02-19 18:55 - 2015-02-19 18:55 - 00000038 _____ () C:\Users\*********\Desktop\twitter.txt
2015-02-19 11:19 - 2015-02-19 11:23 - 00000000 ____D () C:\Users\*********\Desktop\********* AustroControl
2015-02-17 18:49 - 2015-02-17 18:49 - 00000216 _____ () C:\Users\*********\Desktop\Stipendien.txt
2015-02-17 17:18 - 2015-02-17 17:18 - 20956479 _____ () C:\Users\*********\Desktop\20150217_171825.mp4
2015-02-17 16:45 - 2015-02-17 16:45 - 00000031 _____ () C:\Users\*********\Downloads\choord_673610f4a47d420bb93d89a613d0e4ea.txt
2015-02-17 16:22 - 2015-02-17 16:22 - 00000000 ____D () C:\Users\*********\Documents\ArcGIS
2015-02-17 16:20 - 2015-02-17 16:20 - 00000000 ____D () C:\ProgramData\ESRI
2015-02-17 15:50 - 2015-02-17 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS
2015-02-17 15:49 - 2015-02-17 15:49 - 00000000 ____D () C:\Python27
2015-02-17 15:49 - 2015-02-17 15:49 - 00000000 ____D () C:\Program Files (x86)\ArcGIS
2015-02-17 15:47 - 2015-02-17 15:47 - 00000000 ____D () C:\Program Files (x86)\ArcGIS 10.2.2
2015-02-16 18:28 - 2015-02-16 18:28 - 00000194 _____ () C:\Users\*********\Desktop\Anzahl Tankstellen ********* und ich.txt
2015-02-16 11:14 - 2015-02-16 11:14 - 00000029 _____ () C:\Users\*********\Desktop\e-tankstellenfinder account.txt
2015-02-16 00:00 - 2015-02-16 00:29 - 00000276 _____ () C:\Users\*********\Desktop\Angaben laut Betreiber - Operator.txt
2015-02-15 15:17 - 2015-02-15 15:17 - 00000013 _____ () C:\Users\*********\Desktop\VMs pwds.txt
2015-02-15 13:22 - 2015-02-15 13:23 - 33467360 _____ (Hewlett-Packard ) C:\Users\*********\Downloads\sp58611.exe
2015-02-15 13:21 - 2015-02-15 13:26 - 170633776 _____ (Hewlett Packard ) C:\Users\*********\Downloads\sp49667.exe
2015-02-15 13:20 - 2015-02-15 13:20 - 09838408 _____ (Beats Electronics, LLC) C:\Users\*********\Downloads\Beats-Updater-Installer.exe
2015-02-14 22:25 - 2015-02-14 22:25 - 00000065 _____ () C:\Users\*********\Desktop\deutsche umlaute php.txt
2015-02-14 19:58 - 2015-02-14 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-02-14 19:58 - 2015-02-12 16:54 - 00921144 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxDrv.sys
2015-02-14 19:57 - 2015-02-12 16:53 - 00128592 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSBMon.sys
2015-02-14 19:50 - 2015-02-14 19:50 - 05487040 _____ (Microsoft Corporation) C:\Users\*********\Downloads\Windows8-Setup.exe
2015-02-14 19:21 - 2015-02-14 22:29 - 00000000 ___RD () C:\ESD
2015-02-14 19:19 - 2015-02-14 19:19 - 04954736 _____ (Microsoft Corporation) C:\Users\*********\Downloads\WindowsSetupBox.exe
2015-02-14 19:19 - 2015-02-14 19:19 - 01322960 _____ (Microsoft Corporation) C:\Users\*********\Downloads\mediacreationtool.exe
2015-02-14 17:15 - 2015-02-16 00:21 - 00014856 _____ () C:\Users\*********\Desktop\wien energie e-tankstellen.xlsx
2015-02-14 15:57 - 2015-03-04 19:52 - 00049201 _____ () C:\Users\*********\Desktop\Job I u II.xlsx
2015-02-14 12:52 - 2015-02-14 12:52 - 23900160 _____ () C:\Users\*********\Downloads\mysql-workbench-community-6.2.4-win32.msi
2015-02-14 12:49 - 2015-02-14 12:50 - 00887896 _____ (Microsoft Corporation) C:\Users\*********\Downloads\dotNetFx40_Client_setup.exe
2015-02-14 12:49 - 2015-02-14 12:49 - 07195928 _____ (Microsoft Corporation) C:\Users\*********\Downloads\vcredist_x64.exe
2015-02-14 12:39 - 2015-02-14 13:53 - 00000081 _____ () C:\Users\*********\Desktop\pwds.txt
2015-02-14 12:22 - 2015-02-14 12:22 - 26955776 _____ () C:\Users\*********\Downloads\mysql-workbench-community-6.2.4-winx64.msi
2015-02-14 12:20 - 2015-02-14 12:43 - 01343488 _____ () C:\Users\*********\Documents\Erevolution.accdb
2015-02-14 12:20 - 2015-02-14 12:20 - 00348160 _____ () C:\Users\*********\Documents\Database3.accdb
2015-02-14 12:16 - 2015-02-14 12:20 - 00352256 _____ () C:\Users\*********\Documents\Database2.accdb
2015-02-13 23:35 - 2015-02-13 23:36 - 00000000 ____D () C:\Users\*********\Desktop\********* FHTW IWIW
2015-02-13 23:29 - 2015-02-13 23:30 - 110513864 _____ (Oracle Corporation) C:\Users\*********\Downloads\VirtualBox-4.3.22-98236-Win.exe
2015-02-13 23:28 - 2015-02-13 23:28 - 46286392 _____ (ownCloud) C:\Users\*********\Downloads\ownCloud-1.7.1.4382-setup.exe
2015-02-13 22:35 - 2015-02-15 12:28 - 00000000 ____D () C:\Users\*********\Desktop\Ayudarum Job I u II
2015-02-13 20:40 - 2015-02-13 22:00 - 00000023 _____ () C:\windows\ODBCINST.INI
2015-02-13 20:32 - 2015-02-13 20:32 - 00000000 ____D () C:\windows\System32\Tasks\MySQL
2015-02-13 20:23 - 2015-02-13 20:23 - 00000000 ____D () C:\Program Files (x86)\PHP
2015-02-13 19:55 - 2015-02-13 23:24 - 00000000 ____D () C:\Users\DefaultAppPool
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Vorlagen
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Startmenü
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Netzwerkumgebung
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Lokale Einstellungen
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Eigene Dateien
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Druckumgebung
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Documents\Eigene Musik
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Documents\Eigene Bilder
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\AppData\Local\Verlauf
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _SHDL () C:\Users\DefaultAppPool\Anwendungsdaten
2015-02-13 19:55 - 2015-01-29 11:33 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Roaming\Hewlett-Packard
2015-02-13 19:55 - 2014-05-21 13:53 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2015-02-13 19:55 - 2013-08-10 21:16 - 00000000 ____D () C:\Users\DefaultAppPool\Documents\Visual Studio 2012
2015-02-13 19:55 - 2012-10-17 00:48 - 00000000 ____D () C:\Users\DefaultAppPool\Documents\Visual Studio 2010
2015-02-13 19:55 - 2012-10-17 00:46 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2015-02-13 19:55 - 2011-02-11 06:19 - 00000020 ___SH () C:\Users\DefaultAppPool\ntuser.ini
2015-02-13 19:55 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-13 19:55 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-13 19:53 - 2015-02-13 23:12 - 00090949 _____ () C:\windows\iis7.log
2015-02-13 19:52 - 2015-02-13 19:52 - 00000000 ____D () C:\inetpub
2015-02-13 19:42 - 2015-02-13 23:44 - 00000000 ____D () C:\Users\*********\Downloads\eigene Cloud
2015-02-13 19:39 - 2015-02-13 23:52 - 00000000 ____D () C:\Users\*********\Downloads\Raspberry
2015-02-13 10:43 - 2015-03-02 18:24 - 00003192 _____ () C:\windows\System32\Tasks\HPCeeScheduleFor*********
2015-02-13 10:43 - 2015-03-02 18:24 - 00000336 _____ () C:\windows\Tasks\HPCeeScheduleFor*********.job
2015-02-12 16:53 - 2015-02-12 16:53 - 00204264 _____ (Oracle Corporation) C:\windows\system32\VBoxNetFltNobj.dll
2015-02-12 16:53 - 2015-02-12 16:53 - 00156360 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxNetFlt.sys
2015-02-12 16:53 - 2015-02-12 16:53 - 00141440 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxNetAdp.sys
2015-02-12 13:27 - 2015-02-12 13:27 - 00005261 _____ () C:\Users\*********\Desktop\10.9 Heiratsproblem.html
2015-02-12 13:27 - 2015-02-12 13:27 - 00000000 ____D () C:\Users\*********\Desktop\10.9 Heiratsproblem-Dateien
2015-02-12 10:35 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-12 10:35 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-12 10:35 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-12 10:35 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-11 09:45 - 2015-02-11 09:46 - 42498888 _____ (Samsung Electronics Co., Ltd.) C:\Users\*********\Downloads\Kies3Setup.exe
2015-02-11 09:38 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-11 09:38 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-11 09:38 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-11 09:38 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-11 09:13 - 2015-02-11 09:13 - 00000102 _____ () C:\Users\*********\Desktop\Führerschein_Daten.txt
2015-02-11 08:30 - 2015-02-11 08:30 - 03472134 _____ () C:\Users\*********\Downloads\TCUnlock_v2.zip
2015-02-11 08:18 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-11 08:18 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-11 08:18 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-11 08:18 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-11 08:18 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-11 08:18 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-11 08:18 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-11 08:18 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-11 08:18 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-11 08:18 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-11 08:18 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-11 08:18 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-11 08:18 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-11 08:18 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-11 08:18 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-11 08:18 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-11 08:18 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-11 08:18 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-11 08:18 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-11 08:18 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 08:18 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-11 08:18 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-11 08:18 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-11 08:18 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-02-11 08:18 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-02-11 08:18 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-11 08:18 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-11 08:18 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-11 08:18 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-11 08:18 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-02-11 08:18 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-11 08:18 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-02-11 08:18 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-11 08:18 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-11 08:18 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-11 08:18 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-11 08:18 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-11 08:18 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-11 08:18 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 08:18 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-02-11 08:18 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-11 08:18 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-11 08:18 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-11 08:18 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-11 08:18 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-11 08:18 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-02-11 08:18 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-11 08:18 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-11 08:18 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-11 08:18 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-11 08:18 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-11 08:18 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-11 08:17 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-11 08:17 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-11 08:17 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-11 08:17 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-11 08:17 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-11 08:17 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-11 08:17 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-11 08:17 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-11 08:17 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-11 08:17 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-11 08:17 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-11 08:17 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-11 08:17 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-11 08:17 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-11 08:17 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-11 08:17 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-11 08:17 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-11 08:17 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-11 08:17 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-11 08:17 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-11 08:17 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-11 08:17 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-11 08:17 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-11 08:17 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-11 08:17 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-11 08:17 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-11 08:17 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-11 08:17 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-11 08:17 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-11 08:17 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-11 08:17 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-11 08:17 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-11 08:17 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-11 08:17 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-11 08:17 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-11 08:17 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-02-11 08:17 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-02-11 08:17 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-11 08:17 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-02-11 08:17 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-02-11 08:17 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-02-11 08:17 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-02-11 08:17 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-11 08:17 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-02-11 08:16 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-11 08:16 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-11 08:16 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-11 08:16 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-11 08:16 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-11 08:16 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-11 08:16 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-11 08:16 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-11 08:16 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 08:16 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-11 08:16 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-11 08:16 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-09 10:55 - 2015-02-09 11:03 - 00011469 _____ () C:\Users\*********\Desktop\Mac_Adress_Liste_WKO.xlsx
2015-02-09 10:12 - 2015-02-09 10:14 - 00000810 _____ () C:\Users\*********\Desktop\unbekannte stationen.txt
2015-02-05 16:38 - 2015-02-17 19:03 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-02-03 23:20 - 2015-02-03 23:20 - 00000000 ____D () C:\Users\*********\AppData\Roaming\Notepad++
2015-02-03 23:20 - 2015-02-03 23:20 - 00000000 ____D () C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-02-03 23:20 - 2015-02-03 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-02-03 23:20 - 2015-02-03 23:20 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-02-03 23:19 - 2015-02-03 23:20 - 07965917 _____ () C:\Users\*********\Downloads\npp.6.7.4.Installer.exe
2015-02-03 15:50 - 2015-02-03 15:50 - 00000000 ____D () C:\Users\*********\.jmc
2015-02-03 15:49 - 2015-02-03 15:49 - 00000000 ____D () C:\Users\*********\.eclipse
2015-02-03 15:35 - 2015-02-03 15:34 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2015-02-03 15:34 - 2015-02-03 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-02-03 15:33 - 2015-02-03 15:34 - 00000000 ____D () C:\Program Files\Java
2015-02-03 13:52 - 2015-02-03 14:11 - 1073741824 _____ () C:\Users\*********\Downloads\kubuntu-14.04.1-desktop-i386.iso
2015-02-03 11:34 - 2001-11-08 10:27 - 00237568 _____ () C:\windows\SysWOW64\glut32.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-05 07:26 - 2013-12-15 15:12 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-05 07:17 - 2012-09-04 09:46 - 01800814 _____ () C:\windows\WindowsUpdate.log
2015-03-05 07:16 - 2014-09-30 17:29 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-04 19:07 - 2014-07-31 17:28 - 00000000 ___RD () C:\Users\*********\Dropbox
2015-03-04 18:52 - 2014-01-08 07:48 - 00000000 ____D () C:\Users\*********\Documents\Citavi 4
2015-03-04 18:37 - 2012-05-17 20:15 - 00736966 _____ () C:\windows\system32\perfh007.dat
2015-03-04 18:37 - 2012-05-17 20:15 - 00159896 _____ () C:\windows\system32\perfc007.dat
2015-03-04 18:37 - 2009-07-14 06:13 - 01703554 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-04 18:36 - 2012-10-17 17:48 - 00000000 ____D () C:\Users\*********\AppData\Roaming\Skype
2015-03-04 18:35 - 2012-10-30 15:02 - 00000000 ____D () C:\Users\*********\AppData\Roaming\Dropbox
2015-03-04 18:35 - 2009-07-14 05:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 18:35 - 2009-07-14 05:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-04 18:31 - 2012-05-17 21:30 - 00000000 ____D () C:\ProgramData\PDFC
2015-03-04 18:30 - 2014-02-18 15:35 - 00000682 _____ () C:\windows\BRRBCOM.INI
2015-03-04 18:30 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-04 18:30 - 2009-07-14 05:51 - 00189351 _____ () C:\windows\setupact.log
2015-03-04 18:29 - 2010-11-21 04:47 - 00381152 _____ () C:\windows\PFRO.log
2015-03-04 15:17 - 2012-11-14 15:03 - 00000000 ____D () C:\Users\*********\AppData\Roaming\SoftGrid Client
2015-03-04 11:27 - 2012-10-17 17:38 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{58A1A065-50A4-4B53-A0F0-CCC392C0F426}
2015-03-03 20:02 - 2012-10-27 18:51 - 00000000 ___RD () C:\Users\*********\Desktop\*********
2015-03-03 19:37 - 2013-01-19 14:44 - 00000000 ____D () C:\ProgramData\tmp
2015-03-03 18:11 - 2014-01-31 21:38 - 00000000 ____D () C:\AdwCleaner
2015-03-03 17:54 - 2009-07-14 06:08 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-03-03 15:21 - 2012-10-17 17:35 - 00000000 ____D () C:\Users\*********
2015-03-03 14:00 - 2012-11-12 21:24 - 00000000 ____D () C:\Users\*********\.android
2015-03-03 13:59 - 2012-09-04 09:51 - 00000000 ____D () C:\Program Files\Intel
2015-03-03 13:08 - 2014-10-13 11:16 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-03 13:08 - 2012-09-04 10:20 - 00000000 ____D () C:\ProgramData\Skype
2015-03-02 10:11 - 2013-11-28 22:15 - 00000413 _____ () C:\Users\*********\Desktop\TODO.txt
2015-03-01 18:02 - 2012-10-26 17:25 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-01 18:02 - 2012-10-26 17:25 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-01 17:55 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-03-01 17:43 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2015-03-01 17:23 - 2014-10-21 13:15 - 00000000 ____D () C:\Users\*********\Downloads\flightradar24
2015-03-01 11:30 - 2014-08-21 20:34 - 00000000 ____D () C:\Users\*********\AppData\Local\Adobe
2015-03-01 11:30 - 2013-05-03 11:47 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-01 09:47 - 2012-10-26 17:25 - 00004118 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-01 09:47 - 2012-10-26 17:25 - 00003866 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-01 09:46 - 2014-10-21 13:10 - 00002956 _____ () C:\windows\System32\Tasks\{66447AA1-3C8E-4F0E-A1A3-E1BDC28208C5}
2015-03-01 09:46 - 2014-10-02 16:52 - 00003166 _____ () C:\windows\System32\Tasks\{351480D6-6012-4793-9E12-EA32AEBEEE0A}
2015-03-01 09:46 - 2012-10-18 12:19 - 00003278 _____ () C:\windows\System32\Tasks\{044952C2-37A7-4EED-A8AC-037C704164B8}
2015-02-28 20:47 - 2015-01-02 23:47 - 00000047 _____ () C:\Users\*********\Desktop\Bigbang.txt
2015-02-28 20:23 - 2014-12-09 17:04 - 00004340 _____ () C:\Users\*********\AppData\Roaming\LTspiceIV.ini
2015-02-28 19:25 - 2012-10-18 19:54 - 00003148 _____ () C:\windows\System32\Tasks\SidebarExecute
2015-02-28 18:28 - 2014-01-31 22:18 - 00000000 ____D () C:\Users\*********\AppData\Roaming\Malwarebytes
2015-02-28 18:27 - 2014-01-31 22:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-28 18:11 - 2013-04-06 21:43 - 00019748 _____ () C:\Users\*********\Downloads\hijackthis.log
2015-02-28 17:57 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-28 14:54 - 2012-10-20 15:15 - 00000000 ____D () C:\Users\*********\Desktop\FH Technikum Wien_Intelligente Verkehrssysteme
2015-02-28 12:44 - 2014-12-18 11:23 - 00000000 ____D () C:\Users\*********\AppData\Local\TSVNCache
2015-02-28 08:10 - 2012-10-17 21:15 - 00000000 ____D () C:\Users\*********\Documents\Visual Studio 2010
2015-02-27 19:01 - 2012-10-27 12:56 - 00000000 ____D () C:\Users\*********\AppData\Roaming\vlc
2015-02-27 12:29 - 2013-08-10 13:13 - 00000000 ____D () C:\Users\*********\Documents\Visual Studio 2012
2015-02-26 18:24 - 2012-10-18 17:32 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2015-02-25 20:51 - 2013-03-29 18:54 - 00000000 ____D () C:\Users\*********\AppData\Local\ActiveState
2015-02-25 18:30 - 2012-10-17 18:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-21 18:41 - 2015-01-22 21:36 - 00012192 _____ () C:\Users\*********\Desktop\Lotto.xlsx
2015-02-19 20:30 - 2014-05-26 18:28 - 00000000 ____D () C:\Users\*********\.VirtualBox
2015-02-19 12:04 - 2012-11-08 22:59 - 00000000 ____D () C:\Users\*********\Downloads\Windows
2015-02-18 10:20 - 2009-07-14 05:45 - 00486288 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-17 19:03 - 2013-01-30 14:43 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-02-17 16:52 - 2012-11-24 14:50 - 00000000 ____D () C:\Users\*********\AppData\Local\ESRI
2015-02-17 16:22 - 2012-11-24 14:50 - 00000000 ____D () C:\Users\*********\AppData\Roaming\ESRI
2015-02-17 16:22 - 2012-10-17 17:39 - 00145096 _____ () C:\Users\*********\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-17 16:10 - 2014-02-18 15:28 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-02-15 16:51 - 2015-01-26 12:15 - 00000000 ____D () C:\Users\*********\Desktop\Ahnen
2015-02-15 15:11 - 2014-05-26 18:28 - 00000000 ____D () C:\Users\*********\VirtualBox VMs
2015-02-15 13:24 - 2012-05-17 21:34 - 00143262 _____ () C:\windows\DPINST.LOG
2015-02-15 13:22 - 2013-01-24 18:37 - 00000000 ____D () C:\Program Files\DIFX
2015-02-14 12:52 - 2013-08-10 09:08 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-14 06:52 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2015-02-13 23:05 - 2011-07-29 00:51 - 00000000 ____D () C:\swsetup
2015-02-13 23:05 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\SysWOW64\inetsrv
2015-02-13 23:05 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\inetsrv
2015-02-13 21:57 - 2014-04-24 20:35 - 00000000 ____D () C:\ProgramData\MySQL
2015-02-13 20:36 - 2012-05-17 21:21 - 01736652 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-02-13 10:34 - 2012-10-30 15:03 - 00000000 ____D () C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-11 16:43 - 2015-01-23 17:41 - 00000000 ____D () C:\Users\*********\Documents\Ahnenblatt
2015-02-11 16:32 - 2015-01-23 17:41 - 00000000 ____D () C:\Users\*********\AppData\Roaming\Ahnenblatt
2015-02-11 10:48 - 2013-03-31 23:52 - 00008878 _____ () C:\windows\SysWOW64\SystemData.xml
2015-02-11 10:47 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\tracing
2015-02-11 10:02 - 2014-12-19 13:28 - 00000000 ____D () C:\Users\*********\Documents\SelfMV
2015-02-11 10:02 - 2014-12-19 09:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-02-11 09:45 - 2013-06-06 14:20 - 00000000 ____D () C:\Users\*********\AppData\Roaming\Samsung
2015-02-11 09:25 - 2014-12-11 23:23 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-11 09:25 - 2014-05-06 10:21 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-11 09:24 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-02-11 09:21 - 2012-10-17 00:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 09:19 - 2013-07-15 13:12 - 00000000 ____D () C:\windows\system32\MRT
2015-02-11 09:15 - 2012-10-16 23:55 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-05 18:33 - 2013-03-07 18:07 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-05 17:26 - 2013-12-15 15:12 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 17:26 - 2012-05-17 21:30 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 17:26 - 2012-05-17 21:30 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 16:36 - 2013-04-08 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON
2015-02-03 13:40 - 2014-12-14 11:56 - 00000000 ____D () C:\Users\*********\AppData\Roaming\SPB_16.6
==================== Files in the root of some directories =======
2014-12-09 17:04 - 2015-02-28 20:23 - 0004340 _____ () C:\Users\*********\AppData\Roaming\LTspiceIV.ini
2014-12-14 11:53 - 2014-12-14 11:53 - 0000076 _____ () C:\Users\*********\AppData\Roaming\mbam.context.scan
2014-01-08 18:48 - 2014-01-24 16:04 - 0000300 _____ () C:\Users\*********\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2012-11-04 14:22 - 2012-11-15 13:59 - 0007168 _____ () C:\Users\*********\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-16 17:00 - 2014-04-16 17:00 - 0000719 _____ () C:\Users\*********\AppData\Local\recently-used.xbel
2012-10-20 15:04 - 2013-04-25 20:16 - 0007618 _____ () C:\Users\*********\AppData\Local\Resmon.ResmonCfg
2014-02-12 15:32 - 2014-02-12 15:48 - 0000125 ___SH () C:\ProgramData\.zreglib
2013-05-04 12:39 - 2013-05-23 20:46 - 0000122 _____ () C:\ProgramData\RegComSrv.txt
Some content of TEMP:
====================
C:\Users\*********\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzjqk59.dll
C:\Users\*********\AppData\Local\Temp\Quarantine.exe
C:\Users\*********\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-05 04:36
==================== End Of Log ============================
|
|
05.03.2015, 07:30
| #13 |
| | FRST AdditionCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015
Ran by ************ at 2015-03-05 07:26:36
Running from C:\Users\************\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Tools for .Net 3.5 - DEU Lang Pack (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Advanced Archive Password Recovery (HKLM-x32\...\{6E356EEF-203C-451B-9144-CBF099E3738A}) (Version: 4.54.55.1642 - Elcomsoft Co. Ltd.)
Ahnenblatt 2.86 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.86.0.1 - Dirk Böttcher)
AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.39.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.39.0 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{426B43EC-284B-8DAB-5419-D8418C7C3D26}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcGIS 10.2.2 for Desktop - Sprachpaket Deutsch (HKLM-x32\...\ArcGIS 10.2.2 for Desktop - Sprachpaket Deutsch) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2.2 for Desktop - Sprachpaket Deutsch (x32 Version: 10.2.3552 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS 10.2.2 for Desktop (HKLM-x32\...\ArcGIS 10.2.2 for Desktop) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2.2 for Desktop (x32 Version: 10.2.3552 - Environmental Systems Research Institute, Inc.) Hidden
Autopsy (HKLM\...\{0C6B9E76-7617-4661-BE60-65C77CC10C06}) (Version: 3.1.1 - The Sleuth Kit)
Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 DEU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5300 - Broadcom Corporation)
Brother MFL-Pro Suite DCP-9020CDW (HKLM-x32\...\{E98A9C92-E767-475B-8BC6-8780A86DDC72}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.3.0.15 - Swiss Academic Software)
CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Crystal Reports 2008 Runtime (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.0.0.683 - Business Objects)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.2106 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2531 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAS (HKLM-x32\...\DAS) (Version: 3.3.1 - )
DAS (HKU\S-1-5-21-3005992195-605650759-3539824770-1001\...\DAS) (Version: 3.3.1 - Infineon Technologies AG)
DAS (x32 Version: 3.3.1 - Infineon Technologies AG) Hidden
Devenv-Ressourcen für Microsoft Visual Studio 2012 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.1.0 - Hewlett-Packard Company)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition Language Pack (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.41.36204 - Hewlett-Packard Company)
Dropbox (HKU\S-1-5-21-3005992195-605650759-3539824770-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Embedded Security for HP ProtectTools (HKLM\...\{F75C607F-9341-47B3-83FC-CC66B9C519E8}) (Version: 7.0.100.3001 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Entity Framework Designer für Visual Studio 2012 - DEU (HKLM-x32\...\{B2BDC072-BE01-432D-B281-30891D597FBB}) (Version: 11.1.30729.00 - Microsoft Corporation)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{70D065C3-77E5-45E9-A75C-EEB2E84EA869}) (Version: 11.0.2100.60 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.2.2.4549 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.2.2.4549 - Hewlett-Packard Company) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Freedome (HKLM-x32\...\F-Secure Freedome) (Version: 1.0.649.0 - F-Secure Corporation)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hotfix für Microsoft Visual C# 2010 Express - DEU (KB2635973) (HKLM-x32\...\{D81641E8-ABF1-3D07-803B-60E8FC619368}.KB2635973) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual C++ 2010 Express - DEU (KB2635973) (HKLM-x32\...\{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}.KB2635973) (Version: 1 - Microsoft Corporation)
HP 3D DriveGuard (HKLM\...\{B64F0818-316F-4237-8CB4-35BC2DA784C2}) (Version: 5.1.12.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{C0ED9561-8312-457C-BB1B-BDC7EE034CED}) (Version: 4.7.4.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{8B2A1CFD-8F88-4081-9E18-99395CC27EE6}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
HP File Sanitizer (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 8.1.1.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1113.1_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{53C48A27-4079-49EB-8E73-76BA85D2BF6F}) (Version: 5.0.24.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{4F38594F-2C4A-4C42-B2C4-505E225F6F80}) (Version: 11.14.0004 - HP)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.2.1213 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{23544215-E6E6-448B-B6E9-6268D5B3E74D}) (Version: 3.5.0.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{3A61A282-4F08-4D43-920C-DC30ECE528E8}) (Version: 2.6.1 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.27.17 - Roxio)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.2 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.5.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 8 Update 31 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180310}) (Version: 8.0.310.13 - Oracle Corporation)
JavaScript Tooling (Version: 11.0.60315 - Microsoft Corporation) Hidden
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Keil µVision4 (HKLM-x32\...\Keil µVision4) (Version: - )
LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for de-de (x32 Version: 8.59.25584 - Microsoft) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{98B45D1C-6EB1-460D-A87D-2B60678DC105}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM\...\{8D00DBC4-DEB4-4910-9D7C-30A5C6898195}) (Version: 4.6.3.24870 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM-x32\...\{342C9BB8-65A0-46DE-AB7A-8031E151AF69}) (Version: 4.6.1.20870 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM-x32\...\{5D80483C-D297-4E04-9EDF-DD58521E9565}) (Version: 4.6.2.24020 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM-x32\...\{8D00DBC4-DEB4-4910-9D7C-30A5C6898195}) (Version: 4.6.3.24870 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 - DEU (HKLM-x32\...\{07AC2D83-E795-4AD5-970D-B9BD14A1E411}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages - DEU (HKLM-x32\...\{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK - Deutsch (HKLM-x32\...\{8EA792A5-38AA-4F0E-8DFE-D1BAF1145431}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK - DEU (HKLM-x32\...\{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{EF18EF0F-96D3-4A6B-9600-2197F1720A15}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{28C7A4BB-3966-4373-8376-C11F38290630}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (11.1.20627.00) (HKLM-x32\...\{F6F1EE45-97E9-48A3-94B2-044B0A3C08D3}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20627.00) (HKLM-x32\...\{CEEDB2C4-46BE-4340-BAB9-F30110D9BBB8}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C668416A-9213-4058-B7F2-01A42D85559D}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{0D432429-C79C-462D-ABD8-4D82B83A954B}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C# 2010 Express - DEU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{3c3aafc8-d898-43ec-998f-965ffdae065a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2012 (HKLM-x32\...\{0bc17680-a2d9-42c0-9c26-0b8ecac2b473}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - DEU (HKLM-x32\...\{86756584-C41A-4CA3-B42D-4768C7720F56}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Oracle VM VirtualBox 4.3.22 (HKLM\...\{F053F74A-A631-4CFA-A271-6D0747599BC9}) (Version: 4.3.22 - Oracle Corporation)
OrCAD 16.6 Lite (HKU\S-1-5-21-3005992195-605650759-3539824770-1001\...\{12C79350-444D-48E0-B05C-1E610FF17F1A}) (Version: 16.60.001 - Cadence Design Systems)
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.50 - PDF Complete, Inc)
PreEmptive Analytics Client German Language Pack (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
Privacy Manager for HP ProtectTools (HKLM\...\{29AB47F0-C5A3-401F-8A84-3324F2DC8E46}) (Version: 7.0.1.892 - Hewlett-Packard Company)
Python 3.4.2 (HKLM-x32\...\{2583CDBA-8A53-4622-BB67-1D163714C1B4}) (Version: 3.4.16349 - Python Software Foundation)
Samsung Easy Color Manager (HKLM-x32\...\{778EACF8-06C1-47AA-9284-91550E9BAD39}) (Version: 3.02.04 - Samsung Electronics Co., Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14074.11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14074.11 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Sentinel Protection Installer 7.6.3 (HKLM-x32\...\{954D9E32-BE47-43F4-9BFF-6DB46F17EAF2}) (Version: 7.6.3 - SafeNet, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Sun ODF Plugin for Microsoft Office 3.2 (HKLM-x32\...\{BD136CE7-6666-4273-A056-8D92F8625AAB}) (Version: 3.2.9483 - Sun Microsystems)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.23 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38843 - TeamViewer)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.1.02 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.1.02 - Hewlett-Packard Company) Hidden
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Validity Fingerprint Sensor Driver (HKLM\...\{AA51ED2E-DCE7-415F-9C32-CB9B561D216D}) (Version: 4.4.228.0 - Validity Sensors, Inc.)
VIP Access SDK (1.1.0.7) (HKLM-x32\...\VIP Access SDK) (Version: 1.1.0.7 - Symantec Inc.)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2012 Update 4 (KB2707250) (HKLM-x32\...\{312d9252-c71c-4c84-b171-f4ad46e22098}) (Version: 11.0.61030 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WCF Data Services 5.0 (for OData v3) DEU Language Pack (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 11 DEU Language Pack (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
Windows-Treiberpaket - Hewlett-Packard Image (05/24/2012 11.5.0.116) (HKLM\...\B52717176FE34BE856BA6AFDB17D684B819C9D8A) (Version: 05/24/2012 11.5.0.116 - Hewlett-Packard)
Winmail Opener 1.4 (HKLM-x32\...\Winmail Opener) (Version: 1.4 - Eolsoft)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.12.3 (32-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.3 - The Wireshark developer community, hxxp://www.wireshark.org)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\************\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\************\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\************\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\************\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\************\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\************\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\************\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\************\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\************\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3005992195-605650759-3539824770-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\************\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
03-03-2015 08:27:15 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-03-01 17:42 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0C65CF07-8AC3-42A6-ADB5-25EC0DA34CDC} - System32\Tasks\{99339292-F8F1-4835-BD1B-CD76D09C16A5} => pcalua.exe -a "C:\Program Files (x86)\LTC\LTspiceIV\scad3.exe" -c -uninstall
Task: {166F2512-5713-4888-86E3-905C18B34901} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2061166D-AE18-43BA-87F2-2208F1C7FA21} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2A516365-DE54-4624-99E5-6BED9BC00F10} - System32\Tasks\{66447AA1-3C8E-4F0E-A1A3-E1BDC28208C5} => C:\Users\************\Downloads\rtl1090\rtl1090.exe
Task: {385F9A42-08BC-4314-A57B-1210DA0D2CB9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {466D6EA5-0330-4E6D-BCE6-F7C31B3F8F1D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-26] (Google Inc.)
Task: {4A6ED720-6C50-4537-81E1-F0A2269DD653} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4C1B20A3-D397-41A2-A777-5BCC905DEF7F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {52E40D9C-7BEC-4846-86AD-D060AA24F42B} - System32\Tasks\HPCeeScheduleFor************ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {6EACFEE3-EA93-43DC-BE8E-FCE2474338AE} - System32\Tasks\{351480D6-6012-4793-9E12-EA32AEBEEE0A} => pcalua.exe -a C:\Users\************\Downloads\VirtualBox-4.3.16-95972-Win.exe -d C:\Users\************\Downloads
Task: {8E6FC9EB-ACE2-4941-A655-0E411FE49CBF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {91C815ED-CF7A-4F63-9D67-AFD1538EC33A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {A0141749-DF32-43BD-8D93-D4FF25D44627} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-26] (Google Inc.)
Task: {C24ABC71-A336-4ABC-BFC4-F758ECDFA277} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CB21407E-871C-4918-BEDC-9CF86DAC2A31} - System32\Tasks\{044952C2-37A7-4EED-A8AC-037C704164B8} => pcalua.exe -a "C:\Users\************\Desktop\BACKUPS\Thunderbird Backup\10.09.2012\restore.exe" -d "C:\Users\************\Desktop\BACKUPS\Thunderbird Backup\10.09.2012"
Task: {DC0C0C17-BE5A-40FC-AD90-355E1756E222} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleFor************.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) ==============
2012-01-17 16:57 - 2012-01-17 16:57 - 00298368 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2013-03-27 11:11 - 2013-03-27 11:11 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-10-12 10:03 - 2011-10-12 10:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll
2010-09-06 12:18 - 2010-09-06 12:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2013-03-27 10:26 - 2013-03-27 10:26 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2011-06-21 06:42 - 2011-06-21 06:42 - 00034304 _____ () C:\windows\System32\sst3cl6.dll
2011-06-21 01:23 - 2011-06-21 01:23 - 00826880 _____ () C:\windows\system32\spool\DRIVERS\x64\3\sst3cdu.dll
2013-03-27 10:28 - 2013-03-27 10:28 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2014-02-18 15:34 - 2005-04-22 05:36 - 00143360 ____R () C:\windows\system32\BrSNMP64.dll
2013-03-06 14:38 - 2013-03-06 14:38 - 03020504 _____ () c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-06-05 15:51 - 2013-06-05 15:51 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2013-06-05 15:51 - 2013-06-05 15:51 - 00024576 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll
2012-02-10 22:26 - 2012-02-10 22:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2014-03-06 14:00 - 2014-03-06 14:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2013-03-27 10:54 - 2013-03-27 10:54 - 02854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2013-03-27 10:26 - 2013-03-27 10:26 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2013-03-27 10:52 - 2013-03-27 10:52 - 03035136 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2013-03-27 10:57 - 2013-03-27 10:57 - 02867200 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2013-03-27 10:55 - 2013-03-27 10:55 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2013-03-27 10:30 - 2013-03-27 10:30 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2013-03-27 10:31 - 2013-03-27 10:31 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2014-10-16 18:56 - 2014-10-16 18:56 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ffecb320f1e95e8c90a5ce2ee658306d\IsdiInterop.ni.dll
2012-05-17 21:24 - 2012-10-18 20:01 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-09-04 09:51 - 2014-01-31 15:22 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-03-19 07:00 - 2014-03-19 07:00 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3005992195-605650759-3539824770-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\************\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^************^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AirPort Base Station Agent => "C:\Program Files (x86)\AirPort\APAgent.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: CLMLServer_For_P2G8 => "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
MSCONFIG\startupreg: CLVirtualDrive => "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: SoftGridTray => "C:\Program Files (x86)\Microsoft Application Virtualization Client\SFTTray.exe" /autostart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-3005992195-605650759-3539824770-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-3005992195-605650759-3539824770-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3005992195-605650759-3539824770-1003 - Limited - Enabled)
************ (S-1-5-21-3005992195-605650759-3539824770-1001 - Administrator - Enabled) => C:\Users\************
==================== Faulty Device Manager Devices =============
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Bluetooth-Gerät (PAN)
Description: Bluetooth-Gerät (PAN)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/05/2015 07:24:54 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (03/05/2015 07:14:00 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (03/05/2015 04:42:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/05/2015 04:42:19 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/05/2015 04:42:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/05/2015 04:42:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/05/2015 04:42:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/05/2015 04:42:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/05/2015 04:42:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/05/2015 04:42:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (03/03/2015 10:21:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "F-Secure Freedome Service" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (03/03/2015 10:20:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "McAfee Endpoint Encryption Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/03/2015 10:20:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/03/2015 10:20:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "hpHotkeyMonitor" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/03/2015 10:20:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Software Framework Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/03/2015 10:20:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Power Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/03/2015 10:20:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/03/2015 10:20:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "File Sanitizer for HP ProtectTools" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/03/2015 10:20:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Connection Manager 4 Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/03/2015 10:20:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "F-Secure Freedome Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (03/05/2015 07:24:54 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\************\Desktop\Spyware Tools\esetsmartinstaller_deu.exe
Error: (03/05/2015 07:14:00 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (03/05/2015 04:42:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\redist\1031\vcredist_arm.exe
Error: (03/05/2015 04:42:19 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\OrCAD\orcad_16.6_lite\tools\dfII\bin\skill_g.exe
Error: (03/05/2015 04:42:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\OrCAD\orcad_16.6_lite\openaccess\bin\Win32\opt\lef2oaCDS.exe
Error: (03/05/2015 04:42:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\OrCAD\orcad_16.6_lite\openaccess\bin\Win32\opt\def2oaCDS.exe
Error: (03/05/2015 04:42:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\OrCAD\orcad_16.6_lite\openaccess\bin\Win32\dbgstatic\verilogAnnotate.exe
Error: (03/05/2015 04:42:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\OrCAD\orcad_16.6_lite\openaccess\bin\Win32\dbgstatic\verilog2oa.exe
Error: (03/05/2015 04:42:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\OrCAD\orcad_16.6_lite\openaccess\bin\Win32\dbgstatic\strm2oa.exe
Error: (03/05/2015 04:42:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\OrCAD\orcad_16.6_lite\openaccess\bin\Win32\dbgstatic\spef2oa.exe
CodeIntegrity Errors:
===================================
Date: 2015-03-01 17:35:06.940
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-01 17:35:06.925
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-09-11 15:58:06.396
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 15:58:06.396
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 15:58:06.380
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 15:58:06.380
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 15:54:29.930
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 15:54:29.852
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-21 09:57:47.330
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-21 09:57:47.329
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz
Percentage of memory in use: 25%
Total physical RAM: 16317.53 MB
Available physical RAM: 12183.62 MB
Total Pagefile: 32633.24 MB
Available Pagefile: 27914.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:675.26 GB) (Free:81.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.96 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:21.08 GB) (Free:3.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: A7525909)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=675.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=23.1 GB) - (Type=OF Extended)
==================== End Of Log ============================
 |
|
05.03.2015, 09:16
| #14 |
| /// the machine /// TB-Ausbilder | Träges System, Veränderungen, mehrere unbekannte Prozesse Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\***********\Desktop\***********\Downloads\Setup-MsgPlus-501.exe
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
 Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.03.2015, 10:16
| #15 |
| | DelFixCode:
ATTFilter # DelFix v10.8 - Datei am 05/03/2015 um 09:58:40 erstellt # Aktualisiert am 29/07/2014 von Xplode # Benutzer : ******** - LAPTOP # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) ~ Aktiviere die Benutzerkontensteuerung ... OK ~ Entferne die Bereinigungsprogramme ... Gelöscht : C:\FRST Gelöscht : C:\AdwCleaner Gelöscht : C:\ComboFix.txt Gelöscht : C:\TDSSKiller.3.0.0.44_28.02.2015_22.29.53_log.txt Gelöscht : C:\Users\********\Desktop\AdwCleaner_4.111.exe Gelöscht : C:\Users\********\Desktop\esetsmartinstaller_deu.exe Gelöscht : C:\Users\********\Desktop\Fixlog.txt Gelöscht : C:\Users\********\Desktop\FRST64.exe Gelöscht : C:\Users\********\Desktop\JRT.exe Gelöscht : C:\Users\********\Desktop\hijackthis.log Gelöscht : C:\Users\********\Desktop\OTL.exe Gelöscht : C:\Users\********\Desktop\Seafile admin.txt Gelöscht : C:\Users\********\Desktop\SecurityCheck.exe Gelöscht : C:\Users\********\Downloads\GetSystemInfo.exe Gelöscht : C:\Users\********\Downloads\GetSystemInfo.zip Gelöscht : C:\Users\********\Downloads\hijackthis.log Gelöscht : C:\Users\********\Downloads\HiJackThis204.exe Gelöscht : C:\Users\********\Downloads\Script_Technical_Tour_ATT__ITS_WC_2012_Vienna_vzi.pdf Gelöscht : C:\Users\********\Downloads\tdsskiller44.exe Gelöscht : HKLM\SOFTWARE\OldTimer Tools Gelöscht : HKLM\SOFTWARE\AdwCleaner Gelöscht : HKLM\SOFTWARE\Swearware Gelöscht : HKLM\SOFTWARE\TrendMicro\Hijackthis ~ Erstelle ein Backup der Registrierungsdatenbank ... OK ~ Lösche die Wiederherstellungspunkte ... Gelöscht : RP #768 [ComboFix created restore point | 03/05/2015 08:52:52] Ein neuer Wiederherstellungspunkt wurde erstellt ! ~ Stelle die Systemeinstellungen wieder her ... OK ########## - EOF - ########## Vielen Danke für all die Tipps! |
|
| Themen zu Träges System, Veränderungen, mehrere unbekannte Prozesse |
| ausgelastet, awesomehp, awesomehp entfernen, ebanking, fehlercode "at", fehlercode 0x5, fehlercode 0x80000003, fehlercode 22, fehlercode windows, festplatte, geändertes design, langsamer, merkwürdig, nginx, popup werbung, programme, pup.optional.awesomehp.a, pup.optional.iepluginservices.a, pup.optional.opencandy, pup.optional.qone8, pup.optional.remarkit.a, pup.optional.suptab.a, pup.pswtool.productkey, task manager, this device is disabled. (code 22), webseite |
WARNUNG an die MITLESER: 
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
