|
Plagegeister aller Art und deren Bekämpfung: Win32Adware Bandoo.A [Engine B]Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.11.2015, 12:10 | #1 |
| Win32Adware Bandoo.A [Engine B] Hallo ..., mein Virenprogramm hat o.g. Adware festgestellt und in die Quarantäne verlagert. Der Bedrohungssuchlauf (Quickscan) von Malwarebytes hatte die Dateien in der Quarantäne angezeigt. Nach dem Lauf kam die Meldung: * Bedrohungssuchlauf abgeschlossen * Infizierte Dateien: 0 Nachfolgend das Ergebnis von OTL Code:
ATTFilter OTL logfile created on: 11.11.2015 09:46:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mar**.Ka**\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = Lokal** Internet Explorer (Version = 9.11.9600.18059) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,96 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 36,60% Memory free 7,92 Gb Paging File | 4,61 Gb Available in Paging File | 58,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 458,50 Gb Total Space | 335,04 Gb Free Space | 73,07% Space Free | Partition Type: NTFS Drive K: | 411,68 Gb Total Space | 307,59 Gb Free Space | 74,71% Space Free | Partition Type: NTFS Drive L: | 411,68 Gb Total Space | 307,59 Gb Free Space | 74,71% Space Free | Partition Type: NTFS Drive P: | 411,68 Gb Total Space | 307,59 Gb Free Space | 74,71% Space Free | Partition Type: NTFS Drive Q: | 411,68 Gb Total Space | 307,59 Gb Free Space | 74,71% Space Free | Partition Type: NTFS Computer Name: PC02 | User Name: Mar** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Mar**.Ka**\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) PRC - C:\Vetad\PROGRAMM\Install\DvInesASDMon.exe (Vetad eG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation) PRC - C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH) PRC - C:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe (Vetad eG) PRC - C:\Program Files (x86)\G DATA\AVK\AVK.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\AVK\AVK.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Vetad\PROGRAMM\Install\DvInesASDSvc.Exe (Vetad eG) PRC - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\AVK\AVKBackupService.exe (G Data Software AG) PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Vetad\PROGRAMM\B0000398\SiPaHost.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\B0000398\SiPaHostService.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\B0000150\ScServer\DVckService.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\B0001442\PSNTServ.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\Sws\SwmHintergrundDienst.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\DFUEISDN\SSLClt\sslclt.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\B0000299\AS\as.exe (VetadeG) PRC - C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe () PRC - C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskpython.exe (Haufe Mediengruppe) PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis) PRC - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe (AGFEO ) PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 3\ashsnap.exe (ashampoo GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) PRC - C:\lotus\organize\org6.exe (Lotus Development Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\e37d83389972f1e9dd30c55db9032a86\System.Data.Entity.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framed860c83e#\dc046ce4f21250cc979490e4d62ba100\Vetad.Framework.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.CC.AllPlugin\2b8d404c07c40cca9d402f5b2157e260\Vetad.CC.AllPlugin.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\fe41e3eae34ac29f3c1f03a03d8aa1af\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\339dea31bc0a1a0a99ff83830bfe70af\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d18e2115a3270f89663fce831547f534\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\27c90809eab824f09b8bdb1d5e789eaa\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\93a0883923e78cc3e80b7ac4a9768c60\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\5eff995181b42a1570dc04a8ce7ae3bb\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Idena7b556ff#\3c0a6dbfd8bc52e1a2890639f82e1ef3\System.IdentityModel.Selectors.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\38c4c68111265ea3b0e895d6775437ff\System.Net.Http.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\23d2a4873fd11baa6849cdf02bf6ca05\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4977a9812be8d62c3b81e8a13c2ed1f9\System.Xml.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Secura6b79bdb#\923dbb12b6d5087e5e7e41596dd11a45\Vetad.Security.Iam.Contracts.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Secur70581328#\dd4b4bb197366b375e31f3df1f6055c0\Vetad.Security.IdentityManagement.IamClaimService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Secure2cdbedf#\b6337405a5431b4f33f97f24ea571075\Vetad.Security.IdentityManagement.Database.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Network\ba79c3b73b93588941c9a9968fdf8059\Vetad.Network.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Netwod20dd46f#\42031fbcf8e75223d41c6449801f876f\Vetad.Network.Interfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Network.PlugIn\3b9629fdf30bece3c2cc7592f8e9c845\Vetad.Network.PlugIn.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame10fc7270#\c28f6ab3ea91e771b58758e275789dde\Vetad.Framework.Validation.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame8c36d377#\26d1bf58de8a24ae69b0c97343b01d20\Vetad.Framework.UndoRedo.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame2bd203b7#\743caea02e83f87cc0654c780391101c\Vetad.Framework.TraceListeners.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame44c3c082#\0a740323ab23e8ec4eb714f3ae2ba20e\Vetad.Framework.ServiceBus.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame63536a85#\818bfb4a29c8df3e8b9a5f508ef9dc2c\Vetad.Framework.Resources.Shared.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame40ac8fe1#\31287156b896fa30c546038e61748e03\Vetad.Framework.ResourceData.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framee718f93a#\414d1c63d0bafe9fdf06544c8604b07c\Vetad.Framework.RemoteServiceModel.GenericServiceBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame6d91350d#\6d30234f8327cd1e69408b7faf245513\Vetad.Framework.RemoteServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame042da1b0#\f8f8c09c9d68ce73fe60b4e747bfd19a\Vetad.Framework.Hosting.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame96062c26#\3c56306a352789e4950a3d11e85fe698\Vetad.Framework.Dataelements.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame6aef35fb#\3da0da3bee35c5b02dbed93eb7af59fb\Vetad.Framework.Filter.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framefddc5b0e#\eafeab584d907b942858b07011084c6e\Vetad.Framework.Environment.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame20b6c0cc#\c5ce0fc358eb704ebd6ed587b7e39e53\Vetad.Framework.Data.PlugIn.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame14c1d090#\7fe97442b99d8c6f1523d6f3d2678ff5\Vetad.Framework.AppLauncher.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Databe47a69d7#\3bf3905f867e1b564b6f1b6bf987ec00\Vetad.Database.SqlAdminManager.PlugIn.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Datab270b2e75#\d109a1b931ab35282b9ac7587b5147f6\Vetad.Database.PublicInterfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Databbf5f3d03#\3f7a4303c0f4ad78d11ac1e628b6dabb\Vetad.Database.ConserveManager.PlugIn.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Datab8b231e4f#\3bad0c25e9902186f6340f13792c32f2\Vetad.Database.Common.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Confi8547abd3#\90db73db18df38964b19831292a7e791\Vetad.ConfigDB.StorageProvider.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.ConfigDB\87d7173f6af612bc20b7e7920b5ceb5d\Vetad.ConfigDB.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Confi7f21011d#\34db71a7a401054a3cad82c0775693c4\Vetad.ConfigDB.Interfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Confic5300622#\1b9410ddebe4ecdc08d66587b4ea62c8\Vetad.ConfigDB.PlugIn.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.CC.Interfaces\253b856316f987647be272296f8d4651\Vetad.CC.Interfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.CC.Check\d23ff534fd95908701008d31436df512\Vetad.CC.Check.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.CC.Aldcfb4663#\1950b130564dab85ff5662482cc3b0b1\Vetad.CC.AllInterface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Lexin97d5d026#\23985ee0673cc8fd6115f681293704eb\Vetad.Lexinform.Contracts.ni.dll () MOD - C:\Windows\assembly\GAC_32\Vetad.Nuko.ManagedNukoBase\5.4.0.0__cbc631f1c682336b\Vetad.Nuko.ManagedNukoBase.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\ea4b09c3c6f55fc808fae12477465c1b\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\ed906f21883851cfbb9bd06b0d2a4daa\System.EnterpriseServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\ed906f21883851cfbb9bd06b0d2a4daa\System.EnterpriseServices.Wrapper.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt19c51595#\360b1d61ba6080668d559e2e44d6f8e6\System.Runtime.Caching.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame70a042b5#\eb60e39141b2993df1fd5780b2dfbfaf\Vetad.Framework.Compression.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framee6a039ca#\3cc38b8a16434f9fe819e950b5578a87\Vetad.Framework.Diagnostics.RealTimeTracing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame5644da5a#\0b00dae54d10abd94830c14a09ad3528\Vetad.Framework.MicroKernel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data86569bbf#\c43edf71a72ae1d94ea73b3e7d3d488b\System.Data.OracleClient.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\59dc72440f000eead00c5c580bed26b3\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\1196cc375887ce75f134047505fe19bf\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dired13b18a9#\299bde77228859332b860dbc21252505\System.DirectoryServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\187177229c00aec6dec613ea4b9ff209\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\14cc73701aac461eb89d6473a88fcd56\System.ServiceModel.Internals.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6ee4ffbd9a86ac1e7b01800b6fe9c7\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\93729611cd078029e0000b18ee38f506\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\02a4633b5f85cdbec8e14a51bdb028f9\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\de2a832558f95db343e443c365bd3575\System.Numerics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll () MOD - C:\Program Files (x86)\PhraseExpress\pexlang.dll () MOD - C:\Vetad\PROGRAMM\RZKOMM\Vetad.CC.BaseCpp.dll () MOD - C:\Vetad\SYSTEM\DVCCSASCMtf001.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll () MOD - C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll () MOD - C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\sqldrivers\qsqlite4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtWebKit4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtScript4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\phonon4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtGui4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtSql4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtNetwork4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtCore4.dll () MOD - C:\Program Files (x86)\Nuance\PDF Professional 7\PDFCOffice2007Addin.dll () MOD - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 3\MouseHook.dll () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () MOD - c:\lotus\compnent\lticnc90.dll () ========== Services (SafeList) ========== SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation) SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.) SRV:64bit: - (tvnserver) -- C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project) SRV:64bit: - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (c2cautoupdatesvc) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) SRV - (c2cpnrsvc) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TeamViewer) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AntiVirusKit Client) -- C:\Program Files (x86)\G Data\AVK\AVK.exe (G Data Software AG) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (Vetad Update-Service) -- C:\Vetad\PROGRAMM\Install\DvInesASDSvc.Exe (Vetad eG) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\AVK\AVKWCtlX64.exe (G Data Software AG) SRV - (GDBackupSvc) -- C:\Program Files (x86)\G Data\AVK\AVKBackupService.exe (G Data Software AG) SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Sicherheitspaket-Dienst) -- C:\Vetad\PROGRAMM\B0000398\SiPaHostService.exe (Vetad eG) SRV - (DVckService) -- C:\Vetad\PROGRAMM\B0000150\ScServer\DVckService.exe (Vetad eG) SRV - (VetadPrintService) -- C:\Vetad\PROGRAMM\B0001442\PSNTServ.exe (Vetad eG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (HRService) -- C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe () SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (KOBIL_MSDI) -- C:\Vetad\PROGRAMM\B0000404\msdisrv.exe (KOBIL Systems GmbH) SRV - (syncagentsrv) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (PDFProFiltSrv) -- C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe (Nuance Communications, Inc.) SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G DATA Software AG) DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software) DRV:64bit: - (GDKBB) -- C:\Windows\SysNative\drivers\GDKBB64.sys (G Data Software AG) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (SafeNet Inc.) DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (SafeNet Inc.) DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (SafeNet Inc.) DRV:64bit: - (SC_SERV3D) -- C:\Windows\SysNative\drivers\d3_kafm.sys (Vetad eG) DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis) DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis) DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis) DRV:64bit: - (vidsflt) -- C:\Windows\SysNative\drivers\vidsflt.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis) DRV:64bit: - (tib_mounter) -- C:\Windows\SysNative\drivers\tib_mounter.sys (Acronis) DRV:64bit: - (KOBCCID) -- C:\Windows\SysNative\drivers\KOBCCID.sys (KOBIL Systems GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (KOBCCEX) -- C:\Windows\SysNative\drivers\KOBCCEX.sys (KOBIL Systems GmbH) DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (IFCoEVB) -- C:\Windows\SysNative\drivers\ifP52x64.sys (Intel(R) Corporation) DRV:64bit: - (IFCoEMP) -- C:\Windows\SysNative\drivers\ifM52x64.sys (Intel(R) Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (XUIF) -- C:\Windows\SysNative\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/28 IE - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset IE - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF IE - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..\SearchScopes\{679374B8-BF0E-4E31-96D8-D47F9E30C085}: "URL" = https://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default IE - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF IE - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "DE" FF - prefs.js..browser.search.isUS: false FF - prefs.js..browser.search.order.3: "Bing " FF - prefs.js..browser.search.region: "DE" FF - prefs.js..browser.search.selectedEngine: "Bing " FF - prefs.js..browser.startup.homepage: "http:/www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:42.0 FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll () FF - HKLM\Software\MozillaPlugins\@Vetad.de/Vetad_BestellManager,version=1.7: C:\Vetad\PROGRAMM\A0000015\npdvbm.dll ( Vetad eG) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation) FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Mar**.Ka**\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 38.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 38.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 42.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015.08.26 16:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mar**.Ka**\AppData\Roaming\mozilla\Extensions [2012.01.04 18:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mar**.Ka**\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de [2015.09.24 11:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mar**.Ka**\AppData\Roaming\mozilla\Firefox\Profiles\gv7wjv9w.default\Extensions [2015.09.24 11:44:06 | 000,962,762 | ---- | M] () (No name found) -- C:\Users\Mar**.Ka**\AppData\Roaming\mozilla\firefox\profiles\gv7wjv9w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014.06.21 12:14:49 | 000,006,057 | ---- | M] () -- C:\Users\Mar**.Ka**\AppData\Roaming\mozilla\firefox\profiles\gv7wjv9w.default\searchplugins\bingp.xml [2015.11.10 15:10:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2015.11.10 15:10:23 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\mozilla firefox\extensions\websitelogon@truesuite.com [2015.11.10 15:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2015.11.10 15:10:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - Extension: No name found = C:\Users\Mar**.Ka**\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: No name found = C:\Users\Mar**.Ka**\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: No name found = C:\Users\Mar**.Ka**\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\Mar**.Ka**\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\Mar**.Ka**\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef\1.0_0\ CHR - Extension: No name found = C:\Users\Mar**.Ka**\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.10.31 01:21:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\Vetad\PROGRAMM\B0000397\DtvIePwdSafe64.dll (Vetad eG) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O2:64bit: - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Vetad\SYSTEM\DVCCSASCardBHO64002.dll (Vetad eG) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\Vetad\PROGRAMM\B0000397\DtvIePwdSafe.dll (Vetad eG) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Vetad\SYSTEM\DVCCSASCardBHO002.dll (Vetad eG) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [ApplyEsf-eDocPrintPro] C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe (May Software) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.) O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis) O4 - HKLM..\Run: [AVK Client] C:\Program Files (x86)\G Data\AVK\AVK.exe (G Data Software AG) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Vetad.CC.ControllerUserMode] C:\Vetad\PROGRAMM\RZKOMM\Vetad.CC.Processes.Cmd.exe StartRdtControllerUserMode -retry true File not found O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SiPaHost] C:\Vetad\PROGRAMM\B0000398\SiPaHost.exe (Vetad eG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwmHintergrunddienst] C:\Vetad\PROGRAMM\Sws\SwmHintergrundDienst.exe (Vetad eG) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - Startup: C:\Users\Mar**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Datum Start PC02.lnk = P:\BAT\Datum_Start_HO.bat () O4 - Startup: C:\Users\Mar**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip6.exe (Lotus Development Corporation) O4 - Startup: C:\Users\Mar**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tageszeitberechnung Mar**.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O7 - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Mit Nuance PDF Converter 7.0 öffnen - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_ger.dll (Nuance Communications, Inc.) O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Mit Nuance PDF Converter 7.0 öffnen - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_ger.dll (Nuance Communications, Inc.) O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O9 - Extra Button: Web-Eintrag - {B4E30F61-16D9-11D3-85D1-005004229569} - c:\lotus\organize\bandobjs.dll () O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..Trusted Domains: Vetad.com ([]http is out of zone range - 5) O15 - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..Trusted Domains: Vetad.com ([]https is out of zone range - 5) O15 - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..Trusted Domains: Vetad.de ([]http is out of zone range - 5) O15 - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..Trusted Domains: Vetad.de ([]https is out of zone range - 5) O15 - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..Trusted Domains: Vetad.de ([www] http is out of zone range - 5) O15 - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..Trusted Domains: Vetad.de ([www] https is out of zone range - 5) O15 - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..Trusted Domains: Vetadnet.de ([*.services] http is out of zone range - 5) O15 - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..Trusted Domains: Vetadnet.de ([*.services] https is out of zone range - 5) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.199.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Ka**.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A070552C-AFA0-4964-887E-D5EDB484E8CE}: DhcpNameServer = 192.168.199.10 O18:64bit: - Protocol\Handler\haufereader - No CLSID value found O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015.11.11 09:43:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mar**.Ka**\Desktop\OTL.exe [2015.11.10 15:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2015.11.03 16:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [2015.11.02 10:18:10 | 000,000,000 | ---D | C] -- C:\Users\Mar**.Ka**\AppData\Roaming\Nuance [2015.10.31 09:48:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2015.10.23 09:18:44 | 000,000,000 | ---D | C] -- C:\Users\Mar**.Ka**\AppData\Roaming\Help [2015.10.23 09:18:44 | 000,000,000 | ---D | C] -- C:\Users\Mar**.Ka**\AppData\Local\Help [2015.10.15 07:10:57 | 001,291,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll [2015.10.15 07:10:57 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll [2015.10.15 07:10:57 | 000,700,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll [2015.10.15 07:10:57 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll [2015.10.15 07:10:56 | 001,163,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll [2015.10.15 07:10:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll [2015.10.15 07:10:56 | 000,025,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe [2015.10.14 09:01:15 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2015.10.14 09:01:15 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2015.10.14 09:01:15 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2015.10.14 09:01:15 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2015.10.14 09:01:15 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2015.10.14 09:01:14 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2015.10.14 09:01:14 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2015.10.14 09:01:14 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2015.10.14 09:01:14 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2015.10.14 09:01:14 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2015.10.14 09:01:12 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2015.10.14 09:01:12 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2015.10.14 09:01:12 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2015.10.14 09:01:12 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2015.10.14 09:01:12 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2015.10.14 09:01:12 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2015.10.14 09:01:12 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2015.10.14 09:01:12 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2015.10.14 09:01:12 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2015.10.14 09:01:11 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2015.10.14 09:01:11 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2015.10.14 09:01:11 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2015.10.14 09:01:10 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2015.10.14 09:01:10 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2015.10.14 09:01:09 | 002,126,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2015.10.14 09:01:08 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2015.10.14 09:01:08 | 000,585,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2015.10.14 09:01:08 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2015.10.14 09:01:07 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2015.10.14 09:01:07 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2015.10.14 09:01:07 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2015.10.14 09:01:07 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2015.10.14 09:01:06 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2015.10.14 09:01:06 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2015.10.14 09:01:05 | 005,990,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2015.10.14 09:01:05 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2015.10.14 09:01:05 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2015.10.14 09:01:05 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2015.10.14 09:01:04 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2015.10.14 09:01:03 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2015.10.14 09:01:03 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2015.10.14 08:23:09 | 001,866,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll [2015.10.14 08:23:08 | 001,498,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll [2015.10.14 08:18:26 | 003,168,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2015.10.14 08:18:26 | 000,696,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2015.10.14 08:18:26 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2015.10.14 08:18:26 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2015.10.14 08:18:26 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2015.10.14 08:18:26 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2015.10.14 08:18:26 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2015.10.14 08:18:26 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2015.10.14 08:18:26 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll [2015.10.14 08:18:26 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2015.10.14 08:18:26 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2015.10.14 08:18:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2015.10.14 08:18:26 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2015.10.14 08:18:26 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll [2015.10.14 08:18:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll [2015.10.14 08:18:16 | 005,569,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2015.10.14 08:18:14 | 003,990,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2015.10.14 08:18:14 | 003,936,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2015.10.14 08:18:13 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2015.10.14 08:18:11 | 001,730,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2015.10.14 08:18:11 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2015.10.14 08:18:11 | 001,216,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll [2015.10.14 08:18:11 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2015.10.14 08:18:11 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2015.10.14 08:18:11 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2015.10.14 08:18:11 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe [2015.10.14 08:18:11 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2015.10.14 08:18:11 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2015.10.14 08:18:10 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2015.10.14 08:18:10 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2015.10.14 08:18:10 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2015.10.14 08:18:10 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2015.10.14 08:18:10 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe [2015.10.14 08:18:10 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll [2015.10.14 08:18:10 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe [2015.10.14 08:18:10 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll [2015.10.14 08:18:10 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2015.10.14 08:18:10 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2015.10.14 08:18:10 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2015.10.14 08:18:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2015.10.14 08:18:10 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2015.10.14 08:18:10 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2015.10.14 08:18:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2015.10.14 08:18:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2015.10.14 08:18:10 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2015.10.14 08:18:10 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll [2015.10.14 08:18:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2015.10.14 08:18:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2015.10.14 08:18:10 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2015.10.14 08:18:10 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2015.10.14 08:18:10 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2015.10.14 08:18:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2015.10.14 08:18:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2015.10.14 08:18:09 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll [2015.10.14 08:18:09 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll [2015.10.14 08:18:09 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll [2015.10.14 08:18:09 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll [2015.10.14 08:18:09 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll [2015.10.14 08:18:09 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll [2015.10.14 08:17:51 | 000,616,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi [2015.10.14 08:17:50 | 000,692,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi [2015.10.14 08:17:49 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe [2015.10.14 08:17:49 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll [2015.10.14 08:17:49 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll [2015.10.14 08:17:49 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll [2015.10.14 08:17:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe [2015.10.14 08:17:23 | 000,984,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ucrtbase.dll [2015.10.14 08:17:23 | 000,901,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ucrtbase.dll [2015.10.14 08:17:23 | 000,066,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-private-l1-1-0.dll [2015.10.14 08:17:23 | 000,063,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-private-l1-1-0.dll [2015.10.14 08:17:23 | 000,022,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-math-l1-1-0.dll [2015.10.14 08:17:23 | 000,020,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-math-l1-1-0.dll [2015.10.14 08:17:23 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-multibyte-l1-1-0.dll [2015.10.14 08:17:23 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-multibyte-l1-1-0.dll [2015.10.14 08:17:23 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-string-l1-1-0.dll [2015.10.14 08:17:23 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-string-l1-1-0.dll [2015.10.14 08:17:23 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-stdio-l1-1-0.dll [2015.10.14 08:17:23 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-stdio-l1-1-0.dll [2015.10.14 08:17:23 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-runtime-l1-1-0.dll [2015.10.14 08:17:23 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-runtime-l1-1-0.dll [2015.10.14 08:17:23 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-convert-l1-1-0.dll [2015.10.14 08:17:23 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-convert-l1-1-0.dll [2015.10.14 08:17:23 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-time-l1-1-0.dll [2015.10.14 08:17:23 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-time-l1-1-0.dll [2015.10.14 08:17:23 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-2-0.dll [2015.10.14 08:17:23 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-2-0.dll [2015.10.14 08:17:23 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-filesystem-l1-1-0.dll [2015.10.14 08:17:23 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-filesystem-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-process-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-process-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-heap-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-heap-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-conio-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-conio-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-utility-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-utility-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-locale-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-locale-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-environment-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-environment-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-2-0.dll [2015.10.14 08:17:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-2-0.dll [2015.10.14 08:17:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-1.dll [2015.10.14 08:17:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-1.dll [2015.10.14 08:17:23 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-eventing-provider-l1-1-0.dll [2015.10.14 08:17:23 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-eventing-provider-l1-1-0.dll [2015.10.14 08:17:23 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l2-1-0.dll [2015.10.14 08:17:23 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l2-1-0.dll [2015.10.14 08:17:23 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-timezone-l1-1-0.dll [2015.10.14 08:17:23 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-timezone-l1-1-0.dll [2015.10.14 08:17:23 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l2-1-0.dll [2015.10.14 08:17:23 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l2-1-0.dll [2015.10.14 08:17:23 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-2-0.dll [2015.10.14 08:17:23 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-2-0.dll [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2015.11.11 09:43:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mar**.Ka**\Desktop\OTL.exe [2015.11.11 09:29:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2015.11.11 09:28:58 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2015.11.11 09:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2015.11.11 08:15:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2015.11.11 07:50:47 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2015.11.11 07:50:47 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2015.11.11 07:48:06 | 001,620,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2015.11.11 07:48:06 | 000,699,416 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2015.11.11 07:48:06 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2015.11.11 07:48:06 | 000,149,556 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2015.11.11 07:48:06 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2015.11.11 07:41:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015.11.11 07:40:54 | 3188,219,904 | -HS- | M] () -- C:\hiberfil.sys [2015.11.10 16:22:52 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2015.11.10 16:20:28 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2015.11.09 20:25:47 | 000,005,819 | ---- | M] () -- C:\Users\Mar**.Ka**\AppData\Local\EmptySettings.xml [2015.11.03 16:57:05 | 000,001,235 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2015.10.26 08:02:44 | 000,433,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2015.10.25 23:17:59 | 000,002,311 | ---- | M] () -- C:\Users\Public\Desktop\Haufe Reuets Office aufrufen.lnk [2015.10.25 23:04:11 | 000,002,875 | ---- | M] () -- C:\Users\Public\Desktop\Haufe Formular-Manager.lnk [2015.10.21 12:53:07 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPC02$.job [2015.10.21 00:05:57 | 000,000,526 | ---- | M] () -- C:\Windows\ODBC.INI [2015.10.21 00:01:56 | 000,000,021 | ---- | M] () -- C:\Windows\DvInesKurusOleServer003.INI [2015.10.20 23:59:29 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Vetad Arbeitsplatz pro V.6.11.lnk [2015.10.19 07:27:02 | 000,780,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2015.10.19 07:27:02 | 000,142,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2015.10.25 23:17:59 | 000,002,311 | ---- | C] () -- C:\Users\Public\Desktop\Haufe Reuets Office aufrufen.lnk [2015.10.20 23:59:29 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Vetad Arbeitsplatz pro V.6.11.lnk [2015.09.11 23:03:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\bdcore.dll [2015.08.29 17:24:17 | 000,005,819 | ---- | C] () -- C:\Users\Mar**.Ka**\AppData\Local\EmptySettings.xml [2015.08.26 17:02:03 | 000,000,125 | ---- | C] () -- C:\Windows\DVInesPreparationExecuter.INI [2012.11.10 14:46:06 | 000,000,227 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012.01.03 09:48:14 | 000,003,086 | RHS- | C] () -- C:\ProgramData\ntuser.pol ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2015.08.06 19:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015.08.06 18:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2015.08.26 16:02:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Vetad [2013.03.14 09:50:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera [2013.03.14 09:47:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PhraseExpress [2013.03.14 09:51:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer [2013.03.14 09:51:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Zeon [2015.08.26 16:16:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Vetad [2015.08.26 16:25:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PhraseExpress [2015.08.26 16:17:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Zeon [2013.03.24 09:26:46 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\6CC4B83C-4DCA-4D34-B3BB-69824D6FDF3E [2013.03.24 15:58:39 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\8AE05EE8-0ADB-4E64-BA3B-CAC0808D09F1 [2012.09.30 16:29:08 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\Acronis [2012.01.19 16:55:15 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\AGFEO [2012.07.07 15:30:48 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\Canneverbe Limited [2012.01.04 14:10:55 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\Vetad [2012.01.04 11:02:32 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\DMS [2015.07.19 22:24:31 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\DVASSV [2012.01.13 09:26:53 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\elsterformular [2013.10.28 21:54:54 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\FreeCommander [2013.03.20 14:16:33 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\Geldanlagen [2012.01.04 18:43:12 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\Haufe Mediengruppe [2013.10.25 13:30:12 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\CSH-Software [2012.01.27 07:59:51 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\klickTel [2014.01.07 14:01:05 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\MAY Computer [2013.10.29 12:11:16 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\Nuance [2012.01.03 19:09:20 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\Opera [2014.03.08 08:35:36 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\PhraseExpress [2015.08.13 13:31:08 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\SkyCom [2013.08.30 09:52:00 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\TaxNMore [2015.01.16 09:49:32 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\TeamViewer [2012.09.29 10:24:44 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\Thunderbird [2013.03.31 18:44:39 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\TuneUp Software [2014.01.09 11:39:50 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\Vorfälligkeitsrechner [2012.03.04 19:30:35 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\Zeon [2015.09.04 14:35:48 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\Acronis [2015.08.28 11:22:24 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\AGFEO [2015.08.26 18:53:49 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\Vetad [2015.08.26 18:07:25 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\DVASSV [2015.08.31 08:58:10 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\elsterformular [2015.09.07 12:23:30 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\FreeCommander [2015.08.31 17:31:49 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\Haufe Mediengruppe [2015.11.02 10:18:10 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\Nuance [2015.08.26 16:56:22 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\PhraseExpress [2015.09.07 17:03:30 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\SkyCom [2015.09.07 10:03:50 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\TeamViewer [2015.08.26 16:12:26 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\Thunderbird [2015.08.26 16:11:26 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\Zeon [2012.01.03 13:32:27 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Vetad [2012.01.03 13:33:46 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\DMS [2012.03.04 19:08:45 | 000,000,000 | ---D | M] -- C:\Users\Dom**\AppData\Roaming\Zeon ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 255 bytes -> C:\ProgramData\Temp:0574215C @Alternate Data Stream - 247 bytes -> C:\ProgramData\Temp:D95ACC7D < End of report > |
11.11.2015, 12:19 | #2 |
| Win32Adware Bandoo.A [Engine B] Fortsetzung:
__________________Nachfolgend das Ergebnis von OTL Extras: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.11.2015 09:46:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mar**.Ka**\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = Lokal** Internet Explorer (Version = 9.11.9600.18059) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,96 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 36,60% Memory free 7,92 Gb Paging File | 4,61 Gb Available in Paging File | 58,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 458,50 Gb Total Space | 335,04 Gb Free Space | 73,07% Space Free | Partition Type: NTFS Drive K: | 411,68 Gb Total Space | 307,59 Gb Free Space | 74,71% Space Free | Partition Type: NTFS Drive L: | 411,68 Gb Total Space | 307,59 Gb Free Space | 74,71% Space Free | Partition Type: NTFS Drive P: | 411,68 Gb Total Space | 307,59 Gb Free Space | 74,71% Space Free | Partition Type: NTFS Drive Q: | 411,68 Gb Total Space | 307,59 Gb Free Space | 74,71% Space Free | Partition Type: NTFS Computer Name: PC02 | User Name: Mar** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [HKEY_USERS\S-1-5-21-3160997517-2106278152-2557221923-1126\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Vetad\PROGRAMM\NUMZUS\NumZus.exe" = C:\Vetad\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (Vetad eG) "C:\Vetad\PROGRAMM\RWAPPLIC\Vetad.Irw.Managed.ServiceProvider.exe" = C:\Vetad\PROGRAMM\RWAPPLIC\Vetad.Irw.Managed.ServiceProvider.exe:*:Enabled:Vetad IRW ServiceProvider -- (Vetad eG) "C:\Vetad\SYSTEM\DvpExe.exe" = C:\Vetad\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (Vetad eG) "C:\Vetad\SYSTEM\DcomSrv.exe" = C:\Vetad\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (Vetad eG) "C:\Vetad\PROGRAMM\Tnadnam\Tnadnam.exe" = C:\Vetad\PROGRAMM\Tnadnam\Tnadnam.exe:*:Enabled:Tnadnam.exe -- (Vetad eG) "C:\Vetad\PROGRAMM\NUMZUS\NumZus.exe" = C:\Vetad\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (Vetad eG) "C:\Vetad\PROGRAMM\RWAPPLIC\Vetad.Irw.Managed.ServiceProvider.exe" = C:\Vetad\PROGRAMM\RWAPPLIC\Vetad.Irw.Managed.ServiceProvider.exe:*:Enabled:Vetad IRW ServiceProvider -- (Vetad eG) "C:\Vetad\SYSTEM\DvpExe.exe" = C:\Vetad\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (Vetad eG) "C:\Vetad\SYSTEM\DcomSrv.exe" = C:\Vetad\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (Vetad eG) "C:\Vetad\PROGRAMM\Tnadnam\Tnadnam.exe" = C:\Vetad\PROGRAMM\Tnadnam\Tnadnam.exe:*:Enabled:Tnadnam.exe -- (Vetad eG) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Vetad\PROGRAMM\NUMZUS\NumZus.exe" = C:\Vetad\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (Vetad eG) "C:\Vetad\PROGRAMM\RWAPPLIC\Vetad.Irw.Managed.ServiceProvider.exe" = C:\Vetad\PROGRAMM\RWAPPLIC\Vetad.Irw.Managed.ServiceProvider.exe:*:Enabled:Vetad IRW ServiceProvider -- (Vetad eG) "C:\Vetad\SYSTEM\DvpExe.exe" = C:\Vetad\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (Vetad eG) "C:\Vetad\SYSTEM\DcomSrv.exe" = C:\Vetad\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (Vetad eG) "C:\Vetad\PROGRAMM\Tnadnam\Tnadnam.exe" = C:\Vetad\PROGRAMM\Tnadnam\Tnadnam.exe:*:Enabled:Tnadnam.exe -- (Vetad eG) "C:\Vetad\PROGRAMM\NUMZUS\NumZus.exe" = C:\Vetad\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (Vetad eG) "C:\Vetad\PROGRAMM\RWAPPLIC\Vetad.Irw.Managed.ServiceProvider.exe" = C:\Vetad\PROGRAMM\RWAPPLIC\Vetad.Irw.Managed.ServiceProvider.exe:*:Enabled:Vetad IRW ServiceProvider -- (Vetad eG) "C:\Vetad\SYSTEM\DvpExe.exe" = C:\Vetad\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (Vetad eG) "C:\Vetad\SYSTEM\DcomSrv.exe" = C:\Vetad\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (Vetad eG) "C:\Vetad\PROGRAMM\Tnadnam\Tnadnam.exe" = C:\Vetad\PROGRAMM\Tnadnam\Tnadnam.exe:*:Enabled:Tnadnam.exe -- (Vetad eG) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1722214A-003F-4DBF-8A40-DEE96731D703}" = lport=445 | protocol=6 | dir=in | app=system | "{17339240-0B92-413E-97F1-EC1ECBB442C8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{1D44BA22-9E28-4083-B351-F3ECC627B5CF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{33C3EEDB-032E-44D4-95AA-AFEB76D06A08}" = rport=445 | protocol=6 | dir=out | app=system | "{44C555D1-72C8-42D8-8F3D-8C2260C8875F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4A146A7B-DADC-403C-B8AB-9D27091DA958}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4D4F1B3F-8468-4F25-B45E-7CB0478BB642}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{53D06C79-D349-4AA1-BFAA-CAED702E5FAE}" = lport=137 | protocol=17 | dir=in | app=system | "{61BE6687-DAE1-4DAE-933E-99131F0B1A6A}" = rport=137 | protocol=17 | dir=out | app=system | "{64341B80-251D-4DA0-8017-7C055DEAE4B1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{69E325FD-5415-4F14-ABFF-8E666AD84FB0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{736E3D7E-E6D3-4902-943C-EA962727392A}" = rport=139 | protocol=6 | dir=out | app=system | "{743E2458-E157-4BFD-A60A-2AB407BF5F18}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{7C5DCF94-4F1D-4C41-B1D3-C434E50E26DC}" = lport=139 | protocol=6 | dir=in | app=system | "{9D4878A8-BEFD-4F38-864C-FC66F5E397A7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A396F170-160E-4DA7-9341-5219A1BBB419}" = lport=138 | protocol=17 | dir=in | app=system | "{A99A9455-B4DF-43EF-B467-38E6D70B3BF9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D66A1C1D-9BFA-4C6C-85C4-CEB61504D6AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DEFDDBBC-86D2-4DAE-9E63-8C4CF5E82C1F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E18A2157-1897-418D-BC2B-8F31EB2955C4}" = rport=138 | protocol=17 | dir=out | app=system | "{E8A5B9AE-933C-43EF-9FD9-557D236A6B98}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F763E0D3-029D-4436-B198-60FBC0781B9C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{FB944118-ED7A-4B76-A32A-E479018022AC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{126432FB-4688-4F2E-8FE3-2A0D62994F66}" = dir=in | app=c:\windows\system32\hasplms.exe | "{21279630-9FDD-4560-A854-00AE496C4EEB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{280FED29-87AA-4F47-ADB6-9CCE4428993C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe | "{2D4F9BA8-56A2-4658-B0A8-AE0B3FCA1F0A}" = dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe | "{3031FE58-FE1C-4F10-8B0A-0C83C21265FE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe | "{4AA6A2EF-72D0-40C5-89EE-CC0E160175C4}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{579B7F4C-886F-42CA-9600-52F059AE44D4}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{5FE36310-BC20-435B-A3CF-84DC9BBF2C55}" = dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe | "{60399911-0D3F-4CDF-93AA-D29B4B76CE9F}" = dir=in | app=c:\windows\system32\hasplms.exe | "{627B4C30-B2CE-4F74-B86A-624210550351}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | "{63FA535F-4099-478D-B9E5-DE0EF0008B1B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{68B01066-3D5A-4CEC-9416-D0DBB848D608}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | "{6EF12444-F1AC-4278-BD66-B16500A1E854}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | "{7077CE7F-BBDC-470E-95BD-AB40E3928392}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe | "{7199394B-5771-40BF-BB82-F8A5BE963554}" = protocol=6 | dir=in | app=c:\Vetad\programm\b0000391\Vetad.security.dokumentenschutz.exe | "{785C587A-ADA1-49D3-9697-3948864FF7DA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe | "{7ABC9A6C-94E5-4BB1-AA12-2B10469123CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B05539C3-F896-4728-A211-E514751880E3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B9F034D3-BD88-4C77-8D14-3FEA6194AAA4}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{BA3CFF32-B061-41CD-B233-EF9B30014090}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | "{BE7081D3-D782-42B1-9B95-AFBF7506D670}" = dir=in | app=c:\program files\tightvnc\tvnserver.exe | "{C518682D-63A4-4603-9BAB-1D9FCBF19B55}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{DAAFB615-065F-4925-AB67-5E44FF7F0510}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E1F0428B-9E44-493C-92FA-F41264C4A67E}" = protocol=6 | dir=in | app=c:\Vetad\programm\b0000398\sipahost.exe | "{E87D25BF-70BC-4F87-A867-C70AB7410CCC}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{ECBE9B16-882C-4D52-9FB7-5823E9E9B446}" = protocol=6 | dir=in | app=c:\Vetad\programm\rwapplic\Vetad.irw.managed.serviceprovider.exe | "{F171416D-5986-449F-B038-C98064509925}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{F2A1C324-1837-49A7-A31F-22B5396FF944}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{172A705F-D4EC-425A-AD7D-592910136FBA}C:\Vetad\programm\b0000398\sipahost.exe" = protocol=6 | dir=in | app=c:\Vetad\programm\b0000398\sipahost.exe | "TCP Query User{1989F23E-EEC6-4C32-8A1C-DB48965D3248}C:\program files (x86)\g data\AVK\AVK.exe" = protocol=6 | dir=in | app=c:\program files (x86)\g data\AVK\AVK.exe | "TCP Query User{20F374D8-DF3B-4B5E-89B9-F0AD2C525054}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{294FAFF8-FA89-46CA-9877-ADCB4932A7D6}C:\Vetad\programm\dfueisdn\sslclt\sslclt.exe" = protocol=6 | dir=in | app=c:\Vetad\programm\dfueisdn\sslclt\sslclt.exe | "TCP Query User{388CBB47-AB58-456D-A75D-73B5DEDD66E6}C:\Vetad\programm\sws\limaservice.exe" = protocol=6 | dir=in | app=c:\Vetad\programm\sws\limaservice.exe | "TCP Query User{5F79A600-D361-4DC5-AAE7-65B4617C001D}C:\program files (x86)\g data\AVK\AVK.exe" = protocol=6 | dir=in | app=c:\program files (x86)\g data\AVK\AVK.exe | "TCP Query User{7A250F7E-99D6-4284-806C-686A61225A09}C:\Vetad\programm\dfueisdn\sslclt\sslclt.exe" = protocol=6 | dir=in | app=c:\Vetad\programm\dfueisdn\sslclt\sslclt.exe | "TCP Query User{CB3DA784-F5F2-42B8-9B48-1404163C8673}C:\Vetad\programm\dfueisdn\sslclt\sslclt.exe" = protocol=6 | dir=in | app=c:\Vetad\programm\dfueisdn\sslclt\sslclt.exe | "TCP Query User{D74D3D22-A67C-49D3-88DA-DD29C9189166}C:\Vetad\programm\k0005000\arbeitsplatz.exe" = protocol=6 | dir=in | app=c:\Vetad\programm\k0005000\arbeitsplatz.exe | "TCP Query User{D96180A0-7519-4C09-931A-30E42300B4EF}C:\program files (x86)\g data\AVK\AVK.exe" = protocol=6 | dir=in | app=c:\program files (x86)\g data\AVK\AVK.exe | "UDP Query User{13A614C3-C210-4D7D-991A-2B01D8567868}C:\Vetad\programm\dfueisdn\sslclt\sslclt.exe" = protocol=17 | dir=in | app=c:\Vetad\programm\dfueisdn\sslclt\sslclt.exe | "UDP Query User{147CF546-3069-4A31-91A1-AFD5F2B44973}C:\Vetad\programm\dfueisdn\sslclt\sslclt.exe" = protocol=17 | dir=in | app=c:\Vetad\programm\dfueisdn\sslclt\sslclt.exe | "UDP Query User{19D1B3CB-745D-4412-8C18-10558755543D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{1F13A023-F582-400D-BE0C-53DFA4FE9725}C:\Vetad\programm\sws\limaservice.exe" = protocol=17 | dir=in | app=c:\Vetad\programm\sws\limaservice.exe | "UDP Query User{50B90E77-982F-4DE0-A22E-3F77B7BCDA09}C:\Vetad\programm\dfueisdn\sslclt\sslclt.exe" = protocol=17 | dir=in | app=c:\Vetad\programm\dfueisdn\sslclt\sslclt.exe | "UDP Query User{574C5855-8FEA-4F92-B38C-9279A9CF9A0B}C:\program files (x86)\g data\AVK\AVK.exe" = protocol=17 | dir=in | app=c:\program files (x86)\g data\AVK\AVK.exe | "UDP Query User{E7A77894-60EE-49D8-92FF-7FBB0E0DC942}C:\Vetad\programm\k0005000\arbeitsplatz.exe" = protocol=17 | dir=in | app=c:\Vetad\programm\k0005000\arbeitsplatz.exe | "UDP Query User{F4213866-E334-440D-8949-2AE678CFA679}C:\program files (x86)\g data\AVK\AVK.exe" = protocol=17 | dir=in | app=c:\program files (x86)\g data\AVK\AVK.exe | "UDP Query User{FBFB69C4-FD24-4694-BF88-55F5C8D80C95}C:\program files (x86)\g data\AVK\AVK.exe" = protocol=17 | dir=in | app=c:\program files (x86)\g data\AVK\AVK.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager "{180500C1-57BB-3AA8-8E55-DCD5ECD16537}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1DB0C90B-2A9F-3A1E-B1DF-616C5A2A1417}" = Microsoft .NET Framework 4.5.2 (DEU) "{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2 "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{36B72E6E-E433-45FC-A929-C416FF63415A}" = Microsoft SQL Server 2005-Abwärtskompatibilität "{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64 "{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding "{4ED70939-4D42-48E4-B573-13E3B8B13ADF}" = gs_x64 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel(R) Network Connections 15.7.176.0 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.2 (Deutsch) "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2 "{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{A6FE29A0-622B-2763-88AA-D1E084F77CD9}" = AMD Media Foundation Decoders "{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B625EA74-59BE-4F69-9400-357F453368FD}" = Nuance PDF Converter Professional 7 "{BFBF33B5-AEFE-454B-A189-DF5013028535}" = SQLXML4 "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}" = TightVNC "{D3F786BC-45E0-4C05-8EF7-E17BC6058A5D}" = eDocPrintPro "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics "FBDBServer_2_1_x64_is1" = Firebird 2.1.5.18496 (x64) "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU "PROSetDX" = Intel(R) Network Connections 15.7.176.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup "{063368C4-1F03-46C7-92A8-9066AF67B372}" = SPR532 SmartCard Reader V1.87 "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0881ECE5-DCA1-462D-B515-F1732875EC74}" = Vetad Infragistics Runtime V.3.2 "{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 "{17B0906A-26ED-45D0-B51B-83EF1AADCCFE}" = SCR3xxx Smart Card Reader "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.0 "{26A24AE4-039D-4CA4-87B4-2F83218060F0}" = Java 8 Update 60 "{2CCD66CC-BD94-4ED6-B57C-3D023A1B6F93}" = Haufe iDesk-Service "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding "{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 "{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common "{37810E40-6BC7-47F0-B464-17CBCDE187AB}" = Haufe Formular-Manager "{41EEA0F0-011B-11D5-8F68-005004538B1F}" = Update System "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4fcf070a-daac-45e9-a8b0-6850941f7ed8}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 "{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12 "{59F3D2AC-5F1F-4A93-8F23-6FD4F029D9A9}" = True Image 2013 "{59F3D2AC-5F1F-4A93-8F23-6FD4F029D9A9}Visible" = True Image 2013 "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD "{5FCFEBE0-EBDA-42A5-BC6E-67B94A47D6F0}" = kobdfu x64x86 driver installation "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{6FFCE7A5-E850-4612-A79E-0791089CB8BC}" = DFL7 Microkernel "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser "{77777baa-39ce-4e69-abc7-bc53551f32da}" = Haufe Pers Office Standard "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7F07767B-0141-49E4-A850-5EAB7D08C2FA}" = G Data Security Client "{7F26BC94-9AAA-4FD2-A38A-F13B3ECA3426}" = Crystal Reports Runtime XI "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld "{8B72AB5C-498C-4071-A2D1-11F0009C3B44}" = DFL7 ConfigDB "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010 "{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2010 Primary Interop Assemblies "{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91302AFA-15FA-4C92-9ADC-76A5048F634C}" = True Image 2013 Media Add-on "{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}" = Brother MFL-Pro Suite MFC-8860DN "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DC6A476-1BCF-4EA0-8ECB-B5788CE528B1}" = Haufe Reuets Office "{9FAFEAEE-548F-4BBE-AE9E-7B298D42BC5A}" = Skov - Bts Edition "{9FECD1F1-4B1E-499D-BAF4-B9BDE655554D}" = HP SimplePass PE 2011 "{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAEDA026-F01D-4912-8D4B-632785EDDFC1}" = Haufe Pers Office Standard "{AC172E9C-D9E6-4853-BEDB-FB6D72042F42}" = klickTel OEM Frühjahr 2010 "{AC76BA86-0804-1033-1959-001824147215}" = Adobe Refresh Manager "{AC76BA86-7AD7-1031-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC - Deutsch "{AD0E43FE-7BBA-4CEA-93E4-233695CD8AA2}" = Haufe iDesk-Browser "{b01a0c5a-dd3b-432c-b37b-57da998a9e94}" = Haufe Reuets Office "{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 "{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information "{B2F21D11-631B-33C2-8E1A-73EA57FDFE33}" = Microsoft ReportViewer 2010 Redistributable - Language Pack - deu "{B8719A77-EAE1-47CC-81C9-C6E4AE9470D9}" = WebUpdate-Reuetserklärungen "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2 "{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 "{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0 "{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy "{C185AB5E-55CF-471D-8131-DAE00C13B326}" = WebUpdate - ESt "{C408E706-94A7-454C-8B52-538AA6CBD0FB}" = True Image 2013 Plus Pack "{C53D64C3-D000-4E57-A8D7-D138CBB70D91}" = WebUpdate - Stammdaten "{C5CBEBFF-3DB4-4271-A706-757BBE3BD5AE}" = KOBIL CCID driver x64x86 "{CAD7F8D4-49C3-4101-BE7E-F1EEBF810AC2}" = Skov - Bts Edition "{D3D88E2B-0853-4C17-8FAF-962D0A93D776}" = Agelloc Ka** "{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}" = Citrix Online Launcher "{E0ADF19F-E3D2-4B79-BE25-ACB56388E838}" = WebUpdate - ELSTER "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E7A679C2-2A9C-4008-9CF9-178A6C13D923}" = Dialogseminar online V.3.02 "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{EAA9023E-4091-4285-8BD5-F84D8E83469A}" = Skov OS Upgrade "{EBFC96E5-4409-426E-88B7-650ADB342E78}" = MSI to redistribute MS VS2005 CRT libraries "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F476C0AA-80D6-481A-83FC-37763021C31F}" = Identive Cloud Smart Card Reader "{F713C6A9-AB4A-4332-9306-736C2F4F18B8}" = NWB ReuetsXpert "{F865B0B5-0D43-2704-0B22-35C5F721374B}" = Catalyst Control Center "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F8AEA743-A9CB-453C-9B3C-53D7F1D0CC22}" = B1315AppGuid "{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 "{FB3FA4C6-98A3-41C0-8713-6BADBBCB4FBC}" = ADAC Gebrauchtwagen 2010-2011 "7-Zip" = 7-Zip 9.20 "Adobe Flash Player NPAPI" = Adobe Flash Player 19 NPAPI "Ashampoo Snap 3_is1" = Ashampoo Snap 3.50 "Agelloc-Ka**_is1" = Agelloc Ka** "VetadB00000482.0" = Vetad-Installation V.3.7 "ElsterFormular" = ElsterFormular "FreeCommander_is1" = FreeCommander 2009.02b "Google Chrome" = Google Chrome "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.2.0.1024 "Mozilla Firefox 42.0 (x86 de)" = Mozilla Firefox 42.0 (x86 de) "Mozilla Thunderbird 38.3.0 (x86 de)" = Mozilla Thunderbird 38.3.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Opera 12.17.1863" = Opera 12.17 "Organizer V99.1" = Lotus Organizer 6.0 "PhraseExpress_is1" = PhraseExpress v11.0.109 "TeamViewer" = TeamViewer 10 "TeamViewer 9" = TeamViewer 9 "tksuite_tksuite_client" = AGFEO TK-Suite Client "VIP Access SDK" = VIP Access SDK (1.0.1.4) "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Yahoo! SearchSet" = Yahoo Search Set ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 01.10.2015 05:22:38 | Computer Name = PC02.Ka**.local | Source = Vetad.CC.Processes.Hosting.RdtServiceMode | ID = 0 Description = Error - 12.10.2015 10:37:51 | Computer Name = PC02.Ka**.local | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2015/10/12 16:37:51.411]: [00005124]: Read S-Key information failed! Error - 13.10.2015 08:42:30 | Computer Name = PC02.Ka**.local | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\Skov\vtoolsstartHSO.exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\Skov\vtoolsstartHSO.exe" in Zeile 17. Ungültige XML-Syntax. Error - 13.10.2015 08:44:41 | Computer Name = PC02.Ka**.local | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\freecommander\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\freecommander\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 15.10.2015 02:14:05 | Computer Name = PC02.Ka**.local | Source = MsiInstaller | ID = 1024 Description = Error - 15.10.2015 07:27:29 | Computer Name = PC02.Ka**.local | Source = Adobe Reader | ID = 1048592 Description = Error - 19.10.2015 02:17:10 | Computer Name = PC02.Ka**.local | Source = MsiInstaller | ID = 1024 Description = Error - 02.11.2015 03:07:22 | Computer Name = PC02.Ka**.local | Source = MsiInstaller | ID = 1024 Description = Error - 03.11.2015 03:20:26 | Computer Name = PC02.Ka**.local | Source = Vetad.CC.Processes.Hosting.RdtServiceMode | ID = 0 Description = Error - 03.11.2015 10:15:37 | Computer Name = PC02.Ka**.local | Source = Vetad.CC.Processes.Hosting.RdtServiceMode | ID = 0 Description = [ Hewlett-Packard Events ] Error - 30.12.2011 08:54:31 | Computer Name = PC02 | Source = HPSFMsgr.exe | ID = 4000 Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() StackTrace: bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 3984 Ram Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean, Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef) Error - 30.12.2011 08:54:32 | Computer Name = PC02 | Source = HPSFMsgr.exe | ID = 4000 Description = HP Error ID: -2147221164HPSFMsgr.exe bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar() StackTrace: bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar() Source: mscorlib Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 3984 Ram Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean, Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef) Error - 06.12.2012 02:46:03 | Computer Name = PC02.Ka**.local | Source = HPSFMsgr.exe | ID = 4000 Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() StackTrace: bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4054 Ram Utilization: 10 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean, Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef) Error - 26.12.2012 06:38:40 | Computer Name = PC02.Ka**.local | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467259 bei MS.Win32.UnsafeNativeMethods.CreateWindowEx(Int32 dwExStyle, String lpszClassName, String lpszWindowName, Int32 style, Int32 x, Int32 y, Int32 width, Int32 height, HandleRef hWndParent, HandleRef hMenu, HandleRef hInst, Object pvParam) bei MS.Win32.HwndWrapper..ctor(Int32 classStyle, Int32 style, Int32 exStyle, Int32 x, Int32 y, Int32 width, Int32 height, String name, IntPtr parent, HwndWrapperHook[] hooks) bei MS.Win32.MessageOnlyHwndWrapper..ctor() bei System.Windows.Threading.Dispatcher..ctor() bei System.Windows.Threading.Dispatcher.get_CurrentDispatcher() bei System.Windows.Threading.DispatcherObject..ctor() bei System.Windows.Application..ctor() bei HP.SupportAssistant.UI.App.Main() Message: Der Vorgang wurde erfolgreich beendet StackTrace: bei MS.Win32.UnsafeNativeMethods.CreateWindowEx(Int32 dwExStyle, String lpszClassName, String lpszWindowName, Int32 style, Int32 x, Int32 y, Int32 width, Int32 height, HandleRef hWndParent, HandleRef hMenu, HandleRef hInst, Object pvParam) bei MS.Win32.HwndWrapper..ctor(Int32 classStyle, Int32 style, Int32 exStyle, Int32 x, Int32 y, Int32 width, Int32 height, String name, IntPtr parent, HwndWrapperHook[] hooks) bei MS.Win32.MessageOnlyHwndWrapper..ctor() bei System.Windows.Threading.Dispatcher..ctor() bei System.Windows.Threading.Dispatcher.get_CurrentDispatcher() bei System.Windows.Threading.DispatcherObject..ctor() bei System.Windows.Application..ctor() bei HP.SupportAssistant.UI.App.Main() Source: WindowsBase Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 4054 Ram Utilization: 40 TargetSite: IntPtr CreateWindowEx(Int32, System.String, System.String, Int32, Int32, Int32, Int32, Int32, System.Runtime.InteropServices.HandleRef, System.Runtime.InteropServices.HandleRef, System.Runtime.InteropServices.HandleRef, System.Object) Error - 02.06.2013 14:43:33 | Computer Name = PC02.Ka**.local | Source = HPSFMsgr.exe | ID = 4000 Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() StackTrace: bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4054 Ram Utilization: 30 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean, Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef) Error - 23.02.2014 04:42:59 | Computer Name = PC02.Ka**.local | Source = HPSF.exe | ID = 4000 Description = [ System Events ] Error - 04.11.2015 03:56:50 | Computer Name = PC02.Ka**.local | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 04.11.2015 03:56:51 | Computer Name = PC02.Ka**.local | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 04.11.2015 03:56:51 | Computer Name = PC02.Ka**.local | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 04.11.2015 03:56:52 | Computer Name = PC02.Ka**.local | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 04.11.2015 11:53:48 | Computer Name = PC02.Ka**.local | Source = VDS Basic Provider | ID = 33554433 Description = Error - 04.11.2015 11:53:49 | Computer Name = PC02.Ka**.local | Source = VDS Basic Provider | ID = 33554433 Description = Error - 05.11.2015 10:19:07 | Computer Name = PC02.Ka**.local | Source = VDS Basic Provider | ID = 33554433 Description = Error - 05.11.2015 10:19:07 | Computer Name = PC02.Ka**.local | Source = VDS Basic Provider | ID = 33554433 Description = Error - 10.11.2015 02:57:38 | Computer Name = PC02.Ka**.local | Source = DCOM | ID = 10010 Description = < End of report > Vielen Dank schon vorab. Gruß Maddin |
11.11.2015, 12:20 | #3 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win32Adware Bandoo.A [Engine B] Hi,
__________________bitte alle Logs von Malwarebytes mit Funden posten. Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
11.11.2015, 12:44 | #4 |
| Win32Adware Bandoo.A [Engine B] Hi Cosinus, bei mir werden 2 Posts von mir angezeigt (OTL und OTL Extras). Es ist also alles hochgeladen Gruß Maddin |
11.11.2015, 12:54 | #5 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win32Adware Bandoo.A [Engine B] Nö. Lies doch bitte meine Postings richtig. Ich fragte nach den Logs von MBAM. edith sagt: Zitat:
Grundsätzlich bereinigen wir keine gewerblich genutzen Rechner. Dafür ist die IT Abteilung eurer Firma zuständig. (...) Hier gilt insbesondere, dass wir im Nachhinein keine Logfiles löschen werden, egal wie sehr "euer Chef das auch will". Gelesen und verstanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
12.11.2015, 10:54 | #6 |
| Win32Adware Bandoo.A [Engine B] Hi Cosinus, ich habe private Familien-PCs miteinander verbunden. Eine IT-Abteilung habe ich natürlich nicht. Nachfolgende die MBAM-Logs: mbam-log-2015-11-10 (16-23-02) Code:
ATTFilter <?xml version="1.0" encoding="UTF-16" ?> - <mbam-log> - <header> <date>2015/11/10 16:23:09 +0100</date> <logfile>mbam-log-2015-11-10 (16-23-02).xml</logfile> <isadmin>yes</isadmin> </header> - <engine> <version>2.2.0.1024</version> <malware-database>v2015.11.10.05</malware-database> <rootkit-database>v2015.11.04.02</rootkit-database> <license>free</license> <file-protection>disabled</file-protection> <web-protection>disabled</web-protection> <self-protection>disabled</self-protection> </engine> - <system> <hostname>P2</hostname> <ip>192.168.199.106</ip> <osversion>Windows 7 Service Pack 1</osversion> <arch>x64</arch> <username>Mar**</username> <filesys>NTFS</filesys> </system> - <summary> <type>threat</type> <result>completed</result> <objects>605483</objects> <time>3033</time> <processes>0</processes> <modules>0</modules> <keys>0</keys> <values>0</values> <datas>0</datas> <folders>0</folders> <files>0</files> <sectors>0</sectors> </summary> - <options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> <items /> </mbam-log> Code:
ATTFilter <?xml version="1.0" encoding="UTF-8" ?> - <logs> <record severity="debug" LoggingEventType="4" datetime="2015-11-11T07:42:10.598151+01:00" source="Protection" type="Error" username="SYSTEM" systemname="P2" code="13" last_modified_tag="bf5bdb65-9651-4799-9697-611bf41047fc" message="IsLicensed" /> <record severity="debug" LoggingEventType="2" datetime="2015-11-11T07:42:10.598151+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="P2" last_modified_tag="11beb07b-c376-4553-8943-ef3533f9d039" result="Stopping" subtype="Malware Protection" /> <record severity="debug" LoggingEventType="2" datetime="2015-11-11T07:42:10.598151+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="P2" last_modified_tag="b2c8cae2-18b7-4043-8cf9-f21f686b1c5d" result="Stopped" subtype="Malware Protection" /> <record severity="debug" LoggingEventType="4" datetime="2015-11-11T12:42:06.109890+01:00" source="Protection" type="Error" username="SYSTEM" systemname="P2" code="13" last_modified_tag="8df5c120-af48-4bdc-9c7d-20403fad8a18" message="IsLicensed" /> <record severity="debug" LoggingEventType="2" datetime="2015-11-11T12:42:06.156690+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="P2" last_modified_tag="f690325b-1c9e-47a2-89e8-80070036bd22" result="Stopping" subtype="Malware Protection" /> <record severity="debug" LoggingEventType="2" datetime="2015-11-11T12:42:06.172290+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="P2" last_modified_tag="ebc3f80e-b537-4f4a-b5a0-a8eedb5aabd6" result="Stopped" subtype="Malware Protection" /> <record severity="debug" LoggingEventType="4" datetime="2015-11-11T13:26:27.259794+01:00" source="Protection" type="Error" username="SYSTEM" systemname="P2" code="1063" last_modified_tag="4f7ec87e-2872-4bac-8b0e-5cafef2f04c6" message="StartServiceCtrlDispatcher" /> <record severity="debug" LoggingEventType="4" datetime="2015-11-11T13:38:35.862487+01:00" source="Protection" type="Error" username="SYSTEM" systemname="P2" code="13" last_modified_tag="700aa252-b938-4b78-8320-e4a910c2a50e" message="IsLicensed" /> <record severity="debug" LoggingEventType="2" datetime="2015-11-11T13:38:35.878087+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="P2" last_modified_tag="e4ade46f-8b7d-4133-85cb-0cdaeffd7bb9" result="Stopping" subtype="Malware Protection" /> <record severity="debug" LoggingEventType="2" datetime="2015-11-11T13:38:35.893687+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="P2" last_modified_tag="316f59a3-f571-466e-8346-83a929cd8c27" result="Stopped" subtype="Malware Protection" /> <record severity="debug" LoggingEventType="4" datetime="2015-11-11T17:34:02.612893+01:00" source="Protection" type="Error" username="SYSTEM" systemname="P2" code="13" last_modified_tag="3966455c-45ac-47c2-b0ed-75c2c5b7b35a" message="IsLicensed" /> <record severity="debug" LoggingEventType="2" datetime="2015-11-11T17:34:02.644094+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="P2" last_modified_tag="79068180-223c-4662-ab18-6b70f5eaeadc" result="Stopping" subtype="Malware Protection" /> <record severity="debug" LoggingEventType="2" datetime="2015-11-11T17:34:02.644094+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="P2" last_modified_tag="27d42c65-7ef9-4516-973a-cfaa6125a056" result="Stopped" subtype="Malware Protection" /> </logs> Code:
ATTFilter <?xml version="1.0" encoding="UTF-8" ?> - <logs> <record severity="debug" LoggingEventType="4" datetime="2015-11-11T07:42:10.598151+01:00" source="Protection" type="Error" username="SYSTEM" systemname="P2" code="13" last_modified_tag="bf5bdb65-9651-4799-9697-611bf41047fc" message="IsLicensed" /> <record severity="debug" LoggingEventType="2" datetime="2015-11-11T07:42:10.598151+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="P2" last_modified_tag="11beb07b-c376-4553-8943-ef3533f9d039" result="Stopping" subtype="Malware Protection" /> <record severity="debug" LoggingEventType="2" datetime="2015-11-11T07:42:10.598151+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="P2" last_modified_tag="b2c8cae2-18b7-4043-8cf9-f21f686b1c5d" result="Stopped" subtype="Malware Protection" /> <record severity="debug" LoggingEventType="4" datetime="2015-11-11T12:42:06.109890+01:00" source="Protection" type="Error" username="SYSTEM" systemname="P2" code="13" last_modified_tag="8df5c120-af48-4bdc-9c7d-20403fad8a18" message="IsLicensed" /> <record severity="debug" LoggingEventType="2" datetime="2015-11-11T12:42:06.156690+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="P2" last_modified_tag="f690325b-1c9e-47a2-89e8-80070036bd22" result="Stopping" subtype="Malware Protection" /> <record severity="debug" LoggingEventType="2" datetime="2015-11-11T12:42:06.172290+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="P2" last_modified_tag="ebc3f80e-b537-4f4a-b5a0-a8eedb5aabd6" result="Stopped" subtype="Malware Protection" /> <record severity="debug" LoggingEventType="4" datetime="2015-11-11T13:26:27.259794+01:00" source="Protection" type="Error" username="SYSTEM" systemname="P2" code="1063" last_modified_tag="4f7ec87e-2872-4bac-8b0e-5cafef2f04c6" message="StartServiceCtrlDispatcher" /> <record severity="debug" LoggingEventType="4" datetime="2015-11-11T13:38:35.862487+01:00" source="Protection" type="Error" username="SYSTEM" systemname="P2" code="13" last_modified_tag="700aa252-b938-4b78-8320-e4a910c2a50e" message="IsLicensed" /> <record severity="debug" LoggingEventType="2" datetime="2015-11-11T13:38:35.878087+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="P2" last_modified_tag="e4ade46f-8b7d-4133-85cb-0cdaeffd7bb9" result="Stopping" subtype="Malware Protection" /> <record severity="debug" LoggingEventType="2" datetime="2015-11-11T13:38:35.893687+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="P2" last_modified_tag="316f59a3-f571-466e-8346-83a929cd8c27" result="Stopped" subtype="Malware Protection" /> <record severity="debug" LoggingEventType="4" datetime="2015-11-11T17:34:02.612893+01:00" source="Protection" type="Error" username="SYSTEM" systemname="P2" code="13" last_modified_tag="3966455c-45ac-47c2-b0ed-75c2c5b7b35a" message="IsLicensed" /> <record severity="debug" LoggingEventType="2" datetime="2015-11-11T17:34:02.644094+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="P2" last_modified_tag="79068180-223c-4662-ab18-6b70f5eaeadc" result="Stopping" subtype="Malware Protection" /> <record severity="debug" LoggingEventType="2" datetime="2015-11-11T17:34:02.644094+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="P2" last_modified_tag="27d42c65-7ef9-4516-973a-cfaa6125a056" result="Stopped" subtype="Malware Protection" /> </logs> |
12.11.2015, 11:05 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win32Adware Bandoo.A [Engine B] Poste die Logs von MBAM bitte richtig. - Logs mit Funden - nur Logs ohne Funde zu posten ist sinnfrei! - Logformat bitte TXT und nicht XML oder sonstwas Siehe Malwarebytes Anti-Malware Logfile finden - Anleitungen
__________________ Logfiles bitte immer in CODE-Tags posten |
17.07.2016, 21:52 | #8 |
| Win32Adware Bandoo.A [Engine B] Hi Cosinus, da ich mit den Hinweisen nicht klar gekommen bin, habe ich das Problem von einem Freund lösen lassen. Bitte schließe die Aktion. Für Deine Hilfe bedanke ich mich herzlich. Gruß |
Themen zu Win32Adware Bandoo.A [Engine B] |
adobe, adobe flash player, adware, autorun, bho, converter, defender, error, excel, explorer, firefox, flash player, format, helper, infizierte, logfile, microsoft, mozilla, nodrives, pdf, programm, realtek, registry, software, temp, windows |