| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Backdoor sdboot.ry Virus kann nicht gelöscht werdenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.12.2013, 15:42
| #1 |
 |  Backdoor sdboot.ry Virus kann nicht gelöscht werden Hallo zusammen, benötige Hilfe bei der Entfernung eines Viruses. Virusname laut dem Scantool AVG AnitSpyware = backdoor sdboot.ry Wie ich den bekommen habe, weiss ich nicht. Habe noch nie Tauschbören oder ähnliche Seiten verwendet bzw. aufgerufen. Kann mir Jemand helfen. Ps: Kann den Abgesicherten Modus nicht starten. Hier kommt sofort ien bluescreeen. Eine Lösung ohne abgesicherter Modus wäre hilfreich. Danke Tw14199 Ps: soory habe den Scan gerade nochmals laufen lassen. Jetzt zeigt das Tool diesen Virus nicht mehr. Gibt es ein anderes Tool um das zu prüfen. Interneteplorer ist nämlich noch extrem langsam. |
|
27.12.2013, 16:15
| #2 |
| /// the machine /// TB-Ausbilder    | Backdoor sdboot.ry Virus kann nicht gelöscht werden hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
28.12.2013, 10:18
| #3 |
| | Backdoor sdboot.ry Virus kann nicht gelöscht werden Hallo,
__________________danke für deine Antwort. Scan läuft Dateien kommen sofort. Danke Tw14199 Hi Addtion: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-12-2013 Ran by at 2013-12-27 16:25:48 Running from C:\Dokumente und Einstellungen\xxx\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 7.1.4) Action Handler Resources (Version: 10.3.1.58779) actions-langs (Version: 10.3.1.60756) Adobe Digital Editions 2.0 (Version: 2.0.1) Adobe Flash Player 11 ActiveX (Version: 11.9.900.170) Adobe Flash Player 11 Plugin (Version: 11.9.900.170) Adobe Reader 9.5.0 - Deutsch (Version: 9.5.0) Agent Connected Backup/PC (Version: 8.6) Apple Application Support (Version: 2.3.6) Apple Mobile Device Support (Version: 7.0.0.117) Apple Software Update (Version: 2.1.3.127) Arch-To-Pst for Notes 4.5.4.29539 STERIA Corporate Version (Version: 4.5.4.29539) Ashampoo WinOptimizer Free v.1.0.0 (Version: 1.0.0) assetmanagementmodule-langs (Version: 10.3.1.60756) auth-satellite-server-langs (Version: 10.3.1.34036) AVG Anti-Spyware 7.5 BlackBerry Desktop Software 6.1 (Version: 6.1.0.35) Bonjour (Version: 3.0.0.10) Browser Guard 4.0 (Version: 4.0.0.1884) bundle-langs (Version: 10.3.1.60756) calibre (Version: 1.13.0) Canon MG5200 series Benutzerregistrierung Canon MP560 series MP Drivers CASA (Version: 1.7.1613) CCleaner (Version: 4.09) Click to Call with Skype (Version: 5.5.8013) Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001) Conexant 20585 SmartAudio HD (Version: 3.66.140.51) Configuration Manager Client (Version: 4.00.6487.2400) content-distribution-point-langs (Version: 10.3.1.34036) ConText (Version: 1.00.0000) Download Protect Ericsson Wireless Module Core (Version: 1.0.1046.223) FreePDF (Remove only) Google Chrome (Version: 31.0.1650.63) Google Earth Plug-in (Version: 7.1.2.2041) Google Update Helper (Version: 1.3.22.3) GPL Ghostscript (Version: 9.07) Hardcopy (C:\Programme\Hardcopy) (Version: 2010.11.19) Help Center (Version: 2.00o) Hotfix für Windows Media Player 11 (KB939683) Hotfix für Windows XP (KB2158563) (Version: 1) Hotfix für Windows XP (KB2443685) (Version: 1) Hotfix für Windows XP (KB942288-v3) (Version: 3) Hotfix für Windows XP (KB952287) (Version: 1) Hotfix für Windows XP (KB961118) (Version: 1) Hotfix für Windows XP (KB969084) (Version: 3) Hotfix für Windows XP (KB970653-v3) (Version: 3) Hotfix für Windows XP (KB976098-v2) (Version: 2) HP LaserJet Professional CM1410 Series HP LJ CM1410 MFP Series HP Scan (Version: 1.0.302.0) HP Update (Version: 5.002.006.003) HPLaserJetHelp_LearnCenter (Version: 1.03.0000) HPLJUT (Version: 1.00.0012) hppCM1410LaserJetService (Version: 001.008.00477) hppFaxDrvCM1410 (Version: 003.000.00001) hppFaxUtilityCM1410 (Version: 000.002.00001) hppLaserJetService (Version: 002.015.00599) hppSendFaxCM1410 (Version: 003.000.00001) hppTLBXFXCM1410 (Version: 001.012.00948) hpzTLBXFX (Version: 006.015.01163) I.R.I.S. OCR (Version: 12.3.4.0) Integrated Camera Driver Installer Package Ver.1.1.0.17 (Version: 1.1.0.17) Intel PROSet Wireless Intel(R) Management Engine Components (Version: 6.0.0.1179) Intel(R) PROSet/Wireless WiFi-Software (Version: 13.02.0000) Intel® Active Management Technology InterVideo Register Manager (Version: 1.0.4.0) InterVideo WinDVD (Version: 5.0-B11.1294) inventory-langs (Version: 10.3.1.60756) iPubsoft ePub Creator build(2.1.8) (Version: 2.1.8) iTunes (Version: 11.1.3.8) Java 2 Runtime Environment, SE v1.4.2_05 (Version: 1.4.2_05) Java 7 Update 45 (Version: 7.0.450) Java Auto Updater (Version: 2.1.9.8) Java(TM) 6 Update 31 (Version: 6.0.310) Lenovo Patch Utility (Version: 1.3.0.007) Lenovo System Interface Driver (Version: 1.02) Lenovo T410 Fingerprint Drivers (Version: 1.0.0) Lexware Info Service (Version: 2.90.00.0009) Lotus Notes 8.0.2 de (Version: 8.02.8255) MAGIX Screenshare (Version: 4.3.6.1987) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Marketsplash Shortcuts (Version: 1.0.0.9) McAfee Security Scan Plus (Version: 3.8.130.10) Message Center (Version: 2.01g) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729) Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1) Microsoft Forefront UAG endpoint components v4.0.0 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Lync 2010 (Version: 4.0.7577.4384) Microsoft Office 2003 Web Components (Version: 12.0.4518.1014) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Standard 2010 (Version: 14.0.6029.1000) Microsoft Office Visio Professional 2003 (Version: 11.0.7969.0) Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Online Services-Anmelde-Assistent (Version: 7.250.4122.0) Microsoft PowerPoint Viewer 97 Microsoft Redistributable Files (x86) (Version: 9.0) Microsoft Silverlight (Version: 4.0.50826.0) Microsoft Software Update for Web Folders (German) 14 (Version: 14.0.6029.1000) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Mobile Broadband Generic Drivers (Version: 2.03.10.002.25) Mobile Connection Manager Mobogenie Mozilla Firefox 25.0.1 (x86 de) (Version: 25.0.1) Mozilla Maintenance Service (Version: 25.0.1) MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0) MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0) MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 6.0 Parser (Version: 6.00.3883.15) Mummert Zertifikate (Version: 1.00.0000) MySQL Server 5.1 (Version: 5.1.38) NICI (Shared) U.S./Worldwide (128 bit) (2.7.4-1) NICI U.S./Worldwide 1.7.0 (128 bit) NMAS Challenge Response Method (Version: 2.7.7.0) NMAS Client (Version: 3.4.3.0) Novell BorderManager 3.8.15 VPN Client Novell CASA Authentication Token Client (Version: 1.7.1630) Novell Client für Windows Novell ZENworks (Version: 10.3.1.34138) Novell ZENworks Adaptive Agent Help (Version: 10.3.1.34138) On Screen Display (Version: 6.10.00) Option WWAN Driver 5.0.32.0 Installer (Version: 3.5.0.1158) Option WWAN Driver 5.0.32.0 Installer (Version: 3.5.0.1158) PC Tools Spyware Doctor 9.1 (Version: 9.1) PDF Konverter (Version: 2.10.0000) Policy Action Handler Resources (Version: 10.3.1.42544) Powerarchiver (Version: 1.0) primary-agent-langs (Version: 10.3.1.34036) QlikView Desktop Documentation and Tutorial German (Version: 11.20.12018.0) QlikView x86 (Version: 10.00.8715.5) Qualcomm Gobi 2000 Package for Lenovo (Version: 1.1.250) QuickSteuer 2012 (Version: 18.07.00.0006) QuickSteuer 2013 (Version: 19.00.00.0032) QuickTime (Version: 7.73.80.64) RadioTotal1 Toolbar for IE (Version: 6.17.2.500) Refresh Devices Manager 1.1.0.26979 Agent Refresh Devices Manager Agent 1.1.0.27250 Refresh MigrNAB 1.4.1.0 STERIA Corporate Version (Version: 1.4.1.0) Re-markit RICOH R5U230 Media Driver ver.2.02.02.01 (Version: 2.02.02.01) SanDiskSecureAccess_Manager.exe (HKCU Version: 1.1.19269) SAP Mobile Infrastructure (Version: 2.5) See & Share (Version: 3.1.39.1) Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0) Sicherheitsupdate für Windows Internet Explorer 8 (KB2183461) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2360131) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2416400) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2482017) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2497640) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB969897) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB971961) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB976325) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB981332) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB982381) (Version: 1) Sicherheitsupdate für Windows Media Player (KB2378111) Sicherheitsupdate für Windows Media Player (KB952069) Sicherheitsupdate für Windows Media Player (KB954155) Sicherheitsupdate für Windows Media Player (KB968816) Sicherheitsupdate für Windows Media Player (KB973540) Sicherheitsupdate für Windows Media Player (KB975558) Sicherheitsupdate für Windows Media Player (KB978695) Sicherheitsupdate für Windows Media Player 11 (KB954154) Sicherheitsupdate für Windows XP (KB2079403) (Version: 1) Sicherheitsupdate für Windows XP (KB2115168) (Version: 1) Sicherheitsupdate für Windows XP (KB2121546) (Version: 1) Sicherheitsupdate für Windows XP (KB2160329) (Version: 1) Sicherheitsupdate für Windows XP (KB2183461) (Version: 1) Sicherheitsupdate für Windows XP (KB2229593) (Version: 1) Sicherheitsupdate für Windows XP (KB2259922) (Version: 1) Sicherheitsupdate für Windows XP (KB2279986) (Version: 1) Sicherheitsupdate für Windows XP (KB2286198) (Version: 1) Sicherheitsupdate für Windows XP (KB2296011) (Version: 1) Sicherheitsupdate für Windows XP (KB2296199) (Version: 1) Sicherheitsupdate für Windows XP (KB2347290) (Version: 1) Sicherheitsupdate für Windows XP (KB2360131) (Version: 1) Sicherheitsupdate für Windows XP (KB2360937) (Version: 1) Sicherheitsupdate für Windows XP (KB2387149) (Version: 1) Sicherheitsupdate für Windows XP (KB2393802) (Version: 1) Sicherheitsupdate für Windows XP (KB2412687) (Version: 1) Sicherheitsupdate für Windows XP (KB2416400) (Version: 1) Sicherheitsupdate für Windows XP (KB2419632) (Version: 1) Sicherheitsupdate für Windows XP (KB2423089) (Version: 1) Sicherheitsupdate für Windows XP (KB2436673) (Version: 1) Sicherheitsupdate für Windows XP (KB2440591) (Version: 1) Sicherheitsupdate für Windows XP (KB2443105) (Version: 1) Sicherheitsupdate für Windows XP (KB2479628) (Version: 1) Sicherheitsupdate für Windows XP (KB2479943) (Version: 1) Sicherheitsupdate für Windows XP (KB2481109) (Version: 1) Sicherheitsupdate für Windows XP (KB2483185) (Version: 1) Sicherheitsupdate für Windows XP (KB2485376) (Version: 1) Sicherheitsupdate für Windows XP (KB2485663) (Version: 1) Sicherheitsupdate für Windows XP (KB2503658) (Version: 1) Sicherheitsupdate für Windows XP (KB2506212) (Version: 1) Sicherheitsupdate für Windows XP (KB2506223) (Version: 1) Sicherheitsupdate für Windows XP (KB2507618) (Version: 1) Sicherheitsupdate für Windows XP (KB2508272) (Version: 1) Sicherheitsupdate für Windows XP (KB2509553) (Version: 1) Sicherheitsupdate für Windows XP (KB2524375) (Version: 1) Sicherheitsupdate für Windows XP (KB923561) (Version: 1) Sicherheitsupdate für Windows XP (KB923789) Sicherheitsupdate für Windows XP (KB938464-v2) (Version: 2) Sicherheitsupdate für Windows XP (KB941569) Sicherheitsupdate für Windows XP (KB950582) (Version: 1) Sicherheitsupdate für Windows XP (KB950762) (Version: 1) Sicherheitsupdate für Windows XP (KB950974) (Version: 1) Sicherheitsupdate für Windows XP (KB951066) (Version: 1) Sicherheitsupdate für Windows XP (KB951376-v2) (Version: 2) Sicherheitsupdate für Windows XP (KB951748) (Version: 1) Sicherheitsupdate für Windows XP (KB952004) (Version: 1) Sicherheitsupdate für Windows XP (KB952954) (Version: 1) Sicherheitsupdate für Windows XP (KB954459) (Version: 1) Sicherheitsupdate für Windows XP (KB955069) (Version: 1) Sicherheitsupdate für Windows XP (KB956572) (Version: 1) Sicherheitsupdate für Windows XP (KB956744) (Version: 1) Sicherheitsupdate für Windows XP (KB956802) (Version: 1) Sicherheitsupdate für Windows XP (KB956803) (Version: 1) Sicherheitsupdate für Windows XP (KB956844) (Version: 1) Sicherheitsupdate für Windows XP (KB957097) (Version: 1) Sicherheitsupdate für Windows XP (KB958644) (Version: 1) Sicherheitsupdate für Windows XP (KB958687) (Version: 1) Sicherheitsupdate für Windows XP (KB958869) (Version: 1) Sicherheitsupdate für Windows XP (KB959426) (Version: 1) Sicherheitsupdate für Windows XP (KB960225) (Version: 1) Sicherheitsupdate für Windows XP (KB960803) (Version: 1) Sicherheitsupdate für Windows XP (KB960859) (Version: 1) Sicherheitsupdate für Windows XP (KB961371-v2) (Version: 2) Sicherheitsupdate für Windows XP (KB961501) (Version: 1) Sicherheitsupdate für Windows XP (KB968537) (Version: 1) Sicherheitsupdate für Windows XP (KB969059) (Version: 1) Sicherheitsupdate für Windows XP (KB969947) (Version: 1) Sicherheitsupdate für Windows XP (KB970238) (Version: 1) Sicherheitsupdate für Windows XP (KB971468) (Version: 1) Sicherheitsupdate für Windows XP (KB971486) (Version: 1) Sicherheitsupdate für Windows XP (KB971557) (Version: 1) Sicherheitsupdate für Windows XP (KB971633) (Version: 1) Sicherheitsupdate für Windows XP (KB971657) (Version: 1) Sicherheitsupdate für Windows XP (KB971961) (Version: 1) Sicherheitsupdate für Windows XP (KB972270) (Version: 1) Sicherheitsupdate für Windows XP (KB973354) (Version: 1) Sicherheitsupdate für Windows XP (KB973507) (Version: 1) Sicherheitsupdate für Windows XP (KB973525) (Version: 1) Sicherheitsupdate für Windows XP (KB973869) (Version: 1) Sicherheitsupdate für Windows XP (KB973904) (Version: 1) Sicherheitsupdate für Windows XP (KB974112) (Version: 1) Sicherheitsupdate für Windows XP (KB974318) (Version: 1) Sicherheitsupdate für Windows XP (KB974392) (Version: 1) Sicherheitsupdate für Windows XP (KB974455) (Version: 1) Sicherheitsupdate für Windows XP (KB974571) (Version: 1) Sicherheitsupdate für Windows XP (KB975025) (Version: 1) Sicherheitsupdate für Windows XP (KB975467) (Version: 1) Sicherheitsupdate für Windows XP (KB975560) (Version: 1) Sicherheitsupdate für Windows XP (KB975561) (Version: 1) Sicherheitsupdate für Windows XP (KB975562) (Version: 1) Sicherheitsupdate für Windows XP (KB975713) (Version: 1) Sicherheitsupdate für Windows XP (KB976325) (Version: 1) Sicherheitsupdate für Windows XP (KB977165-v2) (Version: 2) Sicherheitsupdate für Windows XP (KB977816) (Version: 1) Sicherheitsupdate für Windows XP (KB977914) (Version: 1) Sicherheitsupdate für Windows XP (KB978037) (Version: 1) Sicherheitsupdate für Windows XP (KB978251) (Version: 1) Sicherheitsupdate für Windows XP (KB978262) (Version: 1) Sicherheitsupdate für Windows XP (KB978338) (Version: 1) Sicherheitsupdate für Windows XP (KB978542) (Version: 1) Sicherheitsupdate für Windows XP (KB978601) (Version: 1) Sicherheitsupdate für Windows XP (KB978706) (Version: 1) Sicherheitsupdate für Windows XP (KB979309) (Version: 1) Sicherheitsupdate für Windows XP (KB979482) (Version: 1) Sicherheitsupdate für Windows XP (KB979559) (Version: 1) Sicherheitsupdate für Windows XP (KB979683) (Version: 1) Sicherheitsupdate für Windows XP (KB979687) (Version: 1) Sicherheitsupdate für Windows XP (KB980195) (Version: 1) Sicherheitsupdate für Windows XP (KB980218) (Version: 1) Sicherheitsupdate für Windows XP (KB980232) (Version: 1) Sicherheitsupdate für Windows XP (KB980436) (Version: 1) Sicherheitsupdate für Windows XP (KB981322) (Version: 1) Sicherheitsupdate für Windows XP (KB981349) (Version: 1) Sicherheitsupdate für Windows XP (KB981852) (Version: 1) Sicherheitsupdate für Windows XP (KB981957) (Version: 1) Sicherheitsupdate für Windows XP (KB981997) (Version: 1) Sicherheitsupdate für Windows XP (KB982132) (Version: 1) Sicherheitsupdate für Windows XP (KB982214) (Version: 1) Sicherheitsupdate für Windows XP (KB982316) (Version: 1) Sicherheitsupdate für Windows XP (KB982381) (Version: 1) Sicherheitsupdate für Windows XP (KB982665) (Version: 1) Sicherheitsupdate für Windows XP (KB982802) (Version: 1) Skype™ 6.9 (Version: 6.9.106) SMC Vorlagen für Office 2003 (Version: 5.52.0000) Spyware Terminator 2012 (Version: 3.0.0.82) status-collection-point-langs (Version: 10.3.1.60756) Steria ConfigMgr Local Policy (Version: 1.0.0) STM TPM Driver 1.0.4.15 - 32 bits (Version: 1.0.4.15 32bits) TeamViewer 8 (Version: 8.0.19617) ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 5.5.0.9100) ThinkPad Energie-Manager (Version: 1.85) ThinkPad FullScreen Magnifier (Version: 2.15) ThinkPad Modem Adapter (Version: 7.80.5.50) ThinkPad Power Management Driver (Version: 1.60.0.4) ThinkPad UltraNav Driver (Version: 15.0.18.0) ThinkPad UltraNav Utility (Version: 2.12.0) ThinkPad-Dienstprogramm 'EasyEject' (Version: 2.38) ThinkVantage Access Connections (Version: 5.72) ThinkVantage Active Protection System (Version: 1.71) ThinkVantage Communications Utility (Version: 2.09) Tool zum Entfernen verborgener Daten (Version: 11.0.6361.0) TreeSize Professional 4.3 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update für Windows Internet Explorer 8 (KB2362765) (Version: 1) Update für Windows Internet Explorer 8 (KB2447568) (Version: 1) Update für Windows Internet Explorer 8 (KB976662) (Version: 1) Update für Windows Internet Explorer 8 (KB980182) (Version: 1) Update für Windows Internet Explorer 8 (KB982632) (Version: 1) Update für Windows Internet Explorer 8 (KB982664) (Version: 1) Update für Windows XP (KB2264107) (Version: 1) Update für Windows XP (KB2467659) (Version: 1) Update für Windows XP (KB898461) (Version: 1) Update für Windows XP (KB951978) (Version: 1) Update für Windows XP (KB955704) (Version: 1) Update für Windows XP (KB955759) (Version: 1) Update für Windows XP (KB967715) (Version: 1) Update für Windows XP (KB968389) (Version: 1) Update für Windows XP (KB973687) (Version: 1) Update für Windows XP (KB973815) (Version: 1) Update für Windows XP (KB978207) (Version: 1) Update für Windows XP (KB980182) (Version: 1) User Profile Hive Cleanup Service (Version: 1.6.30) VIS VLC media player 2.0.8 (Version: 2.0.8) VMware Player (Version: 3.0.1.11056) WebFldrs XP (Version: 9.50.7523) WIMGAPI (Version: 1.0.0.0) Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2) Windows Internet Explorer 8 (Version: 20090308.140743) Windows Media Format 11 runtime windows-desktop-langs (Version: 10.3.1.60756) WinProxy-langs (Version: 10.3.1.60756) zencore-agent-langs (Version: 10.3.1.34036) zennotifyicon-langs (Version: 10.3.1.34036) ZENworks Action Handlers (Version: 10.3.1.58779) ZENworks Action Utilities (Version: 10.3.1.24071) ZENworks Actions (Version: 10.3.1.56690) ZENworks Agent Asset Management Module (Version: 10.3.1.54497) ZENworks Agent Authentication Satellite Module (Version: 10.3.1.34138) ZENworks Agent Bundle Management (Version: 10.3.1.60099) ZENworks Agent Core Modules (Version: 10.3.1.34138) ZENworks Agent Inventory Management (Version: 10.3.1.57091) ZENworks Agent System Update Module (Version: 10.3.1.34138) ZENworks Agent WinProxy Module (Version: 10.3.1.54497) ZENworks Content Distribution Point (Version: 10.3.1.34138) ZENworks Desktop Management Agent (Version: 7.0.160.70924) ZENworks Extensions Libraries (Version: 10.3.1.42544) ZENworks Imaging Server (Version: 10.3.1.54497) ZENworks Information Icon (Version: 10.3.1.34138) ZENworks Patch Management Agent (Version: 6.4.2.420) ZENworks Primary Agent (Version: 10.3.1.34138) ZENworks Status Collection Point (Version: 10.3.1.54497) ZENworks Uninstaller (Version: 10.3.1.60834) ZENworks Version Information (Version: 10.3.1.34138) ZFD Mini Inventory (Version: 2.44.0000) ZTE USB Driver (Version: 1.0.1.27_TME) ==================== Restore Points ========================= 20-12-2013 21:06:41 Systemprüfpunkt 26-12-2013 20:35:02 Systemprüfpunkt 26-12-2013 22:23:45 MAGIX PC Check & Tuning Free (PC Check) 26-12-2013 22:24:55 MAGIX PC Check & Tuning Free (PC Check) 26-12-2013 22:25:21 MAGIX PC Check & Tuning Free (PC Check) 26-12-2013 22:56:05 Spyware Terminator 2012 (26.12.2013 23:56:01) 27-12-2013 00:47:19 Installed SpyHunter 27-12-2013 05:53:36 Removed SpyHunter 27-12-2013 13:30:37 Vor löschen IEplore 27-12-2013 13:46:14 Wiederherstellungsvorgang ==================== Hosts content: ========================== 2008-04-14 18:30 - 2013-07-07 21:37 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\At4.job => C:\Programme\HP\HPLJUT\HPLJUTSCH.exe Task: C:\WINDOWS\Tasks\At5.job => C:\Programme\HP\HPLJUT\HPLJUTSCH.exe Task: C:\WINDOWS\Tasks\At6.job => C:\Programme\HP\HPLJUT\HPLJUTSCH.exe Task: C:\WINDOWS\Tasks\At7.job => C:\Programme\HP\HPLJUT\HPLJUTSCH.exe Task: C:\WINDOWS\Tasks\At8.job => C:\Programme\HP\HPLJUT\HPLJUTSCH.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programme\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programme\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\PMTask.job => C:\PROGRA~2\ThinkPad\UTILIT~1\PWMIDTSK.EXE ==================== Loaded Modules (whitelisted) ============= 2002-04-17 14:21 - 2002-04-17 14:21 - 00061440 _____ () C:\WINDOWS\system32\xmlparse.dll 2010-03-26 13:05 - 2010-03-26 13:05 - 00499246 _____ () C:\Programme\Novell\ZENworks\bin\sqlite3.dll 2010-06-30 07:23 - 2010-06-30 07:23 - 00009216 _____ () C:\Programme\Novell\ZENworks\bin\XmlSerializers\Localizer.XmlSerializers.dll 2010-06-30 07:24 - 2010-06-30 07:24 - 00040960 _____ () C:\Programme\Novell\ZENworks\lang\ZMD_de.dll 2010-06-30 07:30 - 2010-06-30 07:30 - 00008192 _____ () C:\Programme\Novell\ZENworks\lang\LoggerUI_de.dll 2010-06-30 07:27 - 2010-06-30 07:27 - 00004096 _____ () C:\Programme\Novell\ZENworks\lang\ZenNotifyIconModule_de.dll 2010-06-30 07:29 - 2010-06-30 07:29 - 00008704 _____ () C:\Programme\Novell\ZENworks\lang\ZenNotifyIconPlugins_de.dll 2010-06-30 07:26 - 2010-06-30 07:26 - 00004608 _____ () C:\Programme\Novell\ZENworks\lang\SettingsModule_de.dll 2010-06-30 07:26 - 2010-06-30 07:26 - 00032768 _____ () C:\Programme\Novell\ZENworks\lang\RegistrationModule_de.dll 2010-06-30 08:45 - 2010-06-30 08:45 - 00011264 _____ () C:\Programme\Novell\ZENworks\lang\WinProxyUI_de.dll 2010-06-30 08:38 - 2010-06-30 08:38 - 00007680 _____ () C:\Programme\Novell\ZENworks\lang\StatusCollectionPoint_de.dll 2010-06-30 07:34 - 2010-06-30 07:34 - 00036864 _____ () C:\Programme\Novell\ZENworks\lang\ContentDistributionPoint_de.dll 2010-06-30 07:24 - 2010-06-30 07:24 - 00479232 _____ () C:\Programme\Novell\ZENworks\bin\XmlSerializers\zmd.XmlSerializers.dll 2010-06-30 07:34 - 2010-06-30 07:34 - 00028672 _____ () C:\Programme\Novell\ZENworks\lang\AuthSatellite_de.dll 2010-06-30 07:27 - 2010-06-30 07:27 - 00151552 _____ () C:\Programme\Novell\ZENworks\bin\XmlSerializers\RegistrationModule.XmlSerializers.dll 2010-06-30 08:38 - 2010-06-30 08:38 - 00008704 _____ () C:\Programme\Novell\ZENworks\lang\InventoryManager_de.dll 2010-06-30 08:37 - 2010-06-30 08:37 - 00032768 _____ () C:\Programme\Novell\ZENworks\lang\AppModule_de.dll 2010-06-30 07:25 - 2010-06-30 07:25 - 00003584 _____ () C:\Programme\Novell\ZENworks\lang\StatusSender_de.dll 2010-06-30 08:37 - 2010-06-30 08:37 - 00270336 _____ () C:\Programme\Novell\ZENworks\bin\XmlSerializers\AppModule.XmlSerializers.dll 2010-06-30 08:38 - 2010-06-30 08:38 - 00262144 _____ () C:\Programme\Novell\ZENworks\bin\XmlSerializers\InventoryManager.XmlSerializers.dll 2002-05-07 16:59 - 2002-05-07 16:59 - 00116736 _____ () C:\WINDOWS\system32\redmonnt.dll 2012-10-11 21:56 - 2012-10-11 21:56 - 00087952 _____ () C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll 2012-10-11 21:56 - 2012-10-11 21:56 - 01242512 _____ () C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll 2008-04-14 18:30 - 2008-04-14 18:30 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2012-04-02 09:59 - 2010-09-17 17:22 - 00048128 _____ () C:\Programme\ThinkPad\ConnectUtilities\Res\GR\GUIHlprRes.dll 2012-04-02 09:59 - 2010-09-17 17:22 - 00081920 _____ () C:\Programme\ThinkPad\ConnectUtilities\Res\GR\SvcHlprRes.dll 2006-06-13 07:54 - 2006-06-13 07:54 - 00028672 _____ () C:\Programme\Novell\ZENworks\NLS\deutsch\NalRes.dll 2008-09-11 14:20 - 2008-09-11 14:20 - 03264512 _____ () C:\Programme\PatchLink\Update Agent\cryptocme2.dll 2013-07-21 09:41 - 2012-02-28 10:16 - 00049152 _____ () C:\Programme\Refresh IT Solutions\Refresh Devices Manager\vncPassword.dll 2010-01-22 21:57 - 2010-01-22 21:57 - 00970288 _____ () C:\Programme\VMware\VMware Player\libxml2.dll 2010-01-22 21:56 - 2010-01-22 21:56 - 00068656 _____ () C:\Programme\VMware\VMware Player\zlib1.dll 2010-11-12 18:09 - 2008-08-27 10:23 - 00262227 _____ () C:\WINDOWS\system32\NWSHLXNT.dll 2010-11-12 18:09 - 2008-09-03 12:39 - 00110592 _____ () C:\WINDOWS\system32\NLS\DEUTSCH\NWSHLXNR.DLL 2003-12-11 09:08 - 2003-12-11 09:08 - 00024576 _____ () C:\WINDOWS\system32\Novell\novdhcp.dll 2010-11-19 11:04 - 2010-04-21 10:00 - 00058368 _____ () C:\Programme\Hardcopy\HcDLL2_30_Win32.dll 2006-06-13 07:54 - 2006-06-13 07:54 - 01053696 _____ () C:\Programme\Novell\ZENworks\NLS\deutsch\NalUIRes.dll 2009-02-27 16:41 - 2009-02-27 16:41 - 00311296 _____ () C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU 2010-11-12 13:32 - 2010-05-12 01:25 - 00044544 _____ () C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL 2010-05-25 06:27 - 2010-05-25 06:27 - 00075112 _____ () C:\Programme\ThinkPad\Bluetooth Software\btkeyind.dll 2010-11-19 11:04 - 2010-09-30 09:14 - 00055296 _____ () C:\Programme\Hardcopy\hardcopy_03.dll 2012-01-03 09:45 - 2012-01-03 09:45 - 00016832 _____ () C:\Programme\Adobe\Reader 9.0\Reader\viewerps.dll 2010-11-12 13:32 - 2010-05-12 01:25 - 00061952 _____ () C:\Programme\ThinkPad\Utilities\GR\PWRMGRRO.DLL 2010-11-12 13:32 - 2010-05-12 01:25 - 00081920 _____ () C:\Programme\ThinkPad\Utilities\DE-DE\PWMUIAux.resources.dll 2012-04-02 09:59 - 2010-09-17 17:22 - 00229376 _____ () C:\Programme\ThinkPad\ConnectUtilities\Res\GR\IconRes.dll 2006-06-13 07:54 - 2006-06-13 07:54 - 00021504 _____ () C:\Programme\Novell\ZENworks\NLS\deutsch\NalAgentRes.dll 2012-04-02 09:59 - 2010-09-17 17:22 - 00110592 _____ () C:\Programme\ThinkPad\ConnectUtilities\Res\GR\MainGUIRes.dll 2010-05-25 06:27 - 2010-05-25 06:27 - 02860384 _____ () C:\WINDOWS\system32\btwicons.dll 2010-11-19 11:04 - 2010-11-19 05:49 - 00781312 _____ () C:\Programme\Hardcopy\HcDllS.dll 2013-11-25 11:58 - 2013-11-25 11:58 - 03363952 _____ () C:\Programme\Mozilla Firefox\mozjs.dll 2013-12-27 15:58 - 2013-05-16 10:55 - 00113496 _____ () C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2013-12-27 15:58 - 2013-05-16 10:55 - 00416600 _____ () C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl 2012-04-09 14:55 - 2010-10-13 10:43 - 02141696 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpmsn103.dll 2013-12-27 16:14 - 2012-10-23 17:40 - 00109688 _____ () C:\Program Files\PC Tools\PC Tools Security\BDT\BSPatch.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:373E1720 AlternateDataStreams: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AVG Anti-Spyware Driver => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AVG Anti-Spyware Guard => ""="Service" ==================== Faulty Device Manager Devices ============= Name: Intel(R) 82577LM Gigabit Network Connection Description: Intel(R) 82577LM Gigabit Network Connection Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Intel Service: e1kexpress Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: 1394-Netzwerkadapter Description: 1394-Netzwerkadapter Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: NIC1394 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Treiber für Bluetooth-LAN-Zugangsserver Description: Treiber für Bluetooth-LAN-Zugangsserver Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Broadcom Service: BTWDNDIS Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Array Networks VPN Adapter Description: Array Networks VPN Adapter Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Array Networks Service: ATP Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VMware Virtual Ethernet Adapter for VMnet1 Description: VMware Virtual Ethernet Adapter for VMnet1 Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VMware Virtual Ethernet Adapter for VMnet8 Description: VMware Virtual Ethernet Adapter for VMnet8 Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (12/27/2013 03:02:19 PM) (Source: vmauthd) (User: ) Description: Cannot find perfmon object in array returned by perfDLL, index=4 Error: (12/27/2013 02:49:43 PM) (Source: vmauthd) (User: ) Description: Cannot find perfmon object in array returned by perfDLL, index=4 Error: (12/27/2013 02:43:37 PM) (Source: vmauthd) (User: ) Description: Cannot find perfmon object in array returned by perfDLL, index=4 Error: (12/27/2013 01:03:17 PM) (Source: Lotus Notes Network Provider) (User: MC00018329) Description: Notes Single Logon could not execute password change on ID twalldor.id: Wrong Password. (Passwords are case sensitive - be sure to use correct upper and lower case.) Error: (12/27/2013 07:01:51 AM) (Source: vmauthd) (User: ) Description: Cannot find perfmon object in array returned by perfDLL, index=4 Error: (12/27/2013 00:50:49 AM) (Source: vmauthd) (User: ) Description: Cannot find perfmon object in array returned by perfDLL, index=4 Error: (12/26/2013 11:50:23 PM) (Source: vmauthd) (User: ) Description: Cannot find perfmon object in array returned by perfDLL, index=4 Error: (12/26/2013 06:11:12 PM) (Source: vmauthd) (User: ) Description: Cannot find perfmon object in array returned by perfDLL, index=4 Error: (12/20/2013 11:21:59 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1953 Error: (12/20/2013 11:21:59 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1953 System errors: ============= Error: (12/27/2013 04:15:37 PM) (Source: 0) (User: ) Description: \FileSystem\LV_TrackerFilter shutdown Error: (12/27/2013 04:15:17 PM) (Source: 0) (User: ) Description: @5644 Error: (12/27/2013 04:15:16 PM) (Source: 0) (User: ) Description: @5644 Error: (12/27/2013 04:15:08 PM) (Source: 0) (User: ) Description: @5644 Error: (12/27/2013 03:58:51 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (12/27/2013 03:58:51 PM) (Source: Service Control Manager) (User: ) Description: Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error: (12/27/2013 03:14:24 PM) (Source: DCOM) (User: MC00018329) Description: Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "wuauserv" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (12/27/2013 03:08:42 PM) (Source: Service Control Manager) (User: ) Description: Dienst "HP LaserJet Service" wurde unerwartet beendet. Dies ist bereits 32 Mal passiert. Error: (12/27/2013 03:08:30 PM) (Source: Service Control Manager) (User: ) Description: Dienst "HP LaserJet Service" wurde unerwartet beendet. Dies ist bereits 31 Mal passiert. Error: (12/27/2013 03:08:18 PM) (Source: Service Control Manager) (User: ) Description: Dienst "HP LaserJet Service" wurde unerwartet beendet. Dies ist bereits 30 Mal passiert. Microsoft Office Sessions: ========================= Error: (12/27/2013 03:02:19 PM) (Source: vmauthd)(User: ) Description: Cannot find perfmon object in array returned by perfDLL, index=4 Error: (12/27/2013 02:49:43 PM) (Source: vmauthd)(User: ) Description: Cannot find perfmon object in array returned by perfDLL, index=4 Error: (12/27/2013 02:43:37 PM) (Source: vmauthd)(User: ) Description: Cannot find perfmon object in array returned by perfDLL, index=4 Error: (12/27/2013 01:03:17 PM) (Source: Lotus Notes Network Provider)(User: MC00018329) Description: Notes Single Logon could not execute password change on ID twalldor.id: Wrong Password. (Passwords are case sensitive - be sure to use correct upper and lower case.) Error: (12/27/2013 07:01:51 AM) (Source: vmauthd)(User: ) Description: Cannot find perfmon object in array returned by perfDLL, index=4 Error: (12/27/2013 00:50:49 AM) (Source: vmauthd)(User: ) Description: Cannot find perfmon object in array returned by perfDLL, index=4 Error: (12/26/2013 11:50:23 PM) (Source: vmauthd)(User: ) Description: Cannot find perfmon object in array returned by perfDLL, index=4 Error: (12/26/2013 06:11:12 PM) (Source: vmauthd)(User: ) Description: Cannot find perfmon object in array returned by perfDLL, index=4 Error: (12/20/2013 11:21:59 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1953 Error: (12/20/2013 11:21:59 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1953 ==================== Memory info =========================== Percentage of memory in use: 38% Total physical RAM: 2995.6 MB Available physical RAM: 1834.8 MB Total Pagefile: 4881.88 MB Available Pagefile: 3365.13 MB Total Virtual: 2047.88 MB Available Virtual: 1911.33 MB ==================== Drives ================================ Drive c: (WINDOWS) (Fixed) (Total:40 GB) (Free:5.58 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (DATA) (Fixed) (Total:108.55 GB) (Free:34.28 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 1B808076) Partition 1: (Active) - (Size=40 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=109 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=513 MB) - (Type=0C) ==================== End Of Log ============================ First: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-12-2013
Ran by (administrator) on MC00018329 on 27-12-2013 16:24:47
Running from C:\Dokumente und Einstellungen\xx\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Novell, Inc) C:\Programme\Novell\CASA\bin\micasad.exe
(Novell, Inc.) C:\WINDOWS\system32\novell\xtagent.exe
(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(Intel(R) Corporation) C:\Programme\Intel\WiFi\bin\S24EvMon.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\tpnumlk.exe
(Array Networks, Inc.) C:\Program Files\Array Networks\Common\8,4,0,264\arr_isrv.exe
(Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
(Autonomy Corporation plc) C:\Programme\Iron Mountain\Connected BackupPC\AgentService.exe
(Apple Inc.) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Array Networks, Inc.) C:\Program Files\Array Networks\Array SSL VPN\8,4,0,264\arr_srvs.exe
(GRISOFT s.r.o.) C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
(Microsoft Corporation) C:\WINDOWS\system32\CCM\CcmExec.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\bin\TSUsage32.exe
() C:\WINDOWS\system32\DlProtectSvc.exe
(Lenovo.) C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
(Intel(R) Corporation) C:\Programme\Intel\WiFi\bin\EvtEng.exe
(OptionNV) C:\Programme\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Lenovo Group Limited) C:\Programme\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\micmute.exe
(Intel Corporation) C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(IBM Corp) C:\Notes\nslsvice.exe
(Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corp.) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
() C:\Programme\MySQL\MySQL Server 5.1\bin\mysqld.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\NALNTSRV.EXE
(Novell, Inc.) C:\Programme\PatchLink\Update Agent\GravitixService.exe
(QUALCOMM, Inc.) C:\Programme\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
(Refresh IT Solutions) C:\Programme\Refresh IT Solutions\Refresh Devices Manager\RDMAgent.exe
(Intel(R) Corporation) C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
(Crawler.com) C:\Programme\Spyware Terminator\st_rsser.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
(Telefónica I+D) C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Microsoft Corporation) C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
(Intel Corporation) C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Programme\UPHClean\uphclean.exe
(VMware, Inc.) C:\Programme\VMware\VMware Player\vmware-authd.exe
() C:\WINDOWS\system32\ccfgnt32.exe
(VMware, Inc.) C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\WINDOWS\system32\vmnat.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\WM.EXE
() C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
(VMware, Inc.) C:\WINDOWS\system32\vmnetdhcp.exe
(Broadcom Corporation.) C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\WMRUNDLL.EXE
(Synaptics Incorporated) C:\Programme\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo.) C:\WINDOWS\system32\TpShocks.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Lenovo Group Ltd.) C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE
(Synaptics Incorporated) C:\Programme\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
(LENOVO) C:\Programme\ThinkVantage\AMSG\Amsg.exe
(Ricoh co.,Ltd.) C:\Programme\Integrated Camera Driver\RCIMGDIR.exe
(Novell, Inc.) C:\WINDOWS\system32\dpmw32.exe
(Novell, Inc.) C:\WINDOWS\system32\nwtray.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
(VMware, Inc.) C:\Programme\VMware\VMware Player\hqtray.exe
(Novell, Inc.) C:\Programme\PatchLink\Update Agent\pddm.exe
(Lenovo Group Limited) C:\Programme\Lenovo\ZOOM\TpScrex.exe
(Research In Motion Limited) C:\Programme\Gemeinsame Dateien\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Hewlett-Packard) C:\Programme\HP\HP Software Update\hpwuschd2.exe
(Novell, Inc) C:\Programme\Novell\ZENworks\NalAgent.exe
(Adobe Systems Incorporated) C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
(Autonomy Corporation plc) C:\Programme\Iron Mountain\Connected BackupPC\Agent.exe
(shbox.de) C:\Programme\FreePDF_XP\fpassist.exe
(Haufe-Lexware GmbH & Co. KG) C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe
(Lenovo) C:\Programme\ThinkPad\ConnectUtilities\Access Connections.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Programme\iTunes\iTunesHelper.exe
() C:\Programme\Mobogenie\DaemonProcess.exe
(Apple Inc.) C:\Programme\iPod\bin\iPodService.exe
(GRISOFT s.r.o.) C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
(Broadcom Corporation.) C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe
(McAfee, Inc.) C:\Programme\McAfee Security Scan\3.8.130\SSScheduler.exe
(sw4you, Siegfried Weckmann) C:\Programme\Hardcopy\hardcopy.exe
(Intel Corporation) C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\bin\ZenUserDaemon.exe
(Threat Expert Ltd.) C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [TpShocks] - C:\WINDOWS\system32\TpShocks.exe [337256 2009-12-11] (Lenovo.)
HKLM\...\Run: [picon] - C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\PrivacyIconClient.exe [358424 2009-08-04] (Intel Corporation)
HKLM\...\Run: [IMSS] - C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-03-25] ()
HKLM\...\Run: [EZEJMNAP] - C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE [256576 2008-10-07] (Lenovo Group Ltd.)
HKLM\...\Run: [TPHOTKEY] - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited)
HKLM\...\Run: [AMSG] - C:\Programme\ThinkVantage\AMSG\Amsg.exe [436800 2009-09-03] (LENOVO)
HKLM\...\Run: [PWRMGRTR] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [RotateImage] - C:\Programme\Integrated Camera Driver\RCIMGDIR.exe [31744 2008-10-30] (Ricoh co.,Ltd.)
HKLM\...\Run: [NDPS] - C:\WINDOWS\system32\dpmw32.exe [32859 2004-05-17] (Novell, Inc.)
HKLM\...\Run: [NWTRAY] - C:\WINDOWS\system32\nwtray.exe [28672 2002-03-12] (Novell, Inc.)
HKLM\...\Run: [ZENRC Tray Icon] - C:\WINDOWS\system32\zentray.exe [40960 2005-05-18] (Novell, Inc.)
HKLM\...\Run: [Application Explorer] - C:\Programme\Novell\ZENworks\NALDESK.EXE [7168 2006-06-13] (Novell, Inc.)
HKLM\...\Run: [Tweak UI] - RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
HKLM\...\Run: [VMware hqtray] - C:\Programme\VMware\VMware Player\hqtray.exe [64048 2010-01-22] (VMware, Inc.)
HKLM\...\Run: [PDDM] - C:\Programme\PatchLink\Update Agent\pddm.exe [401408 2009-07-28] (Novell, Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Programme\Gemeinsame Dateien\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM\...\Run: [ACTray] - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe [425984 2010-09-17] (Lenovo )
HKLM\...\Run: [ACWLIcon] - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe [176128 2010-09-17] (Lenovo )
HKLM\...\Run: [HP Software Update] - C:\Programme\HP\HP Software Update\hpwuschd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [ToolboxFX] - C:\Programme\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-10-25] (Hewlett-Packard Company)
HKLM\...\Run: [Adobe ARM] - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [AgentUiRunKey] - C:\Programme\Iron Mountain\Connected BackupPC\Agent.exe [294400 2012-03-20] (Autonomy Corporation plc)
HKLM\...\Run: [FreePDF Assistant] - C:\Programme\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM\...\Run: [LexwareInfoService] - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [Communicator] - C:\Programme\Microsoft Lync\communicator.exe [12107944 2013-03-22] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Programme\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [mobilegeni daemon] - C:\Programme\Mobogenie\DaemonProcess.exe [761536 2013-12-26] ()
HKLM\...\Run: [QuickTime Task] - C:\Programme\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [Download Protect] - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dlprotect.exe [12800 2013-12-27] ()
HKLM\...\Run: [!AVG Anti-Spyware] - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [6731312 2007-06-11] (GRISOFT s.r.o.)
Winlogon\Notify\LCredMgr: C:\Programme\Novell\CASA\bin\lcredmgr.dll ()
Winlogon\Notify\NetIdentity Notification: C:\WINDOWS\system32\novell\xtnotify.dll (Novell, Inc.)
HKCU\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\SanDisk\SanDiskSecureAccess_Manager.exe [27311232 2011-06-29] (Gemalto N.V.)
HKCU\...\Policies\system: [WarningMsgInBody]
Lsa: [Authentication Packages] msv1_0 nwv1_0
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Programme\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Programme\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
URLSearchHook: HKCU - PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {1B2907DA-58DC-47AB-9A57-805FC141B648} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317892&CUI=UN84531800549362357&UM=2&SSPV=S41AIE
BHO: No Name - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: PC Tools Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} https://quickplace.steria-mummert.de/qp2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://external.econgas.com/InternalSite/WhlCompMgr.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://domino.muenchen.steria-mummert.de/dwa8W.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Programme\QlikView\QvProtocol\qvp.dll (QlikTech AB)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Application Explorer - {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Programme\Novell\ZENworks\NalShell.dll [458752 2007-08-08] (Novell, Inc)
ShellExecuteHooks: CShellExecuteHookImpl Object - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [79408 2007-05-30] (GRISOFT s.r.o.)
Winsock: Catalog5 04 %SystemRoot%\system32\netware\NWWS2NDS.DLL [36947] (Novell, Inc.)
Winsock: Catalog5 05 %SystemRoot%\system32\netware\NWWS2SAP.DLL [32851] (Novell, Inc.)
Winsock: Catalog5 06 %SystemRoot%\system32\netware\NWWS2SLP.DLL [49235] (Novell, Inc.)
Winsock: Catalog5 07 C:\Programme\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{9EFE6EF8-64B2-4A8B-A464-4F9E0FCE7DAA}: [NameServer]192.135.82.44,192.135.82.60
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\u6lso5da.default
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Programme\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Programme\Microsoft Silverlight\4.0.50826.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Programme\Gemeinsame Dateien\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\u6lso5da.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\u6lso5da.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Click to call with Skype - C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\
FF Extension: Browser Guard Toolbar - C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\
FF HKCU\...\Firefox\Extensions: [{cf828622-feaf-4708-8e39-395e58c9f1cc}] - C:\Programme\Re-markit\150.xpi
========================== Services (Whitelisted) =================
R2 AcPrfMgrSvc; C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [98304 2010-09-17] (Lenovo )
R2 AcSvc; C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe [237568 2010-09-17] (Lenovo )
R2 AgentService; C:\Programme\Iron Mountain\Connected BackupPC\AgentService.exe [7617952 2012-03-20] (Autonomy Corporation plc)
R2 Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624 2013-09-07] (Apple Inc.)
R2 ArraySSL_VPN_Service8.4.0.264; C:\Program Files\Array Networks\Array SSL VPN\8,4,0,264\arr_srvs.exe [239024 2010-03-10] (Array Networks, Inc.)
R2 Array_Utility_Service8.4.0.264; C:\Program Files\Array Networks\Common\8,4,0,264\arr_isrv.exe [398768 2010-03-10] (Array Networks, Inc.)
R2 AVG Anti-Spyware Guard; C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe [312880 2007-05-30] (GRISOFT s.r.o.)
S4 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.)
R2 Browser Defender Update Service; C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [580728 2012-10-23] (Threat Expert Ltd.)
R2 btwdins; C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe [349528 2010-05-25] (Broadcom Corporation.)
R2 CcmExec; C:\WINDOWS\system32\CCM\CcmExec.exe [764768 2009-09-18] (Microsoft Corporation)
S3 cusrvc; C:\WINDOWS\system32\cusrvc.exe [53339 2008-08-04] (Novell, Inc.)
S3 DfSdkS; C:\Programme\Ashampoo\Ashampoo WinOptimizer Free\Dfsdks.exe [406016 2009-08-24] (mst software GmbH, Germany)
R2 DlProtectSvc; C:\WINDOWS\system32\DlProtectSvc.exe [96256 2013-12-27] ()
S3 DMService; C:\WINDOWS\DOWNLO~1\DMService.exe [517360 2013-11-08] (Microsoft Corporation)
R2 DozeSvc; C:\Programme\ThinkPad\Utilities\DOZESVC.EXE [132456 2010-05-12] (Lenovo.)
R2 EvtEng; C:\Programme\Intel\WiFi\bin\EvtEng.exe [862480 2010-03-05] (Intel(R) Corporation)
R2 GtDetectSc; C:\Programme\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe [545792 2009-05-04] (OptionNV)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2012-05-29] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2012-05-29] (Google Inc.)
S2 HP LaserJet Service; C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP)
R3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [553288 2013-11-02] (Apple Inc.)
S4 IviRegMgr; C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe [112152 2007-01-04] (InterVideo)
R2 LENOVO.CAMMUTE; C:\Programme\Lenovo\Communications Utility\CAMMUTE.exe [43584 2012-01-16] (Lenovo Group Limited)
R2 Lenovo.micmute; C:\Programme\LENOVO\HOTKEY\MICMUTE.exe [45496 2010-04-07] (Lenovo Group Limited)
R2 LMS; C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [266576 2010-03-25] (Intel Corporation)
R2 Lotus Notes Single Logon; C:\Notes\nslsvice.exe [31624 2008-08-08] (IBM Corp)
R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Programme\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2013-11-25] (Mozilla Foundation)
R2 msoidsvc; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1542560 2010-08-17] (Microsoft Corp.)
R2 MySQL; C:\Programme\MySQL\MySQL Server 5.1\my.ini [848 2012-02-26] ()
R2 NALNTSERVICE; C:\Programme\Novell\ZENworks\nalntsrv.exe [113152 2006-06-13] (Novell, Inc.)
R2 Novell Identity Store; C:\Programme\Novell\CASA\bin\micasad.exe [245760 2009-10-14] (Novell, Inc)
R2 Novell ZENworks Agent Service; C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe [28672 2010-06-30] (Novell, Inc.)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
R3 osppsvc; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4640000 2010-01-09] (Microsoft Corporation)
R2 PatchLink Update; C:\Programme\PatchLink\Update Agent\GravitixService.exe [81920 2009-07-28] (Novell, Inc.)
R2 Power Manager DBC Service; C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe [53248 2010-05-12] ()
R2 QDLService2kLenovo; C:\Programme\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [1688384 2011-05-23] (QUALCOMM, Inc.)
R2 RefreshDevicesManager; C:\Programme\Refresh IT Solutions\Refresh Devices Manager\RDMAgent.exe [738304 2012-02-28] (Refresh IT Solutions)
R2 RegSrvc; C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe [473360 2010-03-05] (Intel(R) Corporation)
R2 Remote Management Agent; C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [167936 2006-05-09] (Novell, Inc.)
R2 S24EventMonitor; C:\Programme\Intel\WiFi\bin\S24EvMon.exe [954368 2010-03-05] (Intel(R) Corporation)
S3 sdAuxService; C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe [403416 2012-10-31] (PC Tools)
S3 sdCoreService; C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe [1162360 2012-11-01] (PC Tools)
S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
S2 SMART Mirror Driver Monitor Service; C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\TANDBERG\See&Share\monitorservice.exe [135680 2011-01-07] (SMART Technologies)
S3 smstsmgr; C:\WINDOWS\system32\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
R2 ST2012_Svc; C:\Programme\Spyware Terminator\st_rsser.exe [587912 2013-10-22] (Crawler.com)
R2 TeamViewer8; C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe [4153184 2013-07-08] (TeamViewer GmbH)
R2 TGCM_ImportWiFiSvc; C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D)
R2 TPHKSVC; C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe [63928 2010-04-07] (Lenovo Group Limited)
R2 uagqecsvc; C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [169200 2013-01-22] (Microsoft Corporation)
R2 UNS; C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2320920 2010-03-25] (Intel Corporation)
R2 UPHClean; C:\Programme\UPHClean\uphclean.exe [241725 2005-04-27] (Microsoft Corporation)
R2 VMAuthdService; C:\Programme\VMware\VMware Player\vmware-authd.exe [113200 2010-01-22] (VMware, Inc.)
R2 vmnat32; C:\WINDOWS\system32\ccfgnt32.exe [70656 2013-12-27] ()
R2 VMnetDHCP; C:\WINDOWS\system32\vmnetdhcp.exe [334384 2010-01-22] (VMware, Inc.)
R2 VMUSBArbService; C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe [563760 2010-01-22] (VMware, Inc.)
R2 VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [395824 2010-01-22] (VMware, Inc.)
S4 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
R2 XTAgent; C:\Windows\System32\Novell\XTAgent.exe [61440 2007-01-10] (Novell, Inc.)
S3 ZENPreAgent; C:\WINDOWS\novell\zenworks\bin\ZENPreAgent.exe [196608 2010-11-12] ()
R2 ZFDWM; C:\Programme\Novell\ZENworks\wm.exe [152128 2007-02-07] (Novell, Inc.)
S4 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf"
S3 ufad-ws60; "C:\Programme\VMware\VMware Player\vmware-ufad.exe" -d "C:\Programme\VMware\VMware Player\\" -s ufad-p2v.xml
==================== Drivers (Whitelisted) ====================
R1 ANC; C:\Windows\System32\drivers\ANC.SYS [11520 2005-09-28] (IBM Corp.)
S3 ATP; C:\Windows\System32\DRIVERS\atpdrvr.sys [16256 2009-09-03] (Array Networks, Inc.)
R1 AVG Anti-Spyware Driver; C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.sys [11000 2007-05-30] ()
R1 AvgAsCln; C:\Windows\System32\DRIVERS\AvgAsCln.sys [10872 2007-05-30] (GRISOFT, s.r.o.)
R2 BlankScr; C:\Windows\System32\Drivers\BlankScr.sys [6899 2005-05-23] (Novell Inc.)
R3 BM; C:\Windows\System32\DRIVERS\vptunnel.sys [217164 2006-10-28] (Novell, Inc.)
R3 btaudio; C:\Windows\System32\drivers\btaudio.sys [533152 2010-06-01] (Broadcom Corporation.)
R3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [37160 2010-06-01] (Broadcom Corporation.)
R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [993320 2010-06-01] (Broadcom Corporation.)
S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [156816 2010-06-01] (Broadcom Corporation.)
R3 btwmodem; C:\Windows\System32\DRIVERS\btwmodem.sys [37032 2010-06-01] (Broadcom Corporation.)
R3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [51752 2010-06-01] (Broadcom Corporation.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 CnxtHdAudService; C:\Windows\System32\drivers\CHDAU32.sys [1756216 2010-03-31] (Conexant Systems Inc.)
R3 Darpan; C:\Windows\System32\DRIVERS\Darpan.sys [2773 2005-05-23] (Novell, Inc.)
S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k5132.sys [167080 2009-12-10] (Intel Corporation)
R2 hcmon; C:\WINDOWS\system32\drivers\hcmon.sys [32304 2010-01-22] (VMware, Inc.)
S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2010-12-07] (Hewlett Packard)
S3 HPFXFAX; C:\Windows\System32\drivers\hppcfaxio.sys [21528 2010-12-07] (Hewlett Packard)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [210304 2009-06-30] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [986240 2009-06-30] (Conexant Systems, Inc.)
R1 IBMTPCHK; C:\WINDOWS\system32\Drivers\IBMBLDID.sys [4224 2008-05-12] ()
R2 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker.sys [45384 2012-03-20] ()
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9728 2010-06-19] (MBB Incorporated)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [9728 2009-02-03] (ZTE Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NETw5x32; C:\Windows\System32\DRIVERS\NETw5x32.sys [6601216 2010-03-17] (Intel Corporation)
R2 NetwareWorkstation; C:\Windows\System32\NetWare\nwfs.sys [553216 2008-08-28] (Novell, Inc.)
R2 NICICCS; C:\Windows\System32\Drivers\NICICCS.sys [456080 2003-08-22] ()
R0 NICM; C:\Windows\System32\drivers\nicm.sys [38603 2008-01-08] (Novell, Inc.)
R3 NWDHCP; C:\Windows\System32\NetWare\nwdhcp.sys [18353 2005-11-22] (Novell, Inc.)
R3 NWDNS; C:\Windows\System32\NetWare\nwdns.sys [45824 2008-07-21] (Novell, Inc.)
R0 NWFILTER; C:\Windows\System32\NetWare\nwfilter.sys [17664 2008-07-21] (Novell, Inc.)
R3 NWHOST; C:\Windows\System32\NetWare\NWHOST.sys [9297 2005-10-12] (Novell, Inc.)
S3 NWSAP; C:\Windows\System32\NetWare\NWSAP.sys [23232 2003-02-26] ()
S2 NWSIPX32; C:\Windows\System32\NetWare\nwsipx32.sys [58496 2008-08-04] (Novell, Inc.)
R3 NWSLP; C:\Windows\System32\NetWare\nwslp.sys [20208 2008-04-04] (Novell, Inc.)
R3 NWSNS; C:\Windows\System32\NetWare\NWSNS.sys [6128 2005-10-12] (Novell, Inc.)
R3 PCTBD; C:\Windows\System32\Drivers\PCTBD.sys [62688 2012-10-23] (PC Tools)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [368616 2012-10-22] (PC Tools)
R0 pctDS; C:\Windows\System32\drivers\pctDS.sys [342168 2012-02-28] (PC Tools)
R0 pctEFA; C:\Windows\System32\drivers\pctEFA.sys [909728 2012-02-28] (PC Tools)
R1 pctgntdi; C:\WINDOWS\system32\drivers\pctgntdi.sys [260760 2012-10-31] (PC Tools)
S3 pctplsm; C:\WINDOWS\system32\drivers\pctplsm.sys [68272 2012-11-01] (PC Tools)
R1 PCTSD; C:\Windows\System32\Drivers\PCTSD.sys [202280 2012-11-01] (PC Tools)
S3 prepdrvr; C:\WINDOWS\system32\CCM\prepdrv.sys [20848 2009-09-18] (Microsoft Corporation)
R3 qcfilterlno2k; C:\Windows\System32\DRIVERS\qcfilterlno2k.sys [5248 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbnetlno2k; C:\Windows\System32\DRIVERS\qcusbnetlno2k.sys [236032 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbserlno2k; C:\Windows\System32\DRIVERS\qcusbserlno2k.sys [190848 2011-05-23] (QUALCOMM Incorporated)
R2 RESMGR; C:\Windows\System32\NetWare\resmgr.sys [29440 2008-07-21] (Novell, Inc.)
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [13952 2009-08-09] (Intel Corporation)
R3 smrtdrv; C:\Windows\System32\DRIVERS\smrtdrv.sys [2432 2011-01-07] (SMART Technologies Inc.)
R3 smsmdd; C:\Windows\System32\DRIVERS\smsmdm.sys [12448 2008-10-20] (Microsoft Corporation)
R1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] ()
R2 SRVLOC; C:\Windows\System32\NetWare\srvloc.sys [185216 2008-08-04] (Novell, Inc.)
R0 stmtpm; C:\Windows\System32\DRIVERS\stm_tpm.sys [21504 2007-06-08] (STMicroelectronics, INC)
R1 tidnet; C:\Windows\System32\DRIVERS\tidnet.sys [26008 2010-04-30] (Telefónica I+D)
R1 TPHKDRV; C:\Windows\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwrif.sys [4442 2010-05-12] ()
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [561536 2008-12-01] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [132352 2008-12-01] (Hauppauge Computer Works, Inc.)
R3 vmkbd; C:\WINDOWS\system32\drivers\VMkbd.sys [23216 2010-01-22] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2010-01-22] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [32688 2010-01-22] (VMware, Inc.)
R2 VMnetuserif; C:\WINDOWS\system32\drivers\vmnetuserif.sys [26288 2010-01-22] (VMware, Inc.)
S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2010-01-22] (VMware, Inc.)
R2 vmx86; C:\WINDOWS\system32\Drivers\vmx86.sys [854192 2010-01-22] (VMware, Inc.)
R2 vstor2-ws60; C:\Programme\VMware\VMware Player\vstor2-ws60.sys [22448 2009-10-12] (VMware, Inc.)
R2 WNTHW; C:\WINDOWS\system32\DRIVERS\WNTHW.SYS [9176 2010-03-24] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
R3 cpuz132; \??\D:\Temp\cpuz132\cpuz132_x32.sys [x]
S3 esgiguard; \??\C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S4 IntelIde; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-27 16:24 - 2013-12-27 16:25 - 00036006 _____ C:\Dokumente und Einstellungen\Xxx\Desktop\FRST.txt
2013-12-27 16:24 - 2013-12-27 16:19 - 01063503 _____ (Farbar) C:\Dokumente und Einstellungen\Xxx\Desktop\FRST.exe
2013-12-27 16:14 - 2012-10-23 17:40 - 02280568 _____ (Threat Expert Ltd.) C:\WINDOWS\PCTBDCore.dll
2013-12-27 16:14 - 2012-10-23 17:40 - 01690744 _____ (Threat Expert Ltd.) C:\WINDOWS\PCTBDRes.dll
2013-12-27 16:14 - 2012-10-23 17:40 - 00769144 _____ C:\WINDOWS\BDTSupport.dll
2013-12-27 16:14 - 2012-10-23 17:40 - 00150648 _____ (PC Tools) C:\WINDOWS\SGDetectionTool.dll
2013-12-27 16:14 - 2012-10-23 17:40 - 00062688 _____ (PC Tools) C:\WINDOWS\system32\Drivers\PCTBD.sys
2013-12-27 16:14 - 2012-10-23 16:30 - 00003488 _____ C:\WINDOWS\UDB.zip
2013-12-27 16:14 - 2012-10-23 16:30 - 00000882 _____ C:\WINDOWS\RegSDImport.xml
2013-12-27 16:14 - 2012-10-23 16:30 - 00000879 _____ C:\WINDOWS\RegISSImport.xml
2013-12-27 16:14 - 2012-10-23 16:30 - 00000131 _____ C:\WINDOWS\IDB.zip
2013-12-27 16:12 - 2013-12-27 16:12 - 00001808 _____ C:\Dokumente und Einstellungen\All Users\Desktop\PC Tools Spyware Doctor.lnk
2013-12-27 16:12 - 2013-12-27 16:12 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PC Tools Security
2013-12-27 16:12 - 2012-11-01 15:35 - 00071752 _____ (PC Tools) C:\WINDOWS\system32\Drivers\pctplsg.sys
2013-12-27 16:12 - 2012-11-01 15:35 - 00068272 _____ (PC Tools) C:\WINDOWS\system32\Drivers\pctplsm.sys
2013-12-27 16:12 - 2012-11-01 15:35 - 00019464 _____ (PC Tools) C:\WINDOWS\system32\Drivers\pctBTFix.sys
2013-12-27 16:12 - 2012-10-31 14:21 - 00260760 _____ (PC Tools) C:\WINDOWS\system32\Drivers\pctgntdi.sys
2013-12-27 16:06 - 2013-12-27 16:06 - 00000075 _____ C:\WINDOWS\wininit.ini
2013-12-27 16:01 - 2013-12-27 16:14 - 00000000 ____D C:\Programme\Gemeinsame Dateien\PC Tools
2013-12-27 16:01 - 2013-12-27 16:01 - 00597386 _____ C:\WINDOWS\system32\Drivers\Cat.DB
2013-12-27 16:01 - 2012-11-01 15:35 - 00202280 _____ (PC Tools) C:\WINDOWS\system32\Drivers\PCTSD.sys
2013-12-27 16:01 - 2012-10-22 16:38 - 00368616 _____ (PC Tools) C:\WINDOWS\system32\Drivers\PCTCore.sys
2013-12-27 16:01 - 2012-10-22 16:38 - 00163288 _____ (PC Tools) C:\WINDOWS\system32\Drivers\PCTAppEvent.sys
2013-12-27 16:01 - 2012-02-28 11:43 - 00909728 _____ (PC Tools) C:\WINDOWS\system32\Drivers\pctEFA.sys
2013-12-27 16:01 - 2012-02-28 11:43 - 00342168 _____ (PC Tools) C:\WINDOWS\system32\Drivers\pctDS.sys
2013-12-27 16:00 - 2013-12-27 16:12 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
2013-12-27 16:00 - 2013-12-27 16:00 - 00000484 _____ C:\Dokumente und Einstellungen\Xxx\Desktop\sd9setup.exe.lnk
2013-12-27 16:00 - 2013-12-27 16:00 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\TestApp
2013-12-27 15:58 - 2013-12-27 16:06 - 00000000 ____D C:\Programme\Spybot - Search & Destroy 2
2013-12-27 15:58 - 2013-12-27 16:06 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2013-12-27 15:58 - 2013-12-27 15:58 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2013-12-27 15:03 - 2013-12-27 15:03 - 00002076 _____ C:\Dokumente und Einstellungen\Xxx\Desktop\SMC Anwendungen.nal
2013-12-27 15:03 - 2013-12-27 15:03 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Startmenü\SMC Anwendungen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2013-12-27 14:51 - 2013-12-27 14:51 - 00058278 _____ D:\\bookmark.htm
2013-12-27 01:47 - 2013-12-27 06:53 - 00000000 ____D C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP
2013-12-27 01:47 - 2013-12-27 01:47 - 00000000 ____D C:\Programme\Enigma Software Group
2013-12-27 01:46 - 2013-12-27 01:46 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2013-12-27 00:25 - 2013-12-27 00:25 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\Grisoft
2013-12-27 00:24 - 2013-12-27 00:24 - 00096256 _____ C:\WINDOWS\system32\DlProtectSvc.exe
2013-12-27 00:24 - 2013-12-27 00:24 - 00070656 _____ C:\WINDOWS\system32\ccfgnt32.exe
2013-12-27 00:24 - 2013-12-27 00:24 - 00012800 _____ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dlprotect.exe
2013-12-27 00:24 - 2013-12-27 00:24 - 00000838 _____ C:\Dokumente und Einstellungen\All Users\Desktop\AVG Anti-Spyware.lnk
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Programme\Grisoft
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG Anti-Spyware 7.5
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft
2013-12-27 00:24 - 2007-05-30 13:10 - 00010872 _____ (GRISOFT, s.r.o.) C:\WINDOWS\system32\Drivers\AvgAsCln.sys
2013-12-26 23:49 - 2013-12-27 15:02 - 00009007 _____ C:\WINDOWS\setupapi.log
2013-12-26 23:43 - 2013-12-26 23:52 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator
2013-12-26 23:43 - 2013-12-26 23:43 - 00000712 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk
2013-12-26 23:43 - 2013-12-26 23:43 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\Spyware Terminator
2013-12-26 23:43 - 2013-12-26 23:43 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spyware Terminator 2012
2013-12-26 23:43 - 2011-06-21 11:24 - 00032768 _____ C:\WINDOWS\system32\Drivers\sp_rsdrv2.sys
2013-12-26 23:42 - 2013-12-26 23:42 - 00000000 ____D D:\\MAGIX_MxTray
2013-12-26 23:40 - 2013-12-26 23:43 - 00000000 ____D C:\Programme\Spyware Terminator
2013-12-26 23:14 - 2013-12-26 23:42 - 00000000 ____D D:\\OnDemandDump
2013-12-26 23:14 - 2013-12-26 23:42 - 00000000 ____D D:\\CrashLog
2013-12-26 23:14 - 2013-12-26 23:14 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\MAGIX
2013-12-26 23:12 - 2013-12-27 15:15 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MAGIX
2013-12-26 23:12 - 2013-12-26 23:14 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
2013-12-26 23:12 - 2013-12-26 23:12 - 00000000 ____D C:\Programme\MAGIX
2013-12-26 23:04 - 2013-12-26 23:04 - 00001894 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Ein-Klick-Optimierung.lnk
2013-12-26 23:04 - 2013-12-26 23:04 - 00000884 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Ashampoo WinOptimizer Free.lnk
2013-12-26 23:04 - 2013-12-26 23:04 - 00000000 ____D C:\Programme\Ashampoo
2013-12-26 23:04 - 2013-12-26 23:04 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ashampoo
2013-12-26 23:04 - 2013-12-26 23:04 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ashampoo
2013-12-26 23:04 - 2009-08-24 21:08 - 00028160 _____ (mst software GmbH, Germany) C:\WINDOWS\system32\DfSdkBt.exe
2013-12-26 22:58 - 2013-12-26 22:58 - 00001698 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\X-Setup Pro.lnk
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Programme\X-Setup Pro
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\X-Setup Pro
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X-Setup Pro
2013-12-26 22:47 - 2013-12-27 15:14 - 00003856 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-26 22:26 - 2013-12-27 14:57 - 00002180 _____ C:\Dokumente und Einstellungen\Xxx\daemonprocess.txt
2013-12-26 22:26 - 2013-12-26 22:41 - 00000000 ____D C:\Programme\Mobogenie
2013-12-26 22:26 - 2013-12-26 22:26 - 00000673 _____ C:\Dokumente und Einstellungen\Xxx\Desktop\Mobogenie.lnk
2013-12-26 22:26 - 2013-12-26 22:26 - 00000000 ____D D:\\Mobogenie
2013-12-26 22:26 - 2013-12-26 22:26 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Startmenü\Programme\Mobogenie
2013-12-26 22:26 - 2013-12-26 22:26 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\.android
2013-12-26 22:24 - 2013-12-27 06:57 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WPM
2013-12-13 21:13 - 2013-12-27 00:47 - 00000000 ____D C:\AdwCleaner
2013-12-10 21:16 - 2013-12-10 21:16 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
2013-12-08 19:32 - 2013-12-08 19:32 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-12-08 19:32 - 2013-12-08 19:32 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2013-12-05 22:17 - 2013-12-05 22:17 - 00001758 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Digital Editions 2.0.lnk
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D D:\\My Digital Editions
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe
2013-12-05 22:11 - 2013-12-05 22:31 - 00000000 ____D D:\\Calibre-Bibliothek
2013-12-05 22:11 - 2013-12-05 22:12 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\calibre
2013-12-05 22:11 - 2013-12-05 22:11 - 00000000 ____D C:\Programme\Calibre2
2013-12-05 22:11 - 2013-12-05 22:11 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\calibre - E-book Management
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D D:\\iPubsoft files
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D D:\\iPubsoft
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\iPubsoft
2013-12-05 21:35 - 2013-12-05 21:35 - 00000000 ____D C:\Programme\iPubsoft
2013-12-05 21:35 - 2013-12-05 21:35 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iPubsoft
2013-12-02 22:51 - 2013-12-02 22:51 - 00001529 _____ C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
2013-12-02 22:51 - 2013-12-02 22:51 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
2013-12-02 22:50 - 2013-12-02 22:51 - 00000000 ____D C:\Programme\iTunes
2013-12-02 22:50 - 2013-12-02 22:51 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-02 22:50 - 2013-12-02 22:50 - 00000000 ____D C:\Programme\iPod
2013-11-28 09:21 - 2013-11-28 09:21 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Startmenü\Programme\SanDisk SecureAccess Manager
2013-11-28 09:21 - 2013-11-28 09:21 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\SanDisk
2013-11-28 09:19 - 2013-11-28 09:19 - 00000288 _____ C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\.backup.dm
==================== One Month Modified Files and Folders =======
2013-12-27 16:25 - 2013-12-27 16:24 - 00036006 _____ C:\Dokumente und Einstellungen\Xxx\Desktop\FRST.txt
2013-12-27 16:25 - 2010-11-12 11:22 - 00000000 ____D D:\\Temp
2013-12-27 16:19 - 2013-12-27 16:24 - 01063503 _____ (Farbar) C:\Dokumente und Einstellungen\Xxx\Desktop\FRST.exe
2013-12-27 16:19 - 2011-02-14 15:53 - 00000000 ____D D:\\Downloads
2013-12-27 16:14 - 2013-12-27 16:01 - 00000000 ____D C:\Programme\Gemeinsame Dateien\PC Tools
2013-12-27 16:12 - 2013-12-27 16:12 - 00001808 _____ C:\Dokumente und Einstellungen\All Users\Desktop\PC Tools Spyware Doctor.lnk
2013-12-27 16:12 - 2013-12-27 16:12 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PC Tools Security
2013-12-27 16:12 - 2013-12-27 16:00 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
2013-12-27 16:12 - 2009-12-01 18:29 - 00000000 ___RD C:\Programme
2013-12-27 16:12 - 2009-12-01 18:29 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2013-12-27 16:09 - 2010-11-12 13:32 - 00000316 _____ C:\WINDOWS\Tasks\PMTask.job
2013-12-27 16:06 - 2013-12-27 16:06 - 00000075 _____ C:\WINDOWS\wininit.ini
2013-12-27 16:06 - 2013-12-27 15:58 - 00000000 ____D C:\Programme\Spybot - Search & Destroy 2
2013-12-27 16:06 - 2013-12-27 15:58 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2013-12-27 16:04 - 2010-11-19 11:05 - 00000000 ____D C:\Programme\Hardcopy
2013-12-27 16:02 - 2012-05-29 21:11 - 00001108 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-27 16:01 - 2013-12-27 16:01 - 00597386 _____ C:\WINDOWS\system32\Drivers\Cat.DB
2013-12-27 16:01 - 2010-11-12 13:23 - 00000000 __SHD D:\\System Volume Information
2013-12-27 16:00 - 2013-12-27 16:00 - 00000484 _____ C:\Dokumente und Einstellungen\Xxx\Desktop\sd9setup.exe.lnk
2013-12-27 16:00 - 2013-12-27 16:00 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\TestApp
2013-12-27 15:58 - 2013-12-27 15:58 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2013-12-27 15:54 - 2013-11-25 11:58 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-12-27 15:37 - 2009-12-01 18:31 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-12-27 15:37 - 2009-12-01 18:31 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-12-27 15:29 - 2013-02-03 16:18 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-27 15:15 - 2013-12-26 23:12 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MAGIX
2013-12-27 15:14 - 2013-12-26 22:47 - 00003856 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-27 15:04 - 2010-11-12 13:35 - 00000463 _____ C:\WINDOWS\smscfg.ini
2013-12-27 15:03 - 2013-12-27 15:03 - 00002076 _____ C:\Dokumente und Einstellungen\Xxx\Desktop\SMC Anwendungen.nal
2013-12-27 15:03 - 2013-12-27 15:03 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Startmenü\SMC Anwendungen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2013-12-27 15:03 - 2010-11-12 14:26 - 00000000 ___RD C:\Dokumente und Einstellungen\Xxx\Startmenü
2013-12-27 15:02 - 2013-12-26 23:49 - 00009007 _____ C:\WINDOWS\setupapi.log
2013-12-27 15:02 - 2012-05-29 21:11 - 00001104 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-27 15:02 - 2011-01-06 11:01 - 00000000 ____D C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\VMware
2013-12-27 15:02 - 2011-01-06 11:00 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VMware
2013-12-27 15:02 - 2010-11-12 14:27 - 00000972 __RSH C:\Dokumente und Einstellungen\Xxx\ntuser.pol
2013-12-27 15:02 - 2010-11-12 14:26 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx
2013-12-27 15:02 - 2010-11-12 11:20 - 00019868 __RSH C:\Dokumente und Einstellungen\All Users\ntuser.pol
2013-12-27 15:02 - 2010-11-12 11:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2013-12-27 15:02 - 2010-11-12 11:20 - 00000000 ___HD C:\NALCache
2013-12-27 15:02 - 2008-04-14 18:30 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-27 15:01 - 2010-11-12 11:32 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy.UserCache
2013-12-27 15:01 - 2009-12-01 14:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-27 14:57 - 2013-12-26 22:26 - 00002180 _____ C:\Dokumente und Einstellungen\Xxx\daemonprocess.txt
2013-12-27 14:57 - 2013-07-07 22:11 - 00001024 ____H C:\WINDOWS\system32\default_user_class.dat.LOG
2013-12-27 14:57 - 2010-11-12 14:27 - 00000190 ___SH C:\Dokumente und Einstellungen\Xxx\ntuser.ini
2013-12-27 14:57 - 2010-11-12 12:33 - 02097152 _____ C:\WINDOWS\system32\config\PatchLin.evt
2013-12-27 14:57 - 2009-12-01 14:11 - 00032466 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-27 14:51 - 2013-12-27 14:51 - 00058278 _____ D:\\bookmark.htm
2013-12-27 14:47 - 2009-12-01 14:11 - 00000000 __SHD C:\Dokumente und Einstellungen\NetworkService
2013-12-27 14:47 - 2009-12-01 14:11 - 00000000 __SHD C:\Dokumente und Einstellungen\LocalService
2013-12-27 14:47 - 2009-12-01 14:11 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator
2013-12-27 14:47 - 2009-12-01 14:03 - 00000000 ____D C:\WINDOWS\Registration
2013-12-27 14:46 - 2013-07-08 20:18 - 00000000 ____D C:\JRT
2013-12-27 14:46 - 2009-12-01 19:23 - 00000000 ____D C:\WINDOWS\Help
2013-12-27 14:39 - 2012-06-17 21:36 - 00000370 _____ C:\WINDOWS\Tasks\At8.job
2013-12-27 14:32 - 2009-12-01 14:12 - 00000000 ____D C:\WINDOWS\I386
2013-12-27 14:30 - 2012-04-09 15:05 - 00000370 _____ C:\WINDOWS\Tasks\At4.job
2013-12-27 10:32 - 2012-06-17 21:36 - 00000370 _____ C:\WINDOWS\Tasks\At5.job
2013-12-27 07:00 - 2010-11-12 18:10 - 00000000 __SHD C:\WINDOWS\CSC
2013-12-27 06:57 - 2013-12-26 22:24 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WPM
2013-12-27 06:53 - 2013-12-27 01:47 - 00000000 ____D C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP
2013-12-27 06:53 - 2010-11-12 14:26 - 00000000 ___RD C:\Dokumente und Einstellungen\Xxx\Startmenü\Programme
2013-12-27 02:12 - 2010-11-12 11:24 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-12-27 01:55 - 2010-11-12 14:27 - 00001606 _____ C:\Dokumente und Einstellungen\Xxx\Startmenü\Programme\Remoteunterstützung.lnk
2013-12-27 01:54 - 2010-07-26 10:30 - 00001606 _____ C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Remoteunterstützung.lnk
2013-12-27 01:53 - 2010-07-26 10:29 - 00001606 _____ C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Remoteunterstützung.lnk
2013-12-27 01:47 - 2013-12-27 01:47 - 00000000 ____D C:\Programme\Enigma Software Group
2013-12-27 01:46 - 2013-12-27 01:46 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2013-12-27 00:48 - 2012-07-19 16:05 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2013-12-27 00:47 - 2013-12-13 21:13 - 00000000 ____D C:\AdwCleaner
2013-12-27 00:47 - 2012-11-11 18:00 - 00000888 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
2013-12-27 00:47 - 2012-11-11 18:00 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome
2013-12-27 00:47 - 2012-03-14 10:47 - 00000709 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
2013-12-27 00:47 - 2011-01-08 13:19 - 00000676 _____ C:\Dokumente und Einstellungen\Xxx\Startmenü\Programme\Internet Explorer.lnk
2013-12-27 00:47 - 2010-12-01 20:25 - 00000703 _____ C:\Dokumente und Einstellungen\All Users\Desktop\sps.lnk
2013-12-27 00:47 - 2010-11-12 14:26 - 00000000 ___RD C:\Dokumente und Einstellungen\Xxx\Startmenü\Programme\Autostart
2013-12-27 00:25 - 2013-12-27 00:25 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\Grisoft
2013-12-27 00:24 - 2013-12-27 00:24 - 00096256 _____ C:\WINDOWS\system32\DlProtectSvc.exe
2013-12-27 00:24 - 2013-12-27 00:24 - 00070656 _____ C:\WINDOWS\system32\ccfgnt32.exe
2013-12-27 00:24 - 2013-12-27 00:24 - 00012800 _____ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dlprotect.exe
2013-12-27 00:24 - 2013-12-27 00:24 - 00000838 _____ C:\Dokumente und Einstellungen\All Users\Desktop\AVG Anti-Spyware.lnk
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Programme\Grisoft
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG Anti-Spyware 7.5
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft
2013-12-26 23:52 - 2013-12-26 23:43 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator
2013-12-26 23:51 - 2009-12-01 18:29 - 01148676 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-26 23:51 - 2008-04-15 18:30 - 00355152 _____ C:\WINDOWS\system32\perfh015.dat
2013-12-26 23:51 - 2008-04-15 18:30 - 00049376 _____ C:\WINDOWS\system32\perfc015.dat
2013-12-26 23:43 - 2013-12-26 23:43 - 00000712 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk
2013-12-26 23:43 - 2013-12-26 23:43 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\Spyware Terminator
2013-12-26 23:43 - 2013-12-26 23:43 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spyware Terminator 2012
2013-12-26 23:43 - 2013-12-26 23:40 - 00000000 ____D C:\Programme\Spyware Terminator
2013-12-26 23:42 - 2013-12-26 23:42 - 00000000 ____D D:\\MAGIX_MxTray
2013-12-26 23:42 - 2013-12-26 23:14 - 00000000 ____D D:\\OnDemandDump
2013-12-26 23:42 - 2013-12-26 23:14 - 00000000 ____D D:\\CrashLog
2013-12-26 23:28 - 2012-11-10 15:59 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 7
2013-12-26 23:14 - 2013-12-26 23:14 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\MAGIX
2013-12-26 23:14 - 2013-12-26 23:12 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
2013-12-26 23:12 - 2013-12-26 23:12 - 00000000 ____D C:\Programme\MAGIX
2013-12-26 23:04 - 2013-12-26 23:04 - 00001894 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Ein-Klick-Optimierung.lnk
2013-12-26 23:04 - 2013-12-26 23:04 - 00000884 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Ashampoo WinOptimizer Free.lnk
2013-12-26 23:04 - 2013-12-26 23:04 - 00000000 ____D C:\Programme\Ashampoo
2013-12-26 23:04 - 2013-12-26 23:04 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ashampoo
2013-12-26 23:04 - 2013-12-26 23:04 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ashampoo
2013-12-26 22:58 - 2013-12-26 22:58 - 00001698 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\X-Setup Pro.lnk
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Programme\X-Setup Pro
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\X-Setup Pro
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X-Setup Pro
2013-12-26 22:56 - 2010-11-12 11:31 - 00000000 ____D C:\Programme\PowerArchiver
2013-12-26 22:48 - 2013-09-30 08:22 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Desktop\tmp
2013-12-26 22:41 - 2013-12-26 22:26 - 00000000 ____D C:\Programme\Mobogenie
2013-12-26 22:38 - 2012-06-17 21:36 - 00000370 _____ C:\WINDOWS\Tasks\At7.job
2013-12-26 22:29 - 2012-02-26 22:17 - 00000661 _____ C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
2013-12-26 22:29 - 2012-02-26 22:17 - 00000000 ____D C:\Programme\CCleaner
2013-12-26 22:26 - 2013-12-26 22:26 - 00000673 _____ C:\Dokumente und Einstellungen\Xxx\Desktop\Mobogenie.lnk
2013-12-26 22:26 - 2013-12-26 22:26 - 00000000 ____D D:\\Mobogenie
2013-12-26 22:26 - 2013-12-26 22:26 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Startmenü\Programme\Mobogenie
2013-12-26 22:26 - 2013-12-26 22:26 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\.android
2013-12-26 21:03 - 2012-06-17 21:36 - 00000370 _____ C:\WINDOWS\Tasks\At6.job
2013-12-20 08:34 - 2010-11-12 11:22 - 00000000 ____D D:\\Favoriten
2013-12-18 22:14 - 2009-12-01 18:31 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
2013-12-11 18:29 - 2012-11-13 01:20 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-11 18:29 - 2012-11-13 01:20 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-10 21:29 - 2010-11-16 11:10 - 00000000 __SHD C:\Dokumente und Einstellungen\Xxx\UserData
2013-12-10 21:16 - 2013-12-10 21:16 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
2013-12-10 21:16 - 2012-05-29 21:11 - 00000000 ____D C:\Programme\Google
2013-12-08 19:32 - 2013-12-08 19:32 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-12-08 19:32 - 2013-12-08 19:32 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2013-12-08 19:32 - 2012-03-14 11:11 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-12-08 19:32 - 2010-12-01 09:22 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Java
2013-12-05 22:31 - 2013-12-05 22:11 - 00000000 ____D D:\\Calibre-Bibliothek
2013-12-05 22:17 - 2013-12-05 22:17 - 00001758 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Digital Editions 2.0.lnk
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D D:\\My Digital Editions
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe
2013-12-05 22:17 - 2012-11-11 18:00 - 00000000 ____D C:\Programme\Adobe
2013-12-05 22:12 - 2013-12-05 22:11 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\calibre
2013-12-05 22:11 - 2013-12-05 22:11 - 00000000 ____D C:\Programme\Calibre2
2013-12-05 22:11 - 2013-12-05 22:11 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\calibre - E-book Management
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D D:\\iPubsoft files
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D D:\\iPubsoft
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\iPubsoft
2013-12-05 21:35 - 2013-12-05 21:35 - 00000000 ____D C:\Programme\iPubsoft
2013-12-05 21:35 - 2013-12-05 21:35 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iPubsoft
2013-12-02 22:51 - 2013-12-02 22:51 - 00001529 _____ C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
2013-12-02 22:51 - 2013-12-02 22:51 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
2013-12-02 22:51 - 2013-12-02 22:50 - 00000000 ____D C:\Programme\iTunes
2013-12-02 22:51 - 2013-12-02 22:50 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-02 22:50 - 2013-12-02 22:50 - 00000000 ____D C:\Programme\iPod
2013-12-02 22:50 - 2012-09-29 00:29 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Apple
2013-12-02 22:46 - 2011-01-06 09:26 - 00000000 ____D D:\\FastTrack
2013-12-02 14:02 - 2013-09-20 10:55 - 00000000 ____D D:\\Thomas
2013-11-28 09:21 - 2013-11-28 09:21 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Startmenü\Programme\SanDisk SecureAccess Manager
2013-11-28 09:21 - 2013-11-28 09:21 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\SanDisk
2013-11-28 09:19 - 2013-11-28 09:19 - 00000288 _____ C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\.backup.dm
Files to move or delete:
====================
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2008-04-14 18:30] - [2008-04-14 18:30] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[2008-04-14 18:30] - [2008-04-14 18:30] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[2008-04-14 18:30] - [2008-04-14 18:30] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[2009-02-09 17:51] - [2009-02-09 17:51] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[2008-04-14 18:30] - [2008-04-14 18:30] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[2008-04-14 18:30] - [2008-04-14 18:30] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 18:30] - [2008-04-14 18:30] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Danke TW14188 Hallo, habe jetzt Spyware Doctor verwendet um den Rechner zu scannen. Dieser hat auch sehr viele Infektionen festgestellt und zudem die Registrierung überprüft. Danach konnte ich alle Infektionen entfernen. Internet läuft wieder wie gewohnt. Ein neuer Suchlauf mit dem Tool hat keine Infektion mehr gefunden. Gibt es ein davon unabhängiges Tool um zu prüfen, ob ich noch eine Infektion auf dem Rechner habe. Würde hier gerne noch einen Abschließenden Test mache um sicher zu sein, dass alles weg ist. danke Gruß Tw14199 Geändert von tw14199 (27.12.2013 um 16:52 Uhr) |
|
28.12.2013, 18:17
| #4 |
| /// the machine /// TB-Ausbilder | Backdoor sdboot.ry Virus kann nicht gelöscht werden Machen wir  Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.12.2013, 00:14
| #5 |
| | Backdoor sdboot.ry Virus kann nicht gelöscht werden Hi, danke für die Antwort. So ein Zufall. Malware Bytes und adwcleaner habe ich auf meinem Rechner hier das Ergebniss. Malware Bytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.29.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Xxx :: MC00018329 [Administrator] 29.12.2013 14:18:45 mbam-log-2013-12-29 (14-18-45).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 285192 Laufzeit: 7 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Adwcleaner: Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 29/12/2013 um 14:33:38
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzername : Xxx - MC00018329
# Gestartet von : C:\Dokumente und Einstellungen\Xxx\Desktop\tmp\performance\adwcleaner_3.016.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\u6lso5da.default\prefs.js ]
-\\ Google Chrome v31.0.1650.63
[ Datei : C:\Dokumente und Einstellungen\Xxx\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1941 octets] - [13/12/2013 21:13:48]
AdwCleaner[R1].txt - [40587 octets] - [27/12/2013 00:45:24]
AdwCleaner[R2].txt - [2364 octets] - [27/12/2013 17:45:46]
AdwCleaner[R3].txt - [1442 octets] - [28/12/2013 09:45:34]
AdwCleaner[R4].txt - [1562 octets] - [29/12/2013 14:30:03]
AdwCleaner[R5].txt - [1622 octets] - [29/12/2013 14:31:26]
AdwCleaner[S0].txt - [2002 octets] - [13/12/2013 21:15:33]
AdwCleaner[S1].txt - [38134 octets] - [27/12/2013 00:46:48]
AdwCleaner[S2].txt - [2342 octets] - [27/12/2013 17:50:18]
AdwCleaner[S3].txt - [1503 octets] - [28/12/2013 09:46:29]
AdwCleaner[S4].txt - [1543 octets] - [29/12/2013 14:33:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1603 octets] ##########
Junware Removal Tool: Code:
ATTFilter Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by on 30.12.2013 at 0:04:51,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.12.2013 at 0:09:09,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Geändert von tw14199 (29.12.2013 um 14:41 Uhr) |
|
30.12.2013, 17:37
| #6 |
| /// the machine /// TB-Ausbilder | Backdoor sdboot.ry Virus kann nicht gelöscht werdenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Backdoor sdboot.ry Virus kann nicht gelöscht werden |
|
31.12.2013, 15:49
| #7 |
| | Backdoor sdboot.ry Virus kann nicht gelöscht werden HI, Der Suchlauf hat noch Vieren gefunden. Wie lösche ich diese. Habe ja beim Scannen den Hacken remove found Threads abgewählt. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d34b708fea6c1e4f88bd3f420439d755
# engine=16460
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-31 12:07:33
# local_time=2013-12-31 01:07:33 (+0100, Mitteleuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=7937 16777214 28 75 397416 6071049 0 0
# scanned=14648
# found=0
# cleaned=0
# scan_time=1051
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d34b708fea6c1e4f88bd3f420439d755
# engine=16463
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-31 02:45:03
# local_time=2013-12-31 03:45:03 (+0100, Mitteleuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=7937 16777214 28 75 403266 6080499 0 0
# scanned=145587
# found=6
# cleaned=0
# scan_time=9373
sh=C5828B700B9EF61FA1534D5D18482BF12F591CBF ft=1 fh=0404da55e35b3671 vn="a variant of Win32/AdWare.SpeedingUpMyPC.D application" ac=I fn="C:\System Volume Information\_restore{7C76E802-D556-4D93-A89E-041AC291A00C}\RP528\A0268466.exe"
sh=DDD2974F59F7DBB2C99557C05FB33787C7B27748 ft=1 fh=b62022df389e395a vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="C:\System Volume Information\_restore{7C76E802-D556-4D93-A89E-041AC291A00C}\RP528\A0268469.exe"
sh=E726D8BAED9714F2CCF9E8EE01DA76F32716870A ft=1 fh=3a4d9e1ea77ed494 vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="C:\System Volume Information\_restore{7C76E802-D556-4D93-A89E-041AC291A00C}\RP528\A0268473.exe"
sh=81301DFED7B52CBB01DC70F0F35FD8AD4DF65008 ft=1 fh=0e84870967874c85 vn="a variant of Win32/BHO.OGV trojan" ac=I fn="C:\WINDOWS\system32\ccfgnt32.exe"
sh=C71F3310952400F125B0A7A1F6FA27B8F19870FB ft=1 fh=d80cbfc021b4a604 vn="a variant of Win32/Webprefix.B trojan" ac=I fn="C:\WINDOWS\system32\DlProtectSvc.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="multiple threats" ac=I fn="${Memory}"
Code:
ATTFilter Results of screen317's Security Check version 0.99.77 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` AVG Anti-Spyware 7.5 Spyware Terminator 2012 Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner Java(TM) 6 Update 31 Java 7 Update 45 Java 2 Runtime Environment, SE v1.4.2_05 Adobe Flash Player 11.9.900.170 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (26.0) Google Chrome 31.0.1650.57 Google Chrome 31.0.1650.63 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Gemeinsame Dateien Microsoft Shared Microsoft Online Services MSOIDSVC.EXE Gemeinsame Dateien Microsoft Shared Microsoft Online Services MSOIDSvcm.exe Gemeinsame Dateien Microsoft Shared Microsoft Online Services PresentationFontCache.exe -?- `````````````````System Health check````````````````` Total Fragmentation on Drive C:: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-12-2013
Ran by Xxx (administrator) on MC00018329 on 31-12-2013 16:07:40
Running from C:\Dokumente und Einstellungen\Xxx\Desktop\tmp\performance\Neuer Ordner
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Novell, Inc) C:\Programme\Novell\CASA\bin\micasad.exe
(Novell, Inc.) C:\WINDOWS\system32\novell\xtagent.exe
(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(Intel(R) Corporation) C:\Programme\Intel\WiFi\bin\S24EvMon.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
(Array Networks, Inc.) C:\Program Files\Array Networks\Common\8,4,0,264\arr_isrv.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
(Autonomy Corporation plc) C:\Programme\Iron Mountain\Connected BackupPC\AgentService.exe
(Apple Inc.) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\bin\TSUsage32.exe
(Array Networks, Inc.) C:\Program Files\Array Networks\Array SSL VPN\8,4,0,264\arr_srvs.exe
(GRISOFT s.r.o.) C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
(Microsoft Corporation) C:\WINDOWS\system32\CCM\CcmExec.exe
() C:\WINDOWS\system32\DlProtectSvc.exe
(Lenovo.) C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
(Intel(R) Corporation) C:\Programme\Intel\WiFi\bin\EvtEng.exe
(OptionNV) C:\Programme\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Lenovo Group Limited) C:\Programme\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\micmute.exe
(Intel Corporation) C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(IBM Corp) C:\Notes\nslsvice.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corp.) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
() C:\Programme\MySQL\MySQL Server 5.1\bin\mysqld.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\NALNTSRV.EXE
(Novell, Inc.) C:\Programme\PatchLink\Update Agent\GravitixService.exe
(QUALCOMM, Inc.) C:\Programme\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
(Refresh IT Solutions) C:\Programme\Refresh IT Solutions\Refresh Devices Manager\RDMAgent.exe
(Intel(R) Corporation) C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
(Crawler.com) C:\Programme\Spyware Terminator\st_rsser.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
(Telefónica I+D) C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Microsoft Corporation) C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
(Intel Corporation) C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Programme\UPHClean\uphclean.exe
(VMware, Inc.) C:\Programme\VMware\VMware Player\vmware-authd.exe
() C:\WINDOWS\system32\ccfgnt32.exe
(VMware, Inc.) C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\WINDOWS\system32\vmnat.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\WM.EXE
() C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
(VMware, Inc.) C:\WINDOWS\system32\vmnetdhcp.exe
(Broadcom Corporation.) C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\WMRUNDLL.EXE
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Programme\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Lenovo.) C:\WINDOWS\system32\TpShocks.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Ltd.) C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
(LENOVO) C:\Programme\ThinkVantage\AMSG\Amsg.exe
(Synaptics Incorporated) C:\Programme\Synaptics\SynTP\SynTPLpr.exe
(Ricoh co.,Ltd.) C:\Programme\Integrated Camera Driver\RCIMGDIR.exe
(Novell, Inc.) C:\WINDOWS\system32\dpmw32.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
(Novell, Inc.) C:\WINDOWS\system32\nwtray.exe
(Lenovo Group Limited) C:\Programme\Lenovo\ZOOM\TpScrex.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(VMware, Inc.) C:\Programme\VMware\VMware Player\hqtray.exe
(Novell, Inc.) C:\Programme\PatchLink\Update Agent\pddm.exe
(Research In Motion Limited) C:\Programme\Gemeinsame Dateien\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
(Novell, Inc) C:\Programme\Novell\ZENworks\NalAgent.exe
(Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Hewlett-Packard) C:\Programme\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Programme\HP\ToolboxFX\bin\HPTLBXFX.exe
(Adobe Systems Incorporated) C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
(Autonomy Corporation plc) C:\Programme\Iron Mountain\Connected BackupPC\Agent.exe
(Adobe Systems Incorporated) C:\Programme\Adobe\Reader 9.0\Reader\reader_sl.exe
(Lenovo) C:\Programme\ThinkPad\ConnectUtilities\Access Connections.exe
(shbox.de) C:\Programme\FreePDF_XP\fpassist.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Haufe-Lexware GmbH & Co. KG) C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe
(Apple Inc.) C:\Programme\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Programme\iPod\bin\iPodService.exe
(GRISOFT s.r.o.) C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
(Broadcom Corporation.) C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Programme\McAfee Security Scan\3.8.130\SSScheduler.exe
(Broadcom Corporation.) C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\...\Run: [TpShocks] - C:\WINDOWS\system32\TpShocks.exe [337256 2009-12-11] (Lenovo.)
HKLM\...\Run: [picon] - C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\PrivacyIconClient.exe [358424 2009-08-04] (Intel Corporation)
HKLM\...\Run: [IMSS] - C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-03-25] ()
HKLM\...\Run: [EZEJMNAP] - C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE [256576 2008-10-07] (Lenovo Group Ltd.)
HKLM\...\Run: [TPHOTKEY] - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited)
HKLM\...\Run: [AMSG] - C:\Programme\ThinkVantage\AMSG\Amsg.exe [436800 2009-09-03] (LENOVO)
HKLM\...\Run: [PWRMGRTR] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [RotateImage] - C:\Programme\Integrated Camera Driver\RCIMGDIR.exe [31744 2008-10-30] (Ricoh co.,Ltd.)
HKLM\...\Run: [NDPS] - C:\WINDOWS\system32\dpmw32.exe [32859 2004-05-17] (Novell, Inc.)
HKLM\...\Run: [NWTRAY] - C:\WINDOWS\system32\nwtray.exe [28672 2002-03-12] (Novell, Inc.)
HKLM\...\Run: [ZENRC Tray Icon] - C:\WINDOWS\system32\zentray.exe [40960 2005-05-18] (Novell, Inc.)
HKLM\...\Run: [Application Explorer] - C:\Programme\Novell\ZENworks\NALDESK.EXE [7168 2006-06-13] (Novell, Inc.)
HKLM\...\Run: [Tweak UI] - RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
HKLM\...\Run: [VMware hqtray] - C:\Programme\VMware\VMware Player\hqtray.exe [64048 2010-01-22] (VMware, Inc.)
HKLM\...\Run: [PDDM] - C:\Programme\PatchLink\Update Agent\pddm.exe [401408 2009-07-28] (Novell, Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Programme\Gemeinsame Dateien\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM\...\Run: [ACTray] - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe [425984 2010-09-17] (Lenovo )
HKLM\...\Run: [ACWLIcon] - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe [176128 2010-09-17] (Lenovo )
HKLM\...\Run: [HP Software Update] - C:\Programme\HP\HP Software Update\hpwuschd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [ToolboxFX] - C:\Programme\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-10-25] (Hewlett-Packard Company)
HKLM\...\Run: [Adobe ARM] - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [AgentUiRunKey] - C:\Programme\Iron Mountain\Connected BackupPC\Agent.exe [294400 2012-03-20] (Autonomy Corporation plc)
HKLM\...\Run: [FreePDF Assistant] - C:\Programme\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM\...\Run: [LexwareInfoService] - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [Communicator] - C:\Programme\Microsoft Lync\communicator.exe [12107944 2013-03-22] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Programme\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Programme\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [Download Protect] - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dlprotect.exe [12800 2013-12-27] ()
HKLM\...\Run: [!AVG Anti-Spyware] - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [6731312 2007-06-11] (GRISOFT s.r.o.)
Winlogon\Notify\LCredMgr: C:\Programme\Novell\CASA\bin\lcredmgr.dll ()
Winlogon\Notify\NetIdentity Notification: C:\WINDOWS\system32\novell\xtnotify.dll (Novell, Inc.)
HKCU\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\SanDisk\SanDiskSecureAccess_Manager.exe [27311232 2011-06-29] (Gemalto N.V.)
HKCU\...\Policies\system: [WarningMsgInBody]
Lsa: [Authentication Packages] msv1_0 nwv1_0
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
BHO: No Name - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} https://quickplace.steria-mummert.de/qp2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://external.econgas.com/InternalSite/WhlCompMgr.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://domino.muenchen.steria-mummert.de/dwa8W.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Programme\QlikView\QvProtocol\qvp.dll (QlikTech AB)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Application Explorer - {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Programme\Novell\ZENworks\NalShell.dll [458752 2007-08-08] (Novell, Inc)
ShellExecuteHooks: CShellExecuteHookImpl Object - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [79408 2007-05-30] (GRISOFT s.r.o.)
Winsock: Catalog5 04 %SystemRoot%\system32\netware\NWWS2NDS.DLL [36947] (Novell, Inc.)
Winsock: Catalog5 05 %SystemRoot%\system32\netware\NWWS2SAP.DLL [32851] (Novell, Inc.)
Winsock: Catalog5 06 %SystemRoot%\system32\netware\NWWS2SLP.DLL [49235] (Novell, Inc.)
Winsock: Catalog5 07 C:\Programme\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{9EFE6EF8-64B2-4A8B-A464-4F9E0FCE7DAA}: [NameServer]192.135.82.44,192.135.82.60
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\u6lso5da.default
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Programme\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Programme\Microsoft Silverlight\4.0.50826.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Programme\Gemeinsame Dateien\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\u6lso5da.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\u6lso5da.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Click to call with Skype - C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [{cf828622-feaf-4708-8e39-395e58c9f1cc}] - C:\Programme\Re-markit\150.xpi
========================== Services (Whitelisted) =================
R2 AcPrfMgrSvc; C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [98304 2010-09-17] (Lenovo )
R2 AcSvc; C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe [237568 2010-09-17] (Lenovo )
R2 AgentService; C:\Programme\Iron Mountain\Connected BackupPC\AgentService.exe [7617952 2012-03-20] (Autonomy Corporation plc)
R2 Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624 2013-09-07] (Apple Inc.)
R2 ArraySSL_VPN_Service8.4.0.264; C:\Program Files\Array Networks\Array SSL VPN\8,4,0,264\arr_srvs.exe [239024 2010-03-10] (Array Networks, Inc.)
R2 Array_Utility_Service8.4.0.264; C:\Program Files\Array Networks\Common\8,4,0,264\arr_isrv.exe [398768 2010-03-10] (Array Networks, Inc.)
R2 AVG Anti-Spyware Guard; C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe [312880 2007-05-30] (GRISOFT s.r.o.)
S4 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.)
R2 btwdins; C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe [349528 2010-05-25] (Broadcom Corporation.)
R2 CcmExec; C:\WINDOWS\system32\CCM\CcmExec.exe [764768 2009-09-18] (Microsoft Corporation)
S3 cusrvc; C:\WINDOWS\system32\cusrvc.exe [53339 2008-08-04] (Novell, Inc.)
R2 DlProtectSvc; C:\WINDOWS\system32\DlProtectSvc.exe [96256 2013-12-27] ()
S3 DMService; C:\WINDOWS\DOWNLO~1\DMService.exe [517360 2013-11-08] (Microsoft Corporation)
R2 DozeSvc; C:\Programme\ThinkPad\Utilities\DOZESVC.EXE [132456 2010-05-12] (Lenovo.)
R2 EvtEng; C:\Programme\Intel\WiFi\bin\EvtEng.exe [862480 2010-03-05] (Intel(R) Corporation)
R2 GtDetectSc; C:\Programme\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe [545792 2009-05-04] (OptionNV)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2012-05-29] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2012-05-29] (Google Inc.)
S2 HP LaserJet Service; C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP)
R3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [553288 2013-11-02] (Apple Inc.)
S4 IviRegMgr; C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe [112152 2007-01-04] (InterVideo)
R2 LENOVO.CAMMUTE; C:\Programme\Lenovo\Communications Utility\CAMMUTE.exe [43584 2012-01-16] (Lenovo Group Limited)
R2 Lenovo.micmute; C:\Programme\LENOVO\HOTKEY\MICMUTE.exe [45496 2010-04-07] (Lenovo Group Limited)
R2 LMS; C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [266576 2010-03-25] (Intel Corporation)
R2 Lotus Notes Single Logon; C:\Notes\nslsvice.exe [31624 2008-08-08] (IBM Corp)
R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Programme\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2013-12-27] (Mozilla Foundation)
R2 msoidsvc; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1542560 2010-08-17] (Microsoft Corp.)
R2 MySQL; C:\Programme\MySQL\MySQL Server 5.1\my.ini [848 2012-02-26] ()
R2 NALNTSERVICE; C:\Programme\Novell\ZENworks\nalntsrv.exe [113152 2006-06-13] (Novell, Inc.)
R2 Novell Identity Store; C:\Programme\Novell\CASA\bin\micasad.exe [245760 2009-10-14] (Novell, Inc)
R2 Novell ZENworks Agent Service; C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe [28672 2010-06-30] (Novell, Inc.)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S3 osppsvc; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4640000 2010-01-09] (Microsoft Corporation)
R2 PatchLink Update; C:\Programme\PatchLink\Update Agent\GravitixService.exe [81920 2009-07-28] (Novell, Inc.)
R2 Power Manager DBC Service; C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe [53248 2010-05-12] ()
R2 QDLService2kLenovo; C:\Programme\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [1688384 2011-05-23] (QUALCOMM, Inc.)
R2 RefreshDevicesManager; C:\Programme\Refresh IT Solutions\Refresh Devices Manager\RDMAgent.exe [738304 2012-02-28] (Refresh IT Solutions)
R2 RegSrvc; C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe [473360 2010-03-05] (Intel(R) Corporation)
R2 Remote Management Agent; C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [167936 2006-05-09] (Novell, Inc.)
R2 S24EventMonitor; C:\Programme\Intel\WiFi\bin\S24EvMon.exe [954368 2010-03-05] (Intel(R) Corporation)
S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
S2 SMART Mirror Driver Monitor Service; C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\TANDBERG\See&Share\monitorservice.exe [135680 2011-01-07] (SMART Technologies)
S3 smstsmgr; C:\WINDOWS\system32\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
R2 ST2012_Svc; C:\Programme\Spyware Terminator\st_rsser.exe [587912 2013-10-22] (Crawler.com)
R2 TeamViewer8; C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe [4153184 2013-07-08] (TeamViewer GmbH)
R2 TGCM_ImportWiFiSvc; C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D)
R2 TPHKSVC; C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe [63928 2010-04-07] (Lenovo Group Limited)
R2 uagqecsvc; C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [169200 2013-01-22] (Microsoft Corporation)
R2 UNS; C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2320920 2010-03-25] (Intel Corporation)
R2 UPHClean; C:\Programme\UPHClean\uphclean.exe [241725 2005-04-27] (Microsoft Corporation)
R2 VMAuthdService; C:\Programme\VMware\VMware Player\vmware-authd.exe [113200 2010-01-22] (VMware, Inc.)
R2 vmnat32; C:\WINDOWS\system32\ccfgnt32.exe [70656 2013-12-27] ()
R2 VMnetDHCP; C:\WINDOWS\system32\vmnetdhcp.exe [334384 2010-01-22] (VMware, Inc.)
R2 VMUSBArbService; C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe [563760 2010-01-22] (VMware, Inc.)
R2 VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [395824 2010-01-22] (VMware, Inc.)
S4 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
R2 XTAgent; C:\Windows\System32\Novell\XTAgent.exe [61440 2007-01-10] (Novell, Inc.)
S3 ZENPreAgent; C:\WINDOWS\novell\zenworks\bin\ZENPreAgent.exe [196608 2010-11-12] ()
R2 ZFDWM; C:\Programme\Novell\ZENworks\wm.exe [152128 2007-02-07] (Novell, Inc.)
S4 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf"
S3 ufad-ws60; "C:\Programme\VMware\VMware Player\vmware-ufad.exe" -d "C:\Programme\VMware\VMware Player\\" -s ufad-p2v.xml
==================== Drivers (Whitelisted) ====================
R1 ANC; C:\Windows\System32\drivers\ANC.SYS [11520 2005-09-28] (IBM Corp.)
S3 ATP; C:\Windows\System32\DRIVERS\atpdrvr.sys [16256 2009-09-03] (Array Networks, Inc.)
R1 AVG Anti-Spyware Driver; C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.sys [11000 2007-05-30] ()
R1 AvgAsCln; C:\Windows\System32\DRIVERS\AvgAsCln.sys [10872 2007-05-30] (GRISOFT, s.r.o.)
R2 BlankScr; C:\Windows\System32\Drivers\BlankScr.sys [6899 2005-05-23] (Novell Inc.)
R3 BM; C:\Windows\System32\DRIVERS\vptunnel.sys [217164 2006-10-28] (Novell, Inc.)
R3 btaudio; C:\Windows\System32\drivers\btaudio.sys [533152 2010-06-01] (Broadcom Corporation.)
R3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [37160 2010-06-01] (Broadcom Corporation.)
R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [993320 2010-06-01] (Broadcom Corporation.)
S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [156816 2010-06-01] (Broadcom Corporation.)
R3 btwmodem; C:\Windows\System32\DRIVERS\btwmodem.sys [37032 2010-06-01] (Broadcom Corporation.)
R3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [51752 2010-06-01] (Broadcom Corporation.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 CnxtHdAudService; C:\Windows\System32\drivers\CHDAU32.sys [1756216 2010-03-31] (Conexant Systems Inc.)
R3 Darpan; C:\Windows\System32\DRIVERS\Darpan.sys [2773 2005-05-23] (Novell, Inc.)
S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k5132.sys [167080 2009-12-10] (Intel Corporation)
R2 hcmon; C:\WINDOWS\system32\drivers\hcmon.sys [32304 2010-01-22] (VMware, Inc.)
S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2010-12-07] (Hewlett Packard)
S3 HPFXFAX; C:\Windows\System32\drivers\hppcfaxio.sys [21528 2010-12-07] (Hewlett Packard)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [210304 2009-06-30] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [986240 2009-06-30] (Conexant Systems, Inc.)
R1 IBMTPCHK; C:\WINDOWS\system32\Drivers\IBMBLDID.sys [4224 2008-05-12] ()
R2 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker.sys [45384 2012-03-20] ()
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9728 2010-06-19] (MBB Incorporated)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [9728 2009-02-03] (ZTE Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NETw5x32; C:\Windows\System32\DRIVERS\NETw5x32.sys [6601216 2010-03-17] (Intel Corporation)
R2 NetwareWorkstation; C:\Windows\System32\NetWare\nwfs.sys [553216 2008-08-28] (Novell, Inc.)
R2 NICICCS; C:\Windows\System32\Drivers\NICICCS.sys [456080 2003-08-22] ()
R0 NICM; C:\Windows\System32\drivers\nicm.sys [38603 2008-01-08] (Novell, Inc.)
R3 NWDHCP; C:\Windows\System32\NetWare\nwdhcp.sys [18353 2005-11-22] (Novell, Inc.)
R3 NWDNS; C:\Windows\System32\NetWare\nwdns.sys [45824 2008-07-21] (Novell, Inc.)
R0 NWFILTER; C:\Windows\System32\NetWare\nwfilter.sys [17664 2008-07-21] (Novell, Inc.)
R3 NWHOST; C:\Windows\System32\NetWare\NWHOST.sys [9297 2005-10-12] (Novell, Inc.)
S3 NWSAP; C:\Windows\System32\NetWare\NWSAP.sys [23232 2003-02-26] ()
S2 NWSIPX32; C:\Windows\System32\NetWare\nwsipx32.sys [58496 2008-08-04] (Novell, Inc.)
R3 NWSLP; C:\Windows\System32\NetWare\nwslp.sys [20208 2008-04-04] (Novell, Inc.)
R3 NWSNS; C:\Windows\System32\NetWare\NWSNS.sys [6128 2005-10-12] (Novell, Inc.)
S3 prepdrvr; C:\WINDOWS\system32\CCM\prepdrv.sys [20848 2009-09-18] (Microsoft Corporation)
R3 qcfilterlno2k; C:\Windows\System32\DRIVERS\qcfilterlno2k.sys [5248 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbnetlno2k; C:\Windows\System32\DRIVERS\qcusbnetlno2k.sys [236032 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbserlno2k; C:\Windows\System32\DRIVERS\qcusbserlno2k.sys [190848 2011-05-23] (QUALCOMM Incorporated)
R2 RESMGR; C:\Windows\System32\NetWare\resmgr.sys [29440 2008-07-21] (Novell, Inc.)
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [13952 2009-08-09] (Intel Corporation)
R3 smrtdrv; C:\Windows\System32\DRIVERS\smrtdrv.sys [2432 2011-01-07] (SMART Technologies Inc.)
R3 smsmdd; C:\Windows\System32\DRIVERS\smsmdm.sys [12448 2008-10-20] (Microsoft Corporation)
R1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] ()
R2 SRVLOC; C:\Windows\System32\NetWare\srvloc.sys [185216 2008-08-04] (Novell, Inc.)
R0 stmtpm; C:\Windows\System32\DRIVERS\stm_tpm.sys [21504 2007-06-08] (STMicroelectronics, INC)
R1 tidnet; C:\Windows\System32\DRIVERS\tidnet.sys [26008 2010-04-30] (Telefónica I+D)
R1 TPHKDRV; C:\Windows\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwrif.sys [4442 2010-05-12] ()
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [561536 2008-12-01] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [132352 2008-12-01] (Hauppauge Computer Works, Inc.)
R3 vmkbd; C:\WINDOWS\system32\drivers\VMkbd.sys [23216 2010-01-22] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2010-01-22] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [32688 2010-01-22] (VMware, Inc.)
R2 VMnetuserif; C:\WINDOWS\system32\drivers\vmnetuserif.sys [26288 2010-01-22] (VMware, Inc.)
S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2010-01-22] (VMware, Inc.)
R2 vmx86; C:\WINDOWS\system32\Drivers\vmx86.sys [854192 2010-01-22] (VMware, Inc.)
R2 vstor2-ws60; C:\Programme\VMware\VMware Player\vstor2-ws60.sys [22448 2009-10-12] (VMware, Inc.)
R2 WNTHW; C:\WINDOWS\system32\DRIVERS\WNTHW.SYS [9176 2010-03-24] ()
S3 cpuz132; \??\D:\Temp\cpuz132\cpuz132_x32.sys [x]
S3 esgiguard; \??\C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S4 IntelIde; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-31 16:07 - 2013-12-31 16:07 - 00002076 _____ C:\Dokumente und Einstellungen\Xxx\Desktop\SMC Anwendungen.nal
2013-12-31 16:07 - 2013-12-31 16:07 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Startmenü\SMC Anwendungen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2013-12-31 16:07 - 2013-12-31 16:07 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\SMC Vorlagen für Office 2010
2013-12-31 16:06 - 2013-12-31 16:06 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\SMC
2013-12-27 16:06 - 2013-12-27 16:06 - 00000075 _____ C:\WINDOWS\wininit.ini
2013-12-27 16:01 - 2013-12-28 09:47 - 00000000 ____D C:\Programme\Gemeinsame Dateien\PC Tools
2013-12-27 16:01 - 2013-12-28 09:10 - 00885763 _____ C:\WINDOWS\system32\Drivers\Cat.DB
2013-12-27 16:01 - 2012-11-01 15:35 - 00202280 _____ (PC Tools) C:\WINDOWS\system32\Drivers\PCTSD.sys
2013-12-27 16:00 - 2013-12-28 09:41 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
2013-12-27 16:00 - 2013-12-27 16:00 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\TestApp
2013-12-27 15:58 - 2013-12-27 17:52 - 00000000 ____D C:\Programme\Spybot - Search & Destroy 2
2013-12-27 15:58 - 2013-12-27 17:51 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2013-12-27 15:58 - 2013-12-27 16:06 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2013-12-27 15:54 - 2013-12-27 15:54 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-12-27 14:51 - 2013-12-27 14:51 - 00058278 _____ D:\\bookmark.htm
2013-12-27 01:47 - 2013-12-27 06:53 - 00000000 ____D C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP
2013-12-27 01:47 - 2013-12-27 01:47 - 00000000 ____D C:\Programme\Enigma Software Group
2013-12-27 01:46 - 2013-12-27 01:46 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2013-12-27 00:25 - 2013-12-27 00:25 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\Grisoft
2013-12-27 00:24 - 2013-12-27 00:24 - 00096256 _____ C:\WINDOWS\system32\DlProtectSvc.exe
2013-12-27 00:24 - 2013-12-27 00:24 - 00070656 _____ C:\WINDOWS\system32\ccfgnt32.exe
2013-12-27 00:24 - 2013-12-27 00:24 - 00012800 _____ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dlprotect.exe
2013-12-27 00:24 - 2013-12-27 00:24 - 00000838 _____ C:\Dokumente und Einstellungen\All Users\Desktop\AVG Anti-Spyware.lnk
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Programme\Grisoft
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG Anti-Spyware 7.5
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft
2013-12-27 00:24 - 2007-05-30 13:10 - 00010872 _____ (GRISOFT, s.r.o.) C:\WINDOWS\system32\Drivers\AvgAsCln.sys
2013-12-26 23:49 - 2013-12-31 16:04 - 00019857 _____ C:\WINDOWS\setupapi.log
2013-12-26 23:43 - 2013-12-26 23:52 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator
2013-12-26 23:43 - 2013-12-26 23:43 - 00000712 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk
2013-12-26 23:43 - 2013-12-26 23:43 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\Spyware Terminator
2013-12-26 23:43 - 2013-12-26 23:43 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spyware Terminator 2012
2013-12-26 23:43 - 2011-06-21 11:24 - 00032768 _____ C:\WINDOWS\system32\Drivers\sp_rsdrv2.sys
2013-12-26 23:42 - 2013-12-26 23:42 - 00000000 ____D D:\\MAGIX_MxTray
2013-12-26 23:40 - 2013-12-26 23:43 - 00000000 ____D C:\Programme\Spyware Terminator
2013-12-26 23:14 - 2013-12-26 23:42 - 00000000 ____D D:\\OnDemandDump
2013-12-26 23:14 - 2013-12-26 23:42 - 00000000 ____D D:\\CrashLog
2013-12-26 23:14 - 2013-12-26 23:14 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\MAGIX
2013-12-26 23:12 - 2013-12-27 15:15 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MAGIX
2013-12-26 23:12 - 2013-12-26 23:14 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
2013-12-26 23:12 - 2013-12-26 23:12 - 00000000 ____D C:\Programme\MAGIX
2013-12-26 23:04 - 2013-12-26 23:04 - 00000000 ____D C:\Programme\Ashampoo
2013-12-26 23:04 - 2013-12-26 23:04 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ashampoo
2013-12-26 23:04 - 2009-08-24 21:08 - 00028160 _____ (mst software GmbH, Germany) C:\WINDOWS\system32\DfSdkBt.exe
2013-12-26 22:58 - 2013-12-26 22:58 - 00001698 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\X-Setup Pro.lnk
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Programme\X-Setup Pro
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\X-Setup Pro
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X-Setup Pro
2013-12-26 22:47 - 2013-12-31 16:02 - 00010934 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-26 22:26 - 2013-12-27 14:57 - 00002180 _____ C:\Dokumente und Einstellungen\Xxx\daemonprocess.txt
2013-12-26 22:26 - 2013-12-26 22:26 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\.android
2013-12-13 21:13 - 2013-12-29 14:33 - 00000000 ____D C:\AdwCleaner
2013-12-10 21:16 - 2013-12-10 21:16 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
2013-12-08 19:32 - 2013-12-08 19:32 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-12-08 19:32 - 2013-12-08 19:32 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2013-12-05 22:17 - 2013-12-05 22:17 - 00001758 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Digital Editions 2.0.lnk
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D D:\\My Digital Editions
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe
2013-12-05 22:11 - 2013-12-05 22:31 - 00000000 ____D D:\\Calibre-Bibliothek
2013-12-05 22:11 - 2013-12-05 22:12 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\calibre
2013-12-05 22:11 - 2013-12-05 22:11 - 00000000 ____D C:\Programme\Calibre2
2013-12-05 22:11 - 2013-12-05 22:11 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\calibre - E-book Management
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D D:\\iPubsoft files
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D D:\\iPubsoft
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\iPubsoft
2013-12-05 21:35 - 2013-12-05 21:35 - 00000000 ____D C:\Programme\iPubsoft
2013-12-05 21:35 - 2013-12-05 21:35 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iPubsoft
2013-12-02 22:51 - 2013-12-02 22:51 - 00001529 _____ C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
2013-12-02 22:51 - 2013-12-02 22:51 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
2013-12-02 22:50 - 2013-12-02 22:51 - 00000000 ____D C:\Programme\iTunes
2013-12-02 22:50 - 2013-12-02 22:51 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-02 22:50 - 2013-12-02 22:50 - 00000000 ____D C:\Programme\iPod
==================== One Month Modified Files and Folders =======
2013-12-31 16:08 - 2010-11-12 11:22 - 00000000 ____D D:\\Temp
2013-12-31 16:07 - 2013-12-31 16:07 - 00002076 _____ C:\Dokumente und Einstellungen\Xxx\Desktop\SMC Anwendungen.nal
2013-12-31 16:07 - 2013-12-31 16:07 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Startmenü\SMC Anwendungen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2013-12-31 16:07 - 2013-12-31 16:07 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\SMC Vorlagen für Office 2010
2013-12-31 16:07 - 2013-07-07 19:52 - 00000000 ____D C:\FRST
2013-12-31 16:07 - 2010-11-12 14:26 - 00000000 ___RD C:\Dokumente und Einstellungen\Xxx\Startmenü
2013-12-31 16:07 - 2010-11-12 13:35 - 00000463 _____ C:\WINDOWS\smscfg.ini
2013-12-31 16:07 - 2009-12-01 18:29 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü
2013-12-31 16:06 - 2013-12-31 16:06 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\SMC
2013-12-31 16:05 - 2010-11-12 13:32 - 00000316 _____ C:\WINDOWS\Tasks\PMTask.job
2013-12-31 16:05 - 2010-11-12 11:20 - 00000000 ___HD C:\NALCache
2013-12-31 16:04 - 2013-12-26 23:49 - 00019857 _____ C:\WINDOWS\setupapi.log
2013-12-31 16:04 - 2012-05-29 21:11 - 00001104 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-31 16:04 - 2011-01-06 11:01 - 00000000 ____D C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\VMware
2013-12-31 16:04 - 2011-01-06 11:00 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VMware
2013-12-31 16:04 - 2010-11-12 14:27 - 00000972 __RSH C:\Dokumente und Einstellungen\Xxx\ntuser.pol
2013-12-31 16:04 - 2010-11-12 14:26 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx
2013-12-31 16:04 - 2010-11-12 11:32 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy.UserCache
2013-12-31 16:04 - 2010-11-12 11:20 - 00019868 __RSH C:\Dokumente und Einstellungen\All Users\ntuser.pol
2013-12-31 16:04 - 2010-11-12 11:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2013-12-31 16:04 - 2008-04-14 18:30 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-31 16:03 - 2009-12-01 14:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-31 16:02 - 2013-12-26 22:47 - 00010934 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-31 16:02 - 2012-05-29 21:11 - 00001108 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-31 16:02 - 2010-11-12 14:27 - 00000190 ___SH C:\Dokumente und Einstellungen\Xxx\ntuser.ini
2013-12-31 16:02 - 2010-11-12 12:33 - 02097152 _____ C:\WINDOWS\system32\config\PatchLin.evt
2013-12-31 16:02 - 2009-12-01 18:31 - 00000333 _____ C:\WINDOWS\wiadebug.log
2013-12-31 16:02 - 2009-12-01 14:11 - 00032586 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-31 15:52 - 2011-02-14 15:53 - 00000000 ____D D:\\Downloads
2013-12-31 15:51 - 2009-12-01 18:29 - 00000000 ___RD C:\Programme
2013-12-31 15:42 - 2010-11-12 11:24 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-12-31 15:29 - 2013-02-03 16:18 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-31 15:03 - 2009-12-01 18:31 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-12-30 00:38 - 2012-07-19 16:05 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2013-12-29 17:09 - 2010-11-12 13:23 - 00000000 __SHD D:\\System Volume Information
2013-12-29 17:09 - 2009-12-01 14:03 - 00000000 ____D C:\WINDOWS\Registration
2013-12-29 14:33 - 2013-12-13 21:13 - 00000000 ____D C:\AdwCleaner
2013-12-28 13:06 - 2013-07-07 22:11 - 00001024 ____H C:\WINDOWS\system32\default_user_class.dat.LOG
2013-12-28 10:07 - 2009-12-01 18:29 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2013-12-28 09:47 - 2013-12-27 16:01 - 00000000 ____D C:\Programme\Gemeinsame Dateien\PC Tools
2013-12-28 09:41 - 2013-12-27 16:00 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
2013-12-28 09:10 - 2013-12-27 16:01 - 00885763 _____ C:\WINDOWS\system32\Drivers\Cat.DB
2013-12-27 17:52 - 2013-12-27 15:58 - 00000000 ____D C:\Programme\Spybot - Search & Destroy 2
2013-12-27 17:52 - 2012-04-28 12:09 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-12-27 17:51 - 2013-12-27 15:58 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2013-12-27 17:02 - 2009-12-01 14:11 - 00000000 __SHD C:\Dokumente und Einstellungen\NetworkService
2013-12-27 16:06 - 2013-12-27 16:06 - 00000075 _____ C:\WINDOWS\wininit.ini
2013-12-27 16:06 - 2013-12-27 15:58 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2013-12-27 16:04 - 2010-11-19 11:05 - 00000000 ____D C:\Programme\Hardcopy
2013-12-27 16:00 - 2013-12-27 16:00 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\TestApp
2013-12-27 15:54 - 2013-12-27 15:54 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-12-27 15:15 - 2013-12-26 23:12 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MAGIX
2013-12-27 14:57 - 2013-12-26 22:26 - 00002180 _____ C:\Dokumente und Einstellungen\Xxx\daemonprocess.txt
2013-12-27 14:51 - 2013-12-27 14:51 - 00058278 _____ D:\\bookmark.htm
2013-12-27 14:47 - 2009-12-01 14:11 - 00000000 __SHD C:\Dokumente und Einstellungen\LocalService
2013-12-27 14:47 - 2009-12-01 14:11 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator
2013-12-27 14:46 - 2013-07-08 20:18 - 00000000 ____D C:\JRT
2013-12-27 14:46 - 2009-12-01 19:23 - 00000000 ____D C:\WINDOWS\Help
2013-12-27 14:32 - 2009-12-01 14:12 - 00000000 ____D C:\WINDOWS\I386
2013-12-27 07:00 - 2010-11-12 18:10 - 00000000 __SHD C:\WINDOWS\CSC
2013-12-27 06:53 - 2013-12-27 01:47 - 00000000 ____D C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP
2013-12-27 06:53 - 2010-11-12 14:26 - 00000000 ___RD C:\Dokumente und Einstellungen\Xxx\Startmenü\Programme
2013-12-27 01:55 - 2010-11-12 14:27 - 00001606 _____ C:\Dokumente und Einstellungen\Xxx\Startmenü\Programme\Remoteunterstützung.lnk
2013-12-27 01:54 - 2010-07-26 10:30 - 00001606 _____ C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Remoteunterstützung.lnk
2013-12-27 01:53 - 2010-07-26 10:29 - 00001606 _____ C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Remoteunterstützung.lnk
2013-12-27 01:47 - 2013-12-27 01:47 - 00000000 ____D C:\Programme\Enigma Software Group
2013-12-27 01:46 - 2013-12-27 01:46 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2013-12-27 00:47 - 2012-11-11 18:00 - 00000888 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
2013-12-27 00:47 - 2012-11-11 18:00 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome
2013-12-27 00:47 - 2012-03-14 10:47 - 00000709 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
2013-12-27 00:47 - 2011-01-08 13:19 - 00000676 _____ C:\Dokumente und Einstellungen\Xxx\Startmenü\Programme\Internet Explorer.lnk
2013-12-27 00:47 - 2010-12-01 20:25 - 00000703 _____ C:\Dokumente und Einstellungen\All Users\Desktop\sps.lnk
2013-12-27 00:47 - 2010-11-12 14:26 - 00000000 ___RD C:\Dokumente und Einstellungen\Xxx\Startmenü\Programme\Autostart
2013-12-27 00:25 - 2013-12-27 00:25 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\Grisoft
2013-12-27 00:24 - 2013-12-27 00:24 - 00096256 _____ C:\WINDOWS\system32\DlProtectSvc.exe
2013-12-27 00:24 - 2013-12-27 00:24 - 00070656 _____ C:\WINDOWS\system32\ccfgnt32.exe
2013-12-27 00:24 - 2013-12-27 00:24 - 00012800 _____ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dlprotect.exe
2013-12-27 00:24 - 2013-12-27 00:24 - 00000838 _____ C:\Dokumente und Einstellungen\All Users\Desktop\AVG Anti-Spyware.lnk
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Programme\Grisoft
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG Anti-Spyware 7.5
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft
2013-12-26 23:52 - 2013-12-26 23:43 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator
2013-12-26 23:51 - 2009-12-01 18:29 - 01148676 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-26 23:51 - 2008-04-15 18:30 - 00355152 _____ C:\WINDOWS\system32\perfh015.dat
2013-12-26 23:51 - 2008-04-15 18:30 - 00049376 _____ C:\WINDOWS\system32\perfc015.dat
2013-12-26 23:43 - 2013-12-26 23:43 - 00000712 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk
2013-12-26 23:43 - 2013-12-26 23:43 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\Spyware Terminator
2013-12-26 23:43 - 2013-12-26 23:43 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spyware Terminator 2012
2013-12-26 23:43 - 2013-12-26 23:40 - 00000000 ____D C:\Programme\Spyware Terminator
2013-12-26 23:42 - 2013-12-26 23:42 - 00000000 ____D D:\\MAGIX_MxTray
2013-12-26 23:42 - 2013-12-26 23:14 - 00000000 ____D D:\\OnDemandDump
2013-12-26 23:42 - 2013-12-26 23:14 - 00000000 ____D D:\\CrashLog
2013-12-26 23:28 - 2012-11-10 15:59 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 7
2013-12-26 23:14 - 2013-12-26 23:14 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\MAGIX
2013-12-26 23:14 - 2013-12-26 23:12 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
2013-12-26 23:12 - 2013-12-26 23:12 - 00000000 ____D C:\Programme\MAGIX
2013-12-26 23:04 - 2013-12-26 23:04 - 00000000 ____D C:\Programme\Ashampoo
2013-12-26 23:04 - 2013-12-26 23:04 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ashampoo
2013-12-26 22:58 - 2013-12-26 22:58 - 00001698 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\X-Setup Pro.lnk
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Programme\X-Setup Pro
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\X-Setup Pro
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X-Setup Pro
2013-12-26 22:56 - 2010-11-12 11:31 - 00000000 ____D C:\Programme\PowerArchiver
2013-12-26 22:48 - 2013-09-30 08:22 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Desktop\tmp
2013-12-26 22:29 - 2012-02-26 22:17 - 00000661 _____ C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
2013-12-26 22:29 - 2012-02-26 22:17 - 00000000 ____D C:\Programme\CCleaner
2013-12-26 22:26 - 2013-12-26 22:26 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\.android
2013-12-20 08:34 - 2010-11-12 11:22 - 00000000 ____D D:\\Favoriten
2013-12-18 22:14 - 2009-12-01 18:31 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
2013-12-11 18:29 - 2012-11-13 01:20 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-11 18:29 - 2012-11-13 01:20 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-10 21:29 - 2010-11-16 11:10 - 00000000 __SHD C:\Dokumente und Einstellungen\Xxx\UserData
2013-12-10 21:16 - 2013-12-10 21:16 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
2013-12-10 21:16 - 2012-05-29 21:11 - 00000000 ____D C:\Programme\Google
2013-12-08 19:32 - 2013-12-08 19:32 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-12-08 19:32 - 2013-12-08 19:32 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2013-12-08 19:32 - 2012-03-14 11:11 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-12-08 19:32 - 2010-12-01 09:22 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Java
2013-12-05 22:31 - 2013-12-05 22:11 - 00000000 ____D D:\\Calibre-Bibliothek
2013-12-05 22:17 - 2013-12-05 22:17 - 00001758 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Digital Editions 2.0.lnk
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D D:\\My Digital Editions
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe
2013-12-05 22:17 - 2012-11-11 18:00 - 00000000 ____D C:\Programme\Adobe
2013-12-05 22:12 - 2013-12-05 22:11 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\calibre
2013-12-05 22:11 - 2013-12-05 22:11 - 00000000 ____D C:\Programme\Calibre2
2013-12-05 22:11 - 2013-12-05 22:11 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\calibre - E-book Management
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D D:\\iPubsoft files
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D D:\\iPubsoft
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\iPubsoft
2013-12-05 21:35 - 2013-12-05 21:35 - 00000000 ____D C:\Programme\iPubsoft
2013-12-05 21:35 - 2013-12-05 21:35 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iPubsoft
2013-12-02 22:51 - 2013-12-02 22:51 - 00001529 _____ C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
2013-12-02 22:51 - 2013-12-02 22:51 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
2013-12-02 22:51 - 2013-12-02 22:50 - 00000000 ____D C:\Programme\iTunes
2013-12-02 22:51 - 2013-12-02 22:50 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-02 22:50 - 2013-12-02 22:50 - 00000000 ____D C:\Programme\iPod
2013-12-02 22:50 - 2012-09-29 00:29 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Apple
2013-12-02 22:46 - 2011-01-06 09:26 - 00000000 ____D D:\\FastTrack
2013-12-02 14:02 - 2013-09-20 10:55 - 00000000 ____D D:\\Thomas
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2008-04-14 18:30] - [2008-04-14 18:30] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[2008-04-14 18:30] - [2008-04-14 18:30] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[2008-04-14 18:30] - [2008-04-14 18:30] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[2009-02-09 17:51] - [2009-02-09 17:51] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[2008-04-14 18:30] - [2008-04-14 18:30] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[2008-04-14 18:30] - [2008-04-14 18:30] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 18:30] - [2008-04-14 18:30] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
Status: Habe hier wohl noch einen Trojaner wie dem Scan zu entnehmen. Zudem kann ich vermutlich aufgrund desen den abgesicherten Modus nicht starten. Hier kommt dann ein Bluescreen und der Neustart beginnt. Wie könne wir den löschen? Danke für deine Hilfe Geändert von tw14199 (31.12.2013 um 16:13 Uhr) |
|
01.01.2014, 13:23
| #8 |
| /// the machine /// TB-Ausbilder | Backdoor sdboot.ry Virus kann nicht gelöscht werden Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\WINDOWS\system32\ccfgnt32.exe
C:\WINDOWS\system32\DlProtectSvc.exe
HKLM\...\Run: [Download Protect] - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dlprotect.exe [12800 2013-12-27] ()
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dlprotect.exe
BootExecute: autocheck autochk * sdnclean.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade dir bitte Windows Repair (All In One) von hier.
Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier. und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.01.2014, 17:56
| #9 |
| | Backdoor sdboot.ry Virus kann nicht gelöscht werden Hallo, Fixlist: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-12-2013
Ran by Thomas Walldorf at 2014-01-01 16:28:49 Run:1
Running from C:\Dokumente und Einstellungen\Thomas Walldorf\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\WINDOWS\system32\ccfgnt32.exe
C:\WINDOWS\system32\DlProtectSvc.exe
HKLM\...\Run: [Download Protect] - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dlprotect.exe [12800 2013-12-27] ()
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dlprotect.exe
BootExecute: autocheck autochk * sdnclean.exe
*****************
C:\WINDOWS\system32\ccfgnt32.exe => Moved successfully.
C:\WINDOWS\system32\DlProtectSvc.exe => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Download Protect => Value deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dlprotect.exe => Moved successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
The system needs a manual reboot.
==== End of Fixlog ====
FSS.txt: Code:
ATTFilter Farbar Service Scanner Version: 05-12-2013
Ran by Thomas Walldorf (administrator) on 01-01-2014 at 17:47:01
Running from "C:\Dokumente und Einstellungen\Thomas Walldorf\Desktop\tmp\performance"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".
Windows Autoupdate Disabled Policy:
============================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=DWORD:1
Other Services:
==============
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2008-04-14 18:30] - [2008-04-14 18:30] - 0127488 ____A (Microsoft Corporation) C29A1C9B75BA38FA37F8C44405DEC360
C:\WINDOWS\system32\Drivers\afd.sys
[2008-08-14 16:34] - [2008-10-16 15:43] - 0138496 ____A (Microsoft Corporation) 7618D5218F2A614672EC61A80D854A37
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2008-04-14 18:30] - [2009-04-20 18:17] - 0045568 ____A (Microsoft Corporation) 407F3227AC618FD1CA54B335B083DE07
C:\WINDOWS\system32\ipnathlp.dll
[2008-04-14 18:30] - [2008-04-14 18:30] - 0334336 ____A (Microsoft Corporation) CAD058D5F8B889A87CA3EB3CF624DCEF
C:\WINDOWS\system32\netman.dll
[2008-04-14 18:30] - [2008-04-14 18:30] - 0198144 ____A (Microsoft Corporation) E6D88F1F6745BF00B57E7855A2AB696C
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-12-01 14:02] - [2008-04-14 18:30] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729
C:\WINDOWS\system32\srsvc.dll
[2009-12-01 14:04] - [2008-04-14 18:30] - 0171520 ____A (Microsoft Corporation) FE77A85495065F3AD59C5C65B6C54182
C:\WINDOWS\system32\Drivers\sr.sys
[2009-12-01 14:04] - [2008-04-14 18:30] - 0073472 ____A (Microsoft Corporation) 50FA898F8C032796D3B1B9951BB5A90F
C:\WINDOWS\system32\wscsvc.dll
[2008-04-14 18:30] - [2008-04-14 18:30] - 0080896 ____A (Microsoft Corporation) 300B3E84FAF1A5C1F791C159BA28035D
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-12-01 14:02] - [2008-04-14 18:30] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729
C:\WINDOWS\system32\wuauserv.dll
[2009-12-01 14:04] - [2008-04-14 18:30] - 0006656 ____A (Microsoft Corporation) 7B4FE05202AA6BF9F4DFD0E6A0D8A085
C:\WINDOWS\system32\qmgr.dll
[2009-12-01 14:04] - [2008-04-14 18:30] - 0409088 ____A (Microsoft Corporation) D6F603772A789BB3228F310D650B8BD1
C:\WINDOWS\system32\es.dll
[2008-07-08 02:56] - [2008-07-08 02:56] - 0253952 ____A (Microsoft Corporation) AF4F6B5739D18CA7972AB53E091CBC74
C:\WINDOWS\system32\cryptsvc.dll
[2008-04-14 18:30] - [2008-04-14 18:30] - 0062464 ____A (Microsoft Corporation) 611F824E5C703A5A899F84C5F1699E4D
C:\WINDOWS\system32\svchost.exe
[2008-04-14 18:30] - [2008-04-14 18:30] - 0014336 ____A (Microsoft Corporation) 4FBC75B74479C7A6F829E0CA19DF3366
C:\WINDOWS\system32\rpcss.dll
[2009-02-09 17:21] - [2009-02-09 17:21] - 0401408 ____A (Microsoft Corporation) 3127AFBF2C1ED0AB14A1BBB7AAECB85B
C:\WINDOWS\system32\services.exe
[2009-02-09 17:51] - [2009-02-09 17:51] - 0111104 ____A (Microsoft Corporation) A3EDBE9053889FB24AB22492472B39DC
Extra List:
=======
BM(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) VMnetBridge(10)
0x0A0000000400000001000000020000000300000005000000060000000700000008000000090000000A000000
IpSec Tag value is correct.
**** End of log ****
Wie überpürfen wir diese Funde des ESET Smartinstaller. Code:
ATTFilter sh=C5828B700B9EF61FA1534D5D18482BF12F591CBF ft=1 fh=0404da55e35b3671 vn="a variant of Win32/AdWare.SpeedingUpMyPC.D application" ac=I fn="C:\System Volume Information\_restore{7C76E802-D556-4D93-A89E-041AC291A00C}\RP528\A0268466.exe"
sh=DDD2974F59F7DBB2C99557C05FB33787C7B27748 ft=1 fh=b62022df389e395a vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="C:\System Volume Information\_restore{7C76E802-D556-4D93-A89E-041AC291A00C}\RP528\A0268469.exe"
sh=E726D8BAED9714F2CCF9E8EE01DA76F32716870A ft=1 fh=3a4d9e1ea77ed494 vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="C:\System Volume Information\_restore{7C76E802-D556-4D93-A89E-041AC291A00C}\RP528\A0268473.exe"
sh=81301DFED7B52CBB01DC70F0F35FD8AD4DF65008 ft=1 fh=0e84870967874c85 vn="a variant of Win32/BHO.OGV trojan" ac=I fn="C:\WINDOWS\system32\ccfgnt32.exe"
sh=C71F3310952400F125B0A7A1F6FA27B8F19870FB ft=1 fh=d80cbfc021b4a604 vn="a variant of Win32/Webprefix.B trojan" ac=I fn="C:\WINDOWS\system32\DlProtectSvc.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="multiple threats" ac=I fn="${Memory}"
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-12-2013
Ran by XXX (administrator) on MC00018329 on 01-01-2014 17:52:56
Running from C:\Dokumente und Einstellungen\XXX\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Novell, Inc) C:\Programme\Novell\CASA\bin\micasad.exe
(Novell, Inc.) C:\WINDOWS\system32\novell\xtagent.exe
(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(Intel(R) Corporation) C:\Programme\Intel\WiFi\bin\S24EvMon.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
(Array Networks, Inc.) C:\Program Files\Array Networks\Common\8,4,0,264\arr_isrv.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
(Autonomy Corporation plc) C:\Programme\Iron Mountain\Connected BackupPC\AgentService.exe
(Apple Inc.) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Array Networks, Inc.) C:\Program Files\Array Networks\Array SSL VPN\8,4,0,264\arr_srvs.exe
(GRISOFT s.r.o.) C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
(Lenovo.) C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
(Intel(R) Corporation) C:\Programme\Intel\WiFi\bin\EvtEng.exe
(OptionNV) C:\Programme\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\bin\TSUsage32.exe
(Lenovo Group Limited) C:\Programme\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\micmute.exe
(Intel Corporation) C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(IBM Corp) C:\Notes\nslsvice.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corp.) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
() C:\Programme\MySQL\MySQL Server 5.1\bin\mysqld.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\NALNTSRV.EXE
(Novell, Inc.) C:\Programme\PatchLink\Update Agent\GravitixService.exe
(QUALCOMM, Inc.) C:\Programme\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
(Refresh IT Solutions) C:\Programme\Refresh IT Solutions\Refresh Devices Manager\RDMAgent.exe
(Intel(R) Corporation) C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
(Crawler.com) C:\Programme\Spyware Terminator\st_rsser.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
(Telefónica I+D) C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Microsoft Corporation) C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
(Intel Corporation) C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Programme\UPHClean\uphclean.exe
(VMware, Inc.) C:\Programme\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\WINDOWS\system32\vmnat.exe
(Microsoft Corporation) C:\Programme\Windows Media Player\wmpnetwk.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\WM.EXE
() C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
(VMware, Inc.) C:\WINDOWS\system32\vmnetdhcp.exe
(Broadcom Corporation.) C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\WMRUNDLL.EXE
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Programme\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Lenovo.) C:\WINDOWS\system32\TpShocks.exe
(Synaptics Incorporated) C:\Programme\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Ltd.) C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
(LENOVO) C:\Programme\ThinkVantage\AMSG\Amsg.exe
(Ricoh co.,Ltd.) C:\Programme\Integrated Camera Driver\RCIMGDIR.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Programme\Lenovo\ZOOM\TpScrex.exe
(Novell, Inc.) C:\WINDOWS\system32\dpmw32.exe
(Novell, Inc.) C:\WINDOWS\system32\nwtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(VMware, Inc.) C:\Programme\VMware\VMware Player\hqtray.exe
(Novell, Inc) C:\Programme\Novell\ZENworks\NalAgent.exe
(Novell, Inc.) C:\Programme\PatchLink\Update Agent\pddm.exe
(Research In Motion Limited) C:\Programme\Gemeinsame Dateien\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Hewlett-Packard) C:\Programme\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
(Autonomy Corporation plc) C:\Programme\Iron Mountain\Connected BackupPC\Agent.exe
(shbox.de) C:\Programme\FreePDF_XP\fpassist.exe
(Haufe-Lexware GmbH & Co. KG) C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe
(Apple Inc.) C:\Programme\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Programme\iPod\bin\iPodService.exe
(GRISOFT s.r.o.) C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
(Broadcom Corporation.) C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Programme\McAfee Security Scan\3.8.130\SSScheduler.exe
(Broadcom Corporation.) C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Lenovo) C:\Programme\ThinkPad\ConnectUtilities\Access Connections.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(Farbar) C:\Dokumente und Einstellungen\XXX\Desktop\tmp\performance\FSS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\...\Run: [TpShocks] - C:\WINDOWS\system32\TpShocks.exe [337256 2009-12-11] (Lenovo.)
HKLM\...\Run: [picon] - C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\PrivacyIconClient.exe [358424 2009-08-04] (Intel Corporation)
HKLM\...\Run: [IMSS] - C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-03-25] ()
HKLM\...\Run: [EZEJMNAP] - C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE [256576 2008-10-07] (Lenovo Group Ltd.)
HKLM\...\Run: [TPHOTKEY] - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited)
HKLM\...\Run: [AMSG] - C:\Programme\ThinkVantage\AMSG\Amsg.exe [436800 2009-09-03] (LENOVO)
HKLM\...\Run: [PWRMGRTR] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [RotateImage] - C:\Programme\Integrated Camera Driver\RCIMGDIR.exe [31744 2008-10-30] (Ricoh co.,Ltd.)
HKLM\...\Run: [NDPS] - C:\WINDOWS\system32\dpmw32.exe [32859 2004-05-17] (Novell, Inc.)
HKLM\...\Run: [NWTRAY] - C:\WINDOWS\system32\nwtray.exe [28672 2002-03-12] (Novell, Inc.)
HKLM\...\Run: [ZENRC Tray Icon] - C:\WINDOWS\system32\zentray.exe [40960 2005-05-18] (Novell, Inc.)
HKLM\...\Run: [Application Explorer] - C:\Programme\Novell\ZENworks\NALDESK.EXE [7168 2006-06-13] (Novell, Inc.)
HKLM\...\Run: [Tweak UI] - RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
HKLM\...\Run: [VMware hqtray] - C:\Programme\VMware\VMware Player\hqtray.exe [64048 2010-01-22] (VMware, Inc.)
HKLM\...\Run: [PDDM] - C:\Programme\PatchLink\Update Agent\pddm.exe [401408 2009-07-28] (Novell, Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Programme\Gemeinsame Dateien\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM\...\Run: [ACTray] - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe [425984 2010-09-17] (Lenovo )
HKLM\...\Run: [ACWLIcon] - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe [176128 2010-09-17] (Lenovo )
HKLM\...\Run: [HP Software Update] - C:\Programme\HP\HP Software Update\hpwuschd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [ToolboxFX] - C:\Programme\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-10-25] (Hewlett-Packard Company)
HKLM\...\Run: [Adobe ARM] - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [AgentUiRunKey] - C:\Programme\Iron Mountain\Connected BackupPC\Agent.exe [294400 2012-03-20] (Autonomy Corporation plc)
HKLM\...\Run: [FreePDF Assistant] - C:\Programme\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM\...\Run: [LexwareInfoService] - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [Communicator] - C:\Programme\Microsoft Lync\communicator.exe [12107944 2013-03-22] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Programme\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Programme\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [!AVG Anti-Spyware] - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [6731312 2007-06-11] (GRISOFT s.r.o.)
Winlogon\Notify\LCredMgr: C:\Programme\Novell\CASA\bin\lcredmgr.dll ()
Winlogon\Notify\NetIdentity Notification: C:\WINDOWS\system32\novell\xtnotify.dll (Novell, Inc.)
HKCU\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\SanDisk\SanDiskSecureAccess_Manager.exe [27311232 2011-06-29] (Gemalto N.V.)
HKCU\...\Policies\system: [WarningMsgInBody]
Lsa: [Authentication Packages] msv1_0 nwv1_0
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
BHO: No Name - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} https://quickplace.steria-mummert.de/qp2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://external.econgas.com/InternalSite/WhlCompMgr.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://domino.muenchen.steria-mummert.de/dwa8W.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Programme\QlikView\QvProtocol\qvp.dll (QlikTech AB)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Application Explorer - {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Programme\Novell\ZENworks\NalShell.dll [458752 2007-08-08] (Novell, Inc)
ShellExecuteHooks: CShellExecuteHookImpl Object - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [79408 2007-05-30] (GRISOFT s.r.o.)
Winsock: Catalog5 04 %SystemRoot%\system32\netware\NWWS2NDS.DLL [36947] (Novell, Inc.)
Winsock: Catalog5 05 %SystemRoot%\system32\netware\NWWS2SAP.DLL [32851] (Novell, Inc.)
Winsock: Catalog5 06 %SystemRoot%\system32\netware\NWWS2SLP.DLL [49235] (Novell, Inc.)
Winsock: Catalog5 07 C:\Programme\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{9EFE6EF8-64B2-4A8B-A464-4F9E0FCE7DAA}: [NameServer]192.135.82.44,192.135.82.60
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\u6lso5da.default
FF NewTab: www.google.com
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: www.google.com
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Programme\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Programme\Microsoft Silverlight\4.0.50826.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Programme\Gemeinsame Dateien\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\u6lso5da.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: Click to call with Skype - C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [{cf828622-feaf-4708-8e39-395e58c9f1cc}] - C:\Programme\Re-markit\150.xpi
========================== Services (Whitelisted) =================
R2 AcPrfMgrSvc; C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [98304 2010-09-17] (Lenovo )
R2 AcSvc; C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe [237568 2010-09-17] (Lenovo )
R2 AgentService; C:\Programme\Iron Mountain\Connected BackupPC\AgentService.exe [7617952 2012-03-20] (Autonomy Corporation plc)
R2 Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624 2013-09-07] (Apple Inc.)
R2 ArraySSL_VPN_Service8.4.0.264; C:\Program Files\Array Networks\Array SSL VPN\8,4,0,264\arr_srvs.exe [239024 2010-03-10] (Array Networks, Inc.)
R2 Array_Utility_Service8.4.0.264; C:\Program Files\Array Networks\Common\8,4,0,264\arr_isrv.exe [398768 2010-03-10] (Array Networks, Inc.)
R2 AVG Anti-Spyware Guard; C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe [312880 2007-05-30] (GRISOFT s.r.o.)
S4 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.)
R2 btwdins; C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe [349528 2010-05-25] (Broadcom Corporation.)
S2 CcmExec; C:\WINDOWS\system32\CCM\CcmExec.exe [764768 2009-09-18] (Microsoft Corporation)
S3 cusrvc; C:\WINDOWS\system32\cusrvc.exe [53339 2008-08-04] (Novell, Inc.)
S3 DMService; C:\WINDOWS\DOWNLO~1\DMService.exe [517360 2013-11-08] (Microsoft Corporation)
R2 DozeSvc; C:\Programme\ThinkPad\Utilities\DOZESVC.EXE [132456 2010-05-12] (Lenovo.)
R2 EvtEng; C:\Programme\Intel\WiFi\bin\EvtEng.exe [862480 2010-03-05] (Intel(R) Corporation)
R2 GtDetectSc; C:\Programme\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe [545792 2009-05-04] (OptionNV)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2012-05-29] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2012-05-29] (Google Inc.)
S2 HP LaserJet Service; C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP)
R3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [553288 2013-11-02] (Apple Inc.)
S4 IviRegMgr; C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe [112152 2007-01-04] (InterVideo)
R2 LENOVO.CAMMUTE; C:\Programme\Lenovo\Communications Utility\CAMMUTE.exe [43584 2012-01-16] (Lenovo Group Limited)
R2 Lenovo.micmute; C:\Programme\LENOVO\HOTKEY\MICMUTE.exe [45496 2010-04-07] (Lenovo Group Limited)
R2 LMS; C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [266576 2010-03-25] (Intel Corporation)
R2 Lotus Notes Single Logon; C:\Notes\nslsvice.exe [31624 2008-08-08] (IBM Corp)
R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Programme\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2013-12-27] (Mozilla Foundation)
R2 msoidsvc; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1542560 2010-08-17] (Microsoft Corp.)
R2 MySQL; C:\Programme\MySQL\MySQL Server 5.1\my.ini [848 2012-02-26] ()
R2 NALNTSERVICE; C:\Programme\Novell\ZENworks\nalntsrv.exe [113152 2006-06-13] (Novell, Inc.)
R2 Novell Identity Store; C:\Programme\Novell\CASA\bin\micasad.exe [245760 2009-10-14] (Novell, Inc)
R2 Novell ZENworks Agent Service; C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe [28672 2010-06-30] (Novell, Inc.)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S3 osppsvc; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4640000 2010-01-09] (Microsoft Corporation)
R2 PatchLink Update; C:\Programme\PatchLink\Update Agent\GravitixService.exe [81920 2009-07-28] (Novell, Inc.)
R2 Power Manager DBC Service; C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe [53248 2010-05-12] ()
R2 QDLService2kLenovo; C:\Programme\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [1688384 2011-05-23] (QUALCOMM, Inc.)
R2 RefreshDevicesManager; C:\Programme\Refresh IT Solutions\Refresh Devices Manager\RDMAgent.exe [738304 2012-02-28] (Refresh IT Solutions)
R2 RegSrvc; C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe [473360 2010-03-05] (Intel(R) Corporation)
R2 Remote Management Agent; C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [167936 2006-05-09] (Novell, Inc.)
R2 S24EventMonitor; C:\Programme\Intel\WiFi\bin\S24EvMon.exe [954368 2010-03-05] (Intel(R) Corporation)
S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
S2 SMART Mirror Driver Monitor Service; C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\TANDBERG\See&Share\monitorservice.exe [135680 2011-01-07] (SMART Technologies)
S3 smstsmgr; C:\WINDOWS\system32\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
R2 ST2012_Svc; C:\Programme\Spyware Terminator\st_rsser.exe [587912 2013-10-22] (Crawler.com)
R2 TeamViewer8; C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe [4153184 2013-07-08] (TeamViewer GmbH)
R2 TGCM_ImportWiFiSvc; C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D)
R2 TPHKSVC; C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe [63928 2010-04-07] (Lenovo Group Limited)
R2 uagqecsvc; C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [169200 2013-01-22] (Microsoft Corporation)
R2 UNS; C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2320920 2010-03-25] (Intel Corporation)
R2 UPHClean; C:\Programme\UPHClean\uphclean.exe [241725 2005-04-27] (Microsoft Corporation)
R2 VMAuthdService; C:\Programme\VMware\VMware Player\vmware-authd.exe [113200 2010-01-22] (VMware, Inc.)
R2 VMnetDHCP; C:\WINDOWS\system32\vmnetdhcp.exe [334384 2010-01-22] (VMware, Inc.)
R2 VMUSBArbService; C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe [563760 2010-01-22] (VMware, Inc.)
R2 VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [395824 2010-01-22] (VMware, Inc.)
R2 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
R2 XTAgent; C:\Windows\System32\Novell\XTAgent.exe [61440 2007-01-10] (Novell, Inc.)
S3 ZENPreAgent; C:\WINDOWS\novell\zenworks\bin\ZENPreAgent.exe [196608 2010-11-12] ()
R2 ZFDWM; C:\Programme\Novell\ZENworks\wm.exe [152128 2007-02-07] (Novell, Inc.)
S2 DlProtectSvc; C:\WINDOWS\system32\DlProtectSvc.exe [x]
S4 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf"
S3 ufad-ws60; "C:\Programme\VMware\VMware Player\vmware-ufad.exe" -d "C:\Programme\VMware\VMware Player\\" -s ufad-p2v.xml
S2 vmnat32; C:\WINDOWS\system32\ccfgnt32.exe [x]
==================== Drivers (Whitelisted) ====================
R1 ANC; C:\Windows\System32\drivers\ANC.SYS [11520 2005-09-28] (IBM Corp.)
S3 ATP; C:\Windows\System32\DRIVERS\atpdrvr.sys [16256 2009-09-03] (Array Networks, Inc.)
R1 AVG Anti-Spyware Driver; C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.sys [11000 2007-05-30] ()
R1 AvgAsCln; C:\Windows\System32\DRIVERS\AvgAsCln.sys [10872 2007-05-30] (GRISOFT, s.r.o.)
R2 BlankScr; C:\Windows\System32\Drivers\BlankScr.sys [6899 2005-05-23] (Novell Inc.)
R3 BM; C:\Windows\System32\DRIVERS\vptunnel.sys [217164 2006-10-28] (Novell, Inc.)
R3 btaudio; C:\Windows\System32\drivers\btaudio.sys [533152 2010-06-01] (Broadcom Corporation.)
R3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [37160 2010-06-01] (Broadcom Corporation.)
R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [993320 2010-06-01] (Broadcom Corporation.)
S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [156816 2010-06-01] (Broadcom Corporation.)
R3 btwmodem; C:\Windows\System32\DRIVERS\btwmodem.sys [37032 2010-06-01] (Broadcom Corporation.)
R3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [51752 2010-06-01] (Broadcom Corporation.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 CnxtHdAudService; C:\Windows\System32\drivers\CHDAU32.sys [1756216 2010-03-31] (Conexant Systems Inc.)
R3 Darpan; C:\Windows\System32\DRIVERS\Darpan.sys [2773 2005-05-23] (Novell, Inc.)
S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k5132.sys [167080 2009-12-10] (Intel Corporation)
R2 hcmon; C:\WINDOWS\system32\drivers\hcmon.sys [32304 2010-01-22] (VMware, Inc.)
S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2010-12-07] (Hewlett Packard)
S3 HPFXFAX; C:\Windows\System32\drivers\hppcfaxio.sys [21528 2010-12-07] (Hewlett Packard)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [210304 2009-06-30] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [986240 2009-06-30] (Conexant Systems, Inc.)
R1 IBMTPCHK; C:\WINDOWS\system32\Drivers\IBMBLDID.sys [4224 2008-05-12] ()
R2 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker.sys [45384 2012-03-20] ()
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9728 2010-06-19] (MBB Incorporated)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [9728 2009-02-03] (ZTE Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NETw5x32; C:\Windows\System32\DRIVERS\NETw5x32.sys [6601216 2010-03-17] (Intel Corporation)
R2 NetwareWorkstation; C:\Windows\System32\NetWare\nwfs.sys [553216 2008-08-28] (Novell, Inc.)
R2 NICICCS; C:\Windows\System32\Drivers\NICICCS.sys [456080 2003-08-22] ()
R0 NICM; C:\Windows\System32\drivers\nicm.sys [38603 2008-01-08] (Novell, Inc.)
R3 NWDHCP; C:\Windows\System32\NetWare\nwdhcp.sys [18353 2005-11-22] (Novell, Inc.)
R3 NWDNS; C:\Windows\System32\NetWare\nwdns.sys [45824 2008-07-21] (Novell, Inc.)
R0 NWFILTER; C:\Windows\System32\NetWare\nwfilter.sys [17664 2008-07-21] (Novell, Inc.)
R3 NWHOST; C:\Windows\System32\NetWare\NWHOST.sys [9297 2005-10-12] (Novell, Inc.)
S3 NWSAP; C:\Windows\System32\NetWare\NWSAP.sys [23232 2003-02-26] ()
S2 NWSIPX32; C:\Windows\System32\NetWare\nwsipx32.sys [58496 2008-08-04] (Novell, Inc.)
R3 NWSLP; C:\Windows\System32\NetWare\nwslp.sys [20208 2008-04-04] (Novell, Inc.)
R3 NWSNS; C:\Windows\System32\NetWare\NWSNS.sys [6128 2005-10-12] (Novell, Inc.)
S3 prepdrvr; C:\WINDOWS\system32\CCM\prepdrv.sys [20848 2009-09-18] (Microsoft Corporation)
R3 qcfilterlno2k; C:\Windows\System32\DRIVERS\qcfilterlno2k.sys [5248 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbnetlno2k; C:\Windows\System32\DRIVERS\qcusbnetlno2k.sys [236032 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbserlno2k; C:\Windows\System32\DRIVERS\qcusbserlno2k.sys [190848 2011-05-23] (QUALCOMM Incorporated)
R2 RESMGR; C:\Windows\System32\NetWare\resmgr.sys [29440 2008-07-21] (Novell, Inc.)
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [13952 2009-08-09] (Intel Corporation)
R3 smrtdrv; C:\Windows\System32\DRIVERS\smrtdrv.sys [2432 2011-01-07] (SMART Technologies Inc.)
R3 smsmdd; C:\Windows\System32\DRIVERS\smsmdm.sys [12448 2008-10-20] (Microsoft Corporation)
R1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] ()
R2 SRVLOC; C:\Windows\System32\NetWare\srvloc.sys [185216 2008-08-04] (Novell, Inc.)
R0 stmtpm; C:\Windows\System32\DRIVERS\stm_tpm.sys [21504 2007-06-08] (STMicroelectronics, INC)
R1 tidnet; C:\Windows\System32\DRIVERS\tidnet.sys [26008 2010-04-30] (Telefónica I+D)
R1 TPHKDRV; C:\Windows\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwrif.sys [4442 2010-05-12] ()
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [561536 2008-12-01] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [132352 2008-12-01] (Hauppauge Computer Works, Inc.)
R3 vmkbd; C:\WINDOWS\system32\drivers\VMkbd.sys [23216 2010-01-22] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2010-01-22] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [32688 2010-01-22] (VMware, Inc.)
R2 VMnetuserif; C:\WINDOWS\system32\drivers\vmnetuserif.sys [26288 2010-01-22] (VMware, Inc.)
S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2010-01-22] (VMware, Inc.)
R2 vmx86; C:\WINDOWS\system32\Drivers\vmx86.sys [854192 2010-01-22] (VMware, Inc.)
R2 vstor2-ws60; C:\Programme\VMware\VMware Player\vstor2-ws60.sys [22448 2009-10-12] (VMware, Inc.)
R2 WNTHW; C:\WINDOWS\system32\DRIVERS\WNTHW.SYS [9176 2010-03-24] ()
S3 cpuz132; \??\D:\Temp\cpuz132\cpuz132_x32.sys [x]
S3 esgiguard; \??\C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S4 IntelIde; No ImagePath
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-01 17:52 - 2014-01-01 17:53 - 00032558 _____ C:\Dokumente und Einstellungen\XXX\Desktop\FRST.txt
2014-01-01 17:52 - 2013-12-31 16:07 - 01064333 _____ (Farbar) C:\Dokumente und Einstellungen\XXX\Desktop\FRST.exe
2014-01-01 17:39 - 2014-01-01 17:39 - 00002076 _____ C:\Dokumente und Einstellungen\XXX\Desktop\SMC Anwendungen.nal
2014-01-01 17:39 - 2014-01-01 17:39 - 00000000 ____D C:\Dokumente und Einstellungen\XXX\Startmenü\SMC Anwendungen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-01 17:33 - 2014-01-01 17:33 - 00003758 _____ C:\WINDOWS\bitssetup.log
2014-01-01 16:58 - 2014-01-01 16:58 - 00001815 _____ C:\Dokumente und Einstellungen\XXX\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-01-01 16:58 - 2014-01-01 16:58 - 00000000 ____D C:\Programme\Tweaking.com
2014-01-01 16:58 - 2014-01-01 16:58 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Tweaking.com
2014-01-01 01:45 - 2014-01-01 01:45 - 00054016 _____ C:\WINDOWS\system32\Drivers\eyjoyrqc.sys
2013-12-31 16:07 - 2013-12-31 16:07 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\SMC Vorlagen für Office 2010
2013-12-31 16:06 - 2013-12-31 16:06 - 00000000 ____D C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\SMC
2013-12-27 16:06 - 2013-12-27 16:06 - 00000075 _____ C:\WINDOWS\wininit.ini
2013-12-27 16:01 - 2013-12-28 09:47 - 00000000 ____D C:\Programme\Gemeinsame Dateien\PC Tools
2013-12-27 16:01 - 2013-12-28 09:10 - 00885763 _____ C:\WINDOWS\system32\Drivers\Cat.DB
2013-12-27 16:01 - 2012-11-01 15:35 - 00202280 _____ (PC Tools) C:\WINDOWS\system32\Drivers\PCTSD.sys
2013-12-27 16:00 - 2013-12-28 09:41 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
2013-12-27 16:00 - 2013-12-27 16:00 - 00000000 ____D C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\TestApp
2013-12-27 15:58 - 2013-12-27 17:52 - 00000000 ____D C:\Programme\Spybot - Search & Destroy 2
2013-12-27 15:58 - 2013-12-27 17:51 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2013-12-27 15:58 - 2013-12-27 16:06 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2013-12-27 15:54 - 2013-12-27 15:54 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-12-27 14:51 - 2013-12-27 14:51 - 00058278 _____ D:\\bookmark.htm
2013-12-27 01:47 - 2013-12-27 06:53 - 00000000 ____D C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP
2013-12-27 01:47 - 2013-12-27 01:47 - 00000000 ____D C:\Programme\Enigma Software Group
2013-12-27 01:46 - 2013-12-27 01:46 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2013-12-27 00:25 - 2013-12-27 00:25 - 00000000 ____D C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Grisoft
2013-12-27 00:24 - 2013-12-27 00:24 - 00000838 _____ C:\Dokumente und Einstellungen\All Users\Desktop\AVG Anti-Spyware.lnk
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Programme\Grisoft
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG Anti-Spyware 7.5
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft
2013-12-27 00:24 - 2007-05-30 13:10 - 00010872 _____ (GRISOFT, s.r.o.) C:\WINDOWS\system32\Drivers\AvgAsCln.sys
2013-12-26 23:49 - 2014-01-01 17:37 - 00025791 _____ C:\WINDOWS\setupapi.log
2013-12-26 23:43 - 2013-12-26 23:52 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator
2013-12-26 23:43 - 2013-12-26 23:43 - 00000712 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk
2013-12-26 23:43 - 2013-12-26 23:43 - 00000000 ____D C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Spyware Terminator
2013-12-26 23:43 - 2013-12-26 23:43 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spyware Terminator 2012
2013-12-26 23:43 - 2011-06-21 11:24 - 00032768 _____ C:\WINDOWS\system32\Drivers\sp_rsdrv2.sys
2013-12-26 23:42 - 2013-12-26 23:42 - 00000000 ____D D:\\MAGIX_MxTray
2013-12-26 23:40 - 2013-12-26 23:43 - 00000000 ____D C:\Programme\Spyware Terminator
2013-12-26 23:14 - 2013-12-26 23:42 - 00000000 ____D D:\\OnDemandDump
2013-12-26 23:14 - 2013-12-26 23:42 - 00000000 ____D D:\\CrashLog
2013-12-26 23:14 - 2013-12-26 23:14 - 00000000 ____D C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\MAGIX
2013-12-26 23:12 - 2013-12-27 15:15 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MAGIX
2013-12-26 23:12 - 2013-12-26 23:14 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
2013-12-26 23:12 - 2013-12-26 23:12 - 00000000 ____D C:\Programme\MAGIX
2013-12-26 23:04 - 2013-12-26 23:04 - 00000000 ____D C:\Programme\Ashampoo
2013-12-26 23:04 - 2013-12-26 23:04 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ashampoo
2013-12-26 23:04 - 2009-08-24 21:08 - 00028160 _____ (mst software GmbH, Germany) C:\WINDOWS\system32\DfSdkBt.exe
2013-12-26 22:58 - 2013-12-26 22:58 - 00001698 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\X-Setup Pro.lnk
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Programme\X-Setup Pro
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\X-Setup Pro
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X-Setup Pro
2013-12-26 22:47 - 2014-01-01 17:38 - 00016037 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-26 22:26 - 2013-12-27 14:57 - 00002180 _____ C:\Dokumente und Einstellungen\XXX\daemonprocess.txt
2013-12-26 22:26 - 2013-12-26 22:26 - 00000000 ____D C:\Dokumente und Einstellungen\XXX\.android
2013-12-13 21:13 - 2013-12-29 14:33 - 00000000 ____D C:\AdwCleaner
2013-12-10 21:16 - 2013-12-10 21:16 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
2013-12-08 19:32 - 2013-12-08 19:32 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-12-08 19:32 - 2013-12-08 19:32 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2013-12-05 22:17 - 2013-12-05 22:17 - 00001758 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Digital Editions 2.0.lnk
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D D:\\My Digital Editions
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe
2013-12-05 22:11 - 2013-12-05 22:31 - 00000000 ____D D:\\Calibre-Bibliothek
2013-12-05 22:11 - 2013-12-05 22:12 - 00000000 ____D C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\calibre
2013-12-05 22:11 - 2013-12-05 22:11 - 00000000 ____D C:\Programme\Calibre2
2013-12-05 22:11 - 2013-12-05 22:11 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\calibre - E-book Management
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D D:\\iPubsoft files
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D D:\\iPubsoft
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\iPubsoft
2013-12-05 21:35 - 2013-12-05 21:35 - 00000000 ____D C:\Programme\iPubsoft
2013-12-05 21:35 - 2013-12-05 21:35 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iPubsoft
2013-12-02 22:51 - 2013-12-02 22:51 - 00001529 _____ C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
2013-12-02 22:51 - 2013-12-02 22:51 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
2013-12-02 22:50 - 2013-12-02 22:51 - 00000000 ____D C:\Programme\iTunes
2013-12-02 22:50 - 2013-12-02 22:51 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-02 22:50 - 2013-12-02 22:50 - 00000000 ____D C:\Programme\iPod
==================== One Month Modified Files and Folders =======
2014-01-01 17:53 - 2014-01-01 17:52 - 00032558 _____ C:\Dokumente und Einstellungen\XXX\Desktop\FRST.txt
2014-01-01 17:53 - 2010-11-12 11:22 - 00000000 ____D D:\\Temp
2014-01-01 17:41 - 2009-12-01 18:29 - 01148676 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-01 17:41 - 2008-04-15 18:30 - 00355152 _____ C:\WINDOWS\system32\perfh015.dat
2014-01-01 17:41 - 2008-04-15 18:30 - 00049376 _____ C:\WINDOWS\system32\perfc015.dat
2014-01-01 17:40 - 2009-12-01 19:23 - 00000000 ____D C:\WINDOWS\repair
2014-01-01 17:40 - 2009-12-01 14:03 - 00000000 ____D C:\WINDOWS\Registration
2014-01-01 17:39 - 2014-01-01 17:39 - 00002076 _____ C:\Dokumente und Einstellungen\XXX\Desktop\SMC Anwendungen.nal
2014-01-01 17:39 - 2014-01-01 17:39 - 00000000 ____D C:\Dokumente und Einstellungen\XXX\Startmenü\SMC Anwendungen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-01 17:39 - 2010-11-12 14:26 - 00000000 ___RD C:\Dokumente und Einstellungen\XXX\Startmenü
2014-01-01 17:38 - 2013-12-26 22:47 - 00016037 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-01 17:38 - 2010-11-12 13:32 - 00000316 _____ C:\WINDOWS\Tasks\PMTask.job
2014-01-01 17:38 - 2010-11-12 11:20 - 00000000 ___HD C:\NALCache
2014-01-01 17:37 - 2013-12-26 23:49 - 00025791 _____ C:\WINDOWS\setupapi.log
2014-01-01 17:37 - 2012-05-29 21:11 - 00001104 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-01 17:37 - 2010-11-12 14:27 - 00000972 __RSH C:\Dokumente und Einstellungen\XXX\ntuser.pol
2014-01-01 17:37 - 2010-11-12 14:26 - 00000000 ____D C:\Dokumente und Einstellungen\XXX
2014-01-01 17:37 - 2010-11-12 11:32 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy.UserCache
2014-01-01 17:37 - 2010-11-12 11:20 - 00019868 __RSH C:\Dokumente und Einstellungen\All Users\ntuser.pol
2014-01-01 17:37 - 2010-11-12 11:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2014-01-01 17:37 - 2008-04-14 18:30 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-01 17:36 - 2011-01-06 11:01 - 00000000 ____D C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\VMware
2014-01-01 17:36 - 2011-01-06 11:00 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VMware
2014-01-01 17:36 - 2009-12-01 18:31 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-01 17:36 - 2009-12-01 18:31 - 00000050 _____ C:\WINDOWS\wiaservc.log
2014-01-01 17:36 - 2009-12-01 14:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-01 17:35 - 2009-12-01 18:28 - 00274168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-01 17:34 - 2013-07-18 20:23 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2014-01-01 17:34 - 2010-11-12 14:27 - 00000190 ___SH C:\Dokumente und Einstellungen\XXX\ntuser.ini
2014-01-01 17:34 - 2010-11-12 12:33 - 02097152 _____ C:\WINDOWS\system32\config\PatchLin.evt
2014-01-01 17:34 - 2009-12-01 14:11 - 00032530 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-01 17:33 - 2014-01-01 17:33 - 00003758 _____ C:\WINDOWS\bitssetup.log
2014-01-01 17:33 - 2009-12-01 14:06 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2014-01-01 17:33 - 2009-12-01 14:06 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2014-01-01 17:29 - 2013-02-03 16:18 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-01 17:17 - 2011-02-14 15:53 - 00000000 ____D D:\\Downloads
2014-01-01 17:02 - 2012-05-29 21:11 - 00001108 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-01 16:58 - 2014-01-01 16:58 - 00001815 _____ C:\Dokumente und Einstellungen\XXX\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-01-01 16:58 - 2014-01-01 16:58 - 00000000 ____D C:\Programme\Tweaking.com
2014-01-01 16:58 - 2014-01-01 16:58 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Tweaking.com
2014-01-01 16:58 - 2009-12-01 18:29 - 00000000 ___RD C:\Programme
2014-01-01 16:58 - 2009-12-01 18:29 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-01-01 16:46 - 2010-11-12 13:35 - 00000463 _____ C:\WINDOWS\smscfg.ini
2014-01-01 16:37 - 2012-07-19 16:05 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2014-01-01 16:34 - 2010-11-12 11:31 - 00000000 ____D C:\Programme\PowerArchiver
2014-01-01 16:28 - 2013-07-07 19:52 - 00000000 ____D C:\FRST
2014-01-01 16:27 - 2010-11-12 11:31 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PowerArchiver
2014-01-01 14:16 - 2010-11-12 11:24 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-01 13:07 - 2010-11-16 11:10 - 00000000 __SHD C:\Dokumente und Einstellungen\XXX\UserData
2014-01-01 01:45 - 2014-01-01 01:45 - 00054016 _____ C:\WINDOWS\system32\Drivers\eyjoyrqc.sys
2014-01-01 01:45 - 2009-12-01 19:23 - 00000000 ____D C:\WINDOWS\security
2013-12-31 17:29 - 2010-11-12 13:23 - 00000000 __SHD D:\\System Volume Information
2013-12-31 16:07 - 2014-01-01 17:52 - 01064333 _____ (Farbar) C:\Dokumente und Einstellungen\XXX\Desktop\FRST.exe
2013-12-31 16:07 - 2013-12-31 16:07 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\SMC Vorlagen für Office 2010
2013-12-31 16:07 - 2009-12-01 18:29 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü
2013-12-31 16:06 - 2013-12-31 16:06 - 00000000 ____D C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\SMC
2013-12-29 14:33 - 2013-12-13 21:13 - 00000000 ____D C:\AdwCleaner
2013-12-28 13:06 - 2013-07-07 22:11 - 00001024 ____H C:\WINDOWS\system32\default_user_class.dat.LOG
2013-12-28 09:47 - 2013-12-27 16:01 - 00000000 ____D C:\Programme\Gemeinsame Dateien\PC Tools
2013-12-28 09:41 - 2013-12-27 16:00 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
2013-12-28 09:10 - 2013-12-27 16:01 - 00885763 _____ C:\WINDOWS\system32\Drivers\Cat.DB
2013-12-27 17:52 - 2013-12-27 15:58 - 00000000 ____D C:\Programme\Spybot - Search & Destroy 2
2013-12-27 17:52 - 2012-04-28 12:09 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-12-27 17:51 - 2013-12-27 15:58 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2013-12-27 17:02 - 2009-12-01 14:11 - 00000000 __SHD C:\Dokumente und Einstellungen\NetworkService
2013-12-27 16:06 - 2013-12-27 16:06 - 00000075 _____ C:\WINDOWS\wininit.ini
2013-12-27 16:06 - 2013-12-27 15:58 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2013-12-27 16:04 - 2010-11-19 11:05 - 00000000 ____D C:\Programme\Hardcopy
2013-12-27 16:00 - 2013-12-27 16:00 - 00000000 ____D C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\TestApp
2013-12-27 15:54 - 2013-12-27 15:54 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-12-27 15:15 - 2013-12-26 23:12 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MAGIX
2013-12-27 14:57 - 2013-12-26 22:26 - 00002180 _____ C:\Dokumente und Einstellungen\XXX\daemonprocess.txt
2013-12-27 14:51 - 2013-12-27 14:51 - 00058278 _____ D:\\bookmark.htm
2013-12-27 14:47 - 2009-12-01 14:11 - 00000000 __SHD C:\Dokumente und Einstellungen\LocalService
2013-12-27 14:47 - 2009-12-01 14:11 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator
2013-12-27 14:46 - 2013-07-08 20:18 - 00000000 ____D C:\JRT
2013-12-27 14:46 - 2009-12-01 19:23 - 00000000 ____D C:\WINDOWS\Help
2013-12-27 14:32 - 2009-12-01 14:12 - 00000000 ____D C:\WINDOWS\I386
2013-12-27 07:00 - 2010-11-12 18:10 - 00000000 __SHD C:\WINDOWS\CSC
2013-12-27 06:53 - 2013-12-27 01:47 - 00000000 ____D C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP
2013-12-27 06:53 - 2010-11-12 14:26 - 00000000 ___RD C:\Dokumente und Einstellungen\XXX\Startmenü\Programme
2013-12-27 01:55 - 2010-11-12 14:27 - 00001606 _____ C:\Dokumente und Einstellungen\XXX\Startmenü\Programme\Remoteunterstützung.lnk
2013-12-27 01:54 - 2010-07-26 10:30 - 00001606 _____ C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Remoteunterstützung.lnk
2013-12-27 01:53 - 2010-07-26 10:29 - 00001606 _____ C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Remoteunterstützung.lnk
2013-12-27 01:47 - 2013-12-27 01:47 - 00000000 ____D C:\Programme\Enigma Software Group
2013-12-27 01:46 - 2013-12-27 01:46 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2013-12-27 00:47 - 2012-11-11 18:00 - 00000888 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
2013-12-27 00:47 - 2012-11-11 18:00 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome
2013-12-27 00:47 - 2012-03-14 10:47 - 00000709 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
2013-12-27 00:47 - 2011-01-08 13:19 - 00000676 _____ C:\Dokumente und Einstellungen\XXX\Startmenü\Programme\Internet Explorer.lnk
2013-12-27 00:47 - 2010-12-01 20:25 - 00000703 _____ C:\Dokumente und Einstellungen\All Users\Desktop\sps.lnk
2013-12-27 00:47 - 2010-11-12 14:26 - 00000000 ___RD C:\Dokumente und Einstellungen\XXX\Startmenü\Programme\Autostart
2013-12-27 00:25 - 2013-12-27 00:25 - 00000000 ____D C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Grisoft
2013-12-27 00:24 - 2013-12-27 00:24 - 00000838 _____ C:\Dokumente und Einstellungen\All Users\Desktop\AVG Anti-Spyware.lnk
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Programme\Grisoft
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG Anti-Spyware 7.5
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft
2013-12-26 23:52 - 2013-12-26 23:43 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator
2013-12-26 23:43 - 2013-12-26 23:43 - 00000712 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk
2013-12-26 23:43 - 2013-12-26 23:43 - 00000000 ____D C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Spyware Terminator
2013-12-26 23:43 - 2013-12-26 23:43 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spyware Terminator 2012
2013-12-26 23:43 - 2013-12-26 23:40 - 00000000 ____D C:\Programme\Spyware Terminator
2013-12-26 23:42 - 2013-12-26 23:42 - 00000000 ____D D:\\MAGIX_MxTray
2013-12-26 23:42 - 2013-12-26 23:14 - 00000000 ____D D:\\OnDemandDump
2013-12-26 23:42 - 2013-12-26 23:14 - 00000000 ____D D:\\CrashLog
2013-12-26 23:28 - 2012-11-10 15:59 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 7
2013-12-26 23:14 - 2013-12-26 23:14 - 00000000 ____D C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\MAGIX
2013-12-26 23:14 - 2013-12-26 23:12 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
2013-12-26 23:12 - 2013-12-26 23:12 - 00000000 ____D C:\Programme\MAGIX
2013-12-26 23:04 - 2013-12-26 23:04 - 00000000 ____D C:\Programme\Ashampoo
2013-12-26 23:04 - 2013-12-26 23:04 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ashampoo
2013-12-26 22:58 - 2013-12-26 22:58 - 00001698 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\X-Setup Pro.lnk
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Programme\X-Setup Pro
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\X-Setup Pro
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X-Setup Pro
2013-12-26 22:48 - 2013-09-30 08:22 - 00000000 ____D C:\Dokumente und Einstellungen\XXX\Desktop\tmp
2013-12-26 22:29 - 2012-02-26 22:17 - 00000661 _____ C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
2013-12-26 22:29 - 2012-02-26 22:17 - 00000000 ____D C:\Programme\CCleaner
2013-12-26 22:26 - 2013-12-26 22:26 - 00000000 ____D C:\Dokumente und Einstellungen\XXX\.android
2013-12-20 08:34 - 2010-11-12 11:22 - 00000000 ____D D:\\Favoriten
2013-12-18 22:14 - 2009-12-01 18:31 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2013-12-11 18:29 - 2012-11-13 01:20 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-11 18:29 - 2012-11-13 01:20 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-10 21:16 - 2013-12-10 21:16 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
2013-12-10 21:16 - 2012-05-29 21:11 - 00000000 ____D C:\Programme\Google
2013-12-08 19:32 - 2013-12-08 19:32 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-12-08 19:32 - 2013-12-08 19:32 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2013-12-08 19:32 - 2012-03-14 11:11 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-12-08 19:32 - 2010-12-01 09:22 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Java
2013-12-05 22:31 - 2013-12-05 22:11 - 00000000 ____D D:\\Calibre-Bibliothek
2013-12-05 22:17 - 2013-12-05 22:17 - 00001758 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Digital Editions 2.0.lnk
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D D:\\My Digital Editions
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe
2013-12-05 22:17 - 2012-11-11 18:00 - 00000000 ____D C:\Programme\Adobe
2013-12-05 22:12 - 2013-12-05 22:11 - 00000000 ____D C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\calibre
2013-12-05 22:11 - 2013-12-05 22:11 - 00000000 ____D C:\Programme\Calibre2
2013-12-05 22:11 - 2013-12-05 22:11 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\calibre - E-book Management
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D D:\\iPubsoft files
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D D:\\iPubsoft
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\iPubsoft
2013-12-05 21:35 - 2013-12-05 21:35 - 00000000 ____D C:\Programme\iPubsoft
2013-12-05 21:35 - 2013-12-05 21:35 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iPubsoft
2013-12-02 22:51 - 2013-12-02 22:51 - 00001529 _____ C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
2013-12-02 22:51 - 2013-12-02 22:51 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
2013-12-02 22:51 - 2013-12-02 22:50 - 00000000 ____D C:\Programme\iTunes
2013-12-02 22:51 - 2013-12-02 22:50 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-02 22:50 - 2013-12-02 22:50 - 00000000 ____D C:\Programme\iPod
2013-12-02 22:50 - 2012-09-29 00:29 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Apple
2013-12-02 22:46 - 2011-01-06 09:26 - 00000000 ____D D:\\FastTrack
2013-12-02 14:02 - 2013-09-20 10:55 - 00000000 ____D D:\\Thomas
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2008-04-14 18:30] - [2008-04-14 18:30] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[2008-04-14 18:30] - [2008-04-14 18:30] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[2008-04-14 18:30] - [2008-04-14 18:30] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[2009-02-09 17:51] - [2009-02-09 17:51] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[2008-04-14 18:30] - [2008-04-14 18:30] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[2008-04-14 18:30] - [2008-04-14 18:30] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 18:30] - [2008-04-14 18:30] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
--- --- --- Danke für die Hilfe. Ps: sind wir fertig? Prüfen wir noch den gefundenen Trojaner? |
|
02.01.2014, 16:46
| #10 |
| /// the machine /// TB-Ausbilder | Backdoor sdboot.ry Virus kann nicht gelöscht werden Die Funde von ESET wurden schon adressiert, ausser die SWH, das machen wir am Schluss. Erst noch paar Dienste korrigieren: Downloade dir bitte Windows Repair (All In One) von hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.01.2014, 18:06
| #11 |
| | Backdoor sdboot.ry Virus kann nicht gelöscht werden Hallo Schrauber, das mit dem Windows Repair hatte ich bereits durchgeführt. Soll ich das nochmals ausführen. Hier hat wohl Etwas nicht funktioniert. Komme immer noch nicht in den Abgesicherten Modus. Habe nochmals das Windows Repair Tool ausgeführt. anbei noch eine frische FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-01-2014 01
Ran by Xxx (administrator) on MC00018329 on 03-01-2014 19:00:21
Running from C:\Dokumente und Einstellungen\Xxx\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Novell, Inc) C:\Programme\Novell\CASA\bin\micasad.exe
(Novell, Inc.) C:\WINDOWS\system32\novell\xtagent.exe
(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(Intel(R) Corporation) C:\Programme\Intel\WiFi\bin\S24EvMon.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\tpnumlk.exe
(Array Networks, Inc.) C:\Program Files\Array Networks\Common\8,4,0,264\arr_isrv.exe
(Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
(Autonomy Corporation plc) C:\Programme\Iron Mountain\Connected BackupPC\AgentService.exe
(Apple Inc.) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Array Networks, Inc.) C:\Program Files\Array Networks\Array SSL VPN\8,4,0,264\arr_srvs.exe
(GRISOFT s.r.o.) C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
(Lenovo.) C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
(Intel(R) Corporation) C:\Programme\Intel\WiFi\bin\EvtEng.exe
(OptionNV) C:\Programme\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\bin\TSUsage32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Programme\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\micmute.exe
(Intel Corporation) C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(IBM Corp) C:\Notes\nslsvice.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
() C:\Programme\MySQL\MySQL Server 5.1\bin\mysqld.exe
(Microsoft Corp.) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Novell, Inc.) C:\Programme\Novell\ZENworks\NALNTSRV.EXE
(Novell, Inc.) C:\Programme\PatchLink\Update Agent\GravitixService.exe
(QUALCOMM, Inc.) C:\Programme\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
(Refresh IT Solutions) C:\Programme\Refresh IT Solutions\Refresh Devices Manager\RDMAgent.exe
(Intel(R) Corporation) C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
(Crawler.com) C:\Programme\Spyware Terminator\st_rsser.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
(Telefónica I+D) C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Microsoft Corporation) C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
(Intel Corporation) C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Programme\UPHClean\uphclean.exe
(VMware, Inc.) C:\Programme\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\WINDOWS\system32\vmnat.exe
(Microsoft Corporation) C:\Programme\Windows Media Player\wmpnetwk.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\WM.EXE
() C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
(VMware, Inc.) C:\WINDOWS\system32\vmnetdhcp.exe
(Broadcom Corporation.) C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
(Novell, Inc.) C:\Programme\Novell\ZENworks\WMRUNDLL.EXE
(Synaptics Incorporated) C:\Programme\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Lenovo.) C:\WINDOWS\system32\TpShocks.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Lenovo Group Ltd.) C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
(Synaptics Incorporated) C:\Programme\Synaptics\SynTP\SynTPLpr.exe
(LENOVO) C:\Programme\ThinkVantage\AMSG\Amsg.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe
(Ricoh co.,Ltd.) C:\Programme\Integrated Camera Driver\RCIMGDIR.exe
(Novell, Inc.) C:\WINDOWS\system32\dpmw32.exe
(Novell, Inc.) C:\WINDOWS\system32\nwtray.exe
(Lenovo Group Limited) C:\Programme\Lenovo\ZOOM\TpScrex.exe
(VMware, Inc.) C:\Programme\VMware\VMware Player\hqtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Novell, Inc.) C:\Programme\PatchLink\Update Agent\pddm.exe
(Research In Motion Limited) C:\Programme\Gemeinsame Dateien\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Novell, Inc) C:\Programme\Novell\ZENworks\NalAgent.exe
(Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Hewlett-Packard) C:\Programme\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Programme\HP\ToolboxFX\bin\HPTLBXFX.exe
(Adobe Systems Incorporated) C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
(Autonomy Corporation plc) C:\Programme\Iron Mountain\Connected BackupPC\Agent.exe
(shbox.de) C:\Programme\FreePDF_XP\fpassist.exe
(Haufe-Lexware GmbH & Co. KG) C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe
(Apple Inc.) C:\Programme\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Programme\iPod\bin\iPodService.exe
(GRISOFT s.r.o.) C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
(Broadcom Corporation.) C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Programme\McAfee Security Scan\3.8.130\SSScheduler.exe
(Broadcom Corporation.) C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe
(Lenovo) C:\Programme\ThinkPad\ConnectUtilities\Access Connections.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\...\Run: [TpShocks] - C:\WINDOWS\system32\TpShocks.exe [337256 2009-12-11] (Lenovo.)
HKLM\...\Run: [picon] - C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\PrivacyIconClient.exe [358424 2009-08-04] (Intel Corporation)
HKLM\...\Run: [IMSS] - C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-03-25] ()
HKLM\...\Run: [EZEJMNAP] - C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE [256576 2008-10-07] (Lenovo Group Ltd.)
HKLM\...\Run: [TPHOTKEY] - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited)
HKLM\...\Run: [AMSG] - C:\Programme\ThinkVantage\AMSG\Amsg.exe [436800 2009-09-03] (LENOVO)
HKLM\...\Run: [PWRMGRTR] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [RotateImage] - C:\Programme\Integrated Camera Driver\RCIMGDIR.exe [31744 2008-10-30] (Ricoh co.,Ltd.)
HKLM\...\Run: [NDPS] - C:\WINDOWS\system32\dpmw32.exe [32859 2004-05-17] (Novell, Inc.)
HKLM\...\Run: [NWTRAY] - C:\WINDOWS\system32\nwtray.exe [28672 2002-03-12] (Novell, Inc.)
HKLM\...\Run: [ZENRC Tray Icon] - C:\WINDOWS\system32\zentray.exe [40960 2005-05-18] (Novell, Inc.)
HKLM\...\Run: [Application Explorer] - C:\Programme\Novell\ZENworks\NALDESK.EXE [7168 2006-06-13] (Novell, Inc.)
HKLM\...\Run: [Tweak UI] - RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
HKLM\...\Run: [VMware hqtray] - C:\Programme\VMware\VMware Player\hqtray.exe [64048 2010-01-22] (VMware, Inc.)
HKLM\...\Run: [PDDM] - C:\Programme\PatchLink\Update Agent\pddm.exe [401408 2009-07-28] (Novell, Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Programme\Gemeinsame Dateien\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM\...\Run: [ACTray] - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe [425984 2010-09-17] (Lenovo )
HKLM\...\Run: [ACWLIcon] - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe [176128 2010-09-17] (Lenovo )
HKLM\...\Run: [HP Software Update] - C:\Programme\HP\HP Software Update\hpwuschd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [ToolboxFX] - C:\Programme\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-10-25] (Hewlett-Packard Company)
HKLM\...\Run: [Adobe ARM] - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [AgentUiRunKey] - C:\Programme\Iron Mountain\Connected BackupPC\Agent.exe [294400 2012-03-20] (Autonomy Corporation plc)
HKLM\...\Run: [FreePDF Assistant] - C:\Programme\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM\...\Run: [LexwareInfoService] - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [Communicator] - C:\Programme\Microsoft Lync\communicator.exe [12107944 2013-03-22] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Programme\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Programme\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [!AVG Anti-Spyware] - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [6731312 2007-06-11] (GRISOFT s.r.o.)
Winlogon\Notify\LCredMgr: C:\Programme\Novell\CASA\bin\lcredmgr.dll ()
Winlogon\Notify\NetIdentity Notification: C:\WINDOWS\system32\novell\xtnotify.dll (Novell, Inc.)
HKCU\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\SanDisk\SanDiskSecureAccess_Manager.exe [27311232 2011-06-29] (Gemalto N.V.)
HKCU\...\Policies\system: [WarningMsgInBody]
Lsa: [Authentication Packages] msv1_0 nwv1_0
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
BHO: No Name - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} https://quickplace.steria-mummert.de/qp2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://external.econgas.com/InternalSite/WhlCompMgr.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://domino.muenchen.steria-mummert.de/dwa8W.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Programme\QlikView\QvProtocol\qvp.dll (QlikTech AB)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Application Explorer - {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Programme\Novell\ZENworks\NalShell.dll [458752 2007-08-08] (Novell, Inc)
ShellExecuteHooks: CShellExecuteHookImpl Object - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [79408 2007-05-30] (GRISOFT s.r.o.)
Winsock: Catalog5 04 %SystemRoot%\system32\netware\NWWS2NDS.DLL [36947] (Novell, Inc.)
Winsock: Catalog5 05 %SystemRoot%\system32\netware\NWWS2SAP.DLL [32851] (Novell, Inc.)
Winsock: Catalog5 06 %SystemRoot%\system32\netware\NWWS2SLP.DLL [49235] (Novell, Inc.)
Winsock: Catalog5 07 C:\Programme\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{9EFE6EF8-64B2-4A8B-A464-4F9E0FCE7DAA}: [NameServer]192.135.82.44,192.135.82.60
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\u6lso5da.default
FF NewTab: www.google.com
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: www.google.com
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Programme\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Programme\Microsoft Silverlight\4.0.50826.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Programme\Gemeinsame Dateien\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\u6lso5da.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: Click to call with Skype - C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [{cf828622-feaf-4708-8e39-395e58c9f1cc}] - C:\Programme\Re-markit\150.xpi
========================== Services (Whitelisted) =================
R2 AcPrfMgrSvc; C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [98304 2010-09-17] (Lenovo )
R2 AcSvc; C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe [237568 2010-09-17] (Lenovo )
R2 AgentService; C:\Programme\Iron Mountain\Connected BackupPC\AgentService.exe [7617952 2012-03-20] (Autonomy Corporation plc)
R2 Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624 2013-09-07] (Apple Inc.)
R2 ArraySSL_VPN_Service8.4.0.264; C:\Program Files\Array Networks\Array SSL VPN\8,4,0,264\arr_srvs.exe [239024 2010-03-10] (Array Networks, Inc.)
R2 Array_Utility_Service8.4.0.264; C:\Program Files\Array Networks\Common\8,4,0,264\arr_isrv.exe [398768 2010-03-10] (Array Networks, Inc.)
R2 AVG Anti-Spyware Guard; C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe [312880 2007-05-30] (GRISOFT s.r.o.)
S4 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.)
R2 btwdins; C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe [349528 2010-05-25] (Broadcom Corporation.)
S2 CcmExec; C:\WINDOWS\system32\CCM\CcmExec.exe [764768 2009-09-18] (Microsoft Corporation)
S3 cusrvc; C:\WINDOWS\system32\cusrvc.exe [53339 2008-08-04] (Novell, Inc.)
S3 DMService; C:\WINDOWS\DOWNLO~1\DMService.exe [517360 2013-11-08] (Microsoft Corporation)
R2 DozeSvc; C:\Programme\ThinkPad\Utilities\DOZESVC.EXE [132456 2010-05-12] (Lenovo.)
R2 EvtEng; C:\Programme\Intel\WiFi\bin\EvtEng.exe [862480 2010-03-05] (Intel(R) Corporation)
R2 GtDetectSc; C:\Programme\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe [545792 2009-05-04] (OptionNV)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2012-05-29] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2012-05-29] (Google Inc.)
S2 HP LaserJet Service; C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP)
R3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [553288 2013-11-02] (Apple Inc.)
S4 IviRegMgr; C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe [112152 2007-01-04] (InterVideo)
R2 LENOVO.CAMMUTE; C:\Programme\Lenovo\Communications Utility\CAMMUTE.exe [43584 2012-01-16] (Lenovo Group Limited)
R2 Lenovo.micmute; C:\Programme\LENOVO\HOTKEY\MICMUTE.exe [45496 2010-04-07] (Lenovo Group Limited)
R2 LMS; C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [266576 2010-03-25] (Intel Corporation)
R2 Lotus Notes Single Logon; C:\Notes\nslsvice.exe [31624 2008-08-08] (IBM Corp)
R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Programme\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2013-12-27] (Mozilla Foundation)
R2 msoidsvc; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1542560 2010-08-17] (Microsoft Corp.)
R2 MySQL; C:\Programme\MySQL\MySQL Server 5.1\my.ini [848 2012-02-26] ()
R2 NALNTSERVICE; C:\Programme\Novell\ZENworks\nalntsrv.exe [113152 2006-06-13] (Novell, Inc.)
R2 Novell Identity Store; C:\Programme\Novell\CASA\bin\micasad.exe [245760 2009-10-14] (Novell, Inc)
R2 Novell ZENworks Agent Service; C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe [28672 2010-06-30] (Novell, Inc.)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S3 osppsvc; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4640000 2010-01-09] (Microsoft Corporation)
R2 PatchLink Update; C:\Programme\PatchLink\Update Agent\GravitixService.exe [81920 2009-07-28] (Novell, Inc.)
R2 Power Manager DBC Service; C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe [53248 2010-05-12] ()
R2 QDLService2kLenovo; C:\Programme\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [1688384 2011-05-23] (QUALCOMM, Inc.)
R2 RefreshDevicesManager; C:\Programme\Refresh IT Solutions\Refresh Devices Manager\RDMAgent.exe [738304 2012-02-28] (Refresh IT Solutions)
R2 RegSrvc; C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe [473360 2010-03-05] (Intel(R) Corporation)
R2 Remote Management Agent; C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [167936 2006-05-09] (Novell, Inc.)
R2 S24EventMonitor; C:\Programme\Intel\WiFi\bin\S24EvMon.exe [954368 2010-03-05] (Intel(R) Corporation)
S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
S2 SMART Mirror Driver Monitor Service; C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\TANDBERG\See&Share\monitorservice.exe [135680 2011-01-07] (SMART Technologies)
S3 smstsmgr; C:\WINDOWS\system32\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
R2 ST2012_Svc; C:\Programme\Spyware Terminator\st_rsser.exe [587912 2013-10-22] (Crawler.com)
R2 TeamViewer8; C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe [4153184 2013-07-08] (TeamViewer GmbH)
R2 TGCM_ImportWiFiSvc; C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D)
R2 TPHKSVC; C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe [63928 2010-04-07] (Lenovo Group Limited)
R2 uagqecsvc; C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [169200 2013-01-22] (Microsoft Corporation)
R2 UNS; C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2320920 2010-03-25] (Intel Corporation)
R2 UPHClean; C:\Programme\UPHClean\uphclean.exe [241725 2005-04-27] (Microsoft Corporation)
R2 VMAuthdService; C:\Programme\VMware\VMware Player\vmware-authd.exe [113200 2010-01-22] (VMware, Inc.)
R2 VMnetDHCP; C:\WINDOWS\system32\vmnetdhcp.exe [334384 2010-01-22] (VMware, Inc.)
R2 VMUSBArbService; C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe [563760 2010-01-22] (VMware, Inc.)
R2 VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [395824 2010-01-22] (VMware, Inc.)
R2 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
R2 XTAgent; C:\Windows\System32\Novell\XTAgent.exe [61440 2007-01-10] (Novell, Inc.)
S3 ZENPreAgent; C:\WINDOWS\novell\zenworks\bin\ZENPreAgent.exe [196608 2010-11-12] ()
R2 ZFDWM; C:\Programme\Novell\ZENworks\wm.exe [152128 2007-02-07] (Novell, Inc.)
S2 DlProtectSvc; C:\WINDOWS\system32\DlProtectSvc.exe [x]
S4 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf"
S3 ufad-ws60; "C:\Programme\VMware\VMware Player\vmware-ufad.exe" -d "C:\Programme\VMware\VMware Player\\" -s ufad-p2v.xml
S2 vmnat32; C:\WINDOWS\system32\ccfgnt32.exe [x]
==================== Drivers (Whitelisted) ====================
R1 ANC; C:\Windows\System32\drivers\ANC.SYS [11520 2005-09-28] (IBM Corp.)
S3 ATP; C:\Windows\System32\DRIVERS\atpdrvr.sys [16256 2009-09-03] (Array Networks, Inc.)
R1 AVG Anti-Spyware Driver; C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.sys [11000 2007-05-30] ()
R1 AvgAsCln; C:\Windows\System32\DRIVERS\AvgAsCln.sys [10872 2007-05-30] (GRISOFT, s.r.o.)
R2 BlankScr; C:\Windows\System32\Drivers\BlankScr.sys [6899 2005-05-23] (Novell Inc.)
R3 BM; C:\Windows\System32\DRIVERS\vptunnel.sys [217164 2006-10-28] (Novell, Inc.)
R3 btaudio; C:\Windows\System32\drivers\btaudio.sys [533152 2010-06-01] (Broadcom Corporation.)
R3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [37160 2010-06-01] (Broadcom Corporation.)
R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [993320 2010-06-01] (Broadcom Corporation.)
S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [156816 2010-06-01] (Broadcom Corporation.)
R3 btwmodem; C:\Windows\System32\DRIVERS\btwmodem.sys [37032 2010-06-01] (Broadcom Corporation.)
R3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [51752 2010-06-01] (Broadcom Corporation.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 CnxtHdAudService; C:\Windows\System32\drivers\CHDAU32.sys [1756216 2010-03-31] (Conexant Systems Inc.)
R3 Darpan; C:\Windows\System32\DRIVERS\Darpan.sys [2773 2005-05-23] (Novell, Inc.)
S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k5132.sys [167080 2009-12-10] (Intel Corporation)
R2 hcmon; C:\WINDOWS\system32\drivers\hcmon.sys [32304 2010-01-22] (VMware, Inc.)
S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2010-12-07] (Hewlett Packard)
S3 HPFXFAX; C:\Windows\System32\drivers\hppcfaxio.sys [21528 2010-12-07] (Hewlett Packard)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [210304 2009-06-30] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [986240 2009-06-30] (Conexant Systems, Inc.)
R1 IBMTPCHK; C:\WINDOWS\system32\Drivers\IBMBLDID.sys [4224 2008-05-12] ()
R2 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker.sys [45384 2012-03-20] ()
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9728 2010-06-19] (MBB Incorporated)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [9728 2009-02-03] (ZTE Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NETw5x32; C:\Windows\System32\DRIVERS\NETw5x32.sys [6601216 2010-03-17] (Intel Corporation)
R2 NetwareWorkstation; C:\Windows\System32\NetWare\nwfs.sys [553216 2008-08-28] (Novell, Inc.)
R2 NICICCS; C:\Windows\System32\Drivers\NICICCS.sys [456080 2003-08-22] ()
R0 NICM; C:\Windows\System32\drivers\nicm.sys [38603 2008-01-08] (Novell, Inc.)
R3 NWDHCP; C:\Windows\System32\NetWare\nwdhcp.sys [18353 2005-11-22] (Novell, Inc.)
R3 NWDNS; C:\Windows\System32\NetWare\nwdns.sys [45824 2008-07-21] (Novell, Inc.)
R0 NWFILTER; C:\Windows\System32\NetWare\nwfilter.sys [17664 2008-07-21] (Novell, Inc.)
R3 NWHOST; C:\Windows\System32\NetWare\NWHOST.sys [9297 2005-10-12] (Novell, Inc.)
S3 NWSAP; C:\Windows\System32\NetWare\NWSAP.sys [23232 2003-02-26] ()
S2 NWSIPX32; C:\Windows\System32\NetWare\nwsipx32.sys [58496 2008-08-04] (Novell, Inc.)
R3 NWSLP; C:\Windows\System32\NetWare\nwslp.sys [20208 2008-04-04] (Novell, Inc.)
R3 NWSNS; C:\Windows\System32\NetWare\NWSNS.sys [6128 2005-10-12] (Novell, Inc.)
S3 prepdrvr; C:\WINDOWS\system32\CCM\prepdrv.sys [20848 2009-09-18] (Microsoft Corporation)
R3 qcfilterlno2k; C:\Windows\System32\DRIVERS\qcfilterlno2k.sys [5248 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbnetlno2k; C:\Windows\System32\DRIVERS\qcusbnetlno2k.sys [236032 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbserlno2k; C:\Windows\System32\DRIVERS\qcusbserlno2k.sys [190848 2011-05-23] (QUALCOMM Incorporated)
R2 RESMGR; C:\Windows\System32\NetWare\resmgr.sys [29440 2008-07-21] (Novell, Inc.)
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [13952 2009-08-09] (Intel Corporation)
R3 smrtdrv; C:\Windows\System32\DRIVERS\smrtdrv.sys [2432 2011-01-07] (SMART Technologies Inc.)
R3 smsmdd; C:\Windows\System32\DRIVERS\smsmdm.sys [12448 2008-10-20] (Microsoft Corporation)
R1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] ()
R2 SRVLOC; C:\Windows\System32\NetWare\srvloc.sys [185216 2008-08-04] (Novell, Inc.)
R0 stmtpm; C:\Windows\System32\DRIVERS\stm_tpm.sys [21504 2007-06-08] (STMicroelectronics, INC)
R1 tidnet; C:\Windows\System32\DRIVERS\tidnet.sys [26008 2010-04-30] (Telefónica I+D)
R1 TPHKDRV; C:\Windows\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwrif.sys [4442 2010-05-12] ()
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [561536 2008-12-01] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [132352 2008-12-01] (Hauppauge Computer Works, Inc.)
R3 vmkbd; C:\WINDOWS\system32\drivers\VMkbd.sys [23216 2010-01-22] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2010-01-22] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [32688 2010-01-22] (VMware, Inc.)
R2 VMnetuserif; C:\WINDOWS\system32\drivers\vmnetuserif.sys [26288 2010-01-22] (VMware, Inc.)
S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2010-01-22] (VMware, Inc.)
R2 vmx86; C:\WINDOWS\system32\Drivers\vmx86.sys [854192 2010-01-22] (VMware, Inc.)
R2 vstor2-ws60; C:\Programme\VMware\VMware Player\vstor2-ws60.sys [22448 2009-10-12] (VMware, Inc.)
R2 WNTHW; C:\WINDOWS\system32\DRIVERS\WNTHW.SYS [9176 2010-03-24] ()
S3 cpuz132; \??\D:\Temp\cpuz132\cpuz132_x32.sys [x]
S3 esgiguard; \??\C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S4 IntelIde; No ImagePath
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-03 19:00 - 2014-01-03 18:59 - 01064581 _____ (Farbar) C:\Dokumente und Einstellungen\Xxx\Desktop\FRST.exe
2014-01-03 18:56 - 2014-01-03 18:56 - 00002076 _____ C:\Dokumente und Einstellungen\Xxx\Desktop\SMC Anwendungen.nal
2014-01-03 18:56 - 2014-01-03 18:56 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Startmenü\SMC Anwendungen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-03 18:52 - 2014-01-03 18:52 - 00001448 _____ C:\WINDOWS\COM+.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00006790 _____ C:\WINDOWS\FaxSetup.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00006639 _____ C:\WINDOWS\iis6.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00005772 _____ C:\WINDOWS\ocgen.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00004591 _____ C:\WINDOWS\tsoc.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00002505 _____ C:\WINDOWS\comsetup.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00001891 _____ C:\WINDOWS\imsins.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00001864 _____ C:\WINDOWS\msmqinst.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00001809 _____ C:\WINDOWS\ntdtcsetup.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00001592 _____ C:\WINDOWS\netfxocm.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00000719 _____ C:\WINDOWS\MedCtrOC.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00000473 _____ C:\WINDOWS\msgsocm.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00000425 _____ C:\WINDOWS\ocmsn.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00000311 _____ C:\WINDOWS\tabletoc.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-01 17:52 - 2014-01-03 19:00 - 00032542 _____ C:\Dokumente und Einstellungen\Xxx\Desktop\FRST.txt
2014-01-01 17:33 - 2014-01-01 17:33 - 00003758 _____ C:\WINDOWS\bitssetup.log
2014-01-01 16:58 - 2014-01-01 16:58 - 00001815 _____ C:\Dokumente und Einstellungen\Xxx\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-01-01 16:58 - 2014-01-01 16:58 - 00000000 ____D C:\Programme\Tweaking.com
2014-01-01 16:58 - 2014-01-01 16:58 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Tweaking.com
2014-01-01 01:45 - 2014-01-01 01:45 - 00054016 _____ C:\WINDOWS\system32\Drivers\eyjoyrqc.sys
2013-12-31 16:07 - 2013-12-31 16:07 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\SMC Vorlagen für Office 2010
2013-12-31 16:06 - 2013-12-31 16:06 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\SMC
2013-12-27 16:06 - 2013-12-27 16:06 - 00000075 _____ C:\WINDOWS\wininit.ini
2013-12-27 16:01 - 2013-12-28 09:47 - 00000000 ____D C:\Programme\Gemeinsame Dateien\PC Tools
2013-12-27 16:01 - 2013-12-28 09:10 - 00885763 _____ C:\WINDOWS\system32\Drivers\Cat.DB
2013-12-27 16:01 - 2012-11-01 15:35 - 00202280 _____ (PC Tools) C:\WINDOWS\system32\Drivers\PCTSD.sys
2013-12-27 16:00 - 2013-12-28 09:41 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
2013-12-27 16:00 - 2013-12-27 16:00 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\TestApp
2013-12-27 15:58 - 2013-12-27 17:52 - 00000000 ____D C:\Programme\Spybot - Search & Destroy 2
2013-12-27 15:58 - 2013-12-27 17:51 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2013-12-27 15:58 - 2013-12-27 16:06 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2013-12-27 15:54 - 2013-12-27 15:54 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-12-27 14:51 - 2013-12-27 14:51 - 00058278 _____ D:\\bookmark.htm
2013-12-27 01:47 - 2013-12-27 06:53 - 00000000 ____D C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP
2013-12-27 01:47 - 2013-12-27 01:47 - 00000000 ____D C:\Programme\Enigma Software Group
2013-12-27 01:46 - 2013-12-27 01:46 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2013-12-27 00:25 - 2013-12-27 00:25 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\Grisoft
2013-12-27 00:24 - 2013-12-27 00:24 - 00000838 _____ C:\Dokumente und Einstellungen\All Users\Desktop\AVG Anti-Spyware.lnk
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Programme\Grisoft
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG Anti-Spyware 7.5
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft
2013-12-27 00:24 - 2007-05-30 13:10 - 00010872 _____ (GRISOFT, s.r.o.) C:\WINDOWS\system32\Drivers\AvgAsCln.sys
2013-12-26 23:49 - 2014-01-03 18:54 - 00031816 _____ C:\WINDOWS\setupapi.log
2013-12-26 23:43 - 2013-12-26 23:52 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator
2013-12-26 23:43 - 2013-12-26 23:43 - 00000712 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk
2013-12-26 23:43 - 2013-12-26 23:43 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\Spyware Terminator
2013-12-26 23:43 - 2013-12-26 23:43 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spyware Terminator 2012
2013-12-26 23:43 - 2011-06-21 11:24 - 00032768 _____ C:\WINDOWS\system32\Drivers\sp_rsdrv2.sys
2013-12-26 23:42 - 2013-12-26 23:42 - 00000000 ____D D:\\MAGIX_MxTray
2013-12-26 23:40 - 2013-12-26 23:43 - 00000000 ____D C:\Programme\Spyware Terminator
2013-12-26 23:14 - 2013-12-26 23:42 - 00000000 ____D D:\\OnDemandDump
2013-12-26 23:14 - 2013-12-26 23:42 - 00000000 ____D D:\\CrashLog
2013-12-26 23:14 - 2013-12-26 23:14 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\MAGIX
2013-12-26 23:12 - 2013-12-27 15:15 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MAGIX
2013-12-26 23:12 - 2013-12-26 23:14 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
2013-12-26 23:12 - 2013-12-26 23:12 - 00000000 ____D C:\Programme\MAGIX
2013-12-26 23:04 - 2013-12-26 23:04 - 00000000 ____D C:\Programme\Ashampoo
2013-12-26 23:04 - 2013-12-26 23:04 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ashampoo
2013-12-26 23:04 - 2009-08-24 21:08 - 00028160 _____ (mst software GmbH, Germany) C:\WINDOWS\system32\DfSdkBt.exe
2013-12-26 22:58 - 2013-12-26 22:58 - 00001698 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\X-Setup Pro.lnk
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Programme\X-Setup Pro
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\X-Setup Pro
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X-Setup Pro
2013-12-26 22:47 - 2014-01-03 18:55 - 00023694 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-26 22:26 - 2013-12-27 14:57 - 00002180 _____ C:\Dokumente und Einstellungen\Xxx\daemonprocess.txt
2013-12-26 22:26 - 2013-12-26 22:26 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\.android
2013-12-13 21:13 - 2013-12-29 14:33 - 00000000 ____D C:\AdwCleaner
2013-12-10 21:16 - 2013-12-10 21:16 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
2013-12-08 19:32 - 2013-12-08 19:32 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-12-08 19:32 - 2013-12-08 19:32 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2013-12-05 22:17 - 2013-12-05 22:17 - 00001758 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Digital Editions 2.0.lnk
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D D:\\My Digital Editions
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe
2013-12-05 22:11 - 2013-12-05 22:31 - 00000000 ____D D:\\Calibre-Bibliothek
2013-12-05 22:11 - 2013-12-05 22:12 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\calibre
2013-12-05 22:11 - 2013-12-05 22:11 - 00000000 ____D C:\Programme\Calibre2
2013-12-05 22:11 - 2013-12-05 22:11 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\calibre - E-book Management
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D D:\\iPubsoft files
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D D:\\iPubsoft
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\iPubsoft
2013-12-05 21:35 - 2013-12-05 21:35 - 00000000 ____D C:\Programme\iPubsoft
2013-12-05 21:35 - 2013-12-05 21:35 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iPubsoft
==================== One Month Modified Files and Folders =======
2014-01-03 19:00 - 2014-01-01 17:52 - 00032542 _____ C:\Dokumente und Einstellungen\Xxx\Desktop\FRST.txt
2014-01-03 19:00 - 2010-11-12 11:22 - 00000000 ____D D:\\Temp
2014-01-03 18:59 - 2014-01-03 19:00 - 01064581 _____ (Farbar) C:\Dokumente und Einstellungen\Xxx\Desktop\FRST.exe
2014-01-03 18:59 - 2013-07-07 19:52 - 00000000 ____D C:\FRST
2014-01-03 18:58 - 2009-12-01 18:29 - 01148676 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-03 18:58 - 2008-04-15 18:30 - 00355152 _____ C:\WINDOWS\system32\perfh015.dat
2014-01-03 18:58 - 2008-04-15 18:30 - 00049376 _____ C:\WINDOWS\system32\perfc015.dat
2014-01-03 18:56 - 2014-01-03 18:56 - 00002076 _____ C:\Dokumente und Einstellungen\Xxx\Desktop\SMC Anwendungen.nal
2014-01-03 18:56 - 2014-01-03 18:56 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Startmenü\SMC Anwendungen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-03 18:56 - 2010-11-12 14:26 - 00000000 ___RD C:\Dokumente und Einstellungen\Xxx\Startmenü
2014-01-03 18:55 - 2013-12-26 22:47 - 00023694 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-03 18:55 - 2010-11-12 13:32 - 00000316 _____ C:\WINDOWS\Tasks\PMTask.job
2014-01-03 18:55 - 2010-11-12 11:20 - 00000000 ___HD C:\NALCache
2014-01-03 18:54 - 2013-12-26 23:49 - 00031816 _____ C:\WINDOWS\setupapi.log
2014-01-03 18:54 - 2012-05-29 21:11 - 00001104 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-03 18:54 - 2011-01-06 11:01 - 00000000 ____D C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\VMware
2014-01-03 18:54 - 2011-01-06 11:00 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VMware
2014-01-03 18:54 - 2010-11-12 14:27 - 00000972 __RSH C:\Dokumente und Einstellungen\Xxx\ntuser.pol
2014-01-03 18:54 - 2010-11-12 14:26 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx
2014-01-03 18:54 - 2010-11-12 11:32 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy.UserCache
2014-01-03 18:54 - 2010-11-12 11:20 - 00019868 __RSH C:\Dokumente und Einstellungen\All Users\ntuser.pol
2014-01-03 18:54 - 2010-11-12 11:20 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2014-01-03 18:54 - 2009-12-01 18:31 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-03 18:54 - 2009-12-01 18:31 - 00000050 _____ C:\WINDOWS\wiaservc.log
2014-01-03 18:54 - 2008-04-14 18:30 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-03 18:53 - 2009-12-01 18:28 - 00274168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-03 18:53 - 2009-12-01 14:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-03 18:52 - 2014-01-03 18:52 - 00001448 _____ C:\WINDOWS\COM+.log
2014-01-03 18:52 - 2010-11-12 14:27 - 00000190 ___SH C:\Dokumente und Einstellungen\Xxx\ntuser.ini
2014-01-03 18:52 - 2010-11-12 12:33 - 02097152 _____ C:\WINDOWS\system32\config\PatchLin.evt
2014-01-03 18:52 - 2009-12-01 14:11 - 00032530 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-03 18:51 - 2013-07-18 20:23 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2014-01-03 18:50 - 2009-12-01 14:03 - 00000000 ____D C:\WINDOWS\Registration
2014-01-03 18:49 - 2009-12-01 14:06 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2014-01-03 18:49 - 2009-12-01 14:06 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2014-01-03 18:29 - 2013-02-03 16:18 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-03 18:17 - 2009-12-01 19:23 - 00000000 ____D C:\WINDOWS\repair
2014-01-03 18:14 - 2012-07-19 16:05 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2014-01-03 18:02 - 2012-05-29 21:11 - 00001108 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-03 15:14 - 2010-11-12 11:24 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-01 18:31 - 2009-12-01 18:29 - 00000000 ___RD C:\Programme
2014-01-01 18:29 - 2014-01-01 18:29 - 00006790 _____ C:\WINDOWS\FaxSetup.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00006639 _____ C:\WINDOWS\iis6.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00005772 _____ C:\WINDOWS\ocgen.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00004591 _____ C:\WINDOWS\tsoc.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00002505 _____ C:\WINDOWS\comsetup.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00001891 _____ C:\WINDOWS\imsins.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00001864 _____ C:\WINDOWS\msmqinst.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00001809 _____ C:\WINDOWS\ntdtcsetup.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00001592 _____ C:\WINDOWS\netfxocm.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00000719 _____ C:\WINDOWS\MedCtrOC.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00000473 _____ C:\WINDOWS\msgsocm.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00000425 _____ C:\WINDOWS\ocmsn.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00000311 _____ C:\WINDOWS\tabletoc.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-01 18:29 - 2014-01-01 18:29 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-01 17:33 - 2014-01-01 17:33 - 00003758 _____ C:\WINDOWS\bitssetup.log
2014-01-01 17:17 - 2011-02-14 15:53 - 00000000 ____D D:\\Downloads
2014-01-01 16:58 - 2014-01-01 16:58 - 00001815 _____ C:\Dokumente und Einstellungen\Xxx\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-01-01 16:58 - 2014-01-01 16:58 - 00000000 ____D C:\Programme\Tweaking.com
2014-01-01 16:58 - 2014-01-01 16:58 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Tweaking.com
2014-01-01 16:58 - 2009-12-01 18:29 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-01-01 16:46 - 2010-11-12 13:35 - 00000463 _____ C:\WINDOWS\smscfg.ini
2014-01-01 16:34 - 2010-11-12 11:31 - 00000000 ____D C:\Programme\PowerArchiver
2014-01-01 16:27 - 2010-11-12 11:31 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PowerArchiver
2014-01-01 13:07 - 2010-11-16 11:10 - 00000000 __SHD C:\Dokumente und Einstellungen\Xxx\UserData
2014-01-01 01:45 - 2014-01-01 01:45 - 00054016 _____ C:\WINDOWS\system32\Drivers\eyjoyrqc.sys
2014-01-01 01:45 - 2009-12-01 19:23 - 00000000 ____D C:\WINDOWS\security
2013-12-31 17:29 - 2010-11-12 13:23 - 00000000 __SHD D:\\System Volume Information
2013-12-31 16:07 - 2013-12-31 16:07 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\SMC Vorlagen für Office 2010
2013-12-31 16:07 - 2009-12-01 18:29 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü
2013-12-31 16:06 - 2013-12-31 16:06 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\SMC
2013-12-29 14:33 - 2013-12-13 21:13 - 00000000 ____D C:\AdwCleaner
2013-12-28 13:06 - 2013-07-07 22:11 - 00001024 _____ C:\WINDOWS\system32\default_user_class.dat.LOG
2013-12-28 09:47 - 2013-12-27 16:01 - 00000000 ____D C:\Programme\Gemeinsame Dateien\PC Tools
2013-12-28 09:41 - 2013-12-27 16:00 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
2013-12-28 09:10 - 2013-12-27 16:01 - 00885763 _____ C:\WINDOWS\system32\Drivers\Cat.DB
2013-12-27 17:52 - 2013-12-27 15:58 - 00000000 ____D C:\Programme\Spybot - Search & Destroy 2
2013-12-27 17:52 - 2012-04-28 12:09 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-12-27 17:51 - 2013-12-27 15:58 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2013-12-27 17:02 - 2009-12-01 14:11 - 00000000 __SHD C:\Dokumente und Einstellungen\NetworkService
2013-12-27 16:06 - 2013-12-27 16:06 - 00000075 _____ C:\WINDOWS\wininit.ini
2013-12-27 16:06 - 2013-12-27 15:58 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2013-12-27 16:04 - 2010-11-19 11:05 - 00000000 ____D C:\Programme\Hardcopy
2013-12-27 16:00 - 2013-12-27 16:00 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\TestApp
2013-12-27 15:54 - 2013-12-27 15:54 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-12-27 15:15 - 2013-12-26 23:12 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MAGIX
2013-12-27 14:57 - 2013-12-26 22:26 - 00002180 _____ C:\Dokumente und Einstellungen\Xxx\daemonprocess.txt
2013-12-27 14:51 - 2013-12-27 14:51 - 00058278 _____ D:\\bookmark.htm
2013-12-27 14:47 - 2009-12-01 14:11 - 00000000 __SHD C:\Dokumente und Einstellungen\LocalService
2013-12-27 14:47 - 2009-12-01 14:11 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator
2013-12-27 14:46 - 2013-07-08 20:18 - 00000000 ____D C:\JRT
2013-12-27 14:46 - 2009-12-01 19:23 - 00000000 ____D C:\WINDOWS\Help
2013-12-27 14:32 - 2009-12-01 14:12 - 00000000 ____D C:\WINDOWS\I386
2013-12-27 07:00 - 2010-11-12 18:10 - 00000000 __SHD C:\WINDOWS\CSC
2013-12-27 06:53 - 2013-12-27 01:47 - 00000000 ____D C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP
2013-12-27 06:53 - 2010-11-12 14:26 - 00000000 ___RD C:\Dokumente und Einstellungen\Xxx\Startmenü\Programme
2013-12-27 01:55 - 2010-11-12 14:27 - 00001606 _____ C:\Dokumente und Einstellungen\Xxx\Startmenü\Programme\Remoteunterstützung.lnk
2013-12-27 01:54 - 2010-07-26 10:30 - 00001606 _____ C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Remoteunterstützung.lnk
2013-12-27 01:53 - 2010-07-26 10:29 - 00001606 _____ C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Remoteunterstützung.lnk
2013-12-27 01:47 - 2013-12-27 01:47 - 00000000 ____D C:\Programme\Enigma Software Group
2013-12-27 01:46 - 2013-12-27 01:46 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2013-12-27 00:47 - 2012-11-11 18:00 - 00000888 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
2013-12-27 00:47 - 2012-11-11 18:00 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome
2013-12-27 00:47 - 2012-03-14 10:47 - 00000709 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
2013-12-27 00:47 - 2011-01-08 13:19 - 00000676 _____ C:\Dokumente und Einstellungen\Xxx\Startmenü\Programme\Internet Explorer.lnk
2013-12-27 00:47 - 2010-12-01 20:25 - 00000703 _____ C:\Dokumente und Einstellungen\All Users\Desktop\sps.lnk
2013-12-27 00:47 - 2010-11-12 14:26 - 00000000 ___RD C:\Dokumente und Einstellungen\Xxx\Startmenü\Programme\Autostart
2013-12-27 00:25 - 2013-12-27 00:25 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\Grisoft
2013-12-27 00:24 - 2013-12-27 00:24 - 00000838 _____ C:\Dokumente und Einstellungen\All Users\Desktop\AVG Anti-Spyware.lnk
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Programme\Grisoft
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG Anti-Spyware 7.5
2013-12-27 00:24 - 2013-12-27 00:24 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft
2013-12-26 23:52 - 2013-12-26 23:43 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator
2013-12-26 23:43 - 2013-12-26 23:43 - 00000712 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk
2013-12-26 23:43 - 2013-12-26 23:43 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\Spyware Terminator
2013-12-26 23:43 - 2013-12-26 23:43 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spyware Terminator 2012
2013-12-26 23:43 - 2013-12-26 23:40 - 00000000 ____D C:\Programme\Spyware Terminator
2013-12-26 23:42 - 2013-12-26 23:42 - 00000000 ____D D:\\MAGIX_MxTray
2013-12-26 23:42 - 2013-12-26 23:14 - 00000000 ____D D:\\OnDemandDump
2013-12-26 23:42 - 2013-12-26 23:14 - 00000000 ____D D:\\CrashLog
2013-12-26 23:28 - 2012-11-10 15:59 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 7
2013-12-26 23:14 - 2013-12-26 23:14 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\MAGIX
2013-12-26 23:14 - 2013-12-26 23:12 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
2013-12-26 23:12 - 2013-12-26 23:12 - 00000000 ____D C:\Programme\MAGIX
2013-12-26 23:04 - 2013-12-26 23:04 - 00000000 ____D C:\Programme\Ashampoo
2013-12-26 23:04 - 2013-12-26 23:04 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ashampoo
2013-12-26 22:58 - 2013-12-26 22:58 - 00001698 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\X-Setup Pro.lnk
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Programme\X-Setup Pro
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\X-Setup Pro
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X-Setup Pro
2013-12-26 22:48 - 2013-09-30 08:22 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Desktop\tmp
2013-12-26 22:29 - 2012-02-26 22:17 - 00000661 _____ C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
2013-12-26 22:29 - 2012-02-26 22:17 - 00000000 ____D C:\Programme\CCleaner
2013-12-26 22:26 - 2013-12-26 22:26 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\.android
2013-12-20 08:34 - 2010-11-12 11:22 - 00000000 ____D D:\\Favoriten
2013-12-18 22:14 - 2009-12-01 18:31 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2013-12-11 18:29 - 2012-11-13 01:20 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-11 18:29 - 2012-11-13 01:20 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-10 21:16 - 2013-12-10 21:16 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
2013-12-10 21:16 - 2012-05-29 21:11 - 00000000 ____D C:\Programme\Google
2013-12-08 19:32 - 2013-12-08 19:32 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-08 19:32 - 2013-12-08 19:32 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-12-08 19:32 - 2013-12-08 19:32 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2013-12-08 19:32 - 2012-03-14 11:11 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-12-08 19:32 - 2010-12-01 09:22 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Java
2013-12-05 22:31 - 2013-12-05 22:11 - 00000000 ____D D:\\Calibre-Bibliothek
2013-12-05 22:17 - 2013-12-05 22:17 - 00001758 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Digital Editions 2.0.lnk
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D D:\\My Digital Editions
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe
2013-12-05 22:17 - 2012-11-11 18:00 - 00000000 ____D C:\Programme\Adobe
2013-12-05 22:12 - 2013-12-05 22:11 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\calibre
2013-12-05 22:11 - 2013-12-05 22:11 - 00000000 ____D C:\Programme\Calibre2
2013-12-05 22:11 - 2013-12-05 22:11 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\calibre - E-book Management
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D D:\\iPubsoft files
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D D:\\iPubsoft
2013-12-05 21:55 - 2013-12-05 21:55 - 00000000 ____D C:\Dokumente und Einstellungen\Xxx\Anwendungsdaten\iPubsoft
2013-12-05 21:35 - 2013-12-05 21:35 - 00000000 ____D C:\Programme\iPubsoft
2013-12-05 21:35 - 2013-12-05 21:35 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iPubsoft
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2008-04-14 18:30] - [2008-04-14 18:30] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[2008-04-14 18:30] - [2008-04-14 18:30] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[2008-04-14 18:30] - [2008-04-14 18:30] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[2009-02-09 17:51] - [2009-02-09 17:51] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[2008-04-14 18:30] - [2008-04-14 18:30] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[2008-04-14 18:30] - [2008-04-14 18:30] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 18:30] - [2008-04-14 18:30] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
Gruß tw14199 Geändert von tw14199 (03.01.2014 um 19:02 Uhr) |
|
04.01.2014, 15:37
| #12 |
| /// the machine /// TB-Ausbilder | Backdoor sdboot.ry Virus kann nicht gelöscht werden XP CD zur Hand?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.01.2014, 22:31
| #13 |
| | Backdoor sdboot.ry Virus kann nicht gelöscht werden Hallo Schrauber, sorry habe keine XP CD, da es sich um einen Arbeitsrechner handelt. Das mit dem abgesicherten Modus wäre nicht so schlimm. Möchte nur alle Viren, Trojaner loswerden. Gruß TW14199 |
|
06.01.2014, 16:46
| #14 |
| /// the machine /// TB-Ausbilder | Backdoor sdboot.ry Virus kann nicht gelöscht werden Fertig Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Backdoor sdboot.ry Virus kann nicht gelöscht werden |
| abgesicherte, abgesicherten, abgesicherter, backdoor, backdoor bot, backdoor sd, backdoor sdboot, entfernung, gelöscht, hallo zusammen, langsam, mobogenie, mobogenie entfernen, modus, pum.disabled.securitycenter, scantool, spyhunter, spyhunter entfernen, spyware, u.s./worldwide, verwendet, win32/adware.speedingupmypc.c, win32/adware.speedingupmypc.d, win32/bho.ogv, win32/webprefix.b |
