Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojan.Agent eingefangen

Trojan.Agent eingefangen


Plagegeister aller Art und deren Bekämpfung: Trojan.Agent eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 3 1 2 3
Alt 10.10.2012, 20:34   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Agent eingefangen - Standard

Trojan.Agent eingefangen


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.10.2012, 21:10   #17
strichsieben
 
Trojan.Agent eingefangen - Standard

Trojan.Agent eingefangen


Habe die OTL.Txt erstellen lassen, kann diese aber nicht senden, ist um ca. 2.000 Zeichen zu lang. Soll ich das zippen und per anhang senden?

Viele Grüße
__________________
Alt 11.10.2012, 13:32   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Agent eingefangen - Standard

Trojan.Agent eingefangen


Oder auf zwei Postings verteilt
__________________
__________________
Alt 11.10.2012, 15:02   #19
strichsieben
 
Trojan.Agent eingefangen - Standard

Trojan.Agent eingefangen


OK, hier der erste Teil:

Code:
ATTFilter
OTL logfile created on: 10.10.2012 21:40:20 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 57,79% Memory free
7,90 Gb Paging File | 4,68 Gb Available in Paging File | 59,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 150,67 Gb Total Space | 50,64 Gb Free Space | 33,61% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 34,76 Gb Free Space | 71,18% Space Free | Partition Type: NTFS
Drive E: | 98,29 Gb Total Space | 56,87 Gb Free Space | 57,86% Space Free | Partition Type: NTFS
Drive F: | 45,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: USER-HP | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.10 21:36:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2012.10.06 18:01:48 | 003,084,176 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.07.30 15:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- D:\Adobe CS\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012.07.10 13:46:17 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.05.25 10:48:45 | 003,987,376 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
PRC - [2011.10.27 11:11:14 | 009,211,392 | ---- | M] (Celartem, Inc., doing business as Extensis.) -- C:\Program Files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe
PRC - [2011.10.20 18:57:37 | 000,330,104 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2011.10.20 18:57:34 | 001,126,264 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
PRC - [2011.10.20 18:57:34 | 000,980,856 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
PRC - [2011.10.20 18:57:34 | 000,203,640 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
PRC - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.09.05 09:57:24 | 000,476,728 | ---- | M] (Hewlett-Packard Company) -- c:\Windows\SysWOW64\flcdlock.exe
PRC - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.08.26 14:35:12 | 012,277,248 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2011.08.26 14:35:08 | 000,322,048 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2011.08.05 09:12:54 | 000,823,120 | R--- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2011.07.13 16:03:48 | 002,084,864 | ---- | M] (USB Server) -- C:\Program Files (x86)\USB Server 2\USB Server.exe
PRC - [2011.07.06 18:20:10 | 001,698,360 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
PRC - [2011.06.27 10:33:38 | 000,140,544 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda Security\WaAgent\Scheduler\PavSched.exe
PRC - [2011.06.10 12:22:06 | 000,314,696 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
PRC - [2011.05.31 12:11:50 | 000,206,664 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda Security\WaAgent\WasWD\WasWD.exe
PRC - [2011.05.31 12:09:52 | 000,322,376 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda Security\WaAgent\WasAgent\WasAgent.exe
PRC - [2011.05.17 16:05:34 | 000,342,344 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda Security\WAC\PsCtrlS.exe
PRC - [2011.03.16 12:26:42 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
PRC - [2011.03.16 12:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011.02.24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011.01.26 19:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.04 00:16:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.01.04 00:16:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () -- E:\Websites\xampp\mysql\bin\mysqld.exe
PRC - [2010.11.17 19:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.11.11 09:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
PRC - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) -- E:\Websites\xampp\apache\bin\httpd.exe
PRC - [2010.09.21 18:06:48 | 000,140,096 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda Security\WAC\PsCtrlC.exe
PRC - [2010.08.16 14:32:48 | 000,027,968 | ---- | M] (Panda Software International) -- C:\Program Files (x86)\Panda Security\WAC\psksvc.exe
PRC - [2010.07.27 12:24:34 | 000,087,360 | ---- | M] (Panda Security International) -- C:\Program Files (x86)\Panda Security\WAC\WebProxy.exe
PRC - [2010.07.14 19:42:28 | 000,313,152 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\WAC\pavsrvx86.exe
PRC - [2010.06.25 12:36:28 | 000,107,328 | ---- | M] (Panda Security S.L.) -- C:\Program Files (x86)\Panda Security\WAC\PSIMSVC.EXE
PRC - [2010.06.21 10:14:20 | 000,081,920 | ---- | M] (FirebirdSQL Project) -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe
PRC - [2010.06.21 10:14:18 | 002,043,904 | ---- | M] (FirebirdSQL Project) -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe
PRC - [2010.05.28 13:42:34 | 000,225,088 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\WAC\AVENGINE.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.10 18:48:31 | 014,412,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011.10.27 11:01:14 | 001,007,616 | ---- | M] () -- C:\Program Files (x86)\Extensis\Suitcase Fusion 3\libxml2.2.6.24.dll
MOD - [2011.10.27 11:01:14 | 000,901,120 | ---- | M] () -- C:\Program Files (x86)\Extensis\Suitcase Fusion 3\iconv-1.9.2.dll
MOD - [2011.10.27 11:01:14 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Extensis\Suitcase Fusion 3\libcharset.dll
MOD - [2011.09.05 09:57:34 | 000,366,136 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll
MOD - [2011.07.13 16:03:46 | 000,483,328 | ---- | M] () -- C:\Program Files (x86)\USB Server 2\PSMDLL.dll
MOD - [2011.07.13 16:03:46 | 000,262,144 | ---- | M] () -- C:\Program Files (x86)\USB Server 2\DCPDLL.dll
MOD - [2011.07.13 16:03:46 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\USB Server 2\UNTPDLL.dll
MOD - [2011.07.13 16:03:46 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\USB Server 2\ESTLogDLL.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
MOD - [2011.03.04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011.03.04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011.03.04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009.02.27 16:39:29 | 000,019,968 | ---- | M] () -- D:\Adobe CS\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009.02.27 16:32:27 | 000,020,480 | ---- | M] () -- D:\Adobe CS\Acrobat 9.0\Acrobat\AcroTray.FRA
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.04.17 08:29:47 | 000,263,680 | ---- | M] (Digital Dynamic) [Auto | Stopped] -- C:\Windows\SysNative\backupsvc.dll -- (backupsvc)
SRV:64bit: - [2011.08.30 13:51:56 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:64bit: - [2011.08.30 13:51:56 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011.08.25 15:59:10 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011.08.23 04:37:04 | 003,175,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2011.08.22 16:24:04 | 001,318,912 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)
SRV:64bit: - [2011.08.05 09:13:00 | 000,486,224 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2011.07.15 15:09:38 | 000,137,272 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2011.05.13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011.03.25 17:19:08 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011.02.06 09:39:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.12.04 01:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.06 18:01:48 | 003,084,176 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012.09.07 18:31:30 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.10 13:46:17 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.05.25 10:48:45 | 003,987,376 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.10.20 18:57:34 | 001,126,264 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe -- (IFXSpMgtSrv)
SRV - [2011.10.20 18:57:34 | 000,980,856 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe -- (IFXTCS)
SRV - [2011.10.20 18:57:34 | 000,203,640 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2011.10.19 14:20:44 | 000,009,216 | ---- | M] (Vodafone) [Disabled | Stopped] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.09.05 09:57:24 | 000,476,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.08.26 14:35:08 | 000,322,048 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2011.08.25 15:58:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.08.23 04:23:48 | 002,774,320 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2011.08.11 20:29:24 | 001,128,952 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011.07.06 18:20:10 | 001,698,360 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011.06.27 10:33:38 | 000,140,544 | ---- | M] (Panda Security) [Auto | Running] -- C:\Program Files (x86)\Panda Security\WaAgent\Scheduler\PavSched.exe -- (PavAt3Scheduler)
SRV - [2011.06.10 12:22:06 | 000,314,696 | ---- | M] (Panda Security) [Auto | Running] -- C:\Program Files (x86)\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe -- (PavWASLpMng)
SRV - [2011.05.31 12:11:50 | 000,206,664 | ---- | M] (Panda Security) [Auto | Running] -- C:\Program Files (x86)\Panda Security\WaAgent\WasWD\WasWD.exe -- (WASWD)
SRV - [2011.05.31 12:09:52 | 000,322,376 | ---- | M] (Panda Security) [Auto | Running] -- C:\Program Files (x86)\Panda Security\WaAgent\WasAgent\WasAgent.exe -- (WASAgent)
SRV - [2011.05.23 11:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011.05.17 16:05:34 | 000,342,344 | ---- | M] (Panda Security) [Auto | Running] -- C:\Program Files (x86)\Panda Security\WAC\PsCtrlS.exe -- (Panda Software Controller)
SRV - [2011.03.16 12:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011.02.24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011.01.26 19:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.01.15 14:32:30 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2011.01.04 00:16:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.01.04 00:16:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () [Auto | Running] -- E:\Websites\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2010.11.11 09:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Running] -- E:\Websites\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2010.10.17 21:38:42 | 000,742,912 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- E:\Websites\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
SRV - [2010.08.16 14:32:48 | 000,027,968 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Program Files (x86)\Panda Security\WAC\psksvc.exe -- (PskSvc)
SRV - [2010.08.02 18:49:04 | 001,075,832 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.07.14 19:42:28 | 000,313,152 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\WAC\pavsrvx86.exe -- (PavSrv)
SRV - [2010.06.25 12:36:28 | 000,107,328 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\WAC\PSIMSVC.EXE -- (PSImSvc)
SRV - [2010.06.21 10:14:20 | 000,081,920 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2010.06.21 10:14:18 | 002,043,904 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2010.05.19 14:07:42 | 002,736,128 | ---- | M] (Firebird Project) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Mondo Media\FirebirdLocal21\bin\fbserver.exe -- (FirebirdServerMondoLocal21)
SRV - [2010.05.19 14:07:42 | 000,081,920 | ---- | M] (Firebird Project) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Mondo Media\FirebirdLocal21\bin\fbguard.exe -- (FirebirdGuardianMondoLocal21)
SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.23 10:34:57 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.09.23 10:34:57 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.25 10:48:46 | 000,279,136 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012.05.25 10:48:42 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258)
DRV:64bit: - [2012.05.25 10:48:40 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012.05.25 10:48:36 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012.04.15 21:12:43 | 000,142,944 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt61.sys -- (vidsflt61)
DRV:64bit: - [2012.04.15 21:12:40 | 000,133,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2012.03.05 10:32:48 | 000,379,696 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.20 18:57:43 | 000,044,576 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\psd.sys -- (PersonalSecureDrive)
DRV:64bit: - [2011.10.18 19:11:44 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2011.10.18 19:11:34 | 000,415,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2011.10.18 19:11:34 | 000,220,032 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011.10.18 19:11:34 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2011.10.18 19:11:26 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2011.09.16 01:34:38 | 000,392,752 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.08.30 13:52:51 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.08.30 13:51:56 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.08.30 13:30:04 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011.08.30 13:30:04 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.08.30 13:30:04 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.08.30 13:30:04 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.08.30 13:30:04 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.08.22 16:59:42 | 000,100,808 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpeOpal.sys -- (MfeEpeOpal)
DRV:64bit: - [2011.08.22 16:59:26 | 000,158,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)
DRV:64bit: - [2011.05.13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.05.09 15:16:08 | 000,064,312 | ---- | M] (Hewlett-Packard Company) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2011.05.05 00:19:06 | 000,340,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.07 11:28:24 | 000,070,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\amm6460.sys -- (AmFSM)
DRV:64bit: - [2011.02.08 19:26:52 | 000,026,712 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2011.02.06 10:22:40 | 009,090,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.02.06 09:01:44 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.01.30 21:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011.01.14 13:34:26 | 000,066,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.12.21 19:21:16 | 001,826,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010.12.10 23:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 23:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.12.03 03:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.17 03:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.11.11 09:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.17 12:09:14 | 000,240,128 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NUServer64.sys -- (NUServer64)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.06.23 19:18:46 | 000,025,656 | ---- | M] (Evoluent) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EvoMouseDriverFilterHidUsb.sys -- (EvoMouseDriverFilterHidUsb)
DRV:64bit: - [2010.06.23 19:18:46 | 000,022,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EvoMouseDriverMini.sys -- (EvoMouseDriverMini)
DRV:64bit: - [2010.03.19 13:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.01.28 14:51:28 | 000,030,208 | ---- | M] (Elite Silicon Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NUS_Bus.sys -- (NUS_Bus)
DRV:64bit: - [2010.01.26 22:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.11.02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.10.12 15:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.10.06 11:11:38 | 000,199,168 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GenHC.sys -- (EST_Server)
DRV:64bit: - [2009.10.06 11:11:30 | 000,029,696 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenBus.sys -- (EST_BusEnum)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2012.04.30 18:45:28 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc)
DRV - [2011.05.19 14:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\windows\SysWow64\drivers\adfs.sys -- (adfs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4182247998-97663695-2394748825-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-4182247998-97663695-2394748825-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKU\S-1-5-21-4182247998-97663695-2394748825-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-4182247998-97663695-2394748825-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4182247998-97663695-2394748825-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE - HKU\S-1-5-21-4182247998-97663695-2394748825-1001\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-4182247998-97663695-2394748825-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4182247998-97663695-2394748825-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: Technical.support.uniface@compuware.com:4.0.1.10569
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Adobe CS\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011.10.20 18:55:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: D:\Firefox\components [2012.09.12 19:05:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: D:\Firefox\plugins [2012.08.30 11:29:08 | 000,000,000 | ---D | M]
 
[2011.09.05 12:20:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012.10.10 16:57:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\76a3a1ce.default\extensions
[2012.10.10 16:57:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\76a3a1ce.default\extensions\trash
[2012.08.09 16:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\x10\profile\extensions
[2012.08.09 16:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\x10\profile\extensions\staged
[2012.10.10 16:57:59 | 001,626,141 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\76a3a1ce.default\extensions\firebug@software.joehewitt.com.xpi
[2012.09.01 12:44:22 | 001,625,368 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\76a3a1ce.default\extensions\trash\firebug@software.joehewitt.com.xpi
[2012.01.18 23:19:56 | 000,002,417 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\76a3a1ce.default\searchplugins\s-amazon-bymp-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-4182247998-97663695-2394748825-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Adobe CS\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Adobe CS\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume File not found
O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Panda Software Controller Client] C:\Program Files (x86)\Panda Security\WAC\PSCtrlC.exe (Panda Security)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] D:\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4182247998-97663695-2394748825-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-4182247998-97663695-2394748825-1001..\Run: [FMCore.exe] C:\Program Files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe (Celartem, Inc., doing business as Extensis.)
O4 - HKU\S-1-5-21-4182247998-97663695-2394748825-1001..\Run: [USB Server] C:\Program Files (x86)\USB Server 2\USB Server.exe (USB Server)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 45527 = C:\PROGRA~3\LOCALS~1\Temp\msfyqh.cmd
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-4182247998-97663695-2394748825-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll (Panda Software International)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll (Panda Software International)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll (Panda Software International)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll (Panda Software International)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll (Panda Software International)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll (Panda Software International)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll (Panda Software International)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll (Panda Software International)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{243C9AB9-E9A5-40A9-82F5-E0A2E6A660C8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD0E7E29-4039-4E7D-9809-FAF20533E739}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8E2EF79-C678-45E9-B18F-F129137F0F70}: NameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0C002AB-9062-43A8-9E57-91FBC3BDC9C2}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3331F22-4E71-47F2-AD92-72CEF5AE0FBE}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC658871-D813-4D0F-A4EC-E90B40B807C5}: NameServer = 139.7.30.125 139.7.30.126
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.19 16:14:38 | 000,000,116 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2135cd95-6f37-11e1-98a5-cc52af84587e}\Shell - "" = AutoRun
O33 - MountPoints2\{2135cd95-6f37-11e1-98a5-cc52af84587e}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe -- [2011.05.10 23:22:18 | 000,274,432 | R--- | M] (Vodafone)
O33 - MountPoints2\{2135cdc1-6f37-11e1-98a5-cc52af84587e}\Shell - "" = AutoRun
O33 - MountPoints2\{2135cdc1-6f37-11e1-98a5-cc52af84587e}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe -- [2011.05.10 23:22:18 | 000,274,432 | R--- | M] (Vodafone)
O33 - MountPoints2\{2135ce56-6f37-11e1-98a5-cc52af84587e}\Shell - "" = AutoRun
O33 - MountPoints2\{2135ce56-6f37-11e1-98a5-cc52af84587e}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe -- [2011.05.10 23:22:18 | 000,274,432 | R--- | M] (Vodafone)
O33 - MountPoints2\{2287c56e-d21b-11e0-a0f1-cc52af84587e}\Shell - "" = AutoRun
O33 - MountPoints2\{2287c56e-d21b-11e0-a0f1-cc52af84587e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2dd5271e-7006-11e1-8333-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{2dd5271e-7006-11e1-8333-001e101fabdd}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe -- [2011.05.10 23:22:18 | 000,274,432 | R--- | M] (Vodafone)
O33 - MountPoints2\{31610aeb-f194-11e0-b3a8-cc52af84587e}\Shell - "" = AutoRun
O33 - MountPoints2\{31610aeb-f194-11e0-b3a8-cc52af84587e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{40009bc5-a176-11e1-a17c-001e101f57d0}\Shell - "" = AutoRun
O33 - MountPoints2\{40009bc5-a176-11e1-a17c-001e101f57d0}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe -- [2011.05.10 23:22:18 | 000,274,432 | R--- | M] (Vodafone)
O33 - MountPoints2\{66649031-825f-11e1-a753-cc52af84587e}\Shell - "" = AutoRun
O33 - MountPoints2\{66649031-825f-11e1-a753-cc52af84587e}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe -- [2011.05.10 23:22:18 | 000,274,432 | R--- | M] (Vodafone)
O33 - MountPoints2\{862a3c62-1292-11e2-9fb6-001e101f51b6}\Shell - "" = AutoRun
O33 - MountPoints2\{862a3c62-1292-11e2-9fb6-001e101f51b6}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe -- [2011.05.10 23:22:18 | 000,274,432 | R--- | M] (Vodafone)
O33 - MountPoints2\{9241b7db-98d2-11e1-96fa-cc52af84587e}\Shell - "" = AutoRun
O33 - MountPoints2\{9241b7db-98d2-11e1-96fa-cc52af84587e}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe -- [2011.05.10 23:22:18 | 000,274,432 | R--- | M] (Vodafone)
O33 - MountPoints2\{960da992-d3b2-11e0-8779-cc52af84587e}\Shell - "" = AutoRun
O33 - MountPoints2\{960da992-d3b2-11e0-8779-cc52af84587e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{be643947-28f4-11e1-bcd7-9c8e993ed5d5}\Shell - "" = AutoRun
O33 - MountPoints2\{be643947-28f4-11e1-bcd7-9c8e993ed5d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{da4741e1-d39d-11e0-bee1-cc52af84587e}\Shell - "" = AutoRun
O33 - MountPoints2\{da4741e1-d39d-11e0-bee1-cc52af84587e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dc4e722f-cf51-11e0-846d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dc4e722f-cf51-11e0-846d-806e6f6e6963}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{dc4e726e-cf51-11e0-846d-cc52af84587e}\Shell - "" = AutoRun
O33 - MountPoints2\{dc4e726e-cf51-11e0-846d-cc52af84587e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e87702c9-0556-11e2-a06d-001e101f7fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{e87702c9-0556-11e2-a06d-001e101f7fb6}\Shell\AutoRun\command - "" = I:\Startme.exe
O33 - MountPoints2\{f9d34416-9a10-11e1-9e5c-cc52af84587e}\Shell - "" = AutoRun
O33 - MountPoints2\{f9d34416-9a10-11e1-9e5c-cc52af84587e}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe -- [2011.05.10 23:22:18 | 000,274,432 | R--- | M] (Vodafone)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe -- [2011.05.10 23:22:18 | 000,274,432 | R--- | M] (Vodafone)
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe - ()
MsConfig:64bit - StartUpFolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TimePanic.lnk -  - File not found
MsConfig:64bit - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
MsConfig:64bit - StartUpReg: DataCardMonitor - hkey= - key= - D:\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
MsConfig:64bit - StartUpReg: Desktop Disc Tool - hkey= - key= - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
MsConfig:64bit - StartUpReg: HPQuickWebProxy - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: HTC Sync Loader - hkey= - key= - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MsConfig:64bit - StartUpReg: HW_OPENEYE_OUC_ - hkey= - key= - D:\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
MsConfig:64bit - StartUpReg: HW_OPENEYE_OUC_T-Mobile Internet Manager - hkey= - key= - D:\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: IMSS - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: LexwareInfoService - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - D:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg: MfeEpePcMonitor - hkey= - key= - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
MsConfig:64bit - StartUpReg: MobileBroadband - hkey= - key= - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
MsConfig:64bit - StartUpReg: PDF Complete - hkey= - key= - C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
MsConfig:64bit - StartUpReg: SAOB Monitor - hkey= - key= - C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: To-Do DeskList - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

Alt 11.10.2012, 15:05   #20
strichsieben
 
Trojan.Agent eingefangen - Standard

Trojan.Agent eingefangen


... und jetzt der zweite Teil:

Code:
ATTFilter
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {712B0987-AF44-0AC0-AC44-00B387FD4295} - Internet Explorer
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {78C9474A-C58E-DBE3-B692-AC9B16E00EB5} - Java (Sun)
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.10 21:36:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012.10.10 06:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.09 19:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.09 19:51:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.10.09 17:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.10.09 17:25:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012.10.09 17:25:34 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Anti-Malware
[2012.10.09 14:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012.09.23 20:35:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Connectify Hotspot
[2012.09.23 20:35:41 | 000,031,344 | ---- | C] (Connectify) -- C:\windows\SysNative\drivers\cnnctfy2.sys
[2012.09.23 11:42:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Sony
[2012.09.23 10:34:57 | 000,027,760 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\windows\SysNative\drivers\ggsemc.sys
[2012.09.23 10:34:57 | 000,014,448 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\windows\SysNative\drivers\ggflt.sys
[2012.09.23 10:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2012.09.23 10:34:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson
[2012.09.23 10:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012.09.23 10:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2012.09.23 10:33:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2012.09.21 17:54:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Symantec_Corporation
[2012.09.21 17:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Symantec
[2012.09.21 17:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012.09.21 14:11:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\WinRAR
[2012.09.18 11:14:37 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Magento Qmax
[2012.09.17 13:36:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SuperMailer
[2012.09.17 13:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperMailer
[2011.02.24 00:10:36 | 000,020,432 | ---- | C] (Intel Corporation) -- C:\Users\user\AppData\Roaming\JomCap.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.10 21:36:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012.10.10 19:48:30 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 19:48:30 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 19:41:02 | 000,000,374 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics
[2012.10.10 19:40:00 | 003,323,928 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.10.10 19:39:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.10.10 19:38:19 | 4242,915,328 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.10 15:35:00 | 001,622,164 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.10.10 15:35:00 | 000,702,524 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.10.10 15:35:00 | 000,655,860 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.10.10 15:35:00 | 000,150,048 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.10.10 15:35:00 | 000,122,732 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.10.09 21:58:04 | 000,004,381 | ---- | M] () -- C:\Users\user\Desktop\Qmax-Konzept.smp
[2012.10.09 17:26:04 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.10.08 15:41:28 | 001,971,460 | ---- | M] () -- C:\Users\user\Desktop\Portfolio-QmaxKonzept.pdf
[2012.10.06 11:34:42 | 000,000,008 | -H-- | M] () -- C:\Users\user\AppData\Local\L8457789110
[2012.10.05 08:28:01 | 000,000,328 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForuser.job
[2012.10.03 19:40:41 | 000,628,052 | ---- | M] () -- C:\Users\user\Desktop\Mag_crossmedial.pdf
[2012.10.02 20:23:55 | 001,038,415 | ---- | M] () -- C:\Users\user\Desktop\DSC_0008.jpg
[2012.09.28 22:54:49 | 633,288,036 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012.09.23 20:35:41 | 000,031,344 | ---- | M] (Connectify) -- C:\windows\SysNative\drivers\cnnctfy2.sys
[2012.09.23 10:58:01 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2012.09.23 10:58:01 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2012.09.23 10:34:57 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\windows\SysNative\drivers\ggsemc.sys
[2012.09.23 10:34:57 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\windows\SysNative\drivers\ggflt.sys
[2012.09.23 10:33:33 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.09.21 17:30:37 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2012.09.21 13:21:06 | 000,000,340 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForUSER-HP$.job
 
========== Files Created - No Company Name ==========
 
[2012.10.09 21:58:04 | 000,004,381 | ---- | C] () -- C:\Users\user\Desktop\Qmax-Konzept.smp
[2012.10.09 17:26:04 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.10.08 15:37:51 | 001,971,460 | ---- | C] () -- C:\Users\user\Desktop\Portfolio-QmaxKonzept.pdf
[2012.10.03 19:40:41 | 000,628,052 | ---- | C] () -- C:\Users\user\Desktop\Mag_crossmedial.pdf
[2012.10.02 20:23:37 | 001,038,415 | ---- | C] () -- C:\Users\user\Desktop\DSC_0008.jpg
[2012.09.23 10:58:01 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2012.09.23 10:58:01 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2012.09.23 10:33:33 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.09.21 17:30:37 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2012.08.24 20:04:38 | 000,000,008 | -H-- | C] () -- C:\Users\user\AppData\Local\L8457789110
[2012.08.08 13:00:21 | 000,000,239 | ---- | C] () -- C:\Users\user\index.html
[2012.07.25 20:14:46 | 000,015,156 | ---- | C] () -- C:\windows\SysWow64\SELF32.INI
[2012.07.25 15:52:01 | 002,131,863 | ---- | C] () -- C:\Users\user\Veranstaltungen RaBa Umschlag 1.pdf
[2012.07.23 09:40:42 | 000,216,502 | ---- | C] () -- C:\windows\hpwins24.dat
[2012.07.23 09:40:42 | 000,001,758 | ---- | C] () -- C:\windows\hpwmdl24.dat
[2012.07.17 09:13:33 | 000,216,502 | ---- | C] () -- C:\windows\hpwins24.dat.temp
[2012.07.16 08:29:15 | 000,001,758 | ---- | C] () -- C:\windows\hpwmdl24.dat.temp
[2012.06.01 13:36:47 | 000,004,439 | ---- | C] () -- C:\windows\jzwv-f24.ini
[2012.06.01 13:36:47 | 000,001,442 | ---- | C] () -- C:\windows\cqwp_n24.ini
[2012.05.25 18:06:14 | 000,000,017 | ---- | C] () -- C:\Users\user\AppData\Local\resmon.resmoncfg
[2012.03.31 13:41:47 | 000,221,184 | ---- | C] () -- C:\windows\SysWow64\TidyATL.dll
[2011.10.18 15:31:51 | 000,000,133 | ---- | C] () -- C:\windows\AdminIE.ini
[2011.09.14 16:09:30 | 000,250,407 | ---- | C] () -- C:\windows\hpwins11.dat
[2011.09.14 16:09:30 | 000,000,392 | ---- | C] () -- C:\windows\hpwmdl11.dat
[2011.09.14 15:59:48 | 000,250,303 | ---- | C] () -- C:\windows\hpwins11.dat.temp
[2011.09.14 14:52:30 | 000,000,392 | ---- | C] () -- C:\windows\hpwmdl11.dat.temp
[2011.09.14 11:47:40 | 000,053,760 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011.09.14 08:36:45 | 000,000,098 | ---- | C] () -- C:\ProgramData\.ST140
[2011.09.14 08:35:41 | 000,000,010 | ---- | C] () -- C:\ProgramData\.93067BD7-6BGG-312E-86F3-566EB31BBC4E
[2011.09.14 08:35:41 | 000,000,010 | ---- | C] () -- C:\Users\user\AppData\Local\.56C369H5-8CEH-20F1-75G2-452FC2FCCD50
[2011.09.05 09:57:34 | 000,366,136 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll
[2011.08.30 11:08:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\HPUsageTrackingSDK.exe.hpsign
[2011.08.30 11:08:52 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll.hpsign
[2011.08.30 11:08:48 | 000,021,840 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll
[2011.08.23 10:10:44 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign
[2011.08.05 09:12:58 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign
[2011.08.05 09:12:56 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign
[2011.08.05 09:12:54 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign
[2011.08.05 09:11:44 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign
[2011.08.05 09:10:56 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign
[2011.08.05 09:10:30 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2011.08.05 09:10:30 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign
[2011.07.08 02:01:32 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdejfii.sys
[2011.07.08 01:45:26 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011.07.08 01:41:59 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011.07.08 01:41:59 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2011.05.20 05:41:02 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll.hpsign
[2011.05.20 05:40:54 | 000,185,168 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll
[2011.05.13 11:03:16 | 000,303,104 | ---- | C] () -- C:\windows\SysWow64\dnt27VC8.dll
[2011.05.13 11:01:22 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\dntvmc27VC8.dll
[2011.05.13 11:01:00 | 000,086,016 | ---- | C] () -- C:\windows\SysWow64\dntvm27VC8.dll
[2011.03.08 19:12:59 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdejghg.sys
[2011.03.08 18:56:16 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdejgie.sys
[2011.03.08 18:27:28 | 001,603,738 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.02.26 00:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll
[2011.02.21 10:37:16 | 000,038,224 | ---- | C] () -- C:\windows\SysWow64\CoHpCasl.exe
[2011.01.10 21:03:08 | 086,271,980 | ---- | C] () -- C:\windows\SysWow64\BioTrustFace.dat
[2010.12.20 17:27:22 | 000,003,113 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2011.09.14 08:36:02 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-4182247998-97663695-2394748825-1001\$R0NCDVH\Suitcase Fusion\Suitcase Fusion.fontvault\design-pngs\L
[2011.09.14 08:36:02 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-4182247998-97663695-2394748825-1001\$R0NCDVH\Suitcase Fusion\Suitcase Fusion.fontvault\design-pngs\N
[2011.09.14 08:36:03 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-4182247998-97663695-2394748825-1001\$R0NCDVH\Suitcase Fusion\Suitcase Fusion.fontvault\design-pngs\U
[2011.09.20 10:22:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-4182247998-97663695-2394748825-1001\$R0NCDVH\Suitcase Fusion\Suitcase Fusion.fontvault\SA\l
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.08.31 11:25:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator.user-HP\AppData\Roaming\DigitalPersona
[2011.08.31 11:25:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator.user-HP\AppData\Roaming\Infineon
[2011.08.31 11:25:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator.user-HP\AppData\Roaming\Synaptics
[2011.12.29 15:03:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\410F25C9-3E53-43E3-9449-DFDE2B275D25
[2011.09.12 19:35:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Acronis
[2011.11.01 20:38:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Alien Skin
[2011.12.28 21:04:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Amazon
[2012.08.05 15:25:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Amicron-Data
[2011.12.21 12:08:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AnvSoft
[2011.11.28 09:46:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AZURO office
[2011.09.03 14:00:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Blumentals
[2011.11.26 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Buhl Data Service
[2012.07.31 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canon
[2011.10.21 16:30:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ColorSchemer
[2012.04.15 21:12:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\D98B01B8-2DE9-4837-B4CC-45E73D5BBF0C
[2012.04.17 08:29:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Digital Dynamic
[2011.08.24 10:54:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DigitalPersona
[2012.01.02 13:36:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\elsterformular
[2011.08.26 09:39:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Extensis
[2011.12.29 15:03:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FA00F3CA-0587-4D65-88C7-57A925FA569D
[2012.06.26 09:27:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FileMaker
[2012.10.10 18:03:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FileZilla
[2012.04.18 14:16:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FireShot
[2012.01.20 12:55:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HTC
[2011.09.06 13:15:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.08.24 10:55:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Infineon
[2011.12.08 10:39:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Lexware
[2012.03.31 13:42:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mondo Media
[2011.09.06 13:16:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Outlook
[2011.11.28 17:14:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Revolver Preferences
[2012.09.18 17:37:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SuperMailer
[2011.11.09 13:17:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\svBuilder-Pro
[2011.08.24 11:01:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Synaptics
[2011.08.26 09:29:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\T-Mobile Internet Manager
[2011.11.28 16:56:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2012.08.15 09:28:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\To-Do DeskList
[2012.07.31 11:29:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\USB Server
[2012.03.16 09:19:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vodafone
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.29 15:03:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\410F25C9-3E53-43E3-9449-DFDE2B275D25
[2011.09.12 19:35:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Acronis
[2012.06.11 15:51:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Adobe
[2011.11.01 20:38:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Alien Skin
[2011.12.28 21:04:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Amazon
[2012.08.05 15:25:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Amicron-Data
[2011.12.21 12:08:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AnvSoft
[2011.08.24 11:02:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ATI
[2011.11.28 09:46:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AZURO office
[2011.09.03 14:00:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Blumentals
[2011.11.26 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Buhl Data Service
[2012.07.31 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canon
[2011.10.21 16:30:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ColorSchemer
[2012.04.15 21:12:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\D98B01B8-2DE9-4837-B4CC-45E73D5BBF0C
[2012.04.17 08:29:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Digital Dynamic
[2011.08.24 10:54:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DigitalPersona
[2012.01.02 13:36:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\elsterformular
[2011.08.26 09:39:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Extensis
[2011.12.29 15:03:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FA00F3CA-0587-4D65-88C7-57A925FA569D
[2012.06.26 09:27:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FileMaker
[2012.10.10 18:03:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FileZilla
[2012.04.18 14:16:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FireShot
[2011.08.30 13:43:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FLEXnet
[2011.10.21 08:22:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Hewlett-Packard
[2011.12.14 02:58:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Hewlett-Packard Company
[2011.09.14 16:25:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HP
[2011.11.05 19:31:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\hpqLog
[2012.05.17 10:49:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HpUpdate
[2012.01.20 12:55:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HTC
[2011.09.06 13:15:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.08.24 11:01:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Identities
[2011.08.24 10:55:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Infineon
[2011.08.24 11:01:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Intel Corporation
[2011.12.08 10:39:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Lexware
[2012.04.11 11:51:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Macromedia
[2011.08.30 13:43:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Macrovision
[2011.10.25 09:07:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2012.05.10 10:30:23 | 000,000,000 | --SD | M] -- C:\Users\user\AppData\Roaming\Microsoft
[2012.03.31 13:42:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mondo Media
[2011.11.07 21:02:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla
[2011.09.04 13:50:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MozillaControl
[2011.09.06 13:16:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Outlook
[2011.11.28 17:14:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Revolver Preferences
[2011.08.30 15:25:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Roxio
[2011.08.30 15:27:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Roxio Burn
[2012.09.18 17:37:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SuperMailer
[2011.11.09 13:17:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\svBuilder-Pro
[2012.09.21 17:54:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Symantec
[2011.08.24 11:01:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Synaptics
[2011.08.26 09:29:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\T-Mobile Internet Manager
[2011.11.28 16:56:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2012.08.15 09:28:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\To-Do DeskList
[2012.07.31 11:29:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\USB Server
[2012.03.16 09:19:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vodafone
[2012.09.21 14:11:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.01.02 13:37:47 | 008,588,984 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\user\AppData\Roaming\elsterformular\pluginmanager\tmp\install_est10.exe
[2011.10.20 18:55:24 | 001,373,552 | ---- | M] (Flexera Software, Inc.) -- C:\Users\user\AppData\Roaming\FLEXnet\Connect\11\agent.exe
[2011.10.20 18:55:24 | 000,206,112 | ---- | M] (InstallShield Software Corporation) -- C:\Users\user\AppData\Roaming\FLEXnet\Connect\11\dwusplay.exe
[2011.10.20 18:55:24 | 000,439,664 | ---- | M] (Flexera Software, Inc.) -- C:\Users\user\AppData\Roaming\FLEXnet\Connect\11\isdm.exe
[2011.10.20 18:55:24 | 000,087,408 | ---- | M] (Flexera Software, Inc.) -- C:\Users\user\AppData\Roaming\FLEXnet\Connect\11\issch.exe
[2012.04.04 08:25:31 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\user\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.10.20 18:55:25 | 000,718,192 | ---- | M] (Flexera Software, Inc.) -- C:\Users\user\AppData\Roaming\Macrovision\FLEXnet Connect\11\agent.exe
[2011.10.20 18:55:25 | 000,742,768 | ---- | M] (Flexera Software, Inc.) -- C:\Users\user\AppData\Roaming\Macrovision\FLEXnet Connect\6\agent.exe
[2010.01.07 14:35:18 | 001,007,616 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\user\AppData\Roaming\T-Mobile Internet Manager\LiveUpdate.exe
[2009.12.31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\user\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\swsetup\INTELRST\Drivers\x64\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\drivers\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys
[2011.01.13 03:44:08 | 000,355,352 | ---- | M] (Intel Corporation) MD5=F989555F1662581032CCE1578A8FF28E -- C:\swsetup\INTELRST\Drivers\x32\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2010.05.12 10:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010.05.12 10:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.05.12 10:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2010.05.12 10:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.10.29 05:06:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.10.29 05:06:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,632 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2011.08.24 10:54:13 | 000,000,340 | ---- | C] () -- C:\windows\Tasks\HPCeeScheduleForUSER-HP$.job
[2012.03.16 09:27:57 | 000,000,328 | ---- | C] () -- C:\windows\Tasks\HPCeeScheduleForuser.job
[2012.04.16 08:34:38 | 000,000,606 | ---- | C] () -- C:\windows\Tasks\Paragon Archive name arc_160412063143046.job

< End of report >


Alt 11.10.2012, 15:40   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Agent eingefangen - Standard

Trojan.Agent eingefangen


Code:
ATTFilter
(Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
Wieso ist das denn parallel zu Panda installiert? Die werden sich wahrscheinlich nicht vertragen, IIRC nur Malwarebytes verträgt sich mit einem anderen AVP

Bitte Emsisoft deinstallieren, danach bitte ein neues OTL-Log machen
__________________
--> Trojan.Agent eingefangen

Alt 11.10.2012, 16:36   #22
strichsieben
 
Trojan.Agent eingefangen - Standard

Trojan.Agent eingefangen


Emisoft ist weg, hier der neue OTL-Text:

Code:
ATTFilter
OTL logfile created on: 11.10.2012 17:06:35 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 44,67% Memory free
7,90 Gb Paging File | 4,98 Gb Available in Paging File | 63,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 150,67 Gb Total Space | 48,95 Gb Free Space | 32,48% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 34,76 Gb Free Space | 71,18% Space Free | Partition Type: NTFS
Drive E: | 98,29 Gb Total Space | 56,82 Gb Free Space | 57,81% Space Free | Partition Type: NTFS
 
Computer Name: USER-HP | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.10 21:36:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.07.30 15:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- D:\Adobe CS\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012.07.10 13:46:17 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.05.25 10:48:45 | 003,987,376 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
PRC - [2011.10.27 11:11:14 | 009,211,392 | ---- | M] (Celartem, Inc., doing business as Extensis.) -- C:\Program Files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe
PRC - [2011.10.20 18:57:37 | 000,330,104 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2011.10.20 18:57:34 | 001,126,264 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
PRC - [2011.10.20 18:57:34 | 000,980,856 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
PRC - [2011.10.20 18:57:34 | 000,203,640 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
PRC - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.09.05 09:57:24 | 000,476,728 | ---- | M] (Hewlett-Packard Company) -- c:\Windows\SysWOW64\flcdlock.exe
PRC - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.08.26 14:35:12 | 012,277,248 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2011.08.26 14:35:08 | 000,322,048 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2011.08.05 09:12:54 | 000,823,120 | R--- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2011.07.13 16:03:48 | 002,084,864 | ---- | M] (USB Server) -- C:\Program Files (x86)\USB Server 2\USB Server.exe
PRC - [2011.07.06 18:20:10 | 001,698,360 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
PRC - [2011.06.27 10:33:38 | 000,140,544 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda Security\WaAgent\Scheduler\PavSched.exe
PRC - [2011.06.10 12:22:06 | 000,314,696 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
PRC - [2011.05.31 12:11:50 | 000,206,664 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda Security\WaAgent\WasWD\WasWD.exe
PRC - [2011.05.31 12:09:52 | 000,322,376 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda Security\WaAgent\WasAgent\WasAgent.exe
PRC - [2011.05.17 16:05:34 | 000,342,344 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda Security\WAC\PsCtrlS.exe
PRC - [2011.03.16 12:26:42 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
PRC - [2011.03.16 12:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011.02.24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011.01.26 19:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.04 00:16:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.01.04 00:16:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () -- E:\Websites\xampp\mysql\bin\mysqld.exe
PRC - [2010.11.17 19:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.11.11 09:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
PRC - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) -- E:\Websites\xampp\apache\bin\httpd.exe
PRC - [2010.09.21 18:06:48 | 000,140,096 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda Security\WAC\PsCtrlC.exe
PRC - [2010.08.16 14:32:48 | 000,027,968 | ---- | M] (Panda Software International) -- C:\Program Files (x86)\Panda Security\WAC\psksvc.exe
PRC - [2010.07.27 12:24:34 | 000,087,360 | ---- | M] (Panda Security International) -- C:\Program Files (x86)\Panda Security\WAC\WebProxy.exe
PRC - [2010.07.14 19:42:28 | 000,313,152 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\WAC\pavsrvx86.exe
PRC - [2010.06.25 12:36:28 | 000,107,328 | ---- | M] (Panda Security S.L.) -- C:\Program Files (x86)\Panda Security\WAC\PSIMSVC.EXE
PRC - [2010.06.21 10:14:20 | 000,081,920 | ---- | M] (FirebirdSQL Project) -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe
PRC - [2010.06.21 10:14:18 | 002,043,904 | ---- | M] (FirebirdSQL Project) -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe
PRC - [2010.05.28 13:42:34 | 000,225,088 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\WAC\AVENGINE.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.10 18:48:31 | 014,412,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011.10.27 11:01:14 | 001,007,616 | ---- | M] () -- C:\Program Files (x86)\Extensis\Suitcase Fusion 3\libxml2.2.6.24.dll
MOD - [2011.10.27 11:01:14 | 000,901,120 | ---- | M] () -- C:\Program Files (x86)\Extensis\Suitcase Fusion 3\iconv-1.9.2.dll
MOD - [2011.10.27 11:01:14 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Extensis\Suitcase Fusion 3\libcharset.dll
MOD - [2011.09.05 09:57:34 | 000,366,136 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll
MOD - [2011.07.13 16:03:46 | 000,483,328 | ---- | M] () -- C:\Program Files (x86)\USB Server 2\PSMDLL.dll
MOD - [2011.07.13 16:03:46 | 000,262,144 | ---- | M] () -- C:\Program Files (x86)\USB Server 2\DCPDLL.dll
MOD - [2011.07.13 16:03:46 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\USB Server 2\UNTPDLL.dll
MOD - [2011.07.13 16:03:46 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\USB Server 2\ESTLogDLL.dll
MOD - [2011.03.04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011.03.04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011.03.04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009.02.27 16:39:29 | 000,019,968 | ---- | M] () -- D:\Adobe CS\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009.02.27 16:32:27 | 000,020,480 | ---- | M] () -- D:\Adobe CS\Acrobat 9.0\Acrobat\AcroTray.FRA
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.04.17 08:29:47 | 000,263,680 | ---- | M] (Digital Dynamic) [Auto | Stopped] -- C:\Windows\SysNative\backupsvc.dll -- (backupsvc)
SRV:64bit: - [2011.08.30 13:51:56 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:64bit: - [2011.08.30 13:51:56 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011.08.25 15:59:10 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011.08.23 04:37:04 | 003,175,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2011.08.22 16:24:04 | 001,318,912 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)
SRV:64bit: - [2011.08.05 09:13:00 | 000,486,224 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2011.07.15 15:09:38 | 000,137,272 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2011.05.13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011.03.25 17:19:08 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011.02.06 09:39:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.12.04 01:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.09.07 18:31:30 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.10 13:46:17 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.05.25 10:48:45 | 003,987,376 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.10.20 18:57:34 | 001,126,264 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe -- (IFXSpMgtSrv)
SRV - [2011.10.20 18:57:34 | 000,980,856 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe -- (IFXTCS)
SRV - [2011.10.20 18:57:34 | 000,203,640 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2011.10.19 14:20:44 | 000,009,216 | ---- | M] (Vodafone) [Disabled | Stopped] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.09.05 09:57:24 | 000,476,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.08.26 14:35:08 | 000,322,048 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2011.08.25 15:58:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.08.23 04:23:48 | 002,774,320 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2011.08.11 20:29:24 | 001,128,952 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011.07.06 18:20:10 | 001,698,360 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011.06.27 10:33:38 | 000,140,544 | ---- | M] (Panda Security) [Auto | Running] -- C:\Program Files (x86)\Panda Security\WaAgent\Scheduler\PavSched.exe -- (PavAt3Scheduler)
SRV - [2011.06.10 12:22:06 | 000,314,696 | ---- | M] (Panda Security) [Auto | Running] -- C:\Program Files (x86)\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe -- (PavWASLpMng)
SRV - [2011.05.31 12:11:50 | 000,206,664 | ---- | M] (Panda Security) [Auto | Running] -- C:\Program Files (x86)\Panda Security\WaAgent\WasWD\WasWD.exe -- (WASWD)
SRV - [2011.05.31 12:09:52 | 000,322,376 | ---- | M] (Panda Security) [Auto | Running] -- C:\Program Files (x86)\Panda Security\WaAgent\WasAgent\WasAgent.exe -- (WASAgent)
SRV - [2011.05.23 11:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011.05.17 16:05:34 | 000,342,344 | ---- | M] (Panda Security) [Auto | Running] -- C:\Program Files (x86)\Panda Security\WAC\PsCtrlS.exe -- (Panda Software Controller)
SRV - [2011.03.16 12:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011.02.24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011.01.26 19:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.01.15 14:32:30 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2011.01.04 00:16:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.01.04 00:16:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () [Auto | Running] -- E:\Websites\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2010.11.11 09:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Running] -- E:\Websites\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2010.10.17 21:38:42 | 000,742,912 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- E:\Websites\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
SRV - [2010.08.16 14:32:48 | 000,027,968 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Program Files (x86)\Panda Security\WAC\psksvc.exe -- (PskSvc)
SRV - [2010.08.02 18:49:04 | 001,075,832 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.07.14 19:42:28 | 000,313,152 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\WAC\pavsrvx86.exe -- (PavSrv)
SRV - [2010.06.25 12:36:28 | 000,107,328 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\WAC\PSIMSVC.EXE -- (PSImSvc)
SRV - [2010.06.21 10:14:20 | 000,081,920 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2010.06.21 10:14:18 | 002,043,904 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2010.05.19 14:07:42 | 002,736,128 | ---- | M] (Firebird Project) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Mondo Media\FirebirdLocal21\bin\fbserver.exe -- (FirebirdServerMondoLocal21)
SRV - [2010.05.19 14:07:42 | 000,081,920 | ---- | M] (Firebird Project) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Mondo Media\FirebirdLocal21\bin\fbguard.exe -- (FirebirdGuardianMondoLocal21)
SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.23 10:34:57 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.09.23 10:34:57 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.25 10:48:46 | 000,279,136 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012.05.25 10:48:42 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258)
DRV:64bit: - [2012.05.25 10:48:40 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012.05.25 10:48:36 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012.04.15 21:12:43 | 000,142,944 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt61.sys -- (vidsflt61)
DRV:64bit: - [2012.04.15 21:12:40 | 000,133,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2012.03.05 10:32:48 | 000,379,696 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.20 18:57:43 | 000,044,576 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\psd.sys -- (PersonalSecureDrive)
DRV:64bit: - [2011.10.18 19:11:44 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2011.10.18 19:11:34 | 000,415,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2011.10.18 19:11:34 | 000,220,032 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011.10.18 19:11:34 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2011.10.18 19:11:26 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2011.09.16 01:34:38 | 000,392,752 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.08.30 13:52:51 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.08.30 13:51:56 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.08.30 13:30:04 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011.08.30 13:30:04 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.08.30 13:30:04 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.08.30 13:30:04 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.08.30 13:30:04 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.08.22 16:59:42 | 000,100,808 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpeOpal.sys -- (MfeEpeOpal)
DRV:64bit: - [2011.08.22 16:59:26 | 000,158,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)
DRV:64bit: - [2011.05.13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.05.09 15:16:08 | 000,064,312 | ---- | M] (Hewlett-Packard Company) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2011.05.05 00:19:06 | 000,340,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.07 11:28:24 | 000,070,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\amm6460.sys -- (AmFSM)
DRV:64bit: - [2011.02.08 19:26:52 | 000,026,712 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2011.02.06 10:22:40 | 009,090,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.02.06 09:01:44 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.01.30 21:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011.01.14 13:34:26 | 000,066,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.12.21 19:21:16 | 001,826,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010.12.10 23:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 23:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.12.03 03:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.17 03:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.11.11 09:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.17 12:09:14 | 000,240,128 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NUServer64.sys -- (NUServer64)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.06.23 19:18:46 | 000,025,656 | ---- | M] (Evoluent) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EvoMouseDriverFilterHidUsb.sys -- (EvoMouseDriverFilterHidUsb)
DRV:64bit: - [2010.06.23 19:18:46 | 000,022,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EvoMouseDriverMini.sys -- (EvoMouseDriverMini)
DRV:64bit: - [2010.03.19 13:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.01.28 14:51:28 | 000,030,208 | ---- | M] (Elite Silicon Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NUS_Bus.sys -- (NUS_Bus)
DRV:64bit: - [2010.01.26 22:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.11.02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.10.12 15:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.10.06 11:11:38 | 000,199,168 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenHC.sys -- (EST_Server)
DRV:64bit: - [2009.10.06 11:11:30 | 000,029,696 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenBus.sys -- (EST_BusEnum)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\windows\SysWow64\drivers\adfs.sys -- (adfs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4182247998-97663695-2394748825-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-4182247998-97663695-2394748825-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKU\S-1-5-21-4182247998-97663695-2394748825-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-4182247998-97663695-2394748825-1001\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKU\S-1-5-21-4182247998-97663695-2394748825-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE - HKU\S-1-5-21-4182247998-97663695-2394748825-1001\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-4182247998-97663695-2394748825-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4182247998-97663695-2394748825-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: Technical.support.uniface@compuware.com:4.0.1.10569
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Adobe CS\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011.10.20 18:55:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: D:\Firefox\components [2012.09.12 19:05:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: D:\Firefox\plugins [2012.08.30 11:29:08 | 000,000,000 | ---D | M]
 
[2011.09.05 12:20:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012.10.10 16:57:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\76a3a1ce.default\extensions
[2012.10.10 16:57:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\76a3a1ce.default\extensions\trash
[2012.08.09 16:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\x10\profile\extensions
[2012.08.09 16:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\x10\profile\extensions\staged
[2012.10.10 16:57:59 | 001,626,141 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\76a3a1ce.default\extensions\firebug@software.joehewitt.com.xpi
[2012.09.01 12:44:22 | 001,625,368 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\76a3a1ce.default\extensions\trash\firebug@software.joehewitt.com.xpi
[2012.01.18 23:19:56 | 000,002,417 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\76a3a1ce.default\searchplugins\s-amazon-bymp-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-4182247998-97663695-2394748825-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Adobe CS\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Adobe CS\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume File not found
O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Panda Software Controller Client] C:\Program Files (x86)\Panda Security\WAC\PSCtrlC.exe (Panda Security)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] D:\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4182247998-97663695-2394748825-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-4182247998-97663695-2394748825-1001..\Run: [FMCore.exe] C:\Program Files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe (Celartem, Inc., doing business as Extensis.)
O4 - HKU\S-1-5-21-4182247998-97663695-2394748825-1001..\Run: [USB Server] C:\Program Files (x86)\USB Server 2\USB Server.exe (USB Server)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 45527 = C:\PROGRA~3\LOCALS~1\Temp\msfyqh.cmd
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-4182247998-97663695-2394748825-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll (Panda Software International)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll (Panda Software International)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll (Panda Software International)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll (Panda Software International)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll (Panda Software International)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll (Panda Software International)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files (x86)\Panda Security\WAC\pavlsp64.dll (Panda Software International)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Panda Security\WAC\pavlsp.dll (Panda Software International)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{243C9AB9-E9A5-40A9-82F5-E0A2E6A660C8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD0E7E29-4039-4E7D-9809-FAF20533E739}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8E2EF79-C678-45E9-B18F-F129137F0F70}: NameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0C002AB-9062-43A8-9E57-91FBC3BDC9C2}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3331F22-4E71-47F2-AD92-72CEF5AE0FBE}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC658871-D813-4D0F-A4EC-E90B40B807C5}: NameServer = 139.7.30.125 139.7.30.126
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2135cd95-6f37-11e1-98a5-cc52af84587e}\Shell - "" = AutoRun
O33 - MountPoints2\{2135cd95-6f37-11e1-98a5-cc52af84587e}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2135cdc1-6f37-11e1-98a5-cc52af84587e}\Shell - "" = AutoRun
O33 - MountPoints2\{2135cdc1-6f37-11e1-98a5-cc52af84587e}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2135ce56-6f37-11e1-98a5-cc52af84587e}\Shell - "" = AutoRun
O33 - MountPoints2\{2135ce56-6f37-11e1-98a5-cc52af84587e}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2287c56e-d21b-11e0-a0f1-cc52af84587e}\Shell - "" = AutoRun
O33 - MountPoints2\{2287c56e-d21b-11e0-a0f1-cc52af84587e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2dd5271e-7006-11e1-8333-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{2dd5271e-7006-11e1-8333-001e101fabdd}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{31610aeb-f194-11e0-b3a8-cc52af84587e}\Shell - "" = AutoRun
O33 - MountPoints2\{31610aeb-f194-11e0-b3a8-cc52af84587e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{40009bc5-a176-11e1-a17c-001e101f57d0}\Shell - "" = AutoRun
O33 - MountPoints2\{40009bc5-a176-11e1-a17c-001e101f57d0}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{66649031-825f-11e1-a753-cc52af84587e}\Shell - "" = AutoRun
O33 - MountPoints2\{66649031-825f-11e1-a753-cc52af84587e}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{862a3c62-1292-11e2-9fb6-001e101f51b6}\Shell - "" = AutoRun
O33 - MountPoints2\{862a3c62-1292-11e2-9fb6-001e101f51b6}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9241b7db-98d2-11e1-96fa-cc52af84587e}\Shell - "" = AutoRun
O33 - MountPoints2\{9241b7db-98d2-11e1-96fa-cc52af84587e}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{960da992-d3b2-11e0-8779-cc52af84587e}\Shell - "" = AutoRun
O33 - MountPoints2\{960da992-d3b2-11e0-8779-cc52af84587e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{be643947-28f4-11e1-bcd7-9c8e993ed5d5}\Shell - "" = AutoRun
O33 - MountPoints2\{be643947-28f4-11e1-bcd7-9c8e993ed5d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{da4741e1-d39d-11e0-bee1-cc52af84587e}\Shell - "" = AutoRun
O33 - MountPoints2\{da4741e1-d39d-11e0-bee1-cc52af84587e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dc4e722f-cf51-11e0-846d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dc4e722f-cf51-11e0-846d-806e6f6e6963}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{dc4e726e-cf51-11e0-846d-cc52af84587e}\Shell - "" = AutoRun
O33 - MountPoints2\{dc4e726e-cf51-11e0-846d-cc52af84587e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e87702c9-0556-11e2-a06d-001e101f7fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{e87702c9-0556-11e2-a06d-001e101f7fb6}\Shell\AutoRun\command - "" = I:\Startme.exe
O33 - MountPoints2\{f9d34416-9a10-11e1-9e5c-cc52af84587e}\Shell - "" = AutoRun
O33 - MountPoints2\{f9d34416-9a10-11e1-9e5c-cc52af84587e}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe - ()
MsConfig:64bit - StartUpFolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TimePanic.lnk -  - File not found
MsConfig:64bit - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
MsConfig:64bit - StartUpReg: DataCardMonitor - hkey= - key= - D:\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
MsConfig:64bit - StartUpReg: Desktop Disc Tool - hkey= - key= - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
MsConfig:64bit - StartUpReg: HPQuickWebProxy - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: HTC Sync Loader - hkey= - key= - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MsConfig:64bit - StartUpReg: HW_OPENEYE_OUC_ - hkey= - key= - D:\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
MsConfig:64bit - StartUpReg: HW_OPENEYE_OUC_T-Mobile Internet Manager - hkey= - key= - D:\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: IMSS - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: LexwareInfoService - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - D:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg: MfeEpePcMonitor - hkey= - key= - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
MsConfig:64bit - StartUpReg: MobileBroadband - hkey= - key= - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
MsConfig:64bit - StartUpReg: PDF Complete - hkey= - key= - C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
MsConfig:64bit - StartUpReg: SAOB Monitor - hkey= - key= - C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: To-Do DeskList - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FCC3033F-203E-AFB5-9807-D743A62A692D} - Microsoft Windows Media Player
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {AA5F00E0-E803-38C4-C10F-8147FC6FFE20} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.10 21:36:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012.10.10 06:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.09 19:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.09 19:51:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.10.09 17:25:34 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Anti-Malware
[2012.10.09 14:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012.09.23 20:35:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Connectify Hotspot
[2012.09.23 20:35:41 | 000,031,344 | ---- | C] (Connectify) -- C:\windows\SysNative\drivers\cnnctfy2.sys
[2012.09.23 11:42:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Sony
[2012.09.23 10:34:57 | 000,027,760 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\windows\SysNative\drivers\ggsemc.sys
[2012.09.23 10:34:57 | 000,014,448 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\windows\SysNative\drivers\ggflt.sys
[2012.09.23 10:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2012.09.23 10:34:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson
[2012.09.23 10:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012.09.23 10:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2012.09.23 10:33:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2012.09.21 17:54:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Symantec_Corporation
[2012.09.21 17:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Symantec
[2012.09.21 17:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012.09.21 14:11:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\WinRAR
[2012.09.18 11:14:37 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Magento Qmax
[2012.09.17 13:36:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SuperMailer
[2012.09.17 13:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperMailer
[2011.02.24 00:10:36 | 000,020,432 | ---- | C] (Intel Corporation) -- C:\Users\user\AppData\Roaming\JomCap.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.11 17:08:14 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.11 17:08:14 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.11 17:00:25 | 000,000,328 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForuser.job
[2012.10.11 17:00:19 | 003,387,000 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.10.11 17:00:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.10.11 16:59:56 | 4242,915,328 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.10 22:07:23 | 000,029,738 | ---- | M] () -- C:\Users\user\Desktop\OTL.zip
[2012.10.10 21:36:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012.10.10 19:41:02 | 000,000,374 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics
[2012.10.10 15:35:00 | 001,622,164 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.10.10 15:35:00 | 000,702,524 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.10.10 15:35:00 | 000,655,860 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.10.10 15:35:00 | 000,150,048 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.10.10 15:35:00 | 000,122,732 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.10.09 21:58:04 | 000,004,381 | ---- | M] () -- C:\Users\user\Desktop\Qmax-Konzept.smp
[2012.10.08 15:41:28 | 001,971,460 | ---- | M] () -- C:\Users\user\Desktop\Portfolio-QmaxKonzept.pdf
[2012.10.06 11:34:42 | 000,000,008 | -H-- | M] () -- C:\Users\user\AppData\Local\L8457789110
[2012.10.03 19:40:41 | 000,628,052 | ---- | M] () -- C:\Users\user\Desktop\Mag_crossmedial.pdf
[2012.10.02 20:23:55 | 001,038,415 | ---- | M] () -- C:\Users\user\Desktop\DSC_0008.jpg
[2012.09.28 22:54:49 | 633,288,036 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012.09.23 20:35:41 | 000,031,344 | ---- | M] (Connectify) -- C:\windows\SysNative\drivers\cnnctfy2.sys
[2012.09.23 10:58:01 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2012.09.23 10:58:01 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2012.09.23 10:34:57 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\windows\SysNative\drivers\ggsemc.sys
[2012.09.23 10:34:57 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\windows\SysNative\drivers\ggflt.sys
[2012.09.23 10:33:33 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.09.21 17:30:37 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2012.09.21 13:21:06 | 000,000,340 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForUSER-HP$.job
 
========== Files Created - No Company Name ==========
 
[2012.10.10 22:07:23 | 000,029,738 | ---- | C] () -- C:\Users\user\Desktop\OTL.zip
[2012.10.09 21:58:04 | 000,004,381 | ---- | C] () -- C:\Users\user\Desktop\Qmax-Konzept.smp
[2012.10.08 15:37:51 | 001,971,460 | ---- | C] () -- C:\Users\user\Desktop\Portfolio-QmaxKonzept.pdf
[2012.10.03 19:40:41 | 000,628,052 | ---- | C] () -- C:\Users\user\Desktop\Mag_crossmedial.pdf
[2012.10.02 20:23:37 | 001,038,415 | ---- | C] () -- C:\Users\user\Desktop\DSC_0008.jpg
[2012.09.23 10:58:01 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2012.09.23 10:58:01 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2012.09.23 10:33:33 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.09.21 17:30:37 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2012.08.24 20:04:38 | 000,000,008 | -H-- | C] () -- C:\Users\user\AppData\Local\L8457789110
[2012.08.08 13:00:21 | 000,000,239 | ---- | C] () -- C:\Users\user\index.html
[2012.07.25 20:14:46 | 000,015,156 | ---- | C] () -- C:\windows\SysWow64\SELF32.INI
[2012.07.25 15:52:01 | 002,131,863 | ---- | C] () -- C:\Users\user\Veranstaltungen RaBa Umschlag 1.pdf
[2012.07.23 09:40:42 | 000,216,502 | ---- | C] () -- C:\windows\hpwins24.dat
[2012.07.23 09:40:42 | 000,001,758 | ---- | C] () -- C:\windows\hpwmdl24.dat
[2012.07.17 09:13:33 | 000,216,502 | ---- | C] () -- C:\windows\hpwins24.dat.temp
[2012.07.16 08:29:15 | 000,001,758 | ---- | C] () -- C:\windows\hpwmdl24.dat.temp
[2012.06.01 13:36:47 | 000,004,439 | ---- | C] () -- C:\windows\jzwv-f24.ini
[2012.06.01 13:36:47 | 000,001,442 | ---- | C] () -- C:\windows\cqwp_n24.ini
[2012.05.25 18:06:14 | 000,000,017 | ---- | C] () -- C:\Users\user\AppData\Local\resmon.resmoncfg
[2012.03.31 13:41:47 | 000,221,184 | ---- | C] () -- C:\windows\SysWow64\TidyATL.dll
[2011.10.18 15:31:51 | 000,000,133 | ---- | C] () -- C:\windows\AdminIE.ini
[2011.09.14 16:09:30 | 000,250,407 | ---- | C] () -- C:\windows\hpwins11.dat
[2011.09.14 16:09:30 | 000,000,392 | ---- | C] () -- C:\windows\hpwmdl11.dat
[2011.09.14 15:59:48 | 000,250,303 | ---- | C] () -- C:\windows\hpwins11.dat.temp
[2011.09.14 14:52:30 | 000,000,392 | ---- | C] () -- C:\windows\hpwmdl11.dat.temp
[2011.09.14 11:47:40 | 000,053,760 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011.09.14 08:36:45 | 000,000,098 | ---- | C] () -- C:\ProgramData\.ST140
[2011.09.14 08:35:41 | 000,000,010 | ---- | C] () -- C:\ProgramData\.93067BD7-6BGG-312E-86F3-566EB31BBC4E
[2011.09.14 08:35:41 | 000,000,010 | ---- | C] () -- C:\Users\user\AppData\Local\.56C369H5-8CEH-20F1-75G2-452FC2FCCD50
[2011.09.05 09:57:34 | 000,366,136 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll
[2011.08.30 11:08:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\HPUsageTrackingSDK.exe.hpsign
[2011.08.30 11:08:52 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll.hpsign
[2011.08.30 11:08:48 | 000,021,840 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll
[2011.08.23 10:10:44 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign
[2011.08.05 09:12:58 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign
[2011.08.05 09:12:56 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign
[2011.08.05 09:12:54 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign
[2011.08.05 09:11:44 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign
[2011.08.05 09:10:56 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign
[2011.08.05 09:10:30 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2011.08.05 09:10:30 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign
[2011.07.08 02:01:32 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdejfii.sys
[2011.07.08 01:45:26 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011.07.08 01:41:59 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011.07.08 01:41:59 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2011.05.20 05:41:02 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll.hpsign
[2011.05.20 05:40:54 | 000,185,168 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll
[2011.05.13 11:03:16 | 000,303,104 | ---- | C] () -- C:\windows\SysWow64\dnt27VC8.dll
[2011.05.13 11:01:22 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\dntvmc27VC8.dll
[2011.05.13 11:01:00 | 000,086,016 | ---- | C] () -- C:\windows\SysWow64\dntvm27VC8.dll
[2011.03.08 19:12:59 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdejghg.sys
[2011.03.08 18:56:16 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdejgie.sys
[2011.03.08 18:27:28 | 001,603,738 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.02.26 00:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll
[2011.02.21 10:37:16 | 000,038,224 | ---- | C] () -- C:\windows\SysWow64\CoHpCasl.exe
[2011.01.10 21:03:08 | 086,271,980 | ---- | C] () -- C:\windows\SysWow64\BioTrustFace.dat
[2010.12.20 17:27:22 | 000,003,113 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2011.09.14 08:36:02 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-4182247998-97663695-2394748825-1001\$R0NCDVH\Suitcase Fusion\Suitcase Fusion.fontvault\design-pngs\L
[2011.09.14 08:36:02 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-4182247998-97663695-2394748825-1001\$R0NCDVH\Suitcase Fusion\Suitcase Fusion.fontvault\design-pngs\N
[2011.09.14 08:36:03 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-4182247998-97663695-2394748825-1001\$R0NCDVH\Suitcase Fusion\Suitcase Fusion.fontvault\design-pngs\U
[2011.09.20 10:22:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-4182247998-97663695-2394748825-1001\$R0NCDVH\Suitcase Fusion\Suitcase Fusion.fontvault\SA\l
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.08.31 11:25:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator.user-HP\AppData\Roaming\DigitalPersona
[2011.08.31 11:25:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator.user-HP\AppData\Roaming\Infineon
[2011.08.31 11:25:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator.user-HP\AppData\Roaming\Synaptics
[2011.12.29 15:03:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\410F25C9-3E53-43E3-9449-DFDE2B275D25
[2011.09.12 19:35:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Acronis
[2011.11.01 20:38:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Alien Skin
[2011.12.28 21:04:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Amazon
[2012.08.05 15:25:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Amicron-Data
[2011.12.21 12:08:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AnvSoft
[2011.11.28 09:46:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AZURO office
[2011.09.03 14:00:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Blumentals
[2011.11.26 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Buhl Data Service
[2012.07.31 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canon
[2011.10.21 16:30:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ColorSchemer
[2012.04.15 21:12:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\D98B01B8-2DE9-4837-B4CC-45E73D5BBF0C
[2012.04.17 08:29:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Digital Dynamic
[2011.08.24 10:54:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DigitalPersona
[2012.01.02 13:36:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\elsterformular
[2011.08.26 09:39:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Extensis
[2011.12.29 15:03:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FA00F3CA-0587-4D65-88C7-57A925FA569D
[2012.06.26 09:27:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FileMaker
[2012.10.11 16:53:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FileZilla
[2012.04.18 14:16:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FireShot
[2012.01.20 12:55:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HTC
[2011.09.06 13:15:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.08.24 10:55:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Infineon
[2011.12.08 10:39:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Lexware
[2012.03.31 13:42:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mondo Media
[2011.09.06 13:16:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Outlook
[2011.11.28 17:14:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Revolver Preferences
[2012.09.18 17:37:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SuperMailer
[2011.11.09 13:17:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\svBuilder-Pro
[2011.08.24 11:01:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Synaptics
[2011.08.26 09:29:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\T-Mobile Internet Manager
[2011.11.28 16:56:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2012.08.15 09:28:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\To-Do DeskList
[2012.07.31 11:29:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\USB Server
[2012.03.16 09:19:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vodafone
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.29 15:03:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\410F25C9-3E53-43E3-9449-DFDE2B275D25
[2011.09.12 19:35:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Acronis
[2012.06.11 15:51:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Adobe
[2011.11.01 20:38:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Alien Skin
[2011.12.28 21:04:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Amazon
[2012.08.05 15:25:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Amicron-Data
[2011.12.21 12:08:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AnvSoft
[2011.08.24 11:02:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ATI
[2011.11.28 09:46:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AZURO office
[2011.09.03 14:00:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Blumentals
[2011.11.26 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Buhl Data Service
[2012.07.31 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canon
[2011.10.21 16:30:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ColorSchemer
[2012.04.15 21:12:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\D98B01B8-2DE9-4837-B4CC-45E73D5BBF0C
[2012.04.17 08:29:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Digital Dynamic
[2011.08.24 10:54:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DigitalPersona
[2012.01.02 13:36:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\elsterformular
[2011.08.26 09:39:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Extensis
[2011.12.29 15:03:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FA00F3CA-0587-4D65-88C7-57A925FA569D
[2012.06.26 09:27:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FileMaker
[2012.10.11 16:53:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FileZilla
[2012.04.18 14:16:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FireShot
[2011.08.30 13:43:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FLEXnet
[2011.10.21 08:22:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Hewlett-Packard
[2011.12.14 02:58:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Hewlett-Packard Company
[2011.09.14 16:25:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HP
[2011.11.05 19:31:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\hpqLog
[2012.05.17 10:49:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HpUpdate
[2012.01.20 12:55:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HTC
[2011.09.06 13:15:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.08.24 11:01:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Identities
[2011.08.24 10:55:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Infineon
[2011.08.24 11:01:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Intel Corporation
[2011.12.08 10:39:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Lexware
[2012.04.11 11:51:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Macromedia
[2011.08.30 13:43:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Macrovision
[2011.10.25 09:07:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2012.05.10 10:30:23 | 000,000,000 | --SD | M] -- C:\Users\user\AppData\Roaming\Microsoft
[2012.03.31 13:42:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mondo Media
[2011.11.07 21:02:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla
[2011.09.04 13:50:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MozillaControl
[2011.09.06 13:16:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Outlook
[2011.11.28 17:14:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Revolver Preferences
[2011.08.30 15:25:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Roxio
[2011.08.30 15:27:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Roxio Burn
[2012.09.18 17:37:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SuperMailer
[2011.11.09 13:17:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\svBuilder-Pro
[2012.09.21 17:54:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Symantec
[2011.08.24 11:01:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Synaptics
[2011.08.26 09:29:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\T-Mobile Internet Manager
[2011.11.28 16:56:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2012.08.15 09:28:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\To-Do DeskList
[2012.07.31 11:29:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\USB Server
[2012.03.16 09:19:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vodafone
[2012.09.21 14:11:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.01.02 13:37:47 | 008,588,984 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\user\AppData\Roaming\elsterformular\pluginmanager\tmp\install_est10.exe
[2011.10.20 18:55:24 | 001,373,552 | ---- | M] (Flexera Software, Inc.) -- C:\Users\user\AppData\Roaming\FLEXnet\Connect\11\agent.exe
[2011.10.20 18:55:24 | 000,206,112 | ---- | M] (InstallShield Software Corporation) -- C:\Users\user\AppData\Roaming\FLEXnet\Connect\11\dwusplay.exe
[2011.10.20 18:55:24 | 000,439,664 | ---- | M] (Flexera Software, Inc.) -- C:\Users\user\AppData\Roaming\FLEXnet\Connect\11\isdm.exe
[2011.10.20 18:55:24 | 000,087,408 | ---- | M] (Flexera Software, Inc.) -- C:\Users\user\AppData\Roaming\FLEXnet\Connect\11\issch.exe
[2012.04.04 08:25:31 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\user\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.10.20 18:55:25 | 000,718,192 | ---- | M] (Flexera Software, Inc.) -- C:\Users\user\AppData\Roaming\Macrovision\FLEXnet Connect\11\agent.exe
[2011.10.20 18:55:25 | 000,742,768 | ---- | M] (Flexera Software, Inc.) -- C:\Users\user\AppData\Roaming\Macrovision\FLEXnet Connect\6\agent.exe
[2010.01.07 14:35:18 | 001,007,616 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\user\AppData\Roaming\T-Mobile Internet Manager\LiveUpdate.exe
[2009.12.31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\user\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\swsetup\INTELRST\Drivers\x64\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\drivers\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys
[2011.01.13 03:44:08 | 000,355,352 | ---- | M] (Intel Corporation) MD5=F989555F1662581032CCE1578A8FF28E -- C:\swsetup\INTELRST\Drivers\x32\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2010.05.12 10:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010.05.12 10:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.05.12 10:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2010.05.12 10:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.10.29 05:06:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.10.29 05:06:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

Alt 11.10.2012, 18:39   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Agent eingefangen - Standard

Trojan.Agent eingefangen


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O4 - HKLM..\Run: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 45527 = C:\PROGRA~3\LOCALS~1\Temp\msfyqh.cmd
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
:Files
C:\Users\user\AppData\Local\L8457789110
C:\Program Files (x86)\Softonic
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.10.2012, 19:39   #24
strichsieben
 
Trojan.Agent eingefangen - Standard

Trojan.Agent eingefangen


Hi, habe Panda als Endpoint Protection laufen. Kann den im Kontextmenü nicht deaktivieren. Gibt es auch eine andere Möglichkeit, den Virenschutz auszuschalten?

strichsieben

OK hab den Dienst jetzt im Task-Manager gestoppt. Mache jetzt den Fix mit OTL.

Hi, habe jetzt den Fix ausgeführt. Zwischendrch dachte ich schon, dass der Rechner sich aufgehängt hat, weil rein gar nichts angezeigt wurde. Aber irgendwann ging es dann doch weiter. Hier das Ergebnis:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\45527 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
========== FILES ==========
C:\Users\user\AppData\Local\L8457789110 moved successfully.
File\Folder C:\Program Files (x86)\Softonic not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: Administrator.user-HP
->Temp folder emptied: 52228 bytes
->Temporary Internet Files folder emptied: 34064 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: user
->Temp folder emptied: 15050084159 bytes
->Temporary Internet Files folder emptied: 192402460 bytes
->Java cache emptied: 942 bytes
->FireFox cache emptied: 889224701 bytes
->Flash cache emptied: 120227 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 790301740 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36049013 bytes
RecycleBin emptied: 8536617972 bytes
 
Total Files Cleaned = 24.314,00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10112012_211209

Files\Folders moved on Reboot...
C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Nachfolgend das Ergebnis:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\45527 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
========== FILES ==========
C:\Users\user\AppData\Local\L8457789110 moved successfully.
File\Folder C:\Program Files (x86)\Softonic not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: Administrator.user-HP
->Temp folder emptied: 52228 bytes
->Temporary Internet Files folder emptied: 34064 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: user
->Temp folder emptied: 15050084159 bytes
->Temporary Internet Files folder emptied: 192402460 bytes
->Java cache emptied: 942 bytes
->FireFox cache emptied: 889224701 bytes
->Flash cache emptied: 120227 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 790301740 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36049013 bytes
RecycleBin emptied: 8536617972 bytes
 
Total Files Cleaned = 24.314,00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10112012_211209

Files\Folders moved on Reboot...
C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 12.10.2012, 10:20   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Agent eingefangen - Standard

Trojan.Agent eingefangen


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.10.2012, 10:22   #26
strichsieben
 
Trojan.Agent eingefangen - Standard

Trojan.Agent eingefangen


Nach dem Fix sind die Dateiendungen weg und der PDF-Drucker hängt sich auf. Dateiendungen sind kein Problem, kann ich ja wieder einschalten. Aber der PDF-Drucker wird dringend benötigt. Wie kann ich den wieder aktivieren?

Habe schon das komplette Acrobat reparieren lassen und auch nochmal installiert, aber ohne Erfolg.

Alt 12.10.2012, 13:35   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Agent eingefangen - Standard

Trojan.Agent eingefangen


Meinst du den OTL-Fix? Bitte genauer beschreiben weil danach ja wieder eine andere Anleitung kam!

Und es gibt auch Alternativen, man muss kein Adobe verwenden und Dateien um eine PDF zu drucken => http://www.chip.de/downloads/FreePDF_19987224.html
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.10.2012, 18:56   #28
strichsieben
 
Trojan.Agent eingefangen - Standard

Trojan.Agent eingefangen


Ja genau, nach dem OTL-Fix. Zu der nächsten Anleitung bin ich noch nicht gekommen, das werde ich gleich in Angriff nehmen.

Ich arbeite mit der Adobe CS4 und Acrobat 9.5. Von daher habe ich ja alles, was ich zum PDF-Drucken brauche. Vielleicht fehlen dem PDF-Drucker jetzt einige Registry-Einträge, kann das sein?

Das blöde ist nur, dass ich nicht weiß, wie ich nur den Acrobat deinstallieren kann. Dann könnte ich den nämlich nochmal neu installieren. Ich schaue aber auch mal nach, ob einige Dienste vom Acrobat nicht laden.

bis dann ...

Habe jetzt das Tool laufen lassen, hat aber nichts gefunden.

Hier das Log:

Code:
ATTFilter
20:09:09.0941 5224  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:09:10.0206 5224  ============================================================
20:09:10.0206 5224  Current date / time: 2012/10/12 20:09:10.0206
20:09:10.0206 5224  SystemInfo:
20:09:10.0206 5224  
20:09:10.0206 5224  OS Version: 6.1.7601 ServicePack: 1.0
20:09:10.0206 5224  Product type: Workstation
20:09:10.0206 5224  ComputerName: USER-HP
20:09:10.0206 5224  UserName: user
20:09:10.0206 5224  Windows directory: C:\windows
20:09:10.0206 5224  System windows directory: C:\windows
20:09:10.0206 5224  Running under WOW64
20:09:10.0206 5224  Processor architecture: Intel x64
20:09:10.0206 5224  Number of processors: 4
20:09:10.0206 5224  Page size: 0x1000
20:09:10.0206 5224  Boot type: Normal boot
20:09:10.0206 5224  ============================================================
20:09:10.0815 5224  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:09:10.0815 5224  ============================================================
20:09:10.0815 5224  \Device\Harddisk0\DR0:
20:09:10.0815 5224  MBR partitions:
20:09:10.0815 5224  Initialize success
20:09:10.0815 5224  ============================================================
20:13:20.0416 1284  ============================================================
20:13:20.0416 1284  Scan started
20:13:20.0416 1284  Mode: Manual; SigCheck; TDLFS; 
20:13:20.0416 1284  ============================================================
20:13:20.0447 1284  ================ Scan system memory ========================
20:13:20.0447 1284  System memory - ok
20:13:20.0447 1284  ================ Scan services =============================
20:13:20.0494 1284  1394ohci - ok
20:13:20.0494 1284  Accelerometer - ok
20:13:20.0494 1284  ACPI - ok
20:13:20.0494 1284  AcpiPmi - ok
20:13:20.0525 1284  AcrSch2Svc - ok
20:13:20.0525 1284  adfs - ok
20:13:20.0541 1284  Adobe Version Cue CS4 - ok
20:13:20.0541 1284  AdobeARMservice - ok
20:13:20.0541 1284  adp94xx - ok
20:13:20.0556 1284  adpahci - ok
20:13:20.0556 1284  adpu320 - ok
20:13:20.0556 1284  AeLookupSvc - ok
20:13:20.0556 1284  AESTFilters - ok
20:13:20.0556 1284  afcdp - ok
20:13:20.0572 1284  afcdpsrv - ok
20:13:20.0572 1284  AFD - ok
20:13:20.0588 1284  AgereModemAudio - ok
20:13:20.0588 1284  AgereSoftModem - ok
20:13:20.0603 1284  agp440 - ok
20:13:20.0603 1284  ALG - ok
20:13:20.0619 1284  aliide - ok
20:13:20.0619 1284  AMD External Events Utility - ok
20:13:20.0619 1284  amdide - ok
20:13:20.0619 1284  AmdK8 - ok
20:13:20.0619 1284  amdkmdag - ok
20:13:20.0634 1284  amdkmdap - ok
20:13:20.0650 1284  AmdPPM - ok
20:13:20.0650 1284  amdsata - ok
20:13:20.0650 1284  amdsbs - ok
20:13:20.0650 1284  amdxata - ok
20:13:20.0650 1284  AmFSM - ok
20:13:20.0666 1284  Apache2.2 - ok
20:13:20.0666 1284  AppID - ok
20:13:20.0666 1284  AppIDSvc - ok
20:13:20.0666 1284  Appinfo - ok
20:13:20.0681 1284  AppMgmt - ok
20:13:20.0697 1284  arc - ok
20:13:20.0697 1284  arcsas - ok
20:13:20.0697 1284  ARCVCAM - ok
20:13:20.0712 1284  aspnet_state - ok
20:13:20.0712 1284  AsyncMac - ok
20:13:20.0712 1284  atapi - ok
20:13:20.0728 1284  AtiHDAudioService - ok
20:13:20.0744 1284  AudioEndpointBuilder - ok
20:13:20.0744 1284  AudioSrv - ok
20:13:20.0744 1284  AxInstSV - ok
20:13:20.0744 1284  b06bdrv - ok
20:13:20.0744 1284  b57nd60a - ok
20:13:20.0775 1284  backupsvc - ok
20:13:20.0790 1284  BBSvc - ok
20:13:20.0806 1284  BBUpdate - ok
20:13:20.0806 1284  BDESVC - ok
20:13:20.0806 1284  Beep - ok
20:13:20.0822 1284  BFE - ok
20:13:20.0822 1284  BITS - ok
20:13:20.0837 1284  blbdrive - ok
20:13:20.0868 1284  Bonjour Service - ok
20:13:20.0868 1284  bowser - ok
20:13:20.0868 1284  BrFiltLo - ok
20:13:20.0884 1284  BrFiltUp - ok
20:13:20.0884 1284  Browser - ok
20:13:20.0884 1284  Brserid - ok
20:13:20.0884 1284  BrSerWdm - ok
20:13:20.0884 1284  BrUsbMdm - ok
20:13:20.0884 1284  BrUsbSer - ok
20:13:20.0915 1284  BthEnum - ok
20:13:20.0915 1284  BTHMODEM - ok
20:13:20.0915 1284  BthPan - ok
20:13:20.0931 1284  BTHPORT - ok
20:13:20.0931 1284  bthserv - ok
20:13:20.0946 1284  BTHUSB - ok
20:13:20.0946 1284  btwampfl - ok
20:13:20.0946 1284  btwaudio - ok
20:13:20.0962 1284  btwavdt - ok
20:13:20.0962 1284  btwdins - ok
20:13:20.0962 1284  btwl2cap - ok
20:13:20.0962 1284  btwrchid - ok
20:13:20.0962 1284  cdfs - ok
20:13:20.0978 1284  cdrom - ok
20:13:20.0978 1284  CertPropSvc - ok
20:13:20.0978 1284  circlass - ok
20:13:20.0993 1284  CLFS - ok
20:13:20.0993 1284  clr_optimization_v2.0.50727_32 - ok
20:13:20.0993 1284  clr_optimization_v2.0.50727_64 - ok
20:13:21.0009 1284  clr_optimization_v4.0.30319_32 - ok
20:13:21.0009 1284  clr_optimization_v4.0.30319_64 - ok
20:13:21.0009 1284  CmBatt - ok
20:13:21.0009 1284  cmdide - ok
20:13:21.0024 1284  CNG - ok
20:13:21.0024 1284  Compbatt - ok
20:13:21.0024 1284  CompositeBus - ok
20:13:21.0024 1284  COMSysApp - ok
20:13:21.0040 1284  crcdisk - ok
20:13:21.0040 1284  CryptSvc - ok
20:13:21.0040 1284  CSC - ok
20:13:21.0040 1284  CscService - ok
20:13:21.0040 1284  DAMDrv - ok
20:13:21.0056 1284  DcomLaunch - ok
20:13:21.0056 1284  defragsvc - ok
20:13:21.0056 1284  DfsC - ok
20:13:21.0056 1284  Dhcp - ok
20:13:21.0056 1284  discache - ok
20:13:21.0071 1284  Disk - ok
20:13:21.0071 1284  Dnscache - ok
20:13:21.0071 1284  dot3svc - ok
20:13:21.0087 1284  Dot4 - ok
20:13:21.0087 1284  Dot4Print - ok
20:13:21.0087 1284  dot4usb - ok
20:13:21.0087 1284  DpHost - ok
20:13:21.0102 1284  DPS - ok
20:13:21.0102 1284  drmkaud - ok
20:13:21.0102 1284  DXGKrnl - ok
20:13:21.0102 1284  e1cexpress - ok
20:13:21.0118 1284  EapHost - ok
20:13:21.0118 1284  ebdrv - ok
20:13:21.0118 1284  EFS - ok
20:13:21.0118 1284  ehRecvr - ok
20:13:21.0118 1284  ehSched - ok
20:13:21.0118 1284  elxstor - ok
20:13:21.0134 1284  ErrDev - ok
20:13:21.0149 1284  EST_BusEnum - ok
20:13:21.0149 1284  EST_Server - ok
20:13:21.0165 1284  EventSystem - ok
20:13:21.0180 1284  EvoMouseDriverFilterHidUsb - ok
20:13:21.0180 1284  EvoMouseDriverMini - ok
20:13:21.0180 1284  ewusbnet - ok
20:13:21.0180 1284  ew_hwusbdev - ok
20:13:21.0196 1284  ew_usbenumfilter - ok
20:13:21.0196 1284  exfat - ok
20:13:21.0196 1284  fastfat - ok
20:13:21.0212 1284  Fax - ok
20:13:21.0212 1284  fdc - ok
20:13:21.0227 1284  fdPHost - ok
20:13:21.0227 1284  FDResPub - ok
20:13:21.0243 1284  FileInfo - ok
20:13:21.0243 1284  Filetrace - ok
20:13:21.0243 1284  FileZilla Server - ok
20:13:21.0258 1284  FirebirdGuardianDefaultInstance - ok
20:13:21.0305 1284  FirebirdGuardianMondoLocal21 - ok
20:13:21.0321 1284  FirebirdServerDefaultInstance - ok
20:13:21.0336 1284  FirebirdServerMondoLocal21 - ok
20:13:21.0336 1284  FLCDLOCK - ok
20:13:21.0336 1284  FLEXnet Licensing Service - ok
20:13:21.0352 1284  FLEXnet Licensing Service 64 - ok
20:13:21.0352 1284  flpydisk - ok
20:13:21.0352 1284  FltMgr - ok
20:13:21.0352 1284  fltsrv - ok
20:13:21.0352 1284  FontCache - ok
20:13:21.0368 1284  FontCache3.0.0.0 - ok
20:13:21.0368 1284  FsDepends - ok
20:13:21.0368 1284  Fs_Rec - ok
20:13:21.0383 1284  fvevol - ok
20:13:21.0383 1284  gagp30kx - ok
20:13:21.0399 1284  GenericMount - ok
20:13:21.0399 1284  ggflt - ok
20:13:21.0399 1284  ggsemc - ok
20:13:21.0414 1284  gpsvc - ok
20:13:21.0414 1284  hcw85cir - ok
20:13:21.0414 1284  HdAudAddService - ok
20:13:21.0430 1284  HDAudBus - ok
20:13:21.0430 1284  HidBatt - ok
20:13:21.0430 1284  HidBth - ok
20:13:21.0430 1284  HidIr - ok
20:13:21.0446 1284  hidserv - ok
20:13:21.0446 1284  HidUsb - ok
20:13:21.0446 1284  hkmsvc - ok
20:13:21.0446 1284  HomeGroupListener - ok
20:13:21.0446 1284  HomeGroupProvider - ok
20:13:21.0461 1284  HP Power Assistant Service - ok
20:13:21.0477 1284  HP Support Assistant Service - ok
20:13:21.0477 1284  hpCMSrv - ok
20:13:21.0492 1284  HPDrvMntSvc.exe - ok
20:13:21.0492 1284  hpdskflt - ok
20:13:21.0492 1284  HPFSService - ok
20:13:21.0492 1284  hpHotkeyMonitor - ok
20:13:21.0508 1284  HpqKbFiltr - ok
20:13:21.0508 1284  hpqwmiex - ok
20:13:21.0508 1284  HpSAMD - ok
20:13:21.0524 1284  HPSLPSVC - ok
20:13:21.0524 1284  hpsrv - ok
20:13:21.0539 1284  HTCAND64 - ok
20:13:21.0539 1284  htcnprot - ok
20:13:21.0539 1284  HTTP - ok
20:13:21.0555 1284  huawei_enumerator - ok
20:13:21.0570 1284  hwdatacard - ok
20:13:21.0570 1284  hwpolicy - ok
20:13:21.0570 1284  hwusbdev - ok
20:13:21.0586 1284  i8042prt - ok
20:13:21.0602 1284  iaStor - ok
20:13:21.0617 1284  IAStorDataMgrSvc - ok
20:13:21.0617 1284  iaStorV - ok
20:13:21.0617 1284  idsvc - ok
20:13:21.0633 1284  IFXSpMgtSrv - ok
20:13:21.0633 1284  IFXTCS - ok
20:13:21.0633 1284  iirsp - ok
20:13:21.0648 1284  IKEEXT - ok
20:13:21.0648 1284  intelide - ok
20:13:21.0648 1284  intelppm - ok
20:13:21.0664 1284  IPBusEnum - ok
20:13:21.0680 1284  IpFilterDriver - ok
20:13:21.0680 1284  iphlpsvc - ok
20:13:21.0680 1284  IPMIDRV - ok
20:13:21.0680 1284  IPNAT - ok
20:13:21.0680 1284  IRENUM - ok
20:13:21.0695 1284  isapnp - ok
20:13:21.0695 1284  iScsiPrt - ok
20:13:21.0695 1284  jhi_service - ok
20:13:21.0711 1284  JMCR - ok
20:13:21.0711 1284  johci - ok
20:13:21.0711 1284  kbdclass - ok
20:13:21.0711 1284  kbdhid - ok
20:13:21.0711 1284  KeyIso - ok
20:13:21.0711 1284  KSecDD - ok
20:13:21.0726 1284  KSecPkg - ok
20:13:21.0726 1284  ksthunk - ok
20:13:21.0726 1284  KtmRm - ok
20:13:21.0742 1284  LanmanServer - ok
20:13:21.0742 1284  LanmanWorkstation - ok
20:13:21.0742 1284  LightScribeService - ok
20:13:21.0758 1284  lltdio - ok
20:13:21.0758 1284  lltdsvc - ok
20:13:21.0758 1284  lmhosts - ok
20:13:21.0773 1284  LMS - ok
20:13:21.0773 1284  LSI_FC - ok
20:13:21.0789 1284  LSI_SAS - ok
20:13:21.0789 1284  LSI_SAS2 - ok
20:13:21.0789 1284  LSI_SCSI - ok
20:13:21.0789 1284  luafv - ok
20:13:21.0820 1284  MBAMProtector - ok
20:13:21.0820 1284  MBAMScheduler - ok
20:13:21.0836 1284  MBAMService - ok
20:13:21.0851 1284  McAfee Endpoint Encryption Agent - ok
20:13:21.0851 1284  Mcx2Svc - ok
20:13:21.0851 1284  megasas - ok
20:13:21.0851 1284  MegaSR - ok
20:13:21.0851 1284  MEIx64 - ok
20:13:21.0867 1284  MfeEpeOpal - ok
20:13:21.0867 1284  MfeEpePc - ok
20:13:21.0882 1284  MMCSS - ok
20:13:21.0882 1284  Modem - ok
20:13:21.0882 1284  monitor - ok
20:13:21.0898 1284  mouclass - ok
20:13:21.0898 1284  mouhid - ok
20:13:21.0898 1284  mountmgr - ok
20:13:21.0914 1284  MozillaMaintenance - ok
20:13:21.0929 1284  mpio - ok
20:13:21.0929 1284  mpsdrv - ok
20:13:21.0929 1284  MpsSvc - ok
20:13:21.0929 1284  MRxDAV - ok
20:13:21.0929 1284  mrxsmb - ok
20:13:21.0945 1284  mrxsmb10 - ok
20:13:21.0945 1284  mrxsmb20 - ok
20:13:21.0945 1284  msahci - ok
20:13:21.0945 1284  msdsm - ok
20:13:21.0945 1284  MSDTC - ok
20:13:21.0960 1284  Msfs - ok
20:13:21.0960 1284  mshidkmdf - ok
20:13:21.0960 1284  msisadrv - ok
20:13:21.0960 1284  MSiSCSI - ok
20:13:21.0960 1284  msiserver - ok
20:13:21.0976 1284  MSKSSRV - ok
20:13:21.0976 1284  MSPCLOCK - ok
20:13:21.0976 1284  MSPQM - ok
20:13:21.0976 1284  MsRPC - ok
20:13:21.0992 1284  mssmbios - ok
20:13:21.0992 1284  MSTEE - ok
20:13:21.0992 1284  MTConfig - ok
20:13:21.0992 1284  Mup - ok
20:13:21.0992 1284  mysql - ok
20:13:22.0007 1284  napagent - ok
20:13:22.0007 1284  NativeWifiP - ok
20:13:22.0023 1284  NDIS - ok
20:13:22.0023 1284  NdisCap - ok
20:13:22.0023 1284  NdisTapi - ok
20:13:22.0023 1284  Ndisuio - ok
20:13:22.0023 1284  NdisWan - ok
20:13:22.0023 1284  NDProxy - ok
20:13:22.0054 1284  Net Driver HPZ12 - ok
20:13:22.0054 1284  NetBIOS - ok
20:13:22.0054 1284  NetBT - ok
20:13:22.0054 1284  Netlogon - ok
20:13:22.0054 1284  Netman - ok
20:13:22.0070 1284  NetMsmqActivator - ok
20:13:22.0070 1284  NetPipeActivator - ok
20:13:22.0070 1284  netprofm - ok
20:13:22.0085 1284  NetTcpActivator - ok
20:13:22.0085 1284  NetTcpPortSharing - ok
20:13:22.0085 1284  NETwNs64 - ok
20:13:22.0085 1284  nfrd960 - ok
20:13:22.0101 1284  NlaSvc - ok
20:13:22.0101 1284  Npfs - ok
20:13:22.0101 1284  nsi - ok
20:13:22.0101 1284  nsiproxy - ok
20:13:22.0101 1284  Ntfs - ok
20:13:22.0116 1284  Null - ok
20:13:22.0116 1284  nusb3hub - ok
20:13:22.0116 1284  nusb3xhc - ok
20:13:22.0132 1284  NUServer64 - ok
20:13:22.0132 1284  NUS_Bus - ok
20:13:22.0148 1284  nvraid - ok
20:13:22.0148 1284  nvstor - ok
20:13:22.0163 1284  nv_agp - ok
20:13:22.0163 1284  ohci1394 - ok
20:13:22.0179 1284  ose - ok
20:13:22.0179 1284  osppsvc - ok
20:13:22.0179 1284  p2pimsvc - ok
20:13:22.0179 1284  p2psvc - ok
20:13:22.0194 1284  Panda Software Controller - ok
20:13:22.0210 1284  Parport - ok
20:13:22.0210 1284  partmgr - ok
20:13:22.0210 1284  PassThru Service - ok
20:13:22.0226 1284  PavAt3Scheduler - ok
20:13:22.0226 1284  PavSrv - ok
20:13:22.0226 1284  PavWASLpMng - ok
20:13:22.0226 1284  PcaSvc - ok
20:13:22.0226 1284  pci - ok
20:13:22.0241 1284  pciide - ok
20:13:22.0241 1284  pcmcia - ok
20:13:22.0241 1284  pcw - ok
20:13:22.0257 1284  pdfcDispatcher - ok
20:13:22.0257 1284  PdiService - ok
20:13:22.0257 1284  PEAUTH - ok
20:13:22.0257 1284  PeerDistSvc - ok
20:13:22.0257 1284  PerfHost - ok
20:13:22.0272 1284  PersonalSecureDrive - ok
20:13:22.0272 1284  PersonalSecureDriveService - ok
20:13:22.0272 1284  pla - ok
20:13:22.0272 1284  PlugPlay - ok
20:13:22.0288 1284  Pml Driver HPZ12 - ok
20:13:22.0288 1284  PNRPAutoReg - ok
20:13:22.0288 1284  PNRPsvc - ok
20:13:22.0304 1284  PolicyAgent - ok
20:13:22.0304 1284  Power - ok
20:13:22.0304 1284  PptpMiniport - ok
20:13:22.0304 1284  Processor - ok
20:13:22.0304 1284  ProfSvc - ok
20:13:22.0319 1284  ProtectedStorage - ok
20:13:22.0319 1284  Psched - ok
20:13:22.0319 1284  PSImSvc - ok
20:13:22.0319 1284  PskSvc - ok
20:13:22.0319 1284  PxHlpa64 - ok
20:13:22.0335 1284  ql2300 - ok
20:13:22.0335 1284  ql40xx - ok
20:13:22.0335 1284  QWAVE - ok
20:13:22.0335 1284  QWAVEdrv - ok
20:13:22.0335 1284  RasAcd - ok
20:13:22.0350 1284  RasAgileVpn - ok
20:13:22.0350 1284  RasAuto - ok
20:13:22.0350 1284  Rasl2tp - ok
20:13:22.0350 1284  RasMan - ok
20:13:22.0350 1284  RasPppoe - ok
20:13:22.0366 1284  RasSstp - ok
20:13:22.0366 1284  rdbss - ok
20:13:22.0366 1284  rdpbus - ok
20:13:22.0366 1284  RDPCDD - ok
20:13:22.0366 1284  RDPDR - ok
20:13:22.0382 1284  RDPENCDD - ok
20:13:22.0382 1284  RDPREFMP - ok
20:13:22.0382 1284  RDPWD - ok
20:13:22.0382 1284  rdyboost - ok
20:13:22.0382 1284  RemoteAccess - ok
20:13:22.0397 1284  RemoteRegistry - ok
20:13:22.0397 1284  RFCOMM - ok
20:13:22.0397 1284  RoxMediaDB12OEM - ok
20:13:22.0413 1284  RpcEptMapper - ok
20:13:22.0413 1284  RpcLocator - ok
20:13:22.0413 1284  RpcSs - ok
20:13:22.0413 1284  rspndr - ok
20:13:22.0413 1284  s3cap - ok
20:13:22.0413 1284  SamSs - ok
20:13:22.0428 1284  sbp2port - ok
20:13:22.0428 1284  SCardSvr - ok
20:13:22.0428 1284  scfilter - ok
20:13:22.0428 1284  Schedule - ok
20:13:22.0428 1284  SCPolicySvc - ok
20:13:22.0444 1284  sdbus - ok
20:13:22.0444 1284  SDRSVC - ok
20:13:22.0444 1284  secdrv - ok
20:13:22.0444 1284  seclogon - ok
20:13:22.0444 1284  SENS - ok
20:13:22.0444 1284  SensrSvc - ok
20:13:22.0460 1284  Serenum - ok
20:13:22.0460 1284  Serial - ok
20:13:22.0460 1284  sermouse - ok
20:13:22.0475 1284  SessionEnv - ok
20:13:22.0475 1284  sffdisk - ok
20:13:22.0475 1284  sffp_mmc - ok
20:13:22.0475 1284  sffp_sd - ok
20:13:22.0475 1284  sfloppy - ok
20:13:22.0491 1284  SharedAccess - ok
20:13:22.0491 1284  ShellHWDetection - ok
20:13:22.0491 1284  SiSRaid2 - ok
20:13:22.0491 1284  SiSRaid4 - ok
20:13:22.0491 1284  Smb - ok
20:13:22.0522 1284  snapman - ok
20:13:22.0522 1284  SNMPTRAP - ok
20:13:22.0522 1284  SNP2UVC - ok
20:13:22.0538 1284  Sony PC Companion - ok
20:13:22.0553 1284  spldr - ok
20:13:22.0553 1284  Spooler - ok
20:13:22.0553 1284  sppsvc - ok
20:13:22.0553 1284  sppuinotify - ok
20:13:22.0553 1284  srv - ok
20:13:22.0553 1284  srv2 - ok
20:13:22.0569 1284  srvnet - ok
20:13:22.0569 1284  SSDPSRV - ok
20:13:22.0569 1284  SstpSvc - ok
20:13:22.0584 1284  STacSV - ok
20:13:22.0584 1284  stexstor - ok
20:13:22.0600 1284  STHDA - ok
20:13:22.0616 1284  stisvc - ok
20:13:22.0616 1284  stllssvr - ok
20:13:22.0616 1284  storflt - ok
20:13:22.0616 1284  StorSvc - ok
20:13:22.0616 1284  storvsc - ok
20:13:22.0631 1284  swenum - ok
20:13:22.0631 1284  swprv - ok
20:13:22.0631 1284  SynTP - ok
20:13:22.0631 1284  SysMain - ok
20:13:22.0631 1284  TabletInputService - ok
20:13:22.0631 1284  TapiSrv - ok
20:13:22.0647 1284  TBS - ok
20:13:22.0647 1284  Tcpip - ok
20:13:22.0647 1284  TCPIP6 - ok
20:13:22.0662 1284  tcpipreg - ok
20:13:22.0662 1284  TDPIPE - ok
20:13:22.0678 1284  tdrpman258 - ok
20:13:22.0678 1284  TDTCP - ok
20:13:22.0678 1284  tdx - ok
20:13:22.0694 1284  TeamViewer7 - ok
20:13:22.0694 1284  TermDD - ok
20:13:22.0694 1284  TermService - ok
20:13:22.0694 1284  Themes - ok
20:13:22.0694 1284  THREADORDER - ok
20:13:22.0709 1284  timounter - ok
20:13:22.0709 1284  TPM - ok
20:13:22.0709 1284  TrkWks - ok
20:13:22.0725 1284  TrustedInstaller - ok
20:13:22.0725 1284  tssecsrv - ok
20:13:22.0725 1284  TsUsbFlt - ok
20:13:22.0740 1284  tunnel - ok
20:13:22.0740 1284  uagp35 - ok
20:13:22.0740 1284  uArcCapture - ok
20:13:22.0756 1284  udfs - ok
20:13:22.0756 1284  UI0Detect - ok
20:13:22.0756 1284  Uim_VIM - ok
20:13:22.0772 1284  uliagpkx - ok
20:13:22.0787 1284  umbus - ok
20:13:22.0787 1284  UmPass - ok
20:13:22.0787 1284  UmRdpService - ok
20:13:22.0787 1284  UNS - ok
20:13:22.0787 1284  upnphost - ok
20:13:22.0803 1284  usbccgp - ok
20:13:22.0803 1284  usbcir - ok
20:13:22.0803 1284  usbehci - ok
20:13:22.0803 1284  usbhub - ok
20:13:22.0803 1284  usbohci - ok
20:13:22.0818 1284  usbprint - ok
20:13:22.0818 1284  usbscan - ok
20:13:22.0834 1284  USBSTOR - ok
20:13:22.0834 1284  usbuhci - ok
20:13:22.0834 1284  usbvideo - ok
20:13:22.0834 1284  UxSms - ok
20:13:22.0834 1284  VaultSvc - ok
20:13:22.0850 1284  vcsFPService - ok
20:13:22.0850 1284  vdrvroot - ok
20:13:22.0850 1284  vds - ok
20:13:22.0850 1284  vga - ok
20:13:22.0865 1284  VgaSave - ok
20:13:22.0865 1284  vhdmp - ok
20:13:22.0865 1284  viaide - ok
20:13:22.0865 1284  vidsflt61 - ok
20:13:22.0865 1284  VmbService - ok
20:13:22.0881 1284  vmbus - ok
20:13:22.0881 1284  VMBusHID - ok
20:13:22.0881 1284  volmgr - ok
20:13:22.0881 1284  volmgrx - ok
20:13:22.0881 1284  volsnap - ok
20:13:22.0896 1284  vpcbus - ok
20:13:22.0896 1284  vpcnfltr - ok
20:13:22.0912 1284  vpcusb - ok
20:13:22.0912 1284  vpcvmm - ok
20:13:22.0928 1284  vsmraid - ok
20:13:22.0928 1284  VSS - ok
20:13:22.0928 1284  vwifibus - ok
20:13:22.0928 1284  vwififlt - ok
20:13:22.0943 1284  vwifimp - ok
20:13:22.0943 1284  W32Time - ok
20:13:22.0943 1284  WacomPen - ok
20:13:22.0959 1284  WANARP - ok
20:13:22.0959 1284  Wanarpv6 - ok
20:13:22.0959 1284  WASAgent - ok
20:13:22.0959 1284  WASWD - ok
20:13:22.0974 1284  WatAdminSvc - ok
20:13:22.0974 1284  wbengine - ok
20:13:22.0974 1284  WbioSrvc - ok
20:13:22.0974 1284  wcncsvc - ok
20:13:22.0974 1284  WcsPlugInService - ok
20:13:22.0990 1284  Wd - ok
20:13:22.0990 1284  Wdf01000 - ok
20:13:22.0990 1284  WdiServiceHost - ok
20:13:22.0990 1284  WdiSystemHost - ok
20:13:22.0990 1284  WebClient - ok
20:13:22.0990 1284  Wecsvc - ok
20:13:23.0006 1284  wercplsupport - ok
20:13:23.0006 1284  WerSvc - ok
20:13:23.0021 1284  WfpLwf - ok
20:13:23.0021 1284  WIMMount - ok
20:13:23.0021 1284  WinDefend - ok
20:13:23.0021 1284  WinHttpAutoProxySvc - ok
20:13:23.0037 1284  Winmgmt - ok
20:13:23.0037 1284  WinRM - ok
20:13:23.0037 1284  WinUSB - ok
20:13:23.0037 1284  Wlansvc - ok
20:13:23.0052 1284  wlidsvc - ok
20:13:23.0052 1284  WmiAcpi - ok
20:13:23.0052 1284  wmiApSrv - ok
20:13:23.0052 1284  WMPNetworkSvc - ok
20:13:23.0052 1284  WPCSvc - ok
20:13:23.0068 1284  WPDBusEnum - ok
20:13:23.0068 1284  ws2ifsl - ok
20:13:23.0068 1284  wscsvc - ok
20:13:23.0068 1284  WSDPrintDevice - ok
20:13:23.0068 1284  WSearch - ok
20:13:23.0068 1284  wuauserv - ok
20:13:23.0084 1284  WudfPf - ok
20:13:23.0099 1284  WUDFRd - ok
20:13:23.0099 1284  wudfsvc - ok
20:13:23.0099 1284  WwanSvc - ok
20:13:23.0130 1284  ================ Scan global ===============================
20:13:23.0130 1284  [Global] - ok
20:13:23.0130 1284  ================ Scan MBR ==================================
20:13:23.0146 1284  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:13:23.0442 1284  \Device\Harddisk0\DR0 - ok
20:13:23.0442 1284  ================ Scan VBR ==================================
20:13:23.0442 1284  ============================================================
20:13:23.0442 1284  Scan finished
20:13:23.0442 1284  ============================================================
20:13:23.0458 1288  Detected object count: 0
20:13:23.0458 1288  Actual detected object count: 0

Alt 12.10.2012, 20:27   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Agent eingefangen - Standard

Trojan.Agent eingefangen


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.10.2012, 21:09   #30
strichsieben
 
Trojan.Agent eingefangen - Standard

Trojan.Agent eingefangen


Ups, mit einigem Herzklopfen geschafft :-)

Hier das Ergebnis:

Code:
ATTFilter
Combofix Logfile:


	
Code: 

 
ATTFilter


  

	
ComboFix 12-10-12.01 - user 12.10.2012  21:38:42.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4046.2029 [GMT 2:00]
ausgeführt von:: c:\users\user\Downloads\ComboFix.exe
AV: Panda Endpoint Protection *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Endpoint Protection *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
c:\users\user\AppData\Roaming\JomCap.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-12 bis 2012-10-12  ))))))))))))))))))))))))))))))
.
.
2012-10-12 19:45 . 2012-10-12 19:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-12 19:45 . 2012-10-12 19:45	--------	d-----w-	c:\users\Administrator.user-HP\AppData\Local\temp
2012-10-12 19:17 . 2012-10-12 19:17	--------	d-----w-	c:\users\user\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-10-12 11:08 . 2012-08-30 07:27	9308616	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E30B84BD-0E33-401C-88AD-66F75F08F82A}\mpengine.dll
2012-10-12 08:51 . 2009-08-19 21:50	24416	----a-r-	c:\windows\system32\AdobePDFUI.dll
2012-10-11 19:12 . 2012-10-11 19:12	--------	d-----w-	C:\_OTL
2012-10-10 04:40 . 2012-10-10 04:40	--------	d-----w-	c:\program files (x86)\ESET
2012-10-10 04:40 . 2012-08-31 18:19	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-10-10 04:40 . 2012-08-30 18:03	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-10-10 04:40 . 2012-08-30 17:12	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 04:40 . 2012-08-30 17:12	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 04:40 . 2012-09-14 19:19	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-10 04:40 . 2012-09-14 18:28	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-10-09 17:51 . 2012-09-07 15:04	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-09 12:40 . 2012-10-09 12:40	--------	d-----w-	c:\programdata\Local Settings
2012-09-26 06:32 . 2012-08-21 21:01	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-09-23 18:35 . 2012-09-23 18:35	31344	----a-w-	c:\windows\system32\drivers\cnnctfy2.sys
2012-09-23 09:42 . 2012-09-23 09:42	--------	d-----w-	c:\users\user\AppData\Local\Sony
2012-09-23 08:34 . 2012-09-23 08:34	27760	----a-w-	c:\windows\system32\drivers\ggsemc.sys
2012-09-23 08:34 . 2012-09-23 08:34	14448	----a-w-	c:\windows\system32\drivers\ggflt.sys
2012-09-23 08:34 . 2012-09-23 08:34	--------	d-----w-	c:\programdata\Sony Ericsson
2012-09-23 08:34 . 2012-09-23 08:34	--------	d-----w-	c:\program files (x86)\Sony Ericsson
2012-09-23 08:33 . 2012-09-23 08:33	--------	d-----w-	c:\programdata\Sony
2012-09-23 08:33 . 2012-09-23 08:33	--------	d-----w-	c:\program files (x86)\Sony
2012-09-21 15:54 . 2012-09-21 15:54	--------	d-----w-	c:\users\user\AppData\Local\Symantec_Corporation
2012-09-21 15:33 . 2007-03-21 19:39	1060864	----a-w-	c:\windows\SysWow64\MFC71.DLL
2012-09-21 15:33 . 2007-03-21 19:33	503808	----a-w-	c:\windows\SysWow64\MSVCP71.DLL
2012-09-21 15:33 . 2007-03-21 19:33	348160	----a-w-	c:\windows\SysWow64\MSVCR71.DLL
2012-09-21 15:33 . 2012-09-21 15:33	--------	d-----w-	c:\program files (x86)\Symantec
2012-09-21 15:29 . 2012-09-25 19:54	--------	d-----w-	c:\programdata\Symantec
2012-09-17 11:36 . 2012-09-18 15:37	--------	d-----w-	c:\users\user\AppData\Roaming\SuperMailer
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 17:14 . 2011-08-24 09:53	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-08-22 18:12 . 2012-09-12 13:23	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 13:23	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 13:23	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 13:23	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 04:39	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 13:23	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 13:23	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-07-18 18:15 . 2012-08-15 11:14	3148800	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FMCore.exe"="c:\program files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe" [2011-10-27 9211392]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2736128]
"USB Server"="c:\program files (x86)\USB Server 2\USB Server.exe" [2011-07-13 2084864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Panda Software Controller Client"="c:\program files (x86)\Panda Security\WAC\PSCtrlC.exe" [2010-09-21 140096]
"StartCCC"="d:\ati\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IFXSPMGT"="c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2011-10-20 1126264]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Acrobat Speed Launcher"="d:\adobe cs\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944]
"Acrobat Assistant 8.0"="d:\adobe cs\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-07-06 323128]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-08-26 12277248]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-02-03 23:09	75360	----a-w-	c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	DPPassFilter scecli
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2012-03-05 379696]
R2 backupsvc;Backup Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-07-15 137272]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [2009-10-06 199168]
R3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;c:\windows\system32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [2010-06-23 25656]
R3 EvoMouseDriverMini;EvoMouseDriverMini;c:\windows\system32\drivers\EvoMouseDriverMini.sys [2010-06-23 22584]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-10-18 117248]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-10-18 13952]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2011-10-18 415232]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-08-25 1038088]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2011-01-14 66608]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-09-23 14448]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-05-23 1098296]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 NUServer64;Network USB Server Device ;c:\windows\system32\DRIVERS\NUServer64.sys [2010-09-17 240128]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2011-01-15 1116656]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-14 1255736]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-08-30 89600]
R4 FirebirdGuardianMondoLocal21;Firebird Guardian - MondoLocal21;c:\program files (x86)\Common Files\Mondo Media\FirebirdLocal21\bin\fbguard.exe [2010-05-19 81920]
R4 FirebirdServerMondoLocal21;Firebird Server - MondoLocal21;c:\program files (x86)\Common Files\Mondo Media\FirebirdLocal21\bin\fbserver.exe [2010-05-19 2736128]
R4 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-08-22 1318912]
R4 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-11 1128952]
R4 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-10-19 9216]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-04-15 133728]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2012-05-25 1477728]
S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [2012-04-15 142944]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2011-10-20 44576]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-05-25 3987376]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-06 203776]
S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm6460.sys [2011-03-07 70216]
S2 Apache2.2;Apache2.2;e:\websites\xampp\apache\bin\httpd.exe [2010-10-18 20549]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2011-05-09 64312]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe [2010-06-21 81920]
S2 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2011-09-05 476728]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-08-26 322048]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-07-06 1698360]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-23 212944]
S2 MBAMScheduler;MBAMScheduler;d:\malwarebytes' anti-malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [2012-09-07 676936]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 PavAt3Scheduler;Panda Endpoint Scheduler;c:\program files (x86)\Panda Security\WaAgent\Scheduler\PavSched.exe [2011-06-27 140544]
S2 PavWASLpMng;Panda Endpoint Local Process Manager;c:\program files (x86)\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe [2011-06-10 314696]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-03-16 113264]
S2 PskSvc;Panda Kernel Service;c:\program files (x86)\Panda Security\WAC\psksvc.exe [2010-08-16 27968]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-10 2673064]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-03 2656280]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-08-23 3175728]
S2 WASAgent;Panda Endpoint Communications Agent;c:\program files (x86)\Panda Security\WaAgent\WasAgent\WasAgent.exe [2011-05-31 322376]
S2 WASWD;Panda Endpoint Watchdog;c:\program files (x86)\Panda Security\WaAgent\WasWD\WasWD.exe [2011-05-31 206664]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-05-25 279136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-06 9090048]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-06 299520]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2011-08-30 349736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-08-30 39464]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-05-04 340656]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [2009-10-06 29696]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe [2010-06-21 2043904]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-10-18 86016]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-30 174168]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2011-02-08 26712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-30 8507392]
S3 NUS_Bus;Network USB Server Bus;c:\windows\system32\DRIVERS\NUS_Bus.sys [2010-01-28 30208]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-21 c:\windows\Tasks\HPCeeScheduleForUSER-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-10-11 c:\windows\Tasks\HPCeeScheduleForuser.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-07-15 14904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-08-30 1128448]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\Panda Security\WAC\pavlsp.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{CD0E7E29-4039-4E7D-9809-FAF20533E739}: NameServer = 139.7.30.125 139.7.30.126
TCP: Interfaces\{E8E2EF79-C678-45E9-B18F-F129137F0F70}: NameServer = 139.7.30.126 139.7.30.125
TCP: Interfaces\{F0C002AB-9062-43A8-9E57-91FBC3BDC9C2}: NameServer = 139.7.30.125 139.7.30.126
TCP: Interfaces\{F3331F22-4E71-47F2-AD92-72CEF5AE0FBE}: NameServer = 139.7.30.125 139.7.30.126
TCP: Interfaces\{FC658871-D813-4D0F-A4EC-E90B40B807C5}: NameServer = 139.7.30.125 139.7.30.126
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\76a3a1ce.default\
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.newTab - false
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - e663b1d7000000000000a088b4745191
FF - user.js: extensions.Softonic.instlDay - 15561
FF - user.js: extensions.Softonic.vrsn - 1.6.7.4
FF - user.js: extensions.Softonic.vrsni - 1.6.7.4
FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.7.416:10
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - INF1205T01
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-Microsoft Default Manager - c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4182247998-97663695-2394748825-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{479ADDC1-FD9B-AD86-2D6F-CC4833D6B9B3}*]
"naclaiagpmoakkinbefpdcbiione"=hex:69,61,6a,66,66,66,68,6c,6f,6a,6c,66,6f,6f,
   6d,6f,61,69,00,00
"oaajmonegbojcabokmacijdliipmnp"=hex:61,61,00,00
"oafifmmhcmcmfeomakcjelaohgidcb"=hex:66,61,6f,66,70,6a,65,70,70,6d,62,64,00,00
"pabjonakanohjghchcbnpdieogemggjf"=hex:64,62,69,66,61,65,6a,70,68,69,66,63,6b,
   63,6f,67,70,67,66,6b,69,6d,6a,6c,6d,6e,64,6f,6f,69,70,65,70,6c,6e,70,6a,68,\
"oamlkjmopmojjpmigchepjphmjakkj"=hex:69,61,6a,66,66,66,68,6c,6f,6a,6c,66,6f,6f,
   6d,6f,61,69,00,00
.
[HKEY_USERS\S-1-5-21-4182247998-97663695-2394748825-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{47F6481C-9464-F509-B90C-51E178BB8D60}*]
"paimipknabpiinmholdhnhcbkglmkimi"=hex:69,61,64,68,6b,6a,6c,67,6d,61,6e,6a,6b,
   66,70,6c,6a,62,00,00
"oaomnieiipngcandmdnbdmndjjafbb"=hex:69,61,64,68,6b,6a,6c,67,6d,61,6e,6a,6b,66,
   70,6c,6a,62,00,00
"oaglgikpnhnjlpffmogooifapnklei"=hex:61,61,00,00
"naikbmljpmhgijdkgckijckfillf"=hex:66,61,67,6e,68,61,6d,6a,62,67,6b,70,00,00
"abhkffdmfikfljjlakogjiiinhpamfaekj"=hex:64,62,68,6e,6d,6a,62,6a,66,67,6e,6f,
   6a,67,70,6f,69,6e,6f,6f,6c,68,62,63,68,6b,6f,64,66,6e,6d,69,62,6a,63,6c,6d,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\;é0€V*€*]
@="????\02"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\:M>-**€*f$*]
@="??-??$"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\=÷Nu**€*]
@="??u?\02"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\÷Nu**€*]
@="??u?\02"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\]÷Nu**€*]
@="??u?\0e"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\½÷Nu**€*]
@="??u?\02"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\Ý÷Nu**€*]
@="??u?\02"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\i*]
@="?i"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Panda Security\WAC\pavsrvx86.exe
c:\program files (x86)\Panda Security\WAC\AVENGINE.EXE
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
d:\malwarebytes' anti-malware\mbamgui.exe
e:\websites\xampp\mysql\bin\mysqld.exe
c:\program files (x86)\Panda Security\WAC\PsCtrlS.exe
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
c:\program files (x86)\Panda Security\WAC\PSIMSVC.EXE
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Panda Security\WAC\WebProxy.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-12  22:00:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-12 20:00
.
Vor Suchlauf: 14 Verzeichnis(se), 71.883.112.448 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 70.782.099.456 Bytes frei
.
- - End Of File - - 04E4AE6C1632762FCF75595D6FCC1228
         
 
--- --- ---

Antwort
Seite 2 von 3 1 2 3

Themen zu Trojan.Agent eingefangen
administrator, analyse, anti-malware, autostart, bösartige, dateien, einfach, eingefangen, explorer, gefangen, gefunde, löschen, microsoft, minute, objekte, registrierung, service, service pack 1, software, speicher, temp, troja, trojan.agent, version, verzeichnisse


« ChatZum entfernen? | Trojan.Dropper & Trojan.FakeAlert & Trojan.Downloader »


Ähnliche Themen: Trojan.Agent eingefangen


  1. 2 Trojaner eingefangen durch E-Mail-Anhänge // Trojan-Banker.Win32.Agent.ubo und Trojan.Win32.Yakes.ghny
    Log-Analyse und Auswertung - 19.07.2015 (28)
  2. Trojan.Agent und Backdoor.Agent eingefangen
    Plagegeister aller Art und deren Bekämpfung - 29.11.2013 (18)
  3. trojan.agent/Gen-frauder und trojan.agent/Gen-Reputation gefunden
    Log-Analyse und Auswertung - 02.11.2013 (10)
  4. WinXp Trojan.Agent/Gen-Reputation Stolen.Data Trojan.Agent/Gen-DunDun Win32/Spy.Banker.YPK trojan
    Log-Analyse und Auswertung - 29.10.2013 (7)
  5. Trojan.Ransom.ED, Trojan.Agent.ED, Trojan.FakeMS.PRGen und Bublik b. durch Email erhalten?
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (29)
  6. Win.Trojan.Agent-228583, Win.Trojan.Expiro-1161 und Win.Trojan.Agent-232649
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (8)
  7. Trojan.Fakesmoke, Trojan.Agent-128337, Trojan.Agent-128287 bei Desinfect 2012 (Clam AV)
    Log-Analyse und Auswertung - 06.02.2013 (17)
  8. Trojaner gefunden: Win 32:Patcher [Trj], Win.Trojan.Agent-36124, Win.Trojan.Agent-44393
    Log-Analyse und Auswertung - 02.02.2013 (7)
  9. Trojan.Downloader, Trojan.Agent.VGENX, Trojan.Agent, PUP.Pantsoff.PasswordFinder, TR/spy.banker.gen5
    Log-Analyse und Auswertung - 27.10.2012 (1)
  10. Wohl mehrere Viren: Rootkit.0Access Trojan.Zaccess Trojan.RansomP.Gen Trojan.Agent bzw. TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (13)
  11. Trojan.Apppatch,Trojan.Agent.BVXGen und Trojan.Midhos in C:\Users\inet-kid\AppData,TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (35)
  12. Trojan.Agent, Backdoor.Agent, Trojan.Banker > 10 Trojaner auf einem PC
    Log-Analyse und Auswertung - 22.07.2012 (0)
  13. Trojan.BHO, Spyware.Passwords.XGen, Trojan.Dropper und Trojan.Agent mit Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.12.2010 (9)
  14. TR/Agent.avs' [trojan - "eingefangen über Yahoo Messenger"
    Plagegeister aller Art und deren Bekämpfung - 30.10.2010 (36)
  15. Diverse Trojaner vom Typ Trojan.Rodecap, Trojan.Dropper und Trojan.Agent! Brauche dringend Hilfe!
    Log-Analyse und Auswertung - 09.08.2010 (16)
  16. Hilfe!! Trojan-Dropper.SEH(W32/Agent.HZTR) eingefangen
    Mülltonne - 24.12.2008 (1)
  17. Hilfe!! Trojan-Dropper.SEH(W32/Agent.HZTR) eingefangen
    Mülltonne - 23.12.2008 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojan.Agent eingefangen - Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: - Trojan.Agent eingefangen...
Archiv
Du betrachtest: Trojan.Agent eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129