Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Vodafone PDF Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.11.2012, 16:27   #1
thomasasdf
 
Vodafone PDF Trojaner - Standard

Vodafone PDF Trojaner



Hallo,

auch ich hab eine Fake-Vodafone-Rechnung per PDF bekommen. Die E-Mail war seriös gestaltet und da ich auch Vodafone Kunde bin habe ich das PDF-File geöffnet. Allerdings habe ich dann schnell gemerkt, dass es sich um ein Fake handelt.

Mit Avira AntiVir habe ich bereits einen Scan gemacht, allerdings wurde nichts gefunden.

Ich verwende Adobe Reader 10.1.4. Alle Windows Updates sind auf dem neuesten Stand. Während ich das PDF File geöffnet hatte war keine Internetverbindung vorhanden. Bis jetzt hab ich auch noch keine Auffälligkeiten bemerkt, allerdings nutze ich den Laptop für Onlinebanking und auch beruflich und möchte somit sicher gehen, dass mein System wirklich sauber ist (wenn möglich ohne Neuinstallation).

Ich habe anschließend das Dokument bei https://joedd.joesecurity.org gescannt und dieser sagt, dass unter der Adobe Reader Version 10.1.3 (ich habe 10.1.4!) nichts gefunden wurde. Nur bei Version 8.1.2.

 
,Analysis System, Detection
XP SP3, Acrobat Reader 8.1.2, malicious
XP SP3, Acrobat Reader 9.3.4, clean
XP SP3, Acrobat Reader 9.4.6, clean
XP SP3, Acrobat Reader 10.1.3, clean


OTL Logfile
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.11.2012 15:18:00 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\******\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 43,01% Memory free
7,80 Gb Paging File | 5,61 Gb Available in Paging File | 71,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 51,74 Gb Free Space | 43,43% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 411,24 Gb Free Space | 88,29% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP****** | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D29E0D-0B94-4B41-96B1-46BBEC88AA9C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{035F7AC4-7EE6-4C0B-8D78-B4897DBC0869}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{050E517F-C680-47CD-91E5-8283DEBB45AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{195680FC-DBC1-4F8B-985B-72B774A53469}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{21C853BE-BB3E-475A-81EA-D962637C2D17}" = lport=137 | protocol=17 | dir=in | app=system | 
"{31C0D989-A651-4A74-B5A7-8BDDD4321139}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4998C3FE-F183-4E54-9D01-93F0CEC435E6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{51D3A7A9-C5BC-418C-B83A-4D925E27F156}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6EA511FA-1665-47BF-8DD9-DF7277609F3A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7632894A-62EB-4B9A-AFC4-AD3CAE83BA1D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A47B18BC-6772-4B0B-8531-54CC7885A482}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ACC34A52-8027-45AA-B0BA-FA747492EA4D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AF73A3A4-7F05-46F9-BF8F-71A373CF45CA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B4DAD413-6611-42F0-849E-83D1F5F2A3E9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D0460A0C-9C66-4F48-BC55-6F91C8EE4E20}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DCFACAF6-4014-478F-AC69-7DBA45E24B22}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E4CE2EBE-3E1C-41A0-8379-9205555C4982}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E73D6544-5A83-4E0E-8F06-8DE03C949A70}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EEA6E78D-CBB6-402E-8001-BC73660E6E1C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F1709317-B649-42F7-BCCF-1A8469F9D4A4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F99F54E9-4894-43F4-BC33-E37FF35247DD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FD521A32-FC86-495B-ADFE-5C29ECD415C2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AEC287-0789-4F98-998D-A1BD61F31027}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{0C02FE3E-08C5-4825-AAD6-F4298DBB12B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0C285DE7-7D42-4F66-9EBC-8F0F49E5A515}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0CE0C961-DCDE-4937-B070-F8A0F8F3AEC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0CE4A34C-906C-45CA-B0E3-1F8911F55382}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{129DD792-F3EE-43B9-90AD-E7D68D3C3788}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{13571462-6382-4F29-BDC4-BBC2F8216A99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{268B472B-A64E-4C2B-96F3-FCEF43D59247}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{349BD310-DA94-4067-8DAF-9268B526A23C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{38C52AF9-70F6-4723-B01C-5254A3632FC7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3973EA6E-FBFE-463C-83F3-61936F25B4AA}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\app\starmoney.exe | 
"{3CF6F281-4AA9-477F-8625-8B7B985FF0B5}" = protocol=6 | dir=out | app=system | 
"{429B5194-261E-4ABA-A783-C30B4EEC5CCC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{491979D5-E812-4CC3-9269-13AE221DE83E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{549BBECB-0FA5-4EA6-A031-AD36AFA84554}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{56E7C27F-30A6-47CD-AAFC-E13F9BE8A653}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{5C8003E2-DF61-4234-98BF-5EC6D2F122A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{65DF79F5-9A54-4F6B-AE43-4426F3E25AC9}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{7A1AD692-E7AE-468A-861A-60AA05E6BAB7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{7A3B631A-6243-4B06-8C70-1B1B2EE33296}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7C14087B-74D3-4536-92F3-F2A5EA61C0DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{80EF4E06-B378-4F64-A565-578FE4CDA3AF}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\app\starmoney.exe | 
"{819F5B25-2842-42A6-BFC0-3F3E7246882E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8CF28B38-B9E7-4B27-B422-9867CCA34EB8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8EAD63D9-731C-4DE0-A532-FCD4F8DFF13A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9120543E-92A5-4364-8029-E84A774F54CD}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe | 
"{9B2CAF00-5E50-4D11-88A1-7E8CDE6ED45D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{AB2A318C-59A7-4D73-A209-D05507CB9E1F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AD46FF1E-3711-427A-B282-0B20948A5A81}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B24DDF93-B4A0-4598-9A0A-4FA06EDC9060}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{B3518DAC-BB34-4557-BBC3-2672533A5591}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{B789E219-FC23-4814-A311-EC6466D8961E}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{B8A7022A-46B3-4CFE-9A78-843732F905C9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B9BF1853-481E-445A-822D-03A3F035F29B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{CD6EC559-2F02-48B8-91FC-2BF6F80842F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D41B96C5-6DE5-4C8F-ABB7-9F88D1F20BA9}" = protocol=6 | dir=in | app=c:\users\******\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D4626446-E530-40B3-83FF-9D7C98C8BB68}" = protocol=17 | dir=in | app=c:\users\******\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D4C47CDE-9758-4231-80B7-1FB59388305D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D737E85B-97E2-4DE7-B485-2DFBE3FC34CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DB68F748-BF84-4570-B091-7D136F266688}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DE43636E-6F8D-4B9F-AF88-9B6BD907ACB6}" = dir=in | app=c:\program files (x86)\pharossystems\core\ctskmstr.exe | 
"{E099641B-7132-409A-A461-312AE8C26EFC}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{E1B069B0-C4D1-41E5-94F5-C23171C8BC49}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{E2F975B0-5DA4-4DBD-85EB-9D1A85E53BC5}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{E49776C7-FA3C-4DBE-ABC3-1C80C80DFE33}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E55A711D-E578-47E4-8743-8E213AB68F70}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe | 
"{F491FBB5-EB66-4946-BCB6-93BCCF50C620}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F7C8526A-C751-416C-955B-3F0F449BE1B7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{F8A3EA9B-0E93-4879-A64E-E385D70EEFBE}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{FE80FF01-24B8-4966-B823-783FD9818C0B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FF9333E4-2DFD-4C0B-82DF-B20D3C0A28C0}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"TCP Query User{00F78F78-D498-42AC-B17B-86C954F88FD5}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{41F7B54E-41CC-4D10-B9CD-C809B3D56346}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe | 
"TCP Query User{53471F84-7EB0-4920-8824-21EA6BB8ECCD}C:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe | 
"TCP Query User{5AE4C19A-472D-427E-AC00-D53CB4AC52BA}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{73E5DE99-4A9B-4B77-AE53-E6564C351E10}C:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe | 
"TCP Query User{A0E0DC51-0FBD-40C5-8D35-246749A00C1A}C:\program files (x86)\z-dbackup\zftpcopy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\z-dbackup\zftpcopy.exe | 
"TCP Query User{ABC9FB14-91F3-41CC-901B-A0B0A4547956}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | 
"TCP Query User{AE38CFAE-EF4A-4FF8-9AAF-945C6B2CE652}C:\users\******\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\******\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{F212A9F4-6224-4F28-BD08-C83E5B78B20A}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{F6662ECA-9282-4DE0-81DC-931A27308A53}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe | 
"UDP Query User{13B0DCA3-B24D-4761-A3C3-BD3E3922B41F}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe | 
"UDP Query User{1C40AF3B-8035-4DFA-AEFA-55D0F656B4A2}C:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe | 
"UDP Query User{4FC2880A-B50F-4794-849B-870F4FEC3845}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe | 
"UDP Query User{64CB9D8F-6F58-45B6-814F-1DA419B81763}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{76FE5F44-585C-4BDD-9608-8BA71ECAB45D}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{78D29BB1-4CF2-4628-8871-5543846785C6}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{A977C4DC-F94D-4891-B4C8-3FF1837C7B9C}C:\users\******\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\******\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{C6E771D9-756D-42C4-BF13-49DC4B7E654C}C:\program files (x86)\z-dbackup\zftpcopy.exe" = protocol=17 | dir=in | app=c:\program files (x86)\z-dbackup\zftpcopy.exe | 
"UDP Query User{C786944C-9CA2-4CB3-B419-8FACAF405F49}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | 
"UDP Query User{FF794A00-B962-4786-B754-437ECD288D15}C:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{31a52f2e-32e8-4c8f-9d99-6fd0c37c99ef}" = Gigaset QuickSync
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5001E5BC-C9BF-4598-AB89-E7318C76C5F4}" = FRITZ!Fernzugang
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86E45973-5352-439F-A115-2E8EE4D40140}" = ActivClient x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94198F92-0C11-40FB-ADAD-D033C85D4D74}" = Drive Encryption for HP ProtectTools
"{991A4895-3346-4980-990F-A1041B73C6F7}" = HP 3D DriveGuard
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{BBBE35B2-9349-3C48-BD3D-F574B17C7924}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218
"{BD7A7136-1E88-4EB8-985C-1326DCE5612A}" = AuthenTec Fingerprint System
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9)
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PDF-XChange 3_is1" = PDF-XChange 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04FE949D-172D-45B4-ACE6-6BCFAB5EC563}" = Mindjet MindManager 9
"{0F3A02CF-09B1-4B49-BE02-A70790F18B56}" = StarMoney
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{22B76906-5831-4052-9463-E13C5B7A5B40}" = HP ESU for Microsoft Windows 7
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{66D6C49D-B4F4-423A-85EA-3AF843115A91}" = StarMoney
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{8DF067D5-EAFB-4B93-AFF6-A6E33D9697C7}" = HP ProtectTools Security Manager
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A97F28B2-3BA1-49B7-AEF6-CC8956ED8CAA}" = Nokia PC Suite
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{B4814B84-AEEC-4647-90A4-67E2DF637544}" = StarMoney 8.0 S-Edition
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C42BB613-5079-41C3-8CD1-037B9FFD818F}" = HP JavaCard for HP ProtectTools
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{D1C42E76-0165-4542-95FD-5A9F75023573}" = Credential Manager for HP ProtectTools
"{D1E0E859-F46D-4708-A41D-ED90C0C1822A}" = Acronis True Image Home
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{E045FAC9-0B70-4796-AD3A-7035E89CE536}" = SCR3xxx Smart Card Reader
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"1&1 SoftPhone" = 1&1 SoftPhone
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.6.0.1
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Google Calendar Sync" = Google Calendar Sync
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KeePass Password Safe_is1" = KeePass Password Safe 1.22
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"Personal Backup 5_is1" = Personal Backup 5.3
"Pharos" = Pharos
"PhonerLite_is1" = PhonerLite 2.04
"TeamViewer 7" = TeamViewer 7
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.4
"WinPcapInst" = WinPcap 4.1.2
"winscp3_is1" = WinSCP 5.1
"Wireshark" = Wireshark 1.6.7 (64-bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.11.2012 09:15:02 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
 ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0.  Ungültige
 XML-Syntax.
 
Error - 17.11.2012 09:57:31 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
 ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0.  Ungültige
 XML-Syntax.
 
Error - 17.11.2012 11:46:28 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
 ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0.  Ungültige
 XML-Syntax.
 
Error - 17.11.2012 16:55:19 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
 ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0.  Ungültige
 XML-Syntax.
 
Error - 18.11.2012 00:54:40 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
 ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0.  Ungültige
 XML-Syntax.
 
Error - 18.11.2012 11:25:37 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.11.2012 13:16:24 | Computer Name = Laptop****** | Source = Application Hang | ID = 1002
Description = Programm vlc.exe, Version 2.0.1.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 19c8    Startzeit:
 01cdc5b047798888    Endzeit: 10    Anwendungspfad: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

Berichts-ID:
 a366c8e5-31a3-11e2-a129-00247e766500  
 
Error - 18.11.2012 20:30:27 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.11.2012 22:43:37 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
 ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0.  Ungültige
 XML-Syntax.
 
Error - 19.11.2012 07:34:10 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
 ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0.  Ungültige
 XML-Syntax.
 
[ Credential Manager Events ]
Error - 30.10.2012 00:42:54 | Computer Name = Laptop****** | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 ******@LAPTOP******   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost

Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 30.10.2012 00:42:54 | Computer Name = Laptop****** | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: ******@LAPTOP******
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 01.11.2012 15:57:24 | Computer Name = Laptop****** | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 ******@LAPTOP******   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost

Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 01.11.2012 15:57:24 | Computer Name = Laptop****** | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: ******@LAPTOP******
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 01.11.2012 15:57:27 | Computer Name = Laptop****** | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 ******@LAPTOP******   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost

Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 01.11.2012 15:57:27 | Computer Name = Laptop****** | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: ******@LAPTOP******
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 10.11.2012 18:23:20 | Computer Name = Laptop****** | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 ******@LAPTOP******   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost

Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 10.11.2012 18:23:20 | Computer Name = Laptop****** | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: ******@LAPTOP******
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 14.11.2012 08:55:38 | Computer Name = Laptop****** | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 ******@LAPTOP******   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost

Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 14.11.2012 08:55:38 | Computer Name = Laptop****** | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: ******@LAPTOP******
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
[ System Events ]
Error - 27.07.2012 19:11:49 | Computer Name = Laptop****** | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 28.07.2012 03:04:22 | Computer Name = Laptop****** | Source = DCOM | ID = 10010
Description = 
 
Error - 28.07.2012 04:24:20 | Computer Name = Laptop****** | Source = DCOM | ID = 10010
Description = 
 
Error - 28.07.2012 04:24:56 | Computer Name = Laptop****** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%14001
 
Error - 28.07.2012 21:46:12 | Computer Name = Laptop****** | Source = DCOM | ID = 10010
Description = 
 
Error - 29.07.2012 08:30:18 | Computer Name = Laptop****** | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 31.07.2012 10:26:39 | Computer Name = Laptop****** | Source = DCOM | ID = 10010
Description = 
 
Error - 31.07.2012 17:48:52 | Computer Name = Laptop****** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%14001
 
Error - 31.07.2012 19:01:32 | Computer Name = Laptop****** | Source = DCOM | ID = 10010
Description = 
 
Error - 01.08.2012 04:47:29 | Computer Name = Laptop****** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%14001
 
 
< End of report >
         
--- --- ---




OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.11.2012 15:18:00 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\******\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 43,01% Memory free
7,80 Gb Paging File | 5,61 Gb Available in Paging File | 71,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 51,74 Gb Free Space | 43,43% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 411,24 Gb Free Space | 88,29% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP****** | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Users\******\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe ()
PRC - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\IAM\bin\AsGHost.exe (Bioscrypt Inc.)
PRC - C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe (Pharos Systems International)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Mindjet\MindManager 9\zlib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (BotkindSyncService) -- C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe ()
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (avmike) -- C:\Programme\FRITZ!Fernzugang\avmike.exe (AVM Berlin)
SRV - (nwtsrv) -- C:\Programme\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin)
SRV - (certsrv) -- C:\Programme\FRITZ!Fernzugang\certsrv.exe (AVM Berlin)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (HP ProtectTools Service) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HpFkCryptService) -- C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
SRV - (ASBroker) -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
SRV - (ASChannel) -- C:\Program Files (x86)\Hewlett-Packard\IAM\bin\AsChnl.dll (Bioscrypt Inc.)
SRV - (Pharos Systems ComTaskMaster) -- C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe (Pharos Systems International)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (ATService) -- C:\Programme\Fingerprint Sensor\ATService.exe (AuthenTec, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ac.sharedstore) -- C:\Programme\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (tdrpman251) -- C:\Windows\SysNative\drivers\tdrpm251.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (NWIM) -- C:\Windows\SysNative\drivers\avmnwim.sys (AVM Berlin)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SbFsLock) -- C:\Windows\SysNative\drivers\SbFsLock.sys (SafeBoot International)
DRV:64bit: - (RsvLock) -- C:\Windows\SysNative\drivers\RsvLock.sys (SafeBoot International)
DRV:64bit: - (SafeBoot) -- C:\Windows\SysNative\drivers\SafeBoot.sys ()
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\CPQBTTN.sys (Hewlett-Packard Company)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (SbAlg) -- C:\Windows\SysNative\drivers\SbAlg.sys (SafeBoot N.V.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 59 9A 67 9A C3 CD 01  [binary data]
IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "PONS.eu : Englisch » Deutsch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
FF - prefs.js..extensions.enabledAddons: {c666c018-6409-4479-afa3-68e4129e7eff}:1.1.0
FF - prefs.js..extensions.enabledAddons: contextMenuExtension@leo.org:0.3.1
FF - prefs.js..extensions.enabledAddons: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.9.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5FE7198A-5950-4068-9FBF-1A60395CC4E9}: C:\Program Files (x86)\1&1\1&1 SoftPhone\Firefox [2012.08.30 14:51:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 15:23:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 15:23:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.04.28 13:07:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Extensions
[2012.10.23 22:27:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\o2h4a6uk.default\extensions
[2012.09.20 00:08:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\o2h4a6uk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.16 18:04:09 | 000,018,789 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\contextMenuExtension@leo.org.xpi
[2012.09.19 13:00:23 | 000,506,361 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2012.08.23 07:51:55 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.09.16 18:03:30 | 000,013,268 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\{c666c018-6409-4479-afa3-68e4129e7eff}.xpi
[2012.07.25 02:02:52 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.05.22 19:53:15 | 000,000,983 | ---- | M] () -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\searchplugins\ponseu--englisch--deutsch.xml
[2012.05.09 14:39:32 | 000,002,057 | ---- | M] () -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\searchplugins\youtube-videosuche.xml
[2012.11.18 17:33:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.29 15:23:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.10.29 15:23:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.29 15:23:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.21 01:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.05 22:06:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 01:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 01:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 01:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 01:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Credential Manager for HP ProtectTools) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\Hewlett-Packard\IAM\bin\ItIEAddIn64.dll (Bioscrypt Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~2\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule File not found
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CDC35AB-A692-4D64-884D-23F4B7A925A0}: DhcpNameServer = 89.101.160.4 89.101.160.5
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll (Bioscrypt Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{403e1d86-9156-11e1-ba7a-00247e766500}\Shell - "" = AutoRun
O33 - MountPoints2\{403e1d86-9156-11e1-ba7a-00247e766500}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{403e1d86-9156-11e1-ba7a-00247e766500}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{403e1d86-9156-11e1-ba7a-00247e766500}\Shell\install\command - "" = G:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.18 17:42:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.11.18 17:42:24 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.11.18 17:42:20 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.11.18 17:42:20 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.11.18 17:42:20 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.11.18 17:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.11.18 17:30:00 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.11.18 17:30:00 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.11.18 17:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.11.16 15:05:17 | 000,000,000 | ---D | C] -- d:\Users\******\Documents\Outlook-Dateien
[2012.11.16 13:33:44 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Clipboarder
[2012.11.16 03:06:33 | 000,032,768 | ---- | C] (Analog Devices) -- C:\Windows\SysWow64\adidrm.dll
[2012.11.16 03:06:32 | 000,060,928 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysWow64\SFFXComm.dll
[2012.11.16 03:06:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundMAX
[2012.11.16 03:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicFocus
[2012.11.15 23:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.11.14 21:32:19 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.14 21:32:19 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.14 21:32:02 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012.11.14 21:32:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012.11.14 21:32:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012.11.14 21:32:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012.11.14 21:32:01 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012.11.14 21:32:00 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012.11.14 21:32:00 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012.11.14 21:32:00 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012.11.14 21:32:00 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012.11.14 21:32:00 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012.11.14 21:32:00 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012.11.14 21:32:00 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012.11.14 21:32:00 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012.11.14 21:32:00 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012.11.14 21:32:00 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012.11.14 21:32:00 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012.11.14 21:32:00 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012.11.14 21:32:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012.11.14 21:32:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012.11.14 21:32:00 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012.11.14 21:32:00 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012.11.14 21:32:00 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012.11.14 21:31:59 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012.11.14 21:31:59 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012.11.14 21:26:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.14 21:26:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.14 21:26:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.14 21:26:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.14 21:26:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.14 21:26:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.14 21:26:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.14 21:26:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.14 21:26:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.14 21:26:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.14 21:26:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.14 21:26:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.14 21:26:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.14 21:26:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.14 21:26:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.14 21:22:04 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.14 21:22:03 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.14 21:22:03 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.14 21:22:03 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.14 21:21:05 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.11.14 21:21:05 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.11.14 20:08:38 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.14 20:08:38 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.14 20:08:38 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.14 20:08:38 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.14 20:08:38 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.14 20:08:38 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.14 20:08:03 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.14 20:08:03 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.14 20:08:03 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.14 20:07:03 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.14 20:07:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.11 01:41:53 | 000,000,000 | ---D | C] -- d:\Users\******\Documents\Frisuren
[2012.11.10 18:53:27 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\Niki
[2012.11.10 15:36:29 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\S
[2012.11.09 15:39:54 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Gigaset_Communications_Gm
[2012.11.05 14:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.29 15:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.24 21:02:19 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Avira
[2012.10.24 20:57:00 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.10.24 20:57:00 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.10.24 20:57:00 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.10.24 20:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.24 20:56:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.10.23 22:18:56 | 000,000,000 | ---D | C] -- d:\Users\******\Documents\Bluetooth-Exchange-Ordner
[2012.10.22 15:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2012.10.22 14:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP
[2012.10.22 11:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\DeltaCopy
[2012.10.22 01:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\FtpSync
[2012.10.22 01:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ISM
[2012.10.22 01:29:01 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\Musik Sophie
[2012.10.22 01:14:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2BrightSparks
[2012.10.22 01:04:34 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Deployment
[2012.10.22 01:04:34 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Apps
[2012.10.22 00:44:26 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\topster.de
[2012.10.22 00:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2012.10.21 23:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
[2012.10.21 23:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runtime Software
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.19 14:37:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.19 13:39:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.19 12:25:59 | 000,002,236 | -H-- | M] () -- d:\Users\******\Documents\Default.rdp
[2012.11.19 12:15:16 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.19 12:15:16 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.19 11:38:55 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.19 11:38:55 | 000,657,850 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.19 11:38:55 | 000,619,086 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.19 11:38:55 | 000,131,190 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.19 11:38:55 | 000,107,406 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.19 11:34:01 | 3142,791,168 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.19 01:16:19 | 000,062,880 | ---- | M] () -- C:\Users\******\Desktop\Article.pdf
[2012.11.18 17:42:15 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.11.18 17:42:15 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.11.18 17:42:15 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.11.18 17:42:15 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.11.18 17:42:15 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.11.18 17:42:15 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.11.18 17:29:52 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.11.18 17:29:52 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.11.17 20:55:13 | 474,311,708 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.16 02:53:29 | 000,007,607 | ---- | M] () -- C:\Users\******\AppData\Local\Resmon.ResmonCfg
[2012.11.15 22:50:23 | 000,001,035 | ---- | M] () -- C:\Users\******\Desktop\PhonerLite.lnk
[2012.11.14 21:38:36 | 000,420,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.14 19:13:38 | 000,113,967 | ---- | M] () -- C:\Users\******\Desktop\Edignburgh - Tour.pdf
[2012.11.14 11:32:20 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.14 11:32:20 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.08 00:11:29 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.11.08 00:11:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.11.05 15:56:24 | 000,000,962 | ---- | M] () -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.10.26 23:03:33 | 000,020,428 | ---- | M] () -- d:\Users\******\Documents\KeePass_Database.kdb
[2012.10.22 15:57:17 | 000,000,600 | ---- | M] () -- C:\Users\******\AppData\Roaming\winscp.rnd
[2012.10.21 23:37:36 | 000,008,912 | ---- | M] () -- C:\Users\******\Desktop\FTP-BackUp.buj
 
========== Files Created - No Company Name ==========
 
[2012.11.19 01:16:28 | 000,062,880 | ---- | C] () -- C:\Users\******\Desktop\Article.pdf
[2012.11.14 21:32:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.14 21:22:03 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.14 19:13:38 | 000,113,967 | ---- | C] () -- C:\Users\******\Desktop\Edignburgh - Tour.pdf
[2012.11.07 21:16:17 | 474,311,708 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.10.22 14:54:25 | 000,000,600 | ---- | C] () -- C:\Users\******\AppData\Roaming\winscp.rnd
[2012.10.22 14:47:36 | 000,002,236 | -H-- | C] () -- d:\Users\******\Documents\Default.rdp
[2012.08.06 11:37:50 | 000,000,028 | ---- | C] () -- C:\Users\******\AppData\Roaming\PhonerLitesettings.ini
[2012.04.29 06:21:29 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.28 15:02:49 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2012.04.28 13:32:30 | 000,186,928 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2012.04.28 13:32:30 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2012.04.27 18:22:42 | 000,007,607 | ---- | C] () -- C:\Users\******\AppData\Local\Resmon.ResmonCfg
[2012.03.28 20:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.03.28 20:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.03.28 20:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.03.28 20:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.03.28 20:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.06.03 11:32:40 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011.06.03 11:32:40 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011.06.03 11:32:40 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.31 12:45:06 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\1&1
[2012.09.06 19:50:33 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Acronis
[2012.05.31 21:01:10 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Amazon
[2012.04.28 18:17:23 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Canneverbe Limited
[2012.04.28 19:57:43 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Credential Manager
[2012.11.19 11:36:23 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Dropbox
[2012.09.20 00:08:07 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoft
[2012.09.20 00:08:01 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.09 14:17:41 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\e-academy Inc
[2012.05.07 06:24:23 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\elsterformular
[2012.11.19 02:42:56 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\FileZilla
[2012.06.04 00:23:06 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\FTPbox
[2012.10.22 14:56:42 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\KeePass
[2012.10.17 23:33:40 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\MyPhoneExplorer
[2012.07.17 13:07:57 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nokia
[2012.07.17 13:07:58 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nokia Suite
[2012.05.06 14:44:26 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PC Suite
[2012.10.22 14:56:42 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PersBackup5
[2012.11.15 22:50:05 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PhonerLite
[2012.04.28 18:39:07 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Samsung
[2012.04.29 08:51:44 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TeamViewer
[2012.10.22 00:46:58 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\topster.de
[2012.09.06 14:12:52 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Wireshark
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---



Avira AntiVir Log File (nichts gefunden)
Code:
ATTFilter
Avira Free Antivirus
Report file date: Montag, 19. November 2012  14:19


The program is running as an unrestricted full version.
Online services are available.

Licensee        : Avira Free Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows 7 Professional
Windows version : (Service Pack 1)  [6.1.7601]
Boot mode       : Normally booted
Username        : ******
Computer name   : LAPTOP******

Version information:
BUILD.DAT       : 13.0.0.2761    48279 Bytes  09.11.2012 16:45:00
AVSCAN.EXE      : 13.4.0.262    638752 Bytes  14.11.2012 11:30:36
AVSCANRC.DLL    : 13.4.0.219     54560 Bytes  09.10.2012 17:19:07
LUKE.DLL        : 13.4.0.251     67360 Bytes  14.11.2012 11:32:05
AVSCPLR.DLL     : 13.4.0.262     93984 Bytes  13.11.2012 00:16:55
AVREG.DLL       : 13.4.0.244    245536 Bytes  13.11.2012 00:16:55
avlode.dll      : 13.4.0.255    426272 Bytes  14.11.2012 11:32:21
avlode.rdf      : 13.0.0.24       7196 Bytes  27.09.2012 10:30:38
VBASE000.VDF    : 7.10.0.0    19875328 Bytes  06.11.2009 14:50:29
VBASE001.VDF    : 7.11.0.0    13342208 Bytes  14.12.2010 14:50:31
VBASE002.VDF    : 7.11.19.170 14374912 Bytes  20.12.2011 14:50:34
VBASE003.VDF    : 7.11.21.238  4472832 Bytes  01.02.2012 14:50:36
VBASE004.VDF    : 7.11.26.44   4329472 Bytes  28.03.2012 14:50:37
VBASE005.VDF    : 7.11.34.116  4034048 Bytes  29.06.2012 14:42:40
VBASE006.VDF    : 7.11.41.250  4902400 Bytes  06.09.2012 14:42:40
VBASE007.VDF    : 7.11.45.207  2363904 Bytes  11.10.2012 20:57:58
VBASE008.VDF    : 7.11.45.208     2048 Bytes  11.10.2012 20:57:58
VBASE009.VDF    : 7.11.45.209     2048 Bytes  11.10.2012 20:57:58
VBASE010.VDF    : 7.11.45.210     2048 Bytes  11.10.2012 20:57:58
VBASE011.VDF    : 7.11.45.211     2048 Bytes  11.10.2012 20:57:58
VBASE012.VDF    : 7.11.45.212     2048 Bytes  11.10.2012 20:57:58
VBASE013.VDF    : 7.11.45.213     2048 Bytes  11.10.2012 20:57:59
VBASE014.VDF    : 7.11.46.65    220160 Bytes  16.10.2012 20:58:00
VBASE015.VDF    : 7.11.46.153   173568 Bytes  18.10.2012 20:58:01
VBASE016.VDF    : 7.11.46.223   162304 Bytes  19.10.2012 20:58:02
VBASE017.VDF    : 7.11.47.35    126464 Bytes  22.10.2012 20:58:03
VBASE018.VDF    : 7.11.47.95    175616 Bytes  24.10.2012 20:58:04
VBASE019.VDF    : 7.11.47.177   164352 Bytes  26.10.2012 14:37:35
VBASE020.VDF    : 7.11.47.229   143360 Bytes  28.10.2012 14:37:35
VBASE021.VDF    : 7.11.48.47    138240 Bytes  30.10.2012 14:37:36
VBASE022.VDF    : 7.11.48.135   122880 Bytes  01.11.2012 14:37:36
VBASE023.VDF    : 7.11.48.209   142848 Bytes  05.11.2012 14:37:36
VBASE024.VDF    : 7.11.48.243   119296 Bytes  05.11.2012 20:37:36
VBASE025.VDF    : 7.11.49.47    136704 Bytes  07.11.2012 18:40:22
VBASE026.VDF    : 7.11.49.135   194560 Bytes  09.11.2012 01:25:19
VBASE027.VDF    : 7.11.49.209   188416 Bytes  12.11.2012 00:16:54
VBASE028.VDF    : 7.11.50.27    212992 Bytes  14.11.2012 15:10:28
VBASE029.VDF    : 7.11.50.105   200704 Bytes  18.11.2012 17:28:57
VBASE030.VDF    : 7.11.50.106     2048 Bytes  18.11.2012 17:28:57
VBASE031.VDF    : 7.11.50.122    53760 Bytes  19.11.2012 11:39:16
Engine version  : 8.2.10.202
AEVDF.DLL       : 8.1.2.10      102772 Bytes  19.09.2012 14:42:55
AESCRIPT.DLL    : 8.1.4.66      463227 Bytes  12.11.2012 13:01:01
AESCN.DLL       : 8.1.9.4       131445 Bytes  15.11.2012 15:10:38
AESBX.DLL       : 8.2.5.12      606578 Bytes  28.08.2012 16:58:06
AERDL.DLL       : 8.2.0.74      643445 Bytes  07.11.2012 18:40:30
AEPACK.DLL      : 8.3.0.40      815479 Bytes  12.11.2012 13:01:01
AEOFFICE.DLL    : 8.1.2.50      201084 Bytes  05.11.2012 14:37:43
AEHEUR.DLL      : 8.1.4.138    5542265 Bytes  15.11.2012 15:10:38
AEHELP.DLL      : 8.1.25.2      258423 Bytes  24.10.2012 20:58:08
AEGEN.DLL       : 8.1.6.10      438646 Bytes  15.11.2012 15:10:29
AEEXP.DLL       : 8.2.0.10      119158 Bytes  05.11.2012 14:37:43
AEEMU.DLL       : 8.1.3.2       393587 Bytes  19.09.2012 14:42:55
AECORE.DLL      : 8.1.29.2      201079 Bytes  07.11.2012 18:40:23
AEBB.DLL        : 8.1.1.4        53619 Bytes  05.11.2012 14:37:37
AVWINLL.DLL     : 13.4.0.163     25888 Bytes  19.09.2012 19:09:30
AVPREF.DLL      : 13.4.0.163     50464 Bytes  19.09.2012 19:07:51
AVREP.DLL       : 13.4.0.244    177952 Bytes  13.11.2012 00:16:55
AVARKT.DLL      : 13.4.0.232    260384 Bytes  16.10.2012 17:55:29
AVEVTLOG.DLL    : 13.4.0.232    167200 Bytes  16.10.2012 17:56:35
SQLITE3.DLL     : 3.7.0.1       397088 Bytes  19.09.2012 18:17:40
AVSMTP.DLL      : 13.4.0.163     62240 Bytes  19.09.2012 19:08:55
NETNT.DLL       : 13.4.0.163     15648 Bytes  19.09.2012 19:16:26
RCIMAGE.DLL     : 13.4.0.163   4782880 Bytes  19.09.2012 20:40:13
RCTEXT.DLL      : 13.4.0.163     66336 Bytes  19.10.2012 12:56:26

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, 
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended

Start of the scan: Montag, 19. November 2012  14:19

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!
Master boot sector HD1
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'D:\'
    [INFO]      No virus was found!

Starting search for hidden objects.

The scan of running processes will be started:
Scan process 'svchost.exe' - '60' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '100' Module(s) have been scanned
Scan process 'ATService.exe' - '49' Module(s) have been scanned
Scan process 'HpFkCrypt.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '91' Module(s) have been scanned
Scan process 'svchost.exe' - '104' Module(s) have been scanned
Scan process 'svchost.exe' - '165' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '79' Module(s) have been scanned
Scan process 'Hpservice.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '85' Module(s) have been scanned
Scan process 'spoolsv.exe' - '91' Module(s) have been scanned
Scan process 'ac.sharedstore.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '76' Module(s) have been scanned
Scan process 'acevents.exe' - '60' Module(s) have been scanned
Scan process 'sched.exe' - '48' Module(s) have been scanned
Scan process 'svchost.exe' - '67' Module(s) have been scanned
Scan process 'schedul2.exe' - '27' Module(s) have been scanned
Scan process 'armsvc.exe' - '30' Module(s) have been scanned
Scan process 'AEADISRV.EXE' - '18' Module(s) have been scanned
Scan process 'agr64svc.exe' - '17' Module(s) have been scanned
Scan process 'avguard.exe' - '78' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '70' Module(s) have been scanned
Scan process 'avmike.exe' - '44' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '37' Module(s) have been scanned
Scan process 'SyncService.exe' - '28' Module(s) have been scanned
Scan process 'certsrv.exe' - '26' Module(s) have been scanned
Scan process 'nwtsrv.exe' - '47' Module(s) have been scanned
Scan process 'CTskMstr.exe' - '49' Module(s) have been scanned
Scan process 'StarMoneyOnlineUpdate.exe' - '50' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'TeamViewer_Service.exe' - '89' Module(s) have been scanned
Scan process 'IAANTMon.exe' - '42' Module(s) have been scanned
Scan process 'avshadow.exe' - '29' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '35' Module(s) have been scanned
Scan process 'taskhost.exe' - '53' Module(s) have been scanned
Scan process 'Dwm.exe' - '33' Module(s) have been scanned
Scan process 'AsGHost.exe' - '136' Module(s) have been scanned
Scan process 'Explorer.EXE' - '247' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '45' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '48' Module(s) have been scanned
Scan process 'igfxtray.exe' - '30' Module(s) have been scanned
Scan process 'hkcmd.exe' - '49' Module(s) have been scanned
Scan process 'igfxpers.exe' - '34' Module(s) have been scanned
Scan process 'acevents.exe' - '62' Module(s) have been scanned
Scan process 'accrdsub.exe' - '70' Module(s) have been scanned
Scan process 'schedhlp.exe' - '32' Module(s) have been scanned
Scan process 'SoundMAX.exe' - '51' Module(s) have been scanned
Scan process 'StikyNot.exe' - '38' Module(s) have been scanned
Scan process 'Kies.exe' - '86' Module(s) have been scanned
Scan process 'sidebar.exe' - '108' Module(s) have been scanned
Scan process 'GoogleCalendarSync.exe' - '73' Module(s) have been scanned
Scan process 'Dropbox.exe' - '78' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '68' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '67' Module(s) have been scanned
Scan process 'VCDDaemon.exe' - '35' Module(s) have been scanned
Scan process 'KiesTrayAgent.exe' - '88' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '19' Module(s) have been scanned
Scan process 'pthosttr.exe' - '97' Module(s) have been scanned
Scan process 'TrueImageMonitor.exe' - '51' Module(s) have been scanned
Scan process 'TimounterMonitor.exe' - '41' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '75' Module(s) have been scanned
Scan process 'avgnt.exe' - '89' Module(s) have been scanned
Scan process 'pdf24.exe' - '38' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '43' Module(s) have been scanned
Scan process 'jusched.exe' - '32' Module(s) have been scanned
Scan process 'VolCtrl.exe' - '35' Module(s) have been scanned
Scan process 'iPodService.exe' - '35' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '108' Module(s) have been scanned
Scan process 'helppane.exe' - '85' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '112' Module(s) have been scanned
Scan process 'OSPPSVC.EXE' - '34' Module(s) have been scanned
Scan process 'splwow64.exe' - '28' Module(s) have been scanned
Scan process 'hpqToaster.exe' - '50' Module(s) have been scanned
Scan process 'firefox.exe' - '184' Module(s) have been scanned
Scan process 'avcenter.exe' - '126' Module(s) have been scanned
Scan process 'avscan.exe' - '109' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '43' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '30' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'wininit.exe' - '28' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'services.exe' - '35' Module(s) have been scanned
Scan process 'lsass.exe' - '81' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'winlogon.exe' - '34' Module(s) have been scanned

Starting to scan executable files (registry):
The registry was scanned ( '3457' files ).


Starting the file scan:

Begin scan in 'C:\'
Begin scan in 'D:\' <Volume>


End of the scan: Montag, 19. November 2012  14:50
Used time: 31:10 Minute(s)

The scan has been done completely.

  36999 Scanned directories
 595359 Files were scanned
      0 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      0 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
 595359 Files not concerned
   6223 Archives were scanned
      0 Warnings
      0 Notes
 747974 Objects were scanned with rootkit scan
      0 Hidden objects were found
         


Vielen Dank für eure Hilfe!!!


Malwarebytes Anti-Malware Logfile

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.20.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thomas :: LAPTOP**** [Administrator]

20.11.2012 13:52:24
mbam-log-2012-11-20 (13-52-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 399082
Laufzeit: 42 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 23.11.2012, 10:23   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vodafone PDF Trojaner - Standard

Vodafone PDF Trojaner



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________

__________________

Alt 23.11.2012, 11:15   #3
thomasasdf
 
Vodafone PDF Trojaner - Standard

Vodafone PDF Trojaner



Hallo Cosinus,

vielen Dank, dass du mir bei meinem Problem hilfst.


aswMBR - Logfile
den aswMBR konnte ich nur mit "none" Scannen, da er ansonsten immer abgestürzt ist.

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-23 10:02:55
-----------------------------
10:02:55.808    OS Version: Windows x64 6.1.7601 Service Pack 1
10:02:55.808    Number of processors: 2 586 0x170A
10:02:55.808    ComputerName: LAPTOPTHOMAS  UserName: Thomas
10:02:56.104    Initialize success
10:03:02.188    AVAST engine defs: 12112201
10:03:06.697    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:03:06.697    Disk 0 Vendor: M4-CT128 0309 Size: 122104MB BusType: 3
10:03:06.712    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
10:03:06.712    Disk 1 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
10:03:06.712    Disk 0 MBR read successfully
10:03:06.712    Disk 0 MBR scan
10:03:06.728    Disk 0 Windows 7 default MBR code
10:03:06.728    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
10:03:06.744    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       122002 MB offset 206848
10:03:06.759    Disk 0 scanning C:\Windows\system32\drivers
10:03:12.599    Service scanning
10:03:22.309    Modules scanning
10:03:22.324    Disk 0 trace - called modules:
10:03:22.856    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll 
10:03:22.871    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004499060]
10:03:22.871    3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> [0xfffffa8004498780]
10:03:22.887    5 hpdskflt.sys[fffff88001de9189] -> nt!IofCallDriver -> [0xfffffa8003cf9950]
10:03:22.887    7 ACPI.sys[fffff88000f8d7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa800432c050]
10:03:22.887    Scan finished successfully
10:03:37.988    Disk 0 MBR has been saved successfully to "D:\Users\Thomas\Downloads\MBR.dat"
10:03:38.269    The log file has been saved successfully to "D:\Users\Thomas\Downloads\aswMBR_none.txt"
         


TDSSKiller - Logilfe
Code:
ATTFilter
10:08:07.0810 5260  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:08:07.0966 5260  ============================================================
10:08:07.0966 5260  Current date / time: 2012/11/23 10:08:07.0966
10:08:07.0966 5260  SystemInfo:
10:08:07.0966 5260  
10:08:07.0966 5260  OS Version: 6.1.7601 ServicePack: 1.0
10:08:07.0966 5260  Product type: Workstation
10:08:07.0966 5260  ComputerName: LAPTOPTHOMAS
10:08:07.0966 5260  UserName: Thomas
10:08:07.0966 5260  Windows directory: C:\Windows
10:08:07.0966 5260  System windows directory: C:\Windows
10:08:07.0966 5260  Running under WOW64
10:08:07.0966 5260  Processor architecture: Intel x64
10:08:07.0966 5260  Number of processors: 2
10:08:07.0966 5260  Page size: 0x1000
10:08:07.0966 5260  Boot type: Normal boot
10:08:07.0966 5260  ============================================================
10:08:08.0293 5260  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:08:08.0293 5260  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:08:08.0309 5260  ============================================================
10:08:08.0309 5260  \Device\Harddisk0\DR0:
10:08:08.0309 5260  MBR partitions:
10:08:08.0309 5260  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:08:08.0309 5260  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
10:08:08.0309 5260  \Device\Harddisk1\DR1:
10:08:08.0309 5260  MBR partitions:
10:08:08.0309 5260  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
10:08:08.0309 5260  ============================================================
10:08:08.0325 5260  C: <-> \Device\Harddisk0\DR0\Partition2
10:08:08.0356 5260  D: <-> \Device\Harddisk1\DR1\Partition1
10:08:08.0356 5260  ============================================================
10:08:08.0356 5260  Initialize success
10:08:08.0356 5260  ============================================================
10:08:40.0103 4048  ============================================================
10:08:40.0103 4048  Scan started
10:08:40.0103 4048  Mode: Manual; SigCheck; TDLFS; 
10:08:40.0103 4048  ============================================================
10:08:40.0290 4048  ================ Scan system memory ========================
10:08:40.0290 4048  System memory - ok
10:08:40.0290 4048  ================ Scan services =============================
10:08:40.0337 4048  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:08:40.0384 4048  1394ohci - ok
10:08:40.0399 4048  [ 5E8EFEB338DEB1F485420B090FE6C85E ] ac.sharedstore  C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
10:08:40.0415 4048  ac.sharedstore - ok
10:08:40.0415 4048  [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
10:08:40.0508 4048  Accelerometer - ok
10:08:40.0524 4048  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:08:40.0555 4048  ACPI - ok
10:08:40.0571 4048  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:08:40.0602 4048  AcpiPmi - ok
10:08:40.0618 4048  [ DBFF071061DECB3AF068AE449A52786E ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
10:08:40.0649 4048  AcrSch2Svc - ok
10:08:40.0664 4048  [ 560649E6A9C11F6124F97310EF387C45 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
10:08:40.0680 4048  ADIHdAudAddService - ok
10:08:40.0696 4048  [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:08:40.0711 4048  AdobeARMservice - ok
10:08:40.0742 4048  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:08:40.0758 4048  AdobeFlashPlayerUpdateSvc - ok
10:08:40.0774 4048  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:08:40.0789 4048  adp94xx - ok
10:08:40.0805 4048  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:08:40.0836 4048  adpahci - ok
10:08:40.0836 4048  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:08:40.0852 4048  adpu320 - ok
10:08:40.0867 4048  [ 3BDB13C79CC8C06E2F8182595903ED69 ] AEADIFilters    C:\Windows\system32\AEADISRV.EXE
10:08:40.0883 4048  AEADIFilters - ok
10:08:40.0898 4048  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:08:40.0976 4048  AeLookupSvc - ok
10:08:40.0992 4048  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
10:08:41.0008 4048  AFD - ok
10:08:41.0023 4048  [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
10:08:41.0023 4048  AgereModemAudio - ok
10:08:41.0039 4048  [ AF4748EF93416159459769A24A0053AF ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
10:08:41.0070 4048  AgereSoftModem - ok
10:08:41.0070 4048  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:08:41.0086 4048  agp440 - ok
10:08:41.0086 4048  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
10:08:41.0101 4048  ALG - ok
10:08:41.0117 4048  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:08:41.0117 4048  aliide - ok
10:08:41.0132 4048  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
10:08:41.0132 4048  amdide - ok
10:08:41.0148 4048  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:08:41.0164 4048  AmdK8 - ok
10:08:41.0164 4048  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:08:41.0179 4048  AmdPPM - ok
10:08:41.0179 4048  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:08:41.0195 4048  amdsata - ok
10:08:41.0195 4048  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:08:41.0210 4048  amdsbs - ok
10:08:41.0226 4048  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:08:41.0226 4048  amdxata - ok
10:08:41.0242 4048  [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
10:08:41.0257 4048  androidusb - ok
10:08:41.0257 4048  [ 50AF3AD6EDE5CD341AAA2E795F6E4135 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:08:41.0273 4048  AntiVirSchedulerService - ok
10:08:41.0273 4048  [ 7AF2A53FC0CF1D8AF3C013DECFCB0099 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:08:41.0288 4048  AntiVirService - ok
10:08:41.0288 4048  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
10:08:41.0351 4048  AppID - ok
10:08:41.0366 4048  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:08:41.0398 4048  AppIDSvc - ok
10:08:41.0398 4048  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
10:08:41.0429 4048  Appinfo - ok
10:08:41.0444 4048  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:08:41.0444 4048  Apple Mobile Device - ok
10:08:41.0460 4048  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
10:08:41.0476 4048  AppMgmt - ok
10:08:41.0476 4048  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:08:41.0491 4048  arc - ok
10:08:41.0491 4048  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:08:41.0507 4048  arcsas - ok
10:08:41.0507 4048  [ ACC23F541E1CC51E4FE9F947AC0F74EC ] ASBroker        C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
10:08:41.0522 4048  ASBroker - ok
10:08:41.0538 4048  [ A33370AC33281AC2310E1364E20D4887 ] ASChannel       C:\Program Files (x86)\Hewlett-Packard\IAM\bin\AsChnl.dll
10:08:41.0538 4048  ASChannel - ok
10:08:41.0538 4048  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:08:41.0585 4048  AsyncMac - ok
10:08:41.0585 4048  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
10:08:41.0600 4048  atapi - ok
10:08:41.0616 4048  [ 27BF131C3DB208A3E79961693D66D687 ] ATService       C:\Program Files\Fingerprint Sensor\ATService.exe
10:08:41.0647 4048  ATService - ok
10:08:41.0663 4048  [ E10F5568D058ECF442DD74E2EA09BE97 ] ATSwpWDF        C:\Windows\system32\Drivers\ATSwpWDF.sys
10:08:41.0678 4048  ATSwpWDF - ok
10:08:41.0694 4048  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:08:41.0741 4048  AudioEndpointBuilder - ok
10:08:41.0741 4048  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:08:41.0788 4048  AudioSrv - ok
10:08:41.0788 4048  [ 58AEE8F9E26595ADEB6F008FBB0D6174 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
10:08:41.0803 4048  avgntflt - ok
10:08:41.0803 4048  [ 37D3D3D28B107BCBC1C0137FF31AE480 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
10:08:41.0819 4048  avipbb - ok
10:08:41.0819 4048  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
10:08:41.0834 4048  avkmgr - ok
10:08:41.0834 4048  [ 53A05544AB5D067B56F133225DBFC21B ] avmike          C:\Program Files\FRITZ!Fernzugang\avmike.exe
10:08:41.0850 4048  avmike - ok
10:08:41.0850 4048  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:08:41.0881 4048  AxInstSV - ok
10:08:41.0897 4048  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
10:08:41.0912 4048  b06bdrv - ok
10:08:41.0912 4048  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:08:41.0928 4048  b57nd60a - ok
10:08:41.0944 4048  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:08:41.0959 4048  BDESVC - ok
10:08:41.0959 4048  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:08:41.0990 4048  Beep - ok
10:08:42.0006 4048  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
10:08:42.0037 4048  BFE - ok
10:08:42.0053 4048  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
10:08:42.0100 4048  BITS - ok
10:08:42.0100 4048  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:08:42.0115 4048  blbdrive - ok
10:08:42.0131 4048  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:08:42.0131 4048  Bonjour Service - ok
10:08:42.0146 4048  BotkindSyncService - ok
10:08:42.0146 4048  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:08:42.0162 4048  bowser - ok
10:08:42.0162 4048  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:08:42.0193 4048  BrFiltLo - ok
10:08:42.0193 4048  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:08:42.0209 4048  BrFiltUp - ok
10:08:42.0209 4048  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
10:08:42.0240 4048  Browser - ok
10:08:42.0240 4048  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:08:42.0256 4048  Brserid - ok
10:08:42.0271 4048  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:08:42.0287 4048  BrSerWdm - ok
10:08:42.0287 4048  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:08:42.0302 4048  BrUsbMdm - ok
10:08:42.0302 4048  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:08:42.0318 4048  BrUsbSer - ok
10:08:42.0318 4048  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
10:08:42.0334 4048  BthEnum - ok
10:08:42.0349 4048  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:08:42.0349 4048  BTHMODEM - ok
10:08:42.0365 4048  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
10:08:42.0380 4048  BthPan - ok
10:08:42.0380 4048  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
10:08:42.0412 4048  BTHPORT - ok
10:08:42.0412 4048  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
10:08:42.0443 4048  bthserv - ok
10:08:42.0443 4048  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
10:08:42.0458 4048  BTHUSB - ok
10:08:42.0474 4048  btwaudio - ok
10:08:42.0474 4048  btwavdt - ok
10:08:42.0490 4048  btwl2cap - ok
10:08:42.0490 4048  btwrchid - ok
10:08:42.0490 4048  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:08:42.0536 4048  cdfs - ok
10:08:42.0536 4048  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:08:42.0552 4048  cdrom - ok
10:08:42.0552 4048  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:08:42.0599 4048  CertPropSvc - ok
10:08:42.0599 4048  [ DC716E2329403300B2477997581BBFD7 ] certsrv         C:\Program Files\FRITZ!Fernzugang\certsrv.exe
10:08:42.0614 4048  certsrv - ok
10:08:42.0614 4048  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:08:42.0630 4048  circlass - ok
10:08:42.0646 4048  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
10:08:42.0661 4048  CLFS - ok
10:08:42.0661 4048  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:08:42.0677 4048  clr_optimization_v2.0.50727_32 - ok
10:08:42.0692 4048  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:08:42.0692 4048  clr_optimization_v2.0.50727_64 - ok
10:08:42.0708 4048  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:08:42.0724 4048  clr_optimization_v4.0.30319_32 - ok
10:08:42.0724 4048  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:08:42.0739 4048  clr_optimization_v4.0.30319_64 - ok
10:08:42.0739 4048  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:08:42.0770 4048  CmBatt - ok
10:08:42.0770 4048  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:08:42.0786 4048  cmdide - ok
10:08:42.0786 4048  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
10:08:42.0817 4048  CNG - ok
10:08:42.0817 4048  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:08:42.0833 4048  Compbatt - ok
10:08:42.0833 4048  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:08:42.0848 4048  CompositeBus - ok
10:08:42.0864 4048  COMSysApp - ok
10:08:42.0864 4048  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:08:42.0880 4048  crcdisk - ok
10:08:42.0880 4048  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:08:42.0895 4048  CryptSvc - ok
10:08:42.0911 4048  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
10:08:42.0926 4048  CSC - ok
10:08:42.0942 4048  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
10:08:42.0958 4048  CscService - ok
10:08:42.0973 4048  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:08:43.0005 4048  DcomLaunch - ok
10:08:43.0021 4048  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
10:08:43.0052 4048  defragsvc - ok
10:08:43.0052 4048  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:08:43.0083 4048  DfsC - ok
10:08:43.0099 4048  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:08:43.0115 4048  Dhcp - ok
10:08:43.0115 4048  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
10:08:43.0146 4048  discache - ok
10:08:43.0161 4048  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:08:43.0177 4048  Disk - ok
10:08:43.0177 4048  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:08:43.0193 4048  Dnscache - ok
10:08:43.0193 4048  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:08:43.0239 4048  dot3svc - ok
10:08:43.0239 4048  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
10:08:43.0271 4048  DPS - ok
10:08:43.0271 4048  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:08:43.0286 4048  drmkaud - ok
10:08:43.0302 4048  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:08:43.0333 4048  DXGKrnl - ok
10:08:43.0333 4048  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
10:08:43.0364 4048  EapHost - ok
10:08:43.0411 4048  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
10:08:43.0458 4048  ebdrv - ok
10:08:43.0473 4048  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
10:08:43.0489 4048  EFS - ok
10:08:43.0489 4048  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:08:43.0520 4048  ehRecvr - ok
10:08:43.0520 4048  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
10:08:43.0536 4048  ehSched - ok
10:08:43.0536 4048  [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
10:08:43.0551 4048  ElbyCDIO - ok
10:08:43.0567 4048  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:08:43.0583 4048  elxstor - ok
10:08:43.0598 4048  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:08:43.0614 4048  ErrDev - ok
10:08:43.0614 4048  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
10:08:43.0661 4048  EventSystem - ok
10:08:43.0661 4048  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
10:08:43.0692 4048  exfat - ok
10:08:43.0707 4048  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:08:43.0739 4048  fastfat - ok
10:08:43.0754 4048  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
10:08:43.0770 4048  Fax - ok
10:08:43.0785 4048  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:08:43.0785 4048  fdc - ok
10:08:43.0801 4048  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:08:43.0832 4048  fdPHost - ok
10:08:43.0832 4048  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:08:43.0863 4048  FDResPub - ok
10:08:43.0879 4048  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:08:43.0879 4048  FileInfo - ok
10:08:43.0895 4048  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:08:43.0926 4048  Filetrace - ok
10:08:43.0926 4048  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:08:43.0941 4048  flpydisk - ok
10:08:43.0957 4048  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:08:43.0973 4048  FltMgr - ok
10:08:43.0988 4048  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
10:08:44.0004 4048  FontCache - ok
10:08:44.0019 4048  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:08:44.0019 4048  FontCache3.0.0.0 - ok
10:08:44.0035 4048  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:08:44.0035 4048  FsDepends - ok
10:08:44.0051 4048  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:08:44.0051 4048  Fs_Rec - ok
10:08:44.0066 4048  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:08:44.0082 4048  fvevol - ok
10:08:44.0082 4048  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:08:44.0097 4048  gagp30kx - ok
10:08:44.0097 4048  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:08:44.0113 4048  GEARAspiWDM - ok
10:08:44.0129 4048  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
10:08:44.0160 4048  gpsvc - ok
10:08:44.0175 4048  [ 93C3C66D38B0BC08A04F0B28055BC9AC ] HBtnKey         C:\Windows\system32\DRIVERS\cpqbttn.sys
10:08:44.0175 4048  HBtnKey - ok
10:08:44.0191 4048  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:08:44.0191 4048  hcw85cir - ok
10:08:44.0207 4048  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:08:44.0222 4048  HdAudAddService - ok
10:08:44.0238 4048  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
10:08:44.0253 4048  HDAudBus - ok
10:08:44.0253 4048  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:08:44.0269 4048  HidBatt - ok
10:08:44.0269 4048  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:08:44.0285 4048  HidBth - ok
10:08:44.0285 4048  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:08:44.0300 4048  HidIr - ok
10:08:44.0316 4048  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
10:08:44.0347 4048  hidserv - ok
10:08:44.0347 4048  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:08:44.0363 4048  HidUsb - ok
10:08:44.0363 4048  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:08:44.0394 4048  hkmsvc - ok
10:08:44.0409 4048  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:08:44.0425 4048  HomeGroupListener - ok
10:08:44.0425 4048  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:08:44.0441 4048  HomeGroupProvider - ok
10:08:44.0456 4048  [ 38024D5D5D9CF7C12B74AECDA968C970 ] HP ProtectTools Service C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
10:08:44.0456 4048  HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - warning
10:08:44.0456 4048  HP ProtectTools Service - detected UnsignedFile.Multi.Generic (1)
10:08:44.0456 4048  [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
10:08:44.0472 4048  hpdskflt - ok
10:08:44.0487 4048  [ 81C5E6C3AE27DCF17BE506046F00015F ] HpFkCryptService C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
10:08:44.0487 4048  HpFkCryptService - ok
10:08:44.0503 4048  [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
10:08:44.0503 4048  HpqKbFiltr - ok
10:08:44.0519 4048  [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
10:08:44.0519 4048  hpqwmiex - ok
10:08:44.0534 4048  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:08:44.0550 4048  HpSAMD - ok
10:08:44.0550 4048  [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv           C:\Windows\system32\Hpservice.exe
10:08:44.0550 4048  hpsrv - ok
10:08:44.0565 4048  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:08:44.0612 4048  HTTP - ok
10:08:44.0612 4048  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:08:44.0628 4048  hwpolicy - ok
10:08:44.0628 4048  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
10:08:44.0643 4048  i8042prt - ok
10:08:44.0659 4048  [ 593EF9F904C8497F6D794DC6FCC59DCA ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
10:08:44.0675 4048  IAANTMON - ok
10:08:44.0675 4048  [ C50107C730C9A955F6FD7376733F2D68 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
10:08:44.0690 4048  iaStor - ok
10:08:44.0706 4048  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:08:44.0721 4048  iaStorV - ok
10:08:44.0737 4048  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:08:44.0753 4048  idsvc - ok
10:08:44.0893 4048  [ F59AC361DFE9BFD9BE81E20B04EADAA2 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
10:08:45.0049 4048  igfx - ok
10:08:45.0049 4048  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:08:45.0065 4048  iirsp - ok
10:08:45.0080 4048  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
10:08:45.0127 4048  IKEEXT - ok
10:08:45.0127 4048  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
10:08:45.0143 4048  intelide - ok
10:08:45.0143 4048  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:08:45.0158 4048  intelppm - ok
10:08:45.0174 4048  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:08:45.0205 4048  IPBusEnum - ok
10:08:45.0205 4048  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:08:45.0236 4048  IpFilterDriver - ok
10:08:45.0252 4048  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:08:45.0267 4048  iphlpsvc - ok
10:08:45.0267 4048  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:08:45.0283 4048  IPMIDRV - ok
10:08:45.0299 4048  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:08:45.0330 4048  IPNAT - ok
10:08:45.0345 4048  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
10:08:45.0361 4048  iPod Service - ok
10:08:45.0361 4048  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:08:45.0392 4048  IRENUM - ok
10:08:45.0392 4048  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:08:45.0408 4048  isapnp - ok
10:08:45.0408 4048  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:08:45.0423 4048  iScsiPrt - ok
10:08:45.0439 4048  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:08:45.0439 4048  kbdclass - ok
10:08:45.0455 4048  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:08:45.0470 4048  kbdhid - ok
10:08:45.0470 4048  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
10:08:45.0486 4048  KeyIso - ok
10:08:45.0486 4048  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:08:45.0501 4048  KSecDD - ok
10:08:45.0501 4048  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:08:45.0517 4048  KSecPkg - ok
10:08:45.0517 4048  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:08:45.0564 4048  ksthunk - ok
10:08:45.0564 4048  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:08:45.0611 4048  KtmRm - ok
10:08:45.0611 4048  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:08:45.0642 4048  LanmanServer - ok
10:08:45.0657 4048  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:08:45.0689 4048  LanmanWorkstation - ok
10:08:45.0689 4048  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:08:45.0735 4048  lltdio - ok
10:08:45.0735 4048  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:08:45.0767 4048  lltdsvc - ok
10:08:45.0782 4048  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:08:45.0813 4048  lmhosts - ok
10:08:45.0813 4048  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:08:45.0829 4048  LSI_FC - ok
10:08:45.0829 4048  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:08:45.0845 4048  LSI_SAS - ok
10:08:45.0860 4048  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:08:45.0860 4048  LSI_SAS2 - ok
10:08:45.0876 4048  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:08:45.0891 4048  LSI_SCSI - ok
10:08:45.0891 4048  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:08:45.0923 4048  luafv - ok
10:08:45.0938 4048  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:08:45.0954 4048  Mcx2Svc - ok
10:08:45.0954 4048  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:08:45.0969 4048  megasas - ok
10:08:45.0969 4048  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:08:45.0985 4048  MegaSR - ok
10:08:45.0985 4048  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
10:08:46.0032 4048  MMCSS - ok
10:08:46.0032 4048  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
10:08:46.0063 4048  Modem - ok
10:08:46.0063 4048  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:08:46.0079 4048  monitor - ok
10:08:46.0094 4048  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:08:46.0110 4048  mouclass - ok
10:08:46.0110 4048  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:08:46.0125 4048  mouhid - ok
10:08:46.0125 4048  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:08:46.0141 4048  mountmgr - ok
10:08:46.0141 4048  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:08:46.0157 4048  MozillaMaintenance - ok
10:08:46.0157 4048  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:08:46.0172 4048  mpio - ok
10:08:46.0172 4048  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:08:46.0219 4048  mpsdrv - ok
10:08:46.0235 4048  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:08:46.0266 4048  MpsSvc - ok
10:08:46.0281 4048  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:08:46.0297 4048  MRxDAV - ok
10:08:46.0297 4048  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:08:46.0313 4048  mrxsmb - ok
10:08:46.0328 4048  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:08:46.0344 4048  mrxsmb10 - ok
10:08:46.0344 4048  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:08:46.0360 4048  mrxsmb20 - ok
10:08:46.0360 4048  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:08:46.0375 4048  msahci - ok
10:08:46.0375 4048  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:08:46.0391 4048  msdsm - ok
10:08:46.0391 4048  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
10:08:46.0406 4048  MSDTC - ok
10:08:46.0422 4048  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:08:46.0453 4048  Msfs - ok
10:08:46.0453 4048  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:08:46.0484 4048  mshidkmdf - ok
10:08:46.0500 4048  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:08:46.0500 4048  msisadrv - ok
10:08:46.0516 4048  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:08:46.0547 4048  MSiSCSI - ok
10:08:46.0547 4048  msiserver - ok
10:08:46.0562 4048  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:08:46.0594 4048  MSKSSRV - ok
10:08:46.0594 4048  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:08:46.0625 4048  MSPCLOCK - ok
10:08:46.0640 4048  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:08:46.0672 4048  MSPQM - ok
10:08:46.0672 4048  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:08:46.0687 4048  MsRPC - ok
10:08:46.0703 4048  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:08:46.0718 4048  mssmbios - ok
10:08:46.0718 4048  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:08:46.0750 4048  MSTEE - ok
10:08:46.0750 4048  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:08:46.0765 4048  MTConfig - ok
10:08:46.0765 4048  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:08:46.0781 4048  Mup - ok
10:08:46.0796 4048  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
10:08:46.0828 4048  napagent - ok
10:08:46.0843 4048  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:08:46.0859 4048  NativeWifiP - ok
10:08:46.0874 4048  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:08:46.0906 4048  NDIS - ok
10:08:46.0906 4048  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:08:46.0937 4048  NdisCap - ok
10:08:46.0937 4048  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:08:46.0968 4048  NdisTapi - ok
10:08:46.0984 4048  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:08:47.0015 4048  Ndisuio - ok
10:08:47.0015 4048  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:08:47.0046 4048  NdisWan - ok
10:08:47.0062 4048  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:08:47.0093 4048  NDProxy - ok
10:08:47.0093 4048  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:08:47.0124 4048  NetBIOS - ok
10:08:47.0140 4048  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:08:47.0171 4048  NetBT - ok
10:08:47.0171 4048  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
10:08:47.0186 4048  Netlogon - ok
10:08:47.0186 4048  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
10:08:47.0233 4048  Netman - ok
10:08:47.0233 4048  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
10:08:47.0280 4048  netprofm - ok
10:08:47.0280 4048  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:08:47.0296 4048  NetTcpPortSharing - ok
10:08:47.0436 4048  [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
10:08:47.0576 4048  NETw5s64 - ok
10:08:47.0623 4048  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
10:08:47.0717 4048  netw5v64 - ok
10:08:47.0842 4048  [ B25FE0FA523579B6FA327311A579866E ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
10:08:48.0013 4048  NETwNs64 - ok
10:08:48.0029 4048  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:08:48.0044 4048  nfrd960 - ok
10:08:48.0044 4048  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:08:48.0060 4048  NlaSvc - ok
10:08:48.0091 4048  NMSAccess - ok
10:08:48.0091 4048  [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF             C:\Windows\system32\drivers\npf.sys
10:08:48.0107 4048  NPF - ok
10:08:48.0107 4048  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:08:48.0138 4048  Npfs - ok
10:08:48.0154 4048  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
10:08:48.0185 4048  nsi - ok
10:08:48.0185 4048  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:08:48.0216 4048  nsiproxy - ok
10:08:48.0247 4048  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:08:48.0278 4048  Ntfs - ok
10:08:48.0294 4048  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
10:08:48.0325 4048  Null - ok
10:08:48.0325 4048  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:08:48.0341 4048  nvraid - ok
10:08:48.0341 4048  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:08:48.0356 4048  nvstor - ok
10:08:48.0372 4048  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:08:48.0388 4048  nv_agp - ok
10:08:48.0388 4048  [ 9ED2D6751813F5589710A8122CD227B2 ] NWIM            C:\Windows\system32\DRIVERS\avmnwim.sys
10:08:48.0403 4048  NWIM - ok
10:08:48.0403 4048  [ 05965ED689DFF62ED50F3CE86B758985 ] nwtsrv          C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
10:08:48.0419 4048  nwtsrv - ok
10:08:48.0419 4048  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:08:48.0434 4048  ohci1394 - ok
10:08:48.0434 4048  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:08:48.0450 4048  ose - ok
10:08:48.0512 4048  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:08:48.0606 4048  osppsvc - ok
10:08:48.0622 4048  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:08:48.0637 4048  p2pimsvc - ok
10:08:48.0653 4048  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:08:48.0668 4048  p2psvc - ok
10:08:48.0668 4048  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:08:48.0684 4048  Parport - ok
10:08:48.0684 4048  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:08:48.0700 4048  partmgr - ok
10:08:48.0700 4048  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:08:48.0731 4048  PcaSvc - ok
10:08:48.0731 4048  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
10:08:48.0746 4048  pccsmcfd - ok
10:08:48.0746 4048  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
10:08:48.0762 4048  pci - ok
10:08:48.0762 4048  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
10:08:48.0778 4048  pciide - ok
10:08:48.0793 4048  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:08:48.0793 4048  pcmcia - ok
10:08:48.0809 4048  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:08:48.0809 4048  pcw - ok
10:08:48.0824 4048  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:08:48.0871 4048  PEAUTH - ok
10:08:48.0887 4048  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
10:08:48.0918 4048  PeerDistSvc - ok
10:08:48.0934 4048  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:08:48.0949 4048  PerfHost - ok
10:08:48.0965 4048  [ BD24E98E6546ADF6A31A41485483EB6C ] Pharos Systems ComTaskMaster C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
10:08:48.0965 4048  Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - warning
10:08:48.0965 4048  Pharos Systems ComTaskMaster - detected UnsignedFile.Multi.Generic (1)
10:08:48.0980 4048  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
10:08:49.0043 4048  pla - ok
10:08:49.0043 4048  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:08:49.0058 4048  PlugPlay - ok
10:08:49.0075 4048  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:08:49.0075 4048  PNRPAutoReg - ok
10:08:49.0091 4048  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:08:49.0106 4048  PNRPsvc - ok
10:08:49.0122 4048  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:08:49.0153 4048  PolicyAgent - ok
10:08:49.0153 4048  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
10:08:49.0200 4048  Power - ok
10:08:49.0200 4048  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:08:49.0231 4048  PptpMiniport - ok
10:08:49.0247 4048  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:08:49.0247 4048  Processor - ok
10:08:49.0262 4048  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:08:49.0278 4048  ProfSvc - ok
10:08:49.0278 4048  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:08:49.0293 4048  ProtectedStorage - ok
10:08:49.0293 4048  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:08:49.0325 4048  Psched - ok
10:08:49.0356 4048  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:08:49.0387 4048  ql2300 - ok
10:08:49.0403 4048  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:08:49.0403 4048  ql40xx - ok
10:08:49.0418 4048  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
10:08:49.0434 4048  QWAVE - ok
10:08:49.0449 4048  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:08:49.0465 4048  QWAVEdrv - ok
10:08:49.0465 4048  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:08:49.0496 4048  RasAcd - ok
10:08:49.0512 4048  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:08:49.0543 4048  RasAgileVpn - ok
10:08:49.0543 4048  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
10:08:49.0574 4048  RasAuto - ok
10:08:49.0590 4048  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:08:49.0621 4048  Rasl2tp - ok
10:08:49.0621 4048  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
10:08:49.0668 4048  RasMan - ok
10:08:49.0668 4048  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:08:49.0699 4048  RasPppoe - ok
10:08:49.0715 4048  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:08:49.0746 4048  RasSstp - ok
10:08:49.0746 4048  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:08:49.0777 4048  rdbss - ok
10:08:49.0793 4048  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:08:49.0808 4048  rdpbus - ok
10:08:49.0808 4048  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:08:49.0839 4048  RDPCDD - ok
10:08:49.0855 4048  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
10:08:49.0855 4048  RDPDR - ok
10:08:49.0871 4048  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:08:49.0902 4048  RDPENCDD - ok
10:08:49.0902 4048  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:08:49.0949 4048  RDPREFMP - ok
10:08:49.0949 4048  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:08:49.0964 4048  RdpVideoMiniport - ok
10:08:49.0964 4048  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:08:49.0980 4048  RDPWD - ok
10:08:49.0995 4048  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:08:50.0011 4048  rdyboost - ok
10:08:50.0011 4048  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:08:50.0042 4048  RemoteAccess - ok
10:08:50.0058 4048  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:08:50.0090 4048  RemoteRegistry - ok
10:08:50.0090 4048  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
10:08:50.0106 4048  RFCOMM - ok
10:08:50.0121 4048  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
10:08:50.0121 4048  rpcapd - ok
10:08:50.0137 4048  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:08:50.0168 4048  RpcEptMapper - ok
10:08:50.0168 4048  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
10:08:50.0184 4048  RpcLocator - ok
10:08:50.0199 4048  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
10:08:50.0230 4048  RpcSs - ok
10:08:50.0246 4048  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:08:50.0277 4048  rspndr - ok
10:08:50.0277 4048  [ 2881DB11541AC29A198FB98606630FDD ] RsvLock         C:\Windows\system32\drivers\RsvLock.sys
10:08:50.0293 4048  RsvLock - ok
10:08:50.0293 4048  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
10:08:50.0308 4048  s3cap - ok
10:08:50.0308 4048  [ 64DA560AEED25BB58DA7DD511B1E9B14 ] SafeBoot        C:\Windows\system32\drivers\SafeBoot.sys
10:08:50.0308 4048  Suspicious file (NoAccess): C:\Windows\system32\drivers\SafeBoot.sys. md5: 64DA560AEED25BB58DA7DD511B1E9B14
10:08:50.0308 4048  SafeBoot ( LockedFile.Multi.Generic ) - warning
10:08:50.0308 4048  SafeBoot - detected LockedFile.Multi.Generic (1)
10:08:50.0308 4048  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
10:08:50.0324 4048  SamSs - ok
10:08:50.0324 4048  [ 1CFC2E8659484FA6E512405A0F79A00A ] SbAlg           C:\Windows\system32\drivers\SbAlg.sys
10:08:50.0340 4048  SbAlg - ok
10:08:50.0340 4048  [ C6566AAFAB3DBF61E0C77E37D345B2F5 ] SbFsLock        C:\Windows\system32\drivers\SbFsLock.sys
10:08:50.0355 4048  SbFsLock - ok
10:08:50.0355 4048  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:08:50.0371 4048  sbp2port - ok
10:08:50.0371 4048  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:08:50.0418 4048  SCardSvr - ok
10:08:50.0418 4048  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:08:50.0449 4048  scfilter - ok
10:08:50.0464 4048  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
10:08:50.0511 4048  Schedule - ok
10:08:50.0527 4048  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:08:50.0558 4048  SCPolicySvc - ok
10:08:50.0558 4048  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:08:50.0574 4048  SDRSVC - ok
10:08:50.0574 4048  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:08:50.0605 4048  secdrv - ok
10:08:50.0620 4048  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
10:08:50.0652 4048  seclogon - ok
10:08:50.0652 4048  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
10:08:50.0698 4048  SENS - ok
10:08:50.0698 4048  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:08:50.0714 4048  SensrSvc - ok
10:08:50.0714 4048  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:08:50.0730 4048  Serenum - ok
10:08:50.0730 4048  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:08:50.0745 4048  Serial - ok
10:08:50.0745 4048  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:08:50.0761 4048  sermouse - ok
10:08:50.0776 4048  [ C15B813F2FDB44F87F23312472C6E790 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
10:08:50.0792 4048  ServiceLayer - ok
10:08:50.0808 4048  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:08:50.0839 4048  SessionEnv - ok
10:08:50.0839 4048  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:08:50.0854 4048  sffdisk - ok
10:08:50.0870 4048  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:08:50.0870 4048  sffp_mmc - ok
10:08:50.0886 4048  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:08:50.0901 4048  sffp_sd - ok
10:08:50.0901 4048  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:08:50.0917 4048  sfloppy - ok
10:08:50.0917 4048  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:08:50.0964 4048  SharedAccess - ok
10:08:50.0964 4048  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:08:50.0995 4048  ShellHWDetection - ok
10:08:51.0010 4048  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:08:51.0010 4048  SiSRaid2 - ok
10:08:51.0026 4048  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:08:51.0042 4048  SiSRaid4 - ok
10:08:51.0042 4048  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
10:08:51.0057 4048  SkypeUpdate - ok
10:08:51.0057 4048  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:08:51.0088 4048  Smb - ok
10:08:51.0104 4048  [ 20635287FAA016E4E2A07E86C02759B8 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
10:08:51.0120 4048  snapman - ok
10:08:51.0120 4048  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:08:51.0135 4048  SNMPTRAP - ok
10:08:51.0166 4048  [ 84DE101B4FA40CD28B84637924C060CE ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
10:08:51.0198 4048  SNP2UVC - ok
10:08:51.0198 4048  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:08:51.0213 4048  spldr - ok
10:08:51.0229 4048  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
10:08:51.0244 4048  Spooler - ok
10:08:51.0276 4048  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
10:08:51.0354 4048  sppsvc - ok
10:08:51.0369 4048  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:08:51.0400 4048  sppuinotify - ok
10:08:51.0416 4048  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:08:51.0432 4048  srv - ok
10:08:51.0432 4048  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:08:51.0447 4048  srv2 - ok
10:08:51.0463 4048  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:08:51.0478 4048  srvnet - ok
10:08:51.0478 4048  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
10:08:51.0494 4048  ssadbus - ok
10:08:51.0494 4048  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
10:08:51.0510 4048  ssadmdfl - ok
10:08:51.0510 4048  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
10:08:51.0525 4048  ssadmdm - ok
10:08:51.0541 4048  [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus         C:\Windows\system32\DRIVERS\sscdbus.sys
10:08:51.0541 4048  sscdbus - ok
10:08:51.0556 4048  [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl        C:\Windows\system32\DRIVERS\sscdmdfl.sys
10:08:51.0556 4048  sscdmdfl - ok
10:08:51.0572 4048  [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm         C:\Windows\system32\DRIVERS\sscdmdm.sys
10:08:51.0572 4048  sscdmdm - ok
10:08:51.0588 4048  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:08:51.0619 4048  SSDPSRV - ok
10:08:51.0619 4048  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:08:51.0650 4048  SstpSvc - ok
10:08:51.0666 4048  [ E4AEA6FC64A979375149B86882CA2100 ] StarMoney 8.0 OnlineUpdate C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
10:08:51.0681 4048  StarMoney 8.0 OnlineUpdate - ok
10:08:51.0697 4048  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:08:51.0697 4048  stexstor - ok
10:08:51.0712 4048  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
10:08:51.0744 4048  stisvc - ok
10:08:51.0744 4048  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
10:08:51.0759 4048  storflt - ok
10:08:51.0759 4048  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
10:08:51.0775 4048  StorSvc - ok
10:08:51.0775 4048  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
10:08:51.0790 4048  storvsc - ok
10:08:51.0790 4048  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:08:51.0806 4048  swenum - ok
10:08:51.0822 4048  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
10:08:51.0853 4048  swprv - ok
10:08:51.0884 4048  [ D268D2A0DB2A2BBE963E688D0B039267 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
10:08:51.0900 4048  SynTP - ok
10:08:51.0931 4048  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
10:08:51.0962 4048  SysMain - ok
10:08:51.0978 4048  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:08:51.0993 4048  TabletInputService - ok
10:08:51.0993 4048  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:08:52.0040 4048  TapiSrv - ok
10:08:52.0040 4048  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
10:08:52.0071 4048  TBS - ok
10:08:52.0102 4048  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:08:52.0149 4048  Tcpip - ok
10:08:52.0165 4048  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:08:52.0196 4048  TCPIP6 - ok
10:08:52.0212 4048  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:08:52.0227 4048  tcpipreg - ok
10:08:52.0227 4048  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:08:52.0243 4048  TDPIPE - ok
10:08:52.0258 4048  [ DF9179B7BDF0C5B71F9C3D93C016BAE5 ] tdrpman251      C:\Windows\system32\DRIVERS\tdrpm251.sys
10:08:52.0290 4048  tdrpman251 - ok
10:08:52.0305 4048  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:08:52.0305 4048  TDTCP - ok
10:08:52.0321 4048  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:08:52.0352 4048  tdx - ok
10:08:52.0383 4048  [ C9B9373A0A430C11F0213E359D0772B2 ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
10:08:52.0430 4048  TeamViewer7 - ok
10:08:52.0446 4048  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:08:52.0446 4048  TermDD - ok
10:08:52.0461 4048  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
10:08:52.0508 4048  TermService - ok
10:08:52.0508 4048  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
10:08:52.0524 4048  Themes - ok
10:08:52.0524 4048  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
10:08:52.0570 4048  THREADORDER - ok
10:08:52.0586 4048  [ F7546EAD58CC3000AC02CF9529B9934E ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
10:08:52.0602 4048  timounter - ok
10:08:52.0602 4048  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
10:08:52.0617 4048  TPM - ok
10:08:52.0633 4048  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
10:08:52.0664 4048  TrkWks - ok
10:08:52.0664 4048  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:08:52.0695 4048  TrustedInstaller - ok
10:08:52.0711 4048  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:08:52.0742 4048  tssecsrv - ok
10:08:52.0742 4048  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:08:52.0758 4048  TsUsbFlt - ok
10:08:52.0758 4048  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:08:52.0789 4048  tunnel - ok
10:08:52.0804 4048  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:08:52.0820 4048  uagp35 - ok
10:08:52.0820 4048  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:08:52.0851 4048  udfs - ok
10:08:52.0867 4048  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:08:52.0882 4048  UI0Detect - ok
10:08:52.0882 4048  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:08:52.0898 4048  uliagpkx - ok
10:08:52.0898 4048  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:08:52.0914 4048  umbus - ok
10:08:52.0914 4048  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:08:52.0929 4048  UmPass - ok
10:08:52.0945 4048  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
10:08:52.0960 4048  UmRdpService - ok
10:08:52.0960 4048  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
10:08:53.0007 4048  upnphost - ok
10:08:53.0007 4048  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
10:08:53.0023 4048  USBAAPL64 - ok
10:08:53.0023 4048  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:08:53.0038 4048  usbccgp - ok
10:08:53.0038 4048  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:08:53.0054 4048  usbcir - ok
10:08:53.0070 4048  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:08:53.0070 4048  usbehci - ok
10:08:53.0085 4048  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:08:53.0101 4048  usbhub - ok
10:08:53.0101 4048  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:08:53.0116 4048  usbohci - ok
10:08:53.0116 4048  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:08:53.0132 4048  usbprint - ok
10:08:53.0148 4048  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:08:53.0163 4048  USBSTOR - ok
10:08:53.0163 4048  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
10:08:53.0179 4048  usbuhci - ok
10:08:53.0179 4048  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
10:08:53.0194 4048  usbvideo - ok
10:08:53.0210 4048  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
10:08:53.0241 4048  UxSms - ok
10:08:53.0241 4048  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
10:08:53.0257 4048  VaultSvc - ok
10:08:53.0257 4048  [ 72EC34F9999A5A48CFD43F5E6BD779E4 ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
10:08:53.0272 4048  VBoxDrv - ok
10:08:53.0288 4048  [ A2FE818D7F930C51ADA37C04DBCB015D ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
10:08:53.0288 4048  VBoxNetAdp - ok
10:08:53.0304 4048  [ CD37A9264C404E48BCE162D37B117B45 ] VBoxNetFlt      C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
10:08:53.0319 4048  VBoxNetFlt - ok
10:08:53.0319 4048  [ F649B3D30C6F40B04BDCCD0D11A43481 ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
10:08:53.0335 4048  VBoxUSBMon - ok
10:08:53.0335 4048  [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
10:08:53.0350 4048  VClone - ok
10:08:53.0350 4048  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:08:53.0366 4048  vdrvroot - ok
10:08:53.0382 4048  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
10:08:53.0413 4048  vds - ok
10:08:53.0413 4048  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:08:53.0428 4048  vga - ok
10:08:53.0444 4048  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:08:53.0475 4048  VgaSave - ok
10:08:53.0475 4048  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:08:53.0491 4048  vhdmp - ok
10:08:53.0491 4048  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:08:53.0506 4048  viaide - ok
10:08:53.0522 4048  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
10:08:53.0522 4048  vmbus - ok
10:08:53.0538 4048  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
10:08:53.0553 4048  VMBusHID - ok
10:08:53.0553 4048  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:08:53.0569 4048  volmgr - ok
10:08:53.0569 4048  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:08:53.0584 4048  volmgrx - ok
10:08:53.0600 4048  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:08:53.0616 4048  volsnap - ok
10:08:53.0616 4048  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:08:53.0631 4048  vsmraid - ok
10:08:53.0662 4048  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
10:08:53.0709 4048  VSS - ok
10:08:53.0709 4048  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:08:53.0725 4048  vwifibus - ok
10:08:53.0740 4048  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:08:53.0756 4048  vwififlt - ok
10:08:53.0756 4048  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
10:08:53.0772 4048  vwifimp - ok
10:08:53.0772 4048  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
10:08:53.0818 4048  W32Time - ok
10:08:53.0818 4048  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:08:53.0834 4048  WacomPen - ok
10:08:53.0850 4048  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:08:53.0881 4048  WANARP - ok
10:08:53.0881 4048  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:08:53.0912 4048  Wanarpv6 - ok
10:08:53.0928 4048  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
10:08:53.0959 4048  WatAdminSvc - ok
10:08:53.0974 4048  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
10:08:54.0006 4048  wbengine - ok
10:08:54.0021 4048  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:08:54.0037 4048  WbioSrvc - ok
10:08:54.0037 4048  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:08:54.0068 4048  wcncsvc - ok
10:08:54.0068 4048  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:08:54.0084 4048  WcsPlugInService - ok
10:08:54.0084 4048  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:08:54.0099 4048  Wd - ok
10:08:54.0115 4048  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:08:54.0146 4048  Wdf01000 - ok
10:08:54.0146 4048  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:08:54.0177 4048  WdiServiceHost - ok
10:08:54.0177 4048  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:08:54.0193 4048  WdiSystemHost - ok
10:08:54.0208 4048  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
10:08:54.0224 4048  WebClient - ok
10:08:54.0240 4048  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:08:54.0271 4048  Wecsvc - ok
10:08:54.0271 4048  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:08:54.0318 4048  wercplsupport - ok
10:08:54.0318 4048  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:08:54.0349 4048  WerSvc - ok
10:08:54.0364 4048  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:08:54.0396 4048  WfpLwf - ok
10:08:54.0396 4048  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:08:54.0411 4048  WIMMount - ok
10:08:54.0411 4048  WinDefend - ok
10:08:54.0411 4048  WinHttpAutoProxySvc - ok
10:08:54.0427 4048  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:08:54.0458 4048  Winmgmt - ok
10:08:54.0489 4048  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
10:08:54.0552 4048  WinRM - ok
10:08:54.0567 4048  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:08:54.0583 4048  WinUsb - ok
10:08:54.0598 4048  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:08:54.0614 4048  Wlansvc - ok
10:08:54.0630 4048  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:08:54.0645 4048  WmiAcpi - ok
10:08:54.0645 4048  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:08:54.0661 4048  wmiApSrv - ok
10:08:54.0661 4048  WMPNetworkSvc - ok
10:08:54.0676 4048  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:08:54.0692 4048  WPCSvc - ok
10:08:54.0692 4048  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:08:54.0708 4048  WPDBusEnum - ok
10:08:54.0708 4048  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:08:54.0739 4048  ws2ifsl - ok
10:08:54.0754 4048  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
10:08:54.0770 4048  wscsvc - ok
10:08:54.0770 4048  WSearch - ok
10:08:54.0801 4048  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:08:54.0864 4048  wuauserv - ok
10:08:54.0864 4048  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:08:54.0879 4048  WudfPf - ok
10:08:54.0879 4048  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:08:54.0895 4048  WUDFRd - ok
10:08:54.0895 4048  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:08:54.0910 4048  wudfsvc - ok
10:08:54.0926 4048  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:08:54.0942 4048  WwanSvc - ok
10:08:54.0957 4048  ================ Scan global ===============================
10:08:54.0957 4048  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:08:54.0973 4048  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:08:54.0988 4048  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:08:54.0988 4048  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:08:54.0988 4048  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:08:55.0004 4048  [Global] - ok
10:08:55.0004 4048  ================ Scan MBR ==================================
10:08:55.0004 4048  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:08:55.0160 4048  \Device\Harddisk0\DR0 - ok
10:08:55.0160 4048  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
10:08:55.0534 4048  \Device\Harddisk1\DR1 - ok
10:08:55.0534 4048  ================ Scan VBR ==================================
10:08:55.0534 4048  [ B0669249AF03FF8D3A79C3FA4FDBB84D ] \Device\Harddisk0\DR0\Partition1
10:08:55.0550 4048  \Device\Harddisk0\DR0\Partition1 - ok
10:08:55.0550 4048  [ C9D525C240B5A95D7DE7225A462A12E9 ] \Device\Harddisk0\DR0\Partition2
10:08:55.0566 4048  \Device\Harddisk0\DR0\Partition2 - ok
10:08:55.0566 4048  [ CAA2E328B68A656044DD6AF659FD39BE ] \Device\Harddisk1\DR1\Partition1
10:08:55.0566 4048  \Device\Harddisk1\DR1\Partition1 - ok
10:08:55.0581 4048  ============================================================
10:08:55.0581 4048  Scan finished
10:08:55.0581 4048  ============================================================
10:08:55.0597 2616  Detected object count: 3
10:08:55.0597 2616  Actual detected object count: 3
10:11:20.0739 2616  HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:11:20.0739 2616  HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:11:20.0739 2616  Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - skipped by user
10:11:20.0739 2616  Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:11:20.0739 2616  SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
10:11:20.0739 2616  SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
         
Zu den funden von TDSSKiller (nur als kleine Hilfestellung gedacht. vlt. hilft es dir ja):
- Ich habe einen HP Laptop und die Software von ProtectTools ist intalliert.
- Pharos Systems ComTaskMaster ist glaube ich der 'Druckertreiber' von meiner Uni, damit ich über Netzwerk drucken kann.
- und keine Ahnung was SafeBoot ist. Ich habe mal gegoogelt. Vlt. hängt es damit zusammen, dass ich Dateien auf meiner HDD mit den Windows Boardmitteln verschlüsselt habe.
__________________

Geändert von thomasasdf (23.11.2012 um 11:24 Uhr)

Alt 23.11.2012, 14:18   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vodafone PDF Trojaner - Standard

Vodafone PDF Trojaner



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.11.2012, 14:44   #5
thomasasdf
 
Vodafone PDF Trojaner - Standard

Vodafone PDF Trojaner



Danke für die schnelle Antwort!

Code:
ATTFilter
# AdwCleaner v2.008 - Datei am 23/11/2012 um 13:43:56 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Thomas - LAPTOPTHOMAS
# Bootmodus : Normal
# Ausgeführt unter : D:\Users\Thomas\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files (x86)\SweetIM

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\o2h4a6uk.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\5wzg5e1l.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4551 octets] - [23/11/2012 13:43:56]

########## EOF - C:\AdwCleaner[R1].txt - [4611 octets] ##########
         


Alt 23.11.2012, 15:02   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vodafone PDF Trojaner - Standard

Vodafone PDF Trojaner



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
--> Vodafone PDF Trojaner

Alt 23.11.2012, 15:26   #7
thomasasdf
 
Vodafone PDF Trojaner - Standard

Vodafone PDF Trojaner



adwCleaner

Code:
ATTFilter
# AdwCleaner v2.008 - Datei am 23/11/2012 um 14:09:30 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Thomas - LAPTOPTHOMAS
# Bootmodus : Normal
# Ausgeführt unter : D:\Users\Thomas\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\o2h4a6uk.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\5wzg5e1l.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4668 octets] - [23/11/2012 13:43:56]
AdwCleaner[S1].txt - [1855 octets] - [23/11/2012 14:09:30]

########## EOF - C:\AdwCleaner[S1].txt - [1915 octets] ##########
         


OTL
Code:
ATTFilter
OTL logfile created on: 23.11.2012 14:14:56 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\Thomas\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 55,39% Memory free
7,80 Gb Paging File | 5,94 Gb Available in Paging File | 76,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 48,16 Gb Free Space | 40,42% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 369,04 Gb Free Space | 79,23% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOPTHOMAS | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Users\Thomas\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe ()
PRC - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\IAM\bin\AsGHost.exe (Bioscrypt Inc.)
PRC - C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe (Pharos Systems International)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (BotkindSyncService) -- C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe ()
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (avmike) -- C:\Programme\FRITZ!Fernzugang\avmike.exe (AVM Berlin)
SRV - (nwtsrv) -- C:\Programme\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin)
SRV - (certsrv) -- C:\Programme\FRITZ!Fernzugang\certsrv.exe (AVM Berlin)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (HP ProtectTools Service) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HpFkCryptService) -- C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
SRV - (ASBroker) -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
SRV - (ASChannel) -- C:\Program Files (x86)\Hewlett-Packard\IAM\bin\AsChnl.dll (Bioscrypt Inc.)
SRV - (Pharos Systems ComTaskMaster) -- C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe (Pharos Systems International)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (ATService) -- C:\Programme\Fingerprint Sensor\ATService.exe (AuthenTec, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ac.sharedstore) -- C:\Programme\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (tdrpman251) -- C:\Windows\SysNative\drivers\tdrpm251.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (NWIM) -- C:\Windows\SysNative\drivers\avmnwim.sys (AVM Berlin)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SbFsLock) -- C:\Windows\SysNative\drivers\SbFsLock.sys (SafeBoot International)
DRV:64bit: - (RsvLock) -- C:\Windows\SysNative\drivers\RsvLock.sys (SafeBoot International)
DRV:64bit: - (SafeBoot) -- C:\Windows\SysNative\drivers\SafeBoot.sys ()
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\CPQBTTN.sys (Hewlett-Packard Company)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (SbAlg) -- C:\Windows\SysNative\drivers\SbAlg.sys (SafeBoot N.V.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 FB A2 41 81 C9 CD 01  [binary data]
IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "PONS.eu : Englisch » Deutsch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: contextMenuExtension%40leo.org:0.3.1
FF - prefs.js..extensions.enabledAddons: %7B1280606b-2510-4fe0-97ef-9b5a22eafe30%7D:0.7.9.1
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.7
FF - prefs.js..extensions.enabledAddons: %7Bc666c018-6409-4479-afa3-68e4129e7eff%7D:1.1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5FE7198A-5950-4068-9FBF-1A60395CC4E9}: C:\Program Files (x86)\1&1\1&1 SoftPhone\Firefox [2012.08.30 14:51:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.23 13:58:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.23 13:58:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.04.28 13:07:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions
[2012.11.23 13:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\o2h4a6uk.default\extensions
[2012.09.16 18:04:09 | 000,018,789 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\contextMenuExtension@leo.org.xpi
[2012.09.19 13:00:23 | 000,506,361 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2012.08.23 07:51:55 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.11.22 13:55:36 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.09.16 18:03:30 | 000,013,268 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\{c666c018-6409-4479-afa3-68e4129e7eff}.xpi
[2012.11.23 13:55:39 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.05.22 19:53:15 | 000,000,983 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\searchplugins\ponseu--englisch--deutsch.xml
[2012.05.09 14:39:32 | 000,002,057 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\searchplugins\youtube-videosuche.xml
[2012.11.23 13:58:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.23 13:58:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.11.23 13:58:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.11.23 13:58:50 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.21 01:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.05 22:06:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 01:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 01:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 01:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 01:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Credential Manager for HP ProtectTools) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\Hewlett-Packard\IAM\bin\ItIEAddIn64.dll (Bioscrypt Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~2\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule File not found
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 147.252.1.37 147.252.1.192
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CDC35AB-A692-4D64-884D-23F4B7A925A0}: DhcpNameServer = 147.252.1.37 147.252.1.192
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll (Bioscrypt Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.23 13:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.22 22:37:47 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Download Manager
[2012.11.20 23:40:15 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\e-academy Inc
[2012.11.20 00:47:15 | 000,000,000 | ---D | C] -- C:\Users\Thomas\.VirtualBox
[2012.11.20 00:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2012.11.20 00:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.11.19 15:33:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.11.19 15:33:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.11.18 17:42:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.11.18 17:42:24 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.11.18 17:42:20 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.11.18 17:42:20 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.11.18 17:42:20 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.11.18 17:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.11.18 17:30:00 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.11.18 17:30:00 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.11.18 17:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.11.16 13:33:44 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Clipboarder
[2012.11.16 03:06:33 | 000,032,768 | ---- | C] (Analog Devices) -- C:\Windows\SysWow64\adidrm.dll
[2012.11.16 03:06:32 | 000,060,928 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysWow64\SFFXComm.dll
[2012.11.16 03:06:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundMAX
[2012.11.16 03:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicFocus
[2012.11.15 23:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.11.14 21:32:19 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.14 21:32:19 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.14 21:32:02 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012.11.14 21:32:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012.11.14 21:32:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012.11.14 21:32:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012.11.14 21:32:01 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012.11.14 21:32:00 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012.11.14 21:32:00 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012.11.14 21:32:00 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012.11.14 21:32:00 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012.11.14 21:32:00 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012.11.14 21:32:00 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012.11.14 21:32:00 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012.11.14 21:32:00 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012.11.14 21:32:00 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012.11.14 21:32:00 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012.11.14 21:32:00 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012.11.14 21:32:00 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012.11.14 21:32:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012.11.14 21:32:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012.11.14 21:32:00 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012.11.14 21:32:00 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012.11.14 21:32:00 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012.11.14 21:31:59 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012.11.14 21:31:59 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012.11.14 21:26:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.14 21:26:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.14 21:26:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.14 21:26:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.14 21:26:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.14 21:26:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.14 21:26:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.14 21:26:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.14 21:26:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.14 21:26:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.14 21:26:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.14 21:26:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.14 21:26:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.14 21:26:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.14 21:26:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.14 21:22:04 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.14 21:22:03 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.14 21:22:03 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.14 21:22:03 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.14 21:21:05 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.11.14 21:21:05 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.11.14 20:08:38 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.14 20:08:38 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.14 20:08:38 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.14 20:08:38 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.14 20:08:38 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.14 20:08:38 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.14 20:08:03 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.14 20:08:03 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.14 20:08:03 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.14 20:07:03 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.14 20:07:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.11 01:41:53 | 000,000,000 | ---D | C] -- d:\Users\Thomas\Documents\Frisuren
[2012.11.10 18:53:27 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\Niki
[2012.11.10 15:36:29 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\S
[2012.11.09 15:39:54 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Gigaset_Communications_Gm
[2012.11.05 14:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.26 19:00:50 | 000,131,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2012.10.26 18:59:44 | 000,203,608 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNobj.dll
[2012.10.24 21:02:19 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Avira
[2012.10.24 20:57:00 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.10.24 20:57:00 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.10.24 20:57:00 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.10.24 20:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.24 20:56:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.23 14:17:47 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.23 14:17:47 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.23 14:16:08 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.23 14:16:08 | 000,657,850 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.23 14:16:08 | 000,619,086 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.23 14:16:08 | 000,131,190 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.23 14:16:08 | 000,107,406 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.23 14:10:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.23 14:10:26 | 3142,791,168 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.23 13:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.22 23:09:44 | 000,002,236 | -H-- | M] () -- d:\Users\Thomas\Documents\Default.rdp
[2012.11.22 22:38:16 | 000,000,635 | ---- | M] () -- C:\Users\Thomas\Desktop\Start Download Manager.html
[2012.11.21 19:26:52 | 000,007,608 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg
[2012.11.21 15:56:27 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012.11.21 15:56:27 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012.11.20 23:40:16 | 000,003,147 | ---- | M] () -- C:\Users\Thomas\Desktop\Secure Download Manager.lnk
[2012.11.18 17:42:15 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.11.18 17:42:15 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.11.18 17:42:15 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.11.18 17:42:15 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.11.18 17:42:15 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.11.18 17:42:15 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.11.18 17:29:52 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.11.18 17:29:52 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.11.17 20:55:13 | 474,311,708 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.15 22:50:23 | 000,001,035 | ---- | M] () -- C:\Users\Thomas\Desktop\PhonerLite.lnk
[2012.11.14 21:38:36 | 000,420,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.14 19:13:38 | 000,113,967 | ---- | M] () -- C:\Users\Thomas\Desktop\Edignburgh - Tour.pdf
[2012.11.14 11:32:20 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.14 11:32:20 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.08 00:11:29 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.11.08 00:11:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.11.05 15:56:24 | 000,000,962 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.10.26 23:03:33 | 000,020,428 | ---- | M] () -- d:\Users\Thomas\Documents\KeePass_Database.kdb
[2012.10.26 19:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2012.10.26 18:59:44 | 000,203,608 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNobj.dll
 
========== Files Created - No Company Name ==========
 
[2012.11.22 22:38:10 | 000,000,635 | ---- | C] () -- C:\Users\Thomas\Desktop\Start Download Manager.html
[2012.11.20 23:40:16 | 000,003,147 | ---- | C] () -- C:\Users\Thomas\Desktop\Secure Download Manager.lnk
[2012.11.19 15:33:03 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.11.14 21:32:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.14 21:22:03 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.14 19:13:38 | 000,113,967 | ---- | C] () -- C:\Users\Thomas\Desktop\Edignburgh - Tour.pdf
[2012.11.07 21:16:17 | 474,311,708 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.10.22 14:54:25 | 000,000,600 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\winscp.rnd
[2012.08.06 11:37:50 | 000,000,028 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\PhonerLitesettings.ini
[2012.04.29 06:21:29 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.28 15:02:49 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2012.04.28 13:32:30 | 000,186,928 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2012.04.28 13:32:30 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2012.04.27 18:22:42 | 000,007,608 | ---- | C] () -- C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg
[2012.03.28 20:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.03.28 20:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.03.28 20:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.03.28 20:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.03.28 20:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.06.03 11:32:40 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011.06.03 11:32:40 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011.06.03 11:32:40 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 23.11.2012 14:14:56 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\Thomas\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 55,39% Memory free
7,80 Gb Paging File | 5,94 Gb Available in Paging File | 76,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 48,16 Gb Free Space | 40,42% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 369,04 Gb Free Space | 79,23% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOPTHOMAS | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D29E0D-0B94-4B41-96B1-46BBEC88AA9C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{035F7AC4-7EE6-4C0B-8D78-B4897DBC0869}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{050E517F-C680-47CD-91E5-8283DEBB45AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{195680FC-DBC1-4F8B-985B-72B774A53469}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{21C853BE-BB3E-475A-81EA-D962637C2D17}" = lport=137 | protocol=17 | dir=in | app=system | 
"{31C0D989-A651-4A74-B5A7-8BDDD4321139}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4998C3FE-F183-4E54-9D01-93F0CEC435E6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{51D3A7A9-C5BC-418C-B83A-4D925E27F156}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6EA511FA-1665-47BF-8DD9-DF7277609F3A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7632894A-62EB-4B9A-AFC4-AD3CAE83BA1D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A47B18BC-6772-4B0B-8531-54CC7885A482}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ACC34A52-8027-45AA-B0BA-FA747492EA4D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AF73A3A4-7F05-46F9-BF8F-71A373CF45CA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B4DAD413-6611-42F0-849E-83D1F5F2A3E9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D0460A0C-9C66-4F48-BC55-6F91C8EE4E20}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DCFACAF6-4014-478F-AC69-7DBA45E24B22}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E4CE2EBE-3E1C-41A0-8379-9205555C4982}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E73D6544-5A83-4E0E-8F06-8DE03C949A70}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EEA6E78D-CBB6-402E-8001-BC73660E6E1C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F1709317-B649-42F7-BCCF-1A8469F9D4A4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F99F54E9-4894-43F4-BC33-E37FF35247DD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FD521A32-FC86-495B-ADFE-5C29ECD415C2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AEC287-0789-4F98-998D-A1BD61F31027}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{0C02FE3E-08C5-4825-AAD6-F4298DBB12B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0C285DE7-7D42-4F66-9EBC-8F0F49E5A515}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0CE0C961-DCDE-4937-B070-F8A0F8F3AEC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0CE4A34C-906C-45CA-B0E3-1F8911F55382}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{129DD792-F3EE-43B9-90AD-E7D68D3C3788}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{13571462-6382-4F29-BDC4-BBC2F8216A99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{268B472B-A64E-4C2B-96F3-FCEF43D59247}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{349BD310-DA94-4067-8DAF-9268B526A23C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{38C52AF9-70F6-4723-B01C-5254A3632FC7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3973EA6E-FBFE-463C-83F3-61936F25B4AA}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\app\starmoney.exe | 
"{3CF6F281-4AA9-477F-8625-8B7B985FF0B5}" = protocol=6 | dir=out | app=system | 
"{429B5194-261E-4ABA-A783-C30B4EEC5CCC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{491979D5-E812-4CC3-9269-13AE221DE83E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{549BBECB-0FA5-4EA6-A031-AD36AFA84554}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{56E7C27F-30A6-47CD-AAFC-E13F9BE8A653}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{5C8003E2-DF61-4234-98BF-5EC6D2F122A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{65DF79F5-9A54-4F6B-AE43-4426F3E25AC9}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{7A1AD692-E7AE-468A-861A-60AA05E6BAB7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{7A3B631A-6243-4B06-8C70-1B1B2EE33296}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7C14087B-74D3-4536-92F3-F2A5EA61C0DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{80EF4E06-B378-4F64-A565-578FE4CDA3AF}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\app\starmoney.exe | 
"{819F5B25-2842-42A6-BFC0-3F3E7246882E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8CF28B38-B9E7-4B27-B422-9867CCA34EB8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8EAD63D9-731C-4DE0-A532-FCD4F8DFF13A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9120543E-92A5-4364-8029-E84A774F54CD}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe | 
"{9B2CAF00-5E50-4D11-88A1-7E8CDE6ED45D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{AB2A318C-59A7-4D73-A209-D05507CB9E1F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AD46FF1E-3711-427A-B282-0B20948A5A81}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B24DDF93-B4A0-4598-9A0A-4FA06EDC9060}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{B3518DAC-BB34-4557-BBC3-2672533A5591}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{B789E219-FC23-4814-A311-EC6466D8961E}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{B8A7022A-46B3-4CFE-9A78-843732F905C9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B9BF1853-481E-445A-822D-03A3F035F29B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{CD6EC559-2F02-48B8-91FC-2BF6F80842F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D41B96C5-6DE5-4C8F-ABB7-9F88D1F20BA9}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D4626446-E530-40B3-83FF-9D7C98C8BB68}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D4C47CDE-9758-4231-80B7-1FB59388305D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D737E85B-97E2-4DE7-B485-2DFBE3FC34CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DB68F748-BF84-4570-B091-7D136F266688}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DE43636E-6F8D-4B9F-AF88-9B6BD907ACB6}" = dir=in | app=c:\program files (x86)\pharossystems\core\ctskmstr.exe | 
"{E099641B-7132-409A-A461-312AE8C26EFC}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{E1B069B0-C4D1-41E5-94F5-C23171C8BC49}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{E2F975B0-5DA4-4DBD-85EB-9D1A85E53BC5}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{E49776C7-FA3C-4DBE-ABC3-1C80C80DFE33}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E55A711D-E578-47E4-8743-8E213AB68F70}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe | 
"{F491FBB5-EB66-4946-BCB6-93BCCF50C620}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F7C8526A-C751-416C-955B-3F0F449BE1B7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{F8A3EA9B-0E93-4879-A64E-E385D70EEFBE}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{FE80FF01-24B8-4966-B823-783FD9818C0B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FF9333E4-2DFD-4C0B-82DF-B20D3C0A28C0}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"TCP Query User{00F78F78-D498-42AC-B17B-86C954F88FD5}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{41F7B54E-41CC-4D10-B9CD-C809B3D56346}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe | 
"TCP Query User{53471F84-7EB0-4920-8824-21EA6BB8ECCD}C:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe | 
"TCP Query User{5AE4C19A-472D-427E-AC00-D53CB4AC52BA}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{73E5DE99-4A9B-4B77-AE53-E6564C351E10}C:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe | 
"TCP Query User{A0E0DC51-0FBD-40C5-8D35-246749A00C1A}C:\program files (x86)\z-dbackup\zftpcopy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\z-dbackup\zftpcopy.exe | 
"TCP Query User{ABC9FB14-91F3-41CC-901B-A0B0A4547956}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | 
"TCP Query User{AE38CFAE-EF4A-4FF8-9AAF-945C6B2CE652}C:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{F212A9F4-6224-4F28-BD08-C83E5B78B20A}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{F6662ECA-9282-4DE0-81DC-931A27308A53}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe | 
"UDP Query User{13B0DCA3-B24D-4761-A3C3-BD3E3922B41F}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe | 
"UDP Query User{1C40AF3B-8035-4DFA-AEFA-55D0F656B4A2}C:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe | 
"UDP Query User{4FC2880A-B50F-4794-849B-870F4FEC3845}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe | 
"UDP Query User{64CB9D8F-6F58-45B6-814F-1DA419B81763}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{76FE5F44-585C-4BDD-9608-8BA71ECAB45D}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{78D29BB1-4CF2-4628-8871-5543846785C6}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{A977C4DC-F94D-4891-B4C8-3FF1837C7B9C}C:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{C6E771D9-756D-42C4-BF13-49DC4B7E654C}C:\program files (x86)\z-dbackup\zftpcopy.exe" = protocol=17 | dir=in | app=c:\program files (x86)\z-dbackup\zftpcopy.exe | 
"UDP Query User{C786944C-9CA2-4CB3-B419-8FACAF405F49}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | 
"UDP Query User{FF794A00-B962-4786-B754-437ECD288D15}C:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{31a52f2e-32e8-4c8f-9d99-6fd0c37c99ef}" = Gigaset QuickSync
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5001E5BC-C9BF-4598-AB89-E7318C76C5F4}" = FRITZ!Fernzugang
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{867DE0DC-A93F-41EA-9654-A212514FA946}" = Oracle VM VirtualBox 4.2.4
"{86E45973-5352-439F-A115-2E8EE4D40140}" = ActivClient x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94198F92-0C11-40FB-ADAD-D033C85D4D74}" = Drive Encryption for HP ProtectTools
"{991A4895-3346-4980-990F-A1041B73C6F7}" = HP 3D DriveGuard
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{BBBE35B2-9349-3C48-BD3D-F574B17C7924}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218
"{BD7A7136-1E88-4EB8-985C-1326DCE5612A}" = AuthenTec Fingerprint System
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9)
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PDF-XChange 3_is1" = PDF-XChange 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04FE949D-172D-45B4-ACE6-6BCFAB5EC563}" = Mindjet MindManager 9
"{0F3A02CF-09B1-4B49-BE02-A70790F18B56}" = StarMoney
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{22B76906-5831-4052-9463-E13C5B7A5B40}" = HP ESU for Microsoft Windows 7
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{66D6C49D-B4F4-423A-85EA-3AF843115A91}" = StarMoney
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{8DF067D5-EAFB-4B93-AFF6-A6E33D9697C7}" = HP ProtectTools Security Manager
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A97F28B2-3BA1-49B7-AEF6-CC8956ED8CAA}" = Nokia PC Suite
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4814B84-AEEC-4647-90A4-67E2DF637544}" = StarMoney 8.0 S-Edition
"{C42BB613-5079-41C3-8CD1-037B9FFD818F}" = HP JavaCard for HP ProtectTools
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{D1C42E76-0165-4542-95FD-5A9F75023573}" = Credential Manager for HP ProtectTools
"{D1E0E859-F46D-4708-A41D-ED90C0C1822A}" = Acronis*True*Image*Home
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{E045FAC9-0B70-4796-AD3A-7035E89CE536}" = SCR3xxx Smart Card Reader
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"1&1 SoftPhone" = 1&1 SoftPhone
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.6.0.1
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Google Calendar Sync" = Google Calendar Sync
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KeePass Password Safe_is1" = KeePass Password Safe 1.22
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"Personal Backup 5_is1" = Personal Backup 5.3
"Pharos" = Pharos
"PhonerLite_is1" = PhonerLite 2.04
"TeamViewer 7" = TeamViewer 7
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.4
"WinPcapInst" = WinPcap 4.1.2
"winscp3_is1" = WinSCP 5.1
"Wireshark" = Wireshark 1.6.7 (64-bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.11.2012 16:54:26 | Computer Name = LaptopThomas | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.11.2012 17:52:00 | Computer Name = LaptopThomas | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
 ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0.  Ungültige
 XML-Syntax.
 
Error - 23.11.2012 05:50:16 | Computer Name = LaptopThomas | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
 ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0.  Ungültige
 XML-Syntax.
 
Error - 23.11.2012 05:50:29 | Computer Name = LaptopThomas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ATService.exe, Version: 8.0.202.0,
 Zeitstempel: 0x4a707c25  Name des fehlerhaften Moduls: ATService.exe, Version: 8.0.202.0,
 Zeitstempel: 0x4a707c25  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000e8539
ID
 des fehlerhaften Prozesses: 0x2dc  Startzeit der fehlerhaften Anwendung: 0x01cdc95fef0747a0
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Fingerprint Sensor\ATService.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\Fingerprint Sensor\ATService.exe  Berichtskennung:
 366702f0-3553-11e2-a243-00247e766500
 
Error - 23.11.2012 06:02:07 | Computer Name = LaptopThomas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707, 
Zeitstempel: 0x509be8bf  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e3be  ID des fehlerhaften
 Prozesses: 0xfa8  Startzeit der fehlerhaften Anwendung: 0x01cdc96140ed3a38  Pfad der
 fehlerhaften Anwendung: D:\Users\Thomas\Downloads\aswMBR.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: d672f9dd-3554-11e2-a243-00247e766500
 
Error - 23.11.2012 06:05:07 | Computer Name = LaptopThomas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707, 
Zeitstempel: 0x509be8bf  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e3be  ID des fehlerhaften
 Prozesses: 0xeac  Startzeit der fehlerhaften Anwendung: 0x01cdc961d6757a39  Pfad der
 fehlerhaften Anwendung: D:\Users\Thomas\Downloads\aswMBR.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 41b59ea1-3555-11e2-a243-00247e766500
 
Error - 23.11.2012 06:06:58 | Computer Name = LaptopThomas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707, 
Zeitstempel: 0x509be8bf  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e3be  ID des fehlerhaften
 Prozesses: 0x1524  Startzeit der fehlerhaften Anwendung: 0x01cdc96216a35a88  Pfad der
 fehlerhaften Anwendung: D:\Users\Thomas\Downloads\aswMBR.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 83cf76a2-3555-11e2-a243-00247e766500
 
Error - 23.11.2012 06:30:02 | Computer Name = LaptopThomas | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
 ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0.  Ungültige
 XML-Syntax.
 
Error - 23.11.2012 08:41:52 | Computer Name = LaptopThomas | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
 ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0.  Ungültige
 XML-Syntax.
 
Error - 23.11.2012 10:10:37 | Computer Name = LaptopThomas | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
 ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0.  Ungültige
 XML-Syntax.
 
[ Credential Manager Events ]
Error - 30.10.2012 00:42:54 | Computer Name = LaptopThomas | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 Thomas@LAPTOPTHOMAS   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost

Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 30.10.2012 00:42:54 | Computer Name = LaptopThomas | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Thomas@LAPTOPTHOMAS
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 01.11.2012 15:57:24 | Computer Name = LaptopThomas | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 Thomas@LAPTOPTHOMAS   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost

Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 01.11.2012 15:57:24 | Computer Name = LaptopThomas | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Thomas@LAPTOPTHOMAS
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 01.11.2012 15:57:27 | Computer Name = LaptopThomas | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 Thomas@LAPTOPTHOMAS   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost

Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 01.11.2012 15:57:27 | Computer Name = LaptopThomas | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Thomas@LAPTOPTHOMAS
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 10.11.2012 18:23:20 | Computer Name = LaptopThomas | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 Thomas@LAPTOPTHOMAS   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost

Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 10.11.2012 18:23:20 | Computer Name = LaptopThomas | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Thomas@LAPTOPTHOMAS
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 14.11.2012 08:55:38 | Computer Name = LaptopThomas | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 Thomas@LAPTOPTHOMAS   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost

Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 14.11.2012 08:55:38 | Computer Name = LaptopThomas | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Thomas@LAPTOPTHOMAS
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
[ System Events ]
Error - 28.07.2012 21:46:12 | Computer Name = LaptopThomas | Source = DCOM | ID = 10010
Description = 
 
Error - 29.07.2012 08:30:18 | Computer Name = LaptopThomas | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 31.07.2012 10:26:39 | Computer Name = LaptopThomas | Source = DCOM | ID = 10010
Description = 
 
Error - 31.07.2012 17:48:52 | Computer Name = LaptopThomas | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%14001
 
Error - 31.07.2012 19:01:32 | Computer Name = LaptopThomas | Source = DCOM | ID = 10010
Description = 
 
Error - 01.08.2012 04:47:29 | Computer Name = LaptopThomas | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%14001
 
Error - 01.08.2012 14:10:44 | Computer Name = LaptopThomas | Source = BTHUSB | ID = 327696
Description = Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter
 und einem Gerät mit Bluetooth-Adapteradresse (38:ec:e4:69:e1:26) ist fehlgeschlagen.
 
Error - 02.08.2012 19:58:55 | Computer Name = LaptopThomas | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 03.08.2012 05:09:52 | Computer Name = LaptopThomas | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 04.08.2012 06:06:16 | Computer Name = LaptopThomas | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
OTL

Alt 23.11.2012, 16:46   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vodafone PDF Trojaner - Standard

Vodafone PDF Trojaner



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.11.2012, 18:24   #9
thomasasdf
 
Vodafone PDF Trojaner - Standard

Vodafone PDF Trojaner



Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.23.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thomas :: LAPTOPTHOMAS [Administrator]

23.11.2012 15:51:37
mbam-log-2012-11-23 (15-51-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 251308
Laufzeit: 1 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5157060ee5b47044bc906549cecd3471
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-23 05:14:53
# local_time=2012-11-23 05:14:53 (+0000, Westeuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 2574139 2574139 0 0
# compatibility_mode=5893 16776574 100 94 2655446 106151408 0 0
# compatibility_mode=8192 67108863 100 0 3902 3902 0 0
# scanned=160366
# found=0
# cleaned=0
# scan_time=4535
         
Denkst du, dass mein PC frei von Trojanern und anderer Schadsoftware ist?

Mit was für einer sicherheit kannst du das sagen? Ich habe noch immer ein mumliges Gefühl, wenn es um dinge wie Online-Banking, Kreditkarteninformationen, etc. geht. Ich ärgere mich so darüber, dass ich dieses doofe pdf-file geöffnet habe.

Alt 23.11.2012, 20:27   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vodafone PDF Trojaner - Standard

Vodafone PDF Trojaner



Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.11.2012, 02:34   #11
thomasasdf
 
Vodafone PDF Trojaner - Standard

Vodafone PDF Trojaner



Bis jetzt verhält sich das System normal und es gibt auch keine weiteren Probleme.

Vielen Dank für deine Hilfe!!!

Das System verhält sich weitestgehend normal und bis jetzt gibt es auch keine weiteren Probleme.

Vielen Dank für deine Hilfe!!!!

Alt 26.11.2012, 10:42   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vodafone PDF Trojaner - Standard

Vodafone PDF Trojaner



Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => http://filepony.de/1-browsers-and-plugins

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.11.2012, 10:42   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vodafone PDF Trojaner - Standard

Vodafone PDF Trojaner



Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => http://filepony.de/1-browsers-and-plugins

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.11.2012, 16:05   #14
thomasasdf
 
Vodafone PDF Trojaner - Standard

Vodafone PDF Trojaner



yeah cool *high five* ^^

Danke für die vielen zusätzlichen Infos. Eigentlich halte ich mein System auch immer auf dem neuesten Stand.
Ich dachte auch, dass Adobe Reader sich automatisch aktuallisiert. Aber das macht er nur Versionsintern. Kommt eine neue Version (also z.B. 10 auf 11) raus, updated er sich nicht. Ich hab von der Firma Adobe langsam echt die Schn*** gestrichen voll. Hab Foxit-Reader jetzt installiert und der Adobe Reader ist geflogen.

Eine frage hab ich noch. Ist Avira AntiVir (Free-Version) "gut" oder empfielst du etwas anderes? z.B. die Premium-Version oder eine andere AV-Lösung.
Ich weiß, dass es nicht DIE Lösung gibt. Bin aber trotzdem offen für neues bzw. würde auf deine empfehlungen hören

Alt 26.11.2012, 17:16   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vodafone PDF Trojaner - Standard

Vodafone PDF Trojaner



Zitat:
Eine frage hab ich noch. Ist Avira AntiVir (Free-Version) "gut" oder empfielst du etwas anderes? z.B. die Premium-Version oder eine andere AV-Lösung.
AntiVir ist Nagware. Ich würde Avast (Free) oder MSE nehmen
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Vodafone PDF Trojaner
7-zip, antivir, avira, bho, bonjour, converter, desktop, e-mail, ebanking, error, excel, failed, flash player, focus, google, install.exe, kunde, launch, log file, logfile, mp3, msiexec.exe, myphoneexplorer, plug-in, richtlinie, scan, senden, software, starmoney, svchost.exe, system, taskhost.exe, trojaner, updates, windows, windows updates, wlansvc, wörter



Ähnliche Themen: Vodafone PDF Trojaner


  1. Emotet-Trojaner nach Anhangöffnung vodafone spam
    Plagegeister aller Art und deren Bekämpfung - 03.04.2015 (15)
  2. Windows 7: vodafone-Rechung Anhang geöffnet Trojaner/Viren
    Log-Analyse und Auswertung - 14.12.2014 (13)
  3. Trojaner-Warnung: Vodafone: Ihre Festnetz-Rechnung für November 2014
    Diskussionsforum - 22.11.2014 (0)
  4. Vodafone Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 20.11.2014 (21)
  5. Trojaner-Warnung: falsche VODAFONE Mobilfunk-Rechnungen
    Diskussionsforum - 17.11.2014 (3)
  6. Vodafone/Telekom E-Mail-Trojaner "Ihre Rechnung Juni 2014" | dgdbios.exe
    Log-Analyse und Auswertung - 24.06.2014 (9)
  7. Trojaner-Warnung: Vodafone E-Mail mit "Ihre neue Rechnung als PDF"
    Diskussionsforum - 03.06.2014 (0)
  8. Leider auch Vodafone Rechnung Trojaner erwischt TR/Cridex.A.199, TR/Spy.ZBot.xgxi, Worm/Cridex.E.560
    Log-Analyse und Auswertung - 03.02.2014 (13)
  9. Windows 7: versehentlich Fake Vodafone Rechnung geöffnet, jetzt hab ich Angst das ein Trojaner da ist
    Log-Analyse und Auswertung - 25.01.2014 (9)
  10. Vodafone Spam: Ihr Vodafone-Anschalttermin: 001537882370
    Diskussionsforum - 05.11.2013 (2)
  11. Gefälsche Vodafone Rechung mit Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (7)
  12. Trojaner eingefangen über Vodafone MMS Email
    Log-Analyse und Auswertung - 23.11.2012 (19)
  13. Fake Vodafone Rechnung PDF geöffnet. Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 20.11.2012 (3)
  14. Vodafone MMS Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (8)
  15. Vodafone PDF Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 27.10.2012 (43)
  16. Was macht der vodafone Trojaner?
    Diskussionsforum - 11.06.2012 (9)
  17. Vodafone Rechnungs- Trojaner
    Plagegeister aller Art und deren Bekämpfung - 31.05.2012 (1)

Zum Thema Vodafone PDF Trojaner - Hallo, auch ich hab eine Fake-Vodafone-Rechnung per PDF bekommen. Die E-Mail war seriös gestaltet und da ich auch Vodafone Kunde bin habe ich das PDF-File geöffnet. Allerdings habe ich dann - Vodafone PDF Trojaner...
Archiv
Du betrachtest: Vodafone PDF Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.