| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Archivbombe und 2 TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.03.2013, 10:50
| #1 |
 |  Archivbombe und 2 Trojaner Hallo Ihr Fleißigen, ich bräuchte schon wieder mal eure Hilfe, diesmal ist mein Laptop betroffen. Nachdem ich mich gestern von Norton Internet Security verabschiedet habe und Avast! installiert habe, hat das auch beim Schnellscan sofort eine Archivbombe und 2 Trojaner sowie Mailware gefunden. Anschließend habe ich einen Startzeitscan durch geführt. Hier das Protokoll dazu: Code:
ATTFilter 03/23/2013 21:13
Prüfung aller lokalen Laufwerke
Datei C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\Colonization.rar|>Colonization\CLOSING.EXE|>$TEMP\Server.exe|>$SYSDIR\WinUpdateMan.exe ist infiziert von Win32:Trojan-gen, In Container verschieben: Fehler 0xC0000035 {Der Objektname ist bereits vorhanden.}, Löschen: Fehler 0xC0000035 {Der Objektname ist bereits vorhanden.}, In Container verschoben
Datei C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\Colonization.rar|>Colonization\CLOSING.EXE|>$TEMP\Server.exe|>$SYSDIR\Msdirectx.exe ist infiziert von Win32:Trojan-gen, In Container verschoben
Datei C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\Colonization.rar|>Colonization\INSTALL.EXE|>$TEMP\Server.exe|>$SYSDIR\WinUpdateMan.exe ist infiziert von Win32:Trojan-gen, In Container verschoben
Datei C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\Colonization.rar|>Colonization\INSTALL.EXE|>$TEMP\Server.exe|>$SYSDIR\Msdirectx.exe ist infiziert von Win32:Trojan-gen, In Container verschoben
Datei C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\Colonization.rar|>Colonization\MPSCOPY.EXE|>$TEMP\Server.exe|>$SYSDIR\WinUpdateMan.exe ist infiziert von Win32:Trojan-gen, In Container verschieben: Fehler 0xC0000035 {Der Objektname ist bereits vorhanden.}, In Container verschieben: Fehler 0xC0000035 {Der Objektname ist bereits vorhanden.}, Löschen: Fehler 0xC0000035 {Der Objektname ist bereits vorhanden.}, Gelöscht
Datei C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\Colonization.rar|>Colonization\MPSCOPY.EXE|>$TEMP\Server.exe|>$SYSDIR\Msdirectx.exe ist infiziert von Win32:Trojan-gen, Gelöscht
Datei C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\Colonization.rar|>Colonization\OPENING.EXE|>$TEMP\Server.exe|>$SYSDIR\WinUpdateMan.exe ist infiziert von Win32:Trojan-gen, In Container verschieben: Fehler 0xC0000035 {Der Objektname ist bereits vorhanden.}, Gelöscht
Datei C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\Colonization.rar|>Colonization\OPENING.EXE|>$TEMP\Server.exe|>$SYSDIR\Msdirectx.exe ist infiziert von Win32:Trojan-gen, Gelöscht
Datei C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\Colonization.rar|>Colonization\VICEROY.EXE|>$TEMP\Server.exe|>$SYSDIR\WinUpdateMan.exe ist infiziert von Win32:Trojan-gen, In Container verschieben: Fehler 0xC0000035 {Der Objektname ist bereits vorhanden.}, Gelöscht
Datei C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\Colonization.rar|>Colonization\VICEROY.EXE|>$TEMP\Server.exe|>$SYSDIR\Msdirectx.exe ist infiziert von Win32:Trojan-gen, Gelöscht
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000099|>ja.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_00009c|>pt-BR.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_00009e|>sk.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0000a7|>fr.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0000b8|>sr.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000126|>default.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_00012d|>vi.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000130|>tr.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000199|>ru.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0001e0|>lv.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0001f9|>th.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000206|>lt.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000222|>uk.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000229|>it.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_00025a|>ru.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_00026a|>sr.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000285|>default.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_00028d|>sk.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000293|>pl.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0002bf|>pt-PT.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0002e3|>id.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000311|>fr.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000312|>lt.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000318|>ru.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_00031b|>sr.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_00031e|>ja.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_00031f|>ko.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0003e1|>ja.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_00040a|>tr.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_00040d|>sl.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0005bb|>ja.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0005d0|>zh-CN.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0005e9|>id.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0006b6|>ko.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0006b7|>lt.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0006ba|>no.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0006c9|>hr.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0006e8|>lt.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0006e9|>pl.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0006ef|>sk.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000700|>he.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000706|>zh-TW.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\Documents\Eigene Dokumente alter PC\Eigene Dateien\Eigene Dokumente\Privat\Lars\Umsatzsteuererklärung.zip|>Umsatzsteuererklärung.pdf Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\Documents\Eigene Dokumente alter PC\Eigene Dateien\Eigene Musik\Step\steplive.part1.rar|>steplive\i will survive.mp3 Fehler 42126 {RAR-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\Documents\Eigene Dokumente alter PC\Eigene Dateien\Eigene Musik\Step\steplive.part1.rar|>steplive\walking on sunshine.mp3 Fehler 42126 {RAR-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\Documents\Eigene Dokumente alter PC\Eigene Dateien\Eigene Musik\Step\steplive.part2.rar|>steplive\walking on sunshine.mp3 Fehler 42126 {RAR-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\Documents\Eigene Dokumente alter PC\Privat\Lars\Umsatzsteuererklärung.zip|>Umsatzsteuererklärung.pdf Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Windows\Installer\19f692.msi|>Binary.Binary_jet40sp6_xp.exe|>msjetol1.dll Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Windows\Installer\19f692.msi|>Binary.Binary_jet40sp6_w2k.exe|>msltus40.dll Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Windows\Installer\19f692.msi|>Binary.Binary_jet40sp3_comp.exe|>jetsetup.cab|>msjet40.dll Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Windows\Installer\19f692.msi|>Binary.Binary_jet40sp3_comp.exe|>jetsetup.cab Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Windows\Installer\19f692.msi|>Binary.binMdactyp.C9C35FC7_5AEE_4C1E_8BD2_80ED9FA87FFF|>sqlnet.cab|>cliconfg.rll Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Windows\Installer\19f692.msi|>Binary.binMdactyp.C9C35FC7_5AEE_4C1E_8BD2_80ED9FA87FFF|>sqlnet.cab Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Windows\Installer\19f692.msi|>Binary.New_Binary3.6FC97963_2511_11D4_BB8A_|>oleaut32.dll Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Windows\Temp\000000AA|>\hpquickweb.exe Fehler 42127 {CAB-Archiv ist beschädigt.}
Anzahl durchsuchter Ordner: 36049
Anzahl der geprüften Dateien: 2429988
Anzahl infizierter Dateien: 10
Daher tippe ich die Funde jetzt mal per Hand ab: C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\VICEROY.EXE|>$TEMP\Server.exe|>$SYSDIR\Msdirectx.exe --> Schweregrad: Hoch -->Bedrohung: Win32:Trojan-gen C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\VICEROY.EXE|>$TEMP\Server.exe|>$SYSDIR\WinUpdateMan.exe --> Schweregrad: Hoch -->Bedrohung: Win32:Trojan-gen C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$RRITCLCG.exe --> Schweregrad: Hoch -->Bedrohung: Win32:Malware-gen C:\Users\Steffi Maaßen\Downloads\DFusionHomeWebPlugIn.Installer.exe|>nsis.hdr --> Fehler: Die Datei ist eine Archiv-Bombe und jede Menge C:\Users\Steffi Maaßen\Downloads\install_flashplayer11x32au_mssa_aih.exe| .... --> Fehler: Archiv ist kennwortgeschützt Ich hoffe ihr könnt mir helfen! LG Steffi |
|
24.03.2013, 15:00
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Archivbombe und 2 Trojaner Hallo,
__________________Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ |
|
24.03.2013, 17:41
| #3 |
| | Archivbombe und 2 Trojaner Hier die OTL.Txt:
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 3/24/2013 3:45:27 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steffi Maaßen\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.93 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 52.35% Memory free 5.85 Gb Paging File | 3.70 Gb Available in Paging File | 63.20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 280.79 Gb Total Space | 117.42 Gb Free Space | 41.82% Space Free | Partition Type: NTFS Drive F: | 1.99 Gb Total Space | 1.47 Gb Free Space | 74.04% Space Free | Partition Type: FAT32 Computer Name: GVSSTEFFIMAAßEN | User Name: Steffi Maaßen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Steffi Maaßen\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software) PRC - C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) PRC - C:\Program Files\Haufe\iDesk\iDeskService\ideskservice.exe () PRC - C:\Program Files\Haufe\iDesk\iDeskService\ideskpython.exe (Haufe Mediengruppe) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.) PRC - C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company) PRC - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.) PRC - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.) PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe (Portrait Displays, Inc.) PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (Portrait Displays, Inc) PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) PRC - C:\Program Files\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.) PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.) PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard) PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation) PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity) PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) PRC - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) PRC - C:\Program Files\AOL 9.0 VR\shellmon.exe (AOL, LLC.) PRC - C:\Program Files\AOL 9.0 VR\waol.exe (AOL, LLC.) PRC - C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe (AOL LLC) PRC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC) PRC - C:\Program Files\Common Files\aol\1320602271\ee\aolsoftware.exe (America Online, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a7424b1be331f4b534ea24e0c21dbe47\UIAutomationTypes.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\571b85634abf2fba6bab80c21a347081\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll () MOD - C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll () MOD - C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll () MOD - C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll () MOD - C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll () MOD - C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll () MOD - C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll () MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll () MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll () MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll () MOD - C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_de_31bf3856ad364e35\WindowsBase.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll () MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll () MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll () MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll () MOD - C:\Program Files\AOL 9.0 VR\components\Tier2Svc.dll () MOD - C:\Program Files\AOL 9.0 VR\components\DataSvcs.dll () MOD - c:\Program Files\Common Files\aol\1320602271\ee\services\proxyprovider\ver1_0_0_1\proxyprovider.dll () MOD - C:\Program Files\AOL 9.0 VR\zlib.dll () MOD - C:\Program Files\AOL 9.0 VR\xmltok.dll () MOD - C:\Program Files\AOL 9.0 VR\xmlparse.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software) SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (HRService) -- C:\Program Files\Haufe\iDesk\iDeskService\ideskservice.exe () SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia) SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation) SRV - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company) SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (Lexware_Professional_Datenbank) -- C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.) SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) SRV - (PdiService) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.) SRV - (HP ProtectTools Service) -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company) SRV - (DpHost) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.) SRV - (vcsFPService) -- C:\Windows\System32\vcsFPService.exe (Validity Sensors, Inc.) SRV - (HpFkCryptService) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.) SRV - (UNS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (HPFSService) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) SRV - (FLCDLOCK) -- C:\Windows\System32\flcdlock.exe (Hewlett-Packard Ltd) SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation) SRV - (yksvc) -- C:\Windows\System32\yk62x86.dll (Marvell) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (RoxMediaDB10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (ac.sharedstore) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity) SRV - (AOL ACS) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC) ========== Driver Services (SafeList) ========== DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found DRV - (NPF) -- system32\DRIVERS\npf.sys File not found DRV - (massfilter_hs) -- system32\drivers\massfilter_hs.sys File not found DRV - (massfilter) -- system32\drivers\massfilter.sys File not found DRV - (BCMH43XX) -- system32\DRIVERS\bcmwlhigh6.sys File not found DRV - (aswSnx) -- C:\windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswVmm) -- C:\windows\System32\drivers\aswVmm.sys () DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRvrt) -- C:\windows\System32\drivers\aswRvrt.sys () DRV - (aswNdis2) -- C:\windows\System32\drivers\aswNdis2.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software) DRV - (aswFW) -- C:\windows\System32\drivers\aswFW.sys (AVAST Software) DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (aswKbd) -- C:\windows\System32\drivers\aswKbd.sys (AVAST Software) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (aswNdis) -- C:\Windows\System32\drivers\aswNdis.sys (ALWIL Software) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (SbAlg) -- C:\windows\System32\drivers\SbAlg.sys (McAfee, Inc.) DRV - (SbFsLock) -- C:\windows\System32\drivers\SbFsLock.sys (McAfee, Inc.) DRV - (RsvLock) -- C:\windows\System32\drivers\rsvlock.sys (McAfee, Inc.) DRV - (SafeBoot) -- C:\windows\System32\drivers\SafeBoot.sys () DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation) DRV - (risdpcie) -- C:\Windows\System32\drivers\risdpe86.sys (REDC) DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC) DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation) DRV - (rixdpcie) -- C:\Windows\System32\drivers\rixdpe86.sys (REDC) DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (DAMDrv) -- C:\Windows\System32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (MfeAVFK) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.) DRV - (MfeBOPK) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (MfeRKDK) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (wanatw) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.) DRV - (PDNMp50) -- C:\Windows\System32\drivers\PDNMp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (PDNSp50) -- C:\Windows\System32\drivers\PDNSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10005’ IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{009652DF-1177-499A-872B-B3D00B1A74F8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’ IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.0.9 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.0.9 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.0.9 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.0.9 IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.0.9 IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\URLSearchHook: - C:\Program Files\Serif\PanoramaPlus\3.0\Program\PanoramaPlus.exe (Serif (Europe) Ltd.) IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110195&tt=270912_nocpc_3912_2&babsrc=SP_ss&mntrId=5e8a60090000000000000026c71c0e3b IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\SearchScopes\{4BEFFE0F-BA43-4CB0-8120-31EAB77DC573}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\SearchScopes\{E65EF2A5-5D91-47F8-99AF-8A98541F9FA3}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7WZPC_de IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’ IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4238 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npdeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/23 19:56:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/09 10:59:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/09 10:58:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/12/23 15:26:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/09 10:59:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/09 10:58:57 | 000,000,000 | ---D | M] [2010/12/14 18:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi Maaßen\AppData\Roaming\mozilla\Extensions [2010/12/14 18:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi Maaßen\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de [2012/10/23 19:13:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi Maaßen\AppData\Roaming\mozilla\Firefox\Profiles\dlpwjelg.default\extensions [2011/04/26 18:06:36 | 000,002,449 | ---- | M] () -- C:\Users\Steffi Maaßen\AppData\Roaming\mozilla\firefox\profiles\dlpwjelg.default\searchplugins\safesearch.xml [2012/04/21 15:06:33 | 000,003,915 | ---- | M] () -- C:\Users\Steffi Maaßen\AppData\Roaming\mozilla\firefox\profiles\dlpwjelg.default\searchplugins\sweetim.xml [2013/03/09 10:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/03/09 10:58:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013/03/09 10:59:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013/02/24 13:35:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/09/30 10:55:37 | 000,002,362 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2013/02/24 13:35:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/02/24 13:35:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013/02/24 13:35:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013/02/24 13:35:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013/02/24 13:35:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Search the web (Babylon) (Enabled) CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://search.babylon.com/?affID=110195&tt=270912_nocpc_3912_2&babsrc=HP_ss&mntrId=5e8a60090000000000000026c71c0e3b CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\Steffi Maa\u00DFen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: D'Fusion @Home Web Plug-In (3.10.17859) (Enabled) = C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll CHR - Extension: Norton Identity Protection = C:\Users\Steffi Maaßen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\ O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.) O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002..\Run: [] File not found O4 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O15 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O15 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..Trusted Ranges: Range2 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.7.0_09) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B1192F0-6900-4F7F-83F0-AC5C5EC4ABCA}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB00B81A-F251-4F01-A5C8-BFFFCB547EEA}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2A7F3C7-9329-4EDD-A901-CAB96226C7D8}: DhcpNameServer = 192.168.1.250 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\System32\DeviceNP.dll (Hewlett-Packard Limited) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/24 09:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013/03/24 09:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013/03/23 19:39:24 | 000,368,176 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys [2013/03/23 19:39:24 | 000,029,816 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys [2013/03/23 19:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security [2013/03/23 19:39:23 | 000,101,656 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFW.sys [2013/03/23 19:38:55 | 000,199,384 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswNdis2.sys [2013/03/23 19:38:54 | 000,062,376 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys [2013/03/23 19:38:54 | 000,060,656 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys [2013/03/23 19:38:54 | 000,021,576 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswKbd.sys [2013/03/23 19:38:53 | 000,765,736 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys [2013/03/23 19:38:53 | 000,066,336 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys [2013/03/23 19:38:10 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswNdis.sys [2013/03/23 19:38:08 | 000,041,664 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [2013/03/23 19:38:07 | 000,228,600 | ---- | C] (AVAST Software) -- C:\windows\System32\aswBoot.exe [2013/03/23 19:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013/03/23 19:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013/03/18 19:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Haufe [2013/03/13 12:22:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2013/03/13 12:22:47 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2013/03/13 12:22:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2013/03/13 12:22:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2013/03/13 12:22:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2013/03/13 12:22:46 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2013/03/13 12:22:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2013/03/13 12:22:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2013/03/09 10:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/03/01 14:46:15 | 000,000,000 | ---D | C] -- C:\Users\Steffi Maaßen\Desktop\CT [2013/02/27 18:38:45 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIAnimation.dll [2013/02/27 18:38:39 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll [2013/02/27 18:38:37 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll [2013/02/27 18:38:37 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll [2013/02/27 18:38:37 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/02/27 18:38:37 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/02/27 18:38:37 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/02/27 18:38:37 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/02/27 18:38:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013/02/27 18:38:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/02/27 18:38:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013/02/27 18:38:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/02/27 18:38:37 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/02/27 18:38:36 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll [2013/02/27 18:38:36 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msmpeg2vdec.dll [2013/02/27 18:38:36 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll [2013/02/27 18:38:36 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll [2013/02/27 18:38:36 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll [2013/02/27 18:38:36 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10.dll [2013/02/27 18:38:36 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll [2013/02/27 18:38:36 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll [2013/02/27 18:38:36 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll [2013/02/27 18:38:36 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10core.dll [2013/02/27 18:38:36 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsCodecsExt.dll [2013/02/27 18:38:36 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll [2013/02/27 18:23:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint [2013/02/27 18:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013/02/26 14:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/02/26 14:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/02/26 14:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/02/26 14:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/02/24 13:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox.bak ========== Files - Modified Within 30 Days ========== [2013/03/24 15:45:21 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/24 15:45:21 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/24 15:37:41 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/24 15:36:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/03/24 15:36:48 | 2357,620,736 | -HS- | M] () -- C:\hiberfil.sys [2013/03/24 13:12:00 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/23 19:56:40 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt [2013/03/23 19:39:24 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2013/03/23 19:00:02 | 123,534,648 | ---- | M] () -- C:\avast_internet_security_setup.exe [2013/03/23 10:32:05 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013/03/23 06:52:46 | 000,654,400 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013/03/23 06:52:46 | 000,616,242 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013/03/23 06:52:46 | 000,130,240 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013/03/23 06:52:46 | 000,106,622 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013/03/18 20:14:33 | 000,002,239 | ---- | M] () -- C:\Users\Public\Desktop\Haufe Steuer Office aufrufen.lnk [2013/03/18 19:49:56 | 000,002,863 | ---- | M] () -- C:\Users\Public\Desktop\Haufe Formular-Manager.lnk [2013/03/15 15:16:08 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/03/07 00:33:24 | 000,765,736 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys [2013/03/07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys [2013/03/07 00:33:24 | 000,164,736 | ---- | M] () -- C:\windows\System32\drivers\aswVmm.sys [2013/03/07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys [2013/03/07 00:33:24 | 000,049,248 | ---- | M] () -- C:\windows\System32\drivers\aswRvrt.sys [2013/03/07 00:33:23 | 000,199,384 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswNdis2.sys [2013/03/07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys [2013/03/07 00:33:23 | 000,060,656 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys [2013/03/07 00:33:22 | 000,101,656 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFW.sys [2013/03/07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys [2013/03/07 00:33:22 | 000,021,576 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswKbd.sys [2013/03/07 00:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr [2013/03/07 00:32:42 | 000,228,600 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe [2013/03/05 18:23:28 | 000,000,352 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForSteffi Maaßen.job [2013/02/28 18:14:40 | 000,480,968 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013/02/27 18:18:24 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/02/26 14:40:25 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk ========== Files Created - No Company Name ========== [2013/03/23 19:56:41 | 000,164,736 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys [2013/03/23 19:56:40 | 000,049,248 | ---- | C] () -- C:\windows\System32\drivers\aswRvrt.sys [2013/03/23 19:39:24 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2013/03/23 19:00:00 | 123,534,648 | ---- | C] () -- C:\avast_internet_security_setup.exe [2013/03/18 20:14:33 | 000,002,239 | ---- | C] () -- C:\Users\Public\Desktop\Haufe Steuer Office aufrufen.lnk [2013/03/18 19:49:56 | 000,002,863 | ---- | C] () -- C:\Users\Public\Desktop\Haufe Formular-Manager.lnk [2013/03/04 18:15:33 | 000,000,352 | ---- | C] () -- C:\windows\tasks\HPCeeScheduleForSteffi Maaßen.job [2013/02/27 18:26:04 | 000,001,020 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013/02/27 18:26:04 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013/02/27 18:18:24 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/02/26 14:40:25 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/11/04 11:39:42 | 000,000,062 | ---- | C] () -- C:\Users\Steffi Maaßen\AppData\Roaming\mbam.context.scan [2012/05/15 18:57:39 | 000,000,501 | ---- | C] () -- C:\windows\ODBC.INI [2012/04/26 20:35:25 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012/04/26 20:35:25 | 000,000,088 | RHS- | C] () -- C:\ProgramData\3D53F6F602.sys [2012/02/27 09:41:52 | 000,202,240 | ---- | C] () -- C:\windows\System32\LXPrnUtil10.dll [2012/02/27 09:40:44 | 000,304,128 | ---- | C] () -- C:\windows\System32\LxDNT100.dll [2012/02/27 09:38:36 | 000,133,120 | ---- | C] () -- C:\windows\System32\LxDNTvmc100.dll [2012/02/27 09:38:18 | 000,069,120 | ---- | C] () -- C:\windows\System32\LxDNTvm100.dll [2012/02/19 10:52:25 | 000,000,046 | ---- | C] () -- C:\windows\hmview.ini [2011/12/15 15:15:12 | 000,007,666 | ---- | C] () -- C:\Users\Steffi Maaßen\AppData\Roaming\.freeciv-client-rc-2.3 [2011/11/06 18:56:35 | 000,000,335 | ---- | C] () -- C:\windows\nsreg.dat [2011/07/08 18:59:17 | 000,688,128 | ---- | C] () -- C:\windows\System32\libeay32.dll [2011/07/08 18:59:17 | 000,155,648 | ---- | C] () -- C:\windows\System32\ssleay32.dll [2011/05/27 16:15:56 | 070,509,774 | ---- | C] () -- C:\Users\Steffi Maaßen\catalogo2010.pdf [2011/05/19 20:23:20 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe [2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign [2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign [2011/03/20 20:39:33 | 002,287,245 | ---- | C] () -- C:\Users\Steffi Maaßen\Buchungsbestätigung Fewo Rügen.pdf [2011/01/19 21:43:00 | 000,001,940 | ---- | C] () -- C:\Users\Steffi Maaßen\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010/10/19 19:36:32 | 000,007,680 | ---- | C] () -- C:\Users\Steffi Maaßen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/19 19:07:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2011/11/07 17:16:34 | 000,001,112 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7N1PZH\l.htm [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011/12/15 15:26:39 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\.freeciv [2010/06/11 10:18:23 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Ahnenblatt [2012/04/03 12:40:06 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Babylon [2010/04/19 16:37:44 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\DigitalPersona [2011/10/10 19:39:36 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\elsterformular [2011/07/09 18:01:59 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\EurekaLog [2010/11/02 17:08:03 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Haufe [2010/12/14 18:22:37 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Haufe Mediengruppe [2012/11/24 18:04:59 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\ICQ [2011/11/03 15:56:34 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\IrfanView [2012/11/01 17:51:56 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Jumping Bytes [2012/10/10 18:24:00 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Lexware [2012/05/14 20:19:33 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\mresreg [2012/11/01 20:16:04 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Nokia [2010/10/13 18:00:15 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Nokia Ovi Suite [2012/11/01 20:23:53 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Nokia Suite [2013/01/02 21:06:01 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\PC Suite [2012/04/03 12:40:01 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\pdfforge [2012/10/22 19:54:23 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Reiser [2010/12/28 21:20:08 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Serif [2012/04/14 18:06:49 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\SumatraPDF [2012/09/20 17:47:26 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\TeamViewer [2011/08/10 20:05:37 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Telefónica [2012/11/12 20:54:37 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Thunderbird [2010/09/19 19:42:49 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Tific [2013/01/11 18:34:41 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\TS3Client [2011/12/16 12:12:10 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Usenet.nl [2012/11/02 12:59:03 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\WindSolutions [2012/04/26 11:20:29 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\XnView [2012/11/04 14:54:09 | 000,000,000 | ---D | M] -- C:\Users\Steffi`s Laptop\AppData\Roaming\DigitalPersona [2012/11/04 14:59:25 | 000,000,000 | ---D | M] -- C:\Users\Steffi`s Laptop\AppData\Roaming\TS3Client ========== Purity Check ========== < End of report > und die Extra.Txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 3/24/2013 3:45:27 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steffi Maaßen\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.93 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 52.35% Memory free
5.85 Gb Paging File | 3.70 Gb Available in Paging File | 63.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.79 Gb Total Space | 117.42 Gb Free Space | 41.82% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.47 Gb Free Space | 74.04% Space Free | Partition Type: FAT32
Computer Name: GVSSTEFFIMAAßEN | User Name: Steffi Maaßen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-1128291690-297645493-3885562247-1002\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065F0294-8942-40F6-8E48-2B0DBBB643DC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0DF1FB25-8312-4939-8E23-0EE1BFACB8F8}" = lport=137 | protocol=17 | dir=in | app=system |
"{16AA1A12-99FF-464A-B9DB-FEAC34C3F9E1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2378674E-B64C-4055-B195-BBC75DBC1050}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{333CFC7C-FDF6-4795-B972-8FBEEF7650C0}" = rport=139 | protocol=6 | dir=out | app=system |
"{5D548F72-0411-4D1B-A9E6-A880A7787109}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{627EF6E6-7780-4FC1-A7CD-F10F5C5C577D}" = rport=138 | protocol=17 | dir=out | app=system |
"{63E12426-4B89-493E-B78F-BEC148A0612E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{6763E6AC-65AC-4764-B05E-363460D5E9AD}" = lport=445 | protocol=6 | dir=in | app=system |
"{6C52C83A-DFDD-4E43-BCAB-1DCA40367245}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{710BA40F-E5A8-405B-B108-EA316AC275D4}" = rport=445 | protocol=6 | dir=out | app=system |
"{73EA0E95-08C5-48B0-BF82-109C90158097}" = lport=138 | protocol=17 | dir=in | app=system |
"{8CF44C45-87C6-41DD-87F5-9990DC782E67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{A1CB8782-6DDE-4866-91D3-8FF346C86080}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A46F7DCA-A1DC-412E-9B98-42E4810BBC7B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) |
"{A62E7CF8-E223-43C8-B596-6106CE648FB0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA5AECDA-12D7-4CA3-9DEF-B1E771887A94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF13E3C5-E3BB-4977-BA87-D20C7FBA3733}" = rport=137 | protocol=17 | dir=out | app=system |
"{C017EECE-8519-4597-9B9D-9336BC33A097}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{CA7108BA-CE96-42C3-9B89-0243E3702057}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CAFC0885-4ED7-41FA-9C71-6096F2B827C1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CECFBD63-10EE-4731-A5B7-ACA0785095FC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{CF8A8FA1-D920-4F9E-8CED-BEC2A1D70FBD}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0138BD7D-D930-4DCC-8323-B11350CF705E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{020D27AE-E12C-4278-806E-6ACA8A53F0B1}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{03EB9D5E-AFCA-4E57-9841-D9E4CF2CD824}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A23F382-6D83-4953-A468-391AED823CE2}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{0EA2BA58-BEA0-4DD3-830C-10BD5BB6B297}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1320602271\ee\aolsoftware.exe |
"{106D6752-3113-492D-AA49-EA52819EE09C}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{15494796-AC76-4EFE-9BC6-022EC9C0CC2B}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{1AD827E0-12B5-48FC-9FB2-02B1D747D0CE}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{1CEE352B-B9B0-43FA-8385-20B381900FF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1DE44C3A-D462-4794-A3C6-81929984015C}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{1E8714A6-428E-4AA7-9797-9CAF12C7C224}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{1F84759D-76D3-405E-A8DE-9D2AA9016C7A}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) |
"{275CF15B-7BBC-4DF1-9F09-3CE8C41A762A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1320602271\ee\aolsoftware.exe |
"{289D115B-F602-4BB6-91AA-8FD3582AEF24}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{29BEA155-9A46-4BF6-84D1-65FC9440431F}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{30A2B21B-4BE6-4609-9524-8521D6E3682D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{33F6095A-5BFE-4EB6-A3E5-5A49262539D7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{3B7259CE-01BC-4144-93EF-EB990BE30B21}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{3BCC5F43-E113-4880-A97C-47C6F3287345}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) |
"{3D3FE86C-1204-4BB1-A2DA-E62D7731EBA4}" = protocol=17 | dir=in | app=c:\program files\sybase\sql anywhere 9\win32\dbsrv9.exe |
"{44C76DE1-E509-4A80-BC5F-11739F31597E}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{51AECCE7-5C23-4CE0-A751-35E3873B964A}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{5EBFB1D5-71DF-4C48-9074-EF349115B87D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FA0234B-FA58-4CFF-9C6A-F49C8A3DA649}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{60DD832A-E073-4BBB-9D48-4C9F0366EF03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{655C86BB-E277-44FF-B442-8863E0ADDC9A}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{6BE2AC02-541B-4758-8537-5C2280BF7DCF}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{74760DC9-2203-4741-A237-DC7917D8D927}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BE2BD80-4581-4B2D-A58F-D53418DAB891}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7CD3A963-9CA7-4A16-939C-32B40F72A7DC}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{7E0651ED-CC25-4B8E-9554-4952CC56863E}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{89DE36E1-30F8-473E-898B-BE071C84E439}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8BFDAAB4-3F83-4914-A895-1BB904B0FA51}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8C95737E-61DA-47B7-934E-A0218D00DBB8}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{8D50761D-D460-4026-8A19-1F10B49EA223}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{989A500A-6D31-4414-8C0E-6AC22F8B1318}" = protocol=6 | dir=in | app=c:\program files\sybase\sql anywhere 9\win32\dbsrv9.exe |
"{994735FF-4B79-438B-BFB2-C0BAC4B18B41}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9B37FE67-2387-4D99-8609-3E170A26CA2E}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{9B695A9A-F01E-4042-A797-DDB55DDBD41B}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) |
"{9BEE31C8-6492-49B1-B8F7-8A7BD9DB4D13}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{9D823BB9-D575-46BC-9587-2A0C3EB33A5B}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{9E9917E3-7958-4E70-847A-608906DA6914}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9EE183B6-0F32-48D8-921B-83916D45500C}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{A499E1C7-48D4-4FAB-8C2D-AEC1A2931663}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{AC9531A4-D64B-4D76-976D-B06F3003EC42}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{B197DEDF-A8A5-4D5D-8F03-039D414579E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDDA21CB-53FA-4972-996C-B9C1B0FB4BC2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BE2256B0-B926-40A2-9043-04CCAC86F9AA}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{BF82175C-D03D-43BE-AFC2-7995B4E52D0B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C68D52C7-CF65-48B6-B326-64C85F69DE2D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{C9EE51BB-46AE-419E-A4CF-B76DD071D20A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{CD5C9BFB-17BE-414F-9049-DF6738CDEB44}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{CF1ABF62-EE69-45C9-AEFF-67E05CDAE65D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{D1C86D32-7D80-49D2-A971-E654F3C23E43}" = protocol=6 | dir=out | app=system |
"{D6290DB5-66F9-4362-A92A-2EB387731AE6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB816D89-4FE3-4E3B-9322-DAA3A874C185}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{DBC95B44-A714-4EEA-81DF-FB16F0C42AF9}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{DCB488D3-4E16-4853-9D3A-71FD3C192FB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E623DE33-CC4E-4B9C-84E3-BFBF9B70465A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{E794ED9B-4EBE-40B6-B899-CD86280DBFA9}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{E9816B40-FD0C-4DE6-99D6-E43557699F53}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EA6B450D-FAE7-40E8-857B-C42A8B7853BB}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{F1498B64-77B7-4D02-AB5C-049B88DC8468}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{FA9F35AE-C089-43FD-ACD2-6BFD78F13FDE}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) |
"{FD8D4F3A-61F5-4BEF-8290-BF2F90B39344}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002C9FA8-ED6A-4B44-883A-29A5EEE3A7F6}" = Lexware financial office pro 2012
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{051F9CB0-1499-4A0E-A861-CB19A5AAA906}" = NetObjects Fusion 12.0
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{10A11115-4EFC-4E86-BFC1-D53A478556A1}" = HP User Guides 0142
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient x86
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{20E08DBB-9708-45E6-B4CD-3526ABC5BC6E}" = Zeugnis-Generator 10.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{32737B70-A271-4AE8-8631-6CBF6B697D45}" = SKAN
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{33EBF075-8593-4698-BDAF-CF8DED80BB5B}" = Nokia Suite
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{58215966-9BA6-485D-B8DA-4AE31150B92E}" = HP Common Access Service Library
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{5C9AA073-814D-4EB3-BE9C-4C1BACBC974C}" = Haufe Formular-Manager
"{64893BC9-D912-4A2D-A47A-E38650112781}" = Serif PanoramaPlus 3
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B54B1AE-EBCA-48BE-92AF-61D02118F093}" = Lexware online banking
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7239A06F-235B-43B1-970D-7A411FD95683}" = Nokia Software Updater
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78365FC6-09CA-4AC3-BC01-70FB46596047}" = Validity Fingerprint Driver
"{7861911B-4270-498A-8F7A-FCF0570F48E3}" = HP QuickWeb
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95EFD16D-3A38-4E7A-901A-24A92399547C}" = Lexware Elster
"{98BCAD50-58AE-4EDD-9BBA-388B221E750B}" = Privacy Manager for HP ProtectTools
"{991A4895-3346-4980-990F-A1041B73C6F7}" = HP 3D DriveGuard
"{99CBA603-937D-4058-806F-7A9AF711A1AA}" = Eumex RNDIS Driver V1.00
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABCB696E-2494-48FC-826D-0666CEE460DB}" = Drive Encryption for HP ProtectTools
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B962E962-6369-4F66-AF35-79CB39270D12}" = NetObjects Fusion 12.0
"{BA3EECE9-86A8-44B2-B655-CB3FCFE7EDF3}" = Haufe iDesk-Service
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{BAEE9CD5-A680-43A2-A5FA-6F700C5AD45A}" = HP QuickLook
"{BB3085D5-7D88-4AF2-B08E-226E26E2A169}" = Haufe iDesk-Browser
"{BB5C44BC-1ADA-4BB3-B054-4514CF582009}" = NetObjects Fusion 12.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE3AD89B-F9B2-4E22-8FAB-BCF63190ABCD}" = HP ProtectTools Security Manager
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C8439116-685C-4B25-B294-14F1C7BC4A68}" = Haufe Steuer Office
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{D5024462-1E13-4D83-B480-D586CCF0371B}" = Serif AlbumPlus SE PRO
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E2E25F53-EB64-4BC1-8A9E-B970BBEF8C1C}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E546139F-B099-4a36-BCC2-AC7D68CA9383}" = Lexware financial office pro 2012
"{E8972F40-874D-4FA6-A6F4-52A8C99D8DDA}" = Serif PhotoPlus X3
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4477CC0-7293-414A-93BC-20EE897A80F0}" = Java Card Security for HP ProtectTools
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7823B8F-05D0-457B-8F61-CA98ABE21D2D}" = HP Power Assistant
"{F8DD059A-FDA6-403A-81FC-51E522158683}" = Marketsplash Drucksoftware
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FACE9D51-E374-4DDB-857C-816FCB1D6B40}" = Eumex 800 V1.30
"{FD8234FF-A70D-4632-B146-F41AB37C0B24}" = HP Business Card Reader
"{FDC5E0B1-2739-48A1-8027-F76F2E68AC84}" = Lexware professional Datenbank 2012
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFBDA363-A033-4F32-8DE0-AEF0F105410E}" = HP ESU for Microsoft Windows 7
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"7-Zip" = 7-Zip 9.20
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Ahnenblatt_is1" = Ahnenblatt 2.62
"Alice" = Alice-Installationsdateien entfernen
"AOL Deinstallation" = AOL Deinstallation
"avast" = avast! Internet Security
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"CCleaner" = CCleaner
"Drive Encryption" = Drive Encryption for HP ProtectTools
"ElsterFormular 13.0.0.8086k" = ElsterFormular
"ElsterFormular 2008 - 2009 2008-2009" = ElsterFormular 2008 - 2009
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HPProtectTools" = HP ProtectTools Security Manager
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"InstallShield_{FACE9D51-E374-4DDB-857C-816FCB1D6B40}" = Eumex 800 V1.30
"John Deere North American Farmer_is1" = John Deere North American Farmer
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Nokia Suite" = Nokia Suite
"PDF Complete" = PDF Complete Special Edition
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 8" = TeamViewer 8
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1128291690-297645493-3885562247-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab PDF Reader" = FoxTab PDF Reader
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 3/4/2013 1:41:08 PM | Computer Name = GVSSteffiMaaßen | Source = Application Hang | ID = 1002
Description = Programm pica.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1f58 Startzeit:
01ce18f7b562b43f Endzeit: 16 Anwendungspfad: C:\Program Files\ElsterFormular\bin\pica.exe
Berichts-ID:
aefeed82-84f2-11e2-aeb5-002713be1760
Error - 3/9/2013 2:37:00 PM | Computer Name = GVSSteffiMaaßen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 3/9/2013 2:37:00 PM | Computer Name = GVSSteffiMaaßen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15615
Error - 3/9/2013 2:37:00 PM | Computer Name = GVSSteffiMaaßen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15615
Error - 3/10/2013 2:00:02 PM | Computer Name = GVSSteffiMaaßen | Source = Windows Backup | ID = 4103
Description =
Error - 3/18/2013 2:47:03 PM | Computer Name = GVSSteffiMaaßen | Source = Windows Backup | ID = 4103
Description =
Error - 3/18/2013 2:55:45 PM | Computer Name = GVSSteffiMaaßen | Source = Haufe iDesk-Service | ID = 61440
Description = Installation von Produkt PI19 gescheitert: 1
Error - 3/23/2013 10:39:45 AM | Computer Name = GVSSteffiMaaßen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 3/23/2013 10:39:45 AM | Computer Name = GVSSteffiMaaßen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9833243
Error - 3/23/2013 10:39:45 AM | Computer Name = GVSSteffiMaaßen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9833243
Error - 3/24/2013 10:52:26 AM | Computer Name = GVSSteffiMaaßen | Source = Application Hang | ID = 1002
Description = Programm waol.exe, Version 9.5.0.1 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e5c Startzeit:
01ce289d4a907b7e Endzeit: 32 Anwendungspfad: C:\Program Files\AOL 9.0 VR\waol.exe Berichts-ID:
[ Hewlett-Packard Events ]
Error - 4/23/2012 1:03:13 PM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description =
Error - 6/4/2012 1:20:53 PM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description =
Error - 7/2/2012 10:06:29 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description =
Error - 9/10/2012 10:26:16 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description =
Error - 9/10/2012 10:26:37 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description =
Error - 9/17/2012 11:23:30 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description =
Error - 9/24/2012 11:02:55 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description =
Error - 10/8/2012 11:08:37 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description =
Error - 11/13/2012 3:35:15 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description =
Error - 11/13/2012 3:29:27 PM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description =
[ HP Power Assistant Events ]
Error - 12/4/2012 5:04:45 PM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 12/29/2012 9:12:20 AM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 1/1/2013 8:17:57 AM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 1/5/2013 8:37:11 AM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 1/11/2013 1:06:30 PM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 1/13/2013 6:38:20 AM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 1/21/2013 12:52:14 PM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 2/20/2013 12:54:16 PM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 2/24/2013 1:54:59 PM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 2/25/2013 11:28:11 AM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
[ HP Wireless Assistant Events ]
Error - 11/12/2010 12:52:54 PM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 11/12/2010 12:52:54 PM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 11/13/2010 11:52:42 AM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 11/13/2010 11:52:42 AM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 6/22/2011 2:08:46 PM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
System.Management.ManagementBaseObject.get_Item(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 9/10/2011 7:09:06 AM | Computer Name = GVSSteffiMaaßen | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
bei HardwareAccess.Hardware.Instance() bei PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme
powerScheme)
Error - 12/27/2011 7:49:45 AM | Computer Name = GVSSteffiMaaßen | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
bei HardwareAccess.Hardware.Instance() bei PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme
powerScheme)
Error - 5/14/2012 6:33:25 AM | Computer Name = GVSSteffiMaaßen | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
bei HardwareAccess.Hardware.Instance() bei PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme
powerScheme)
Error - 6/2/2012 12:44:39 PM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize()
bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) bei HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
radio) bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() bei
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() bei HPPA_Service.CurrentConfiguration.ApplyFriendlyNames()
bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 9/29/2012 1:10:50 PM | Computer Name = GVSSteffiMaaßen | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
bei HardwareAccess.Hardware.Instance() bei PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme
powerScheme)
[ Media Center Events ]
Error - 5/2/2010 2:52:19 PM | Computer Name = GVSSteffiMaaßen | Source = MCUpdate | ID = 0
Description = 20:52:19 - Fehler beim Herstellen der Internetverbindung. 20:52:19
- Serververbindung konnte nicht hergestellt werden..
Error - 7/9/2010 10:44:09 AM | Computer Name = GVSSteffiMaaßen | Source = MCUpdate | ID = 0
Description = 16:44:09 - Directory konnte nicht abgerufen werden (Fehler: Timeout
für Vorgang überschritten)
[ OSession Events ]
Error - 12/24/2010 11:08:52 AM | Computer Name = GVSSteffiMaaßen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5446
seconds with 240 seconds of active time. This session ended with a crash.
Error - 7/29/2012 5:20:33 AM | Computer Name = GVSSteffiMaaßen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 202
seconds with 180 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 3/24/2013 10:38:39 AM | Computer Name = GVSSteffiMaaßen | Source = DCOM | ID = 10016
Description =
Error - 3/24/2013 10:38:51 AM | Computer Name = GVSSteffiMaaßen | Source = PNRPSvc | ID = 102
Description =
Error - 3/24/2013 10:38:51 AM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 3/24/2013 10:38:51 AM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 3/24/2013 10:38:57 AM | Computer Name = GVSSteffiMaaßen | Source = PNRPSvc | ID = 102
Description =
Error - 3/24/2013 10:38:57 AM | Computer Name = GVSSteffiMaaßen | Source = PNRPSvc | ID = 102
Description =
Error - 3/24/2013 10:38:57 AM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 3/24/2013 10:38:57 AM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 3/24/2013 10:38:57 AM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 3/24/2013 10:38:57 AM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
< End of report >
|
|
24.03.2013, 17:52
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Archivbombe und 2 TrojanerZitat:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.03.2013, 18:35
| #5 |
| | Archivbombe und 2 Trojaner Hallo Cosinus, hab ich so gekauft im Verbund mit dem Laptop. Der wird fast ausschließlich privat genutzt, bis auf meine Buchhaltung für meinen Nebenerwerb. LG Steffi |
|
25.03.2013, 15:15
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Archivbombe und 2 Trojaner Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
 Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Archivbombe und 2 Trojaner |
|
25.03.2013, 20:29
| #7 |
| | Archivbombe und 2 Trojaner Hallo Cosinus, die Gmer-Log aufgrund der Länge als Archiv-Anhang. und die MBAR-Log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.25.13
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Steffi Maaßen :: GVSSTEFFIMAAßEN [administrator]
25.03.2013 20:16:53
mbar-log-2013-03-25 (20-16-53).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 33601
Time elapsed: 25 minute(s), 37 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
25.03.2013, 20:48
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Archivbombe und 2 Trojaner aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.03.2013, 20:54
| #9 |
| | Archivbombe und 2 Trojaner eine Frage dazu: Muss ich bei dem Scan mit aswMBR.exe mein Avast! deaktivieren? |
|
25.03.2013, 21:06
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Archivbombe und 2 Trojaner Ja bitte deaktivieren
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2013, 17:25
| #11 |
| | Archivbombe und 2 Trojaner hier die aswMBR-Log: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-26 16:49:02
-----------------------------
16:49:02.171 OS Version: Windows 6.1.7601 Service Pack 1
16:49:02.171 Number of processors: 4 586 0x2502
16:49:02.171 ComputerName: GVSSTEFFIMAAßEN UserName: Steffi Maaßen
16:49:11.562 Initialize success
16:49:12.358 AVAST engine defs: 13032400
16:49:17.880 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:49:17.880 Disk 0 Vendor: ST932042 0006 Size: 305245MB BusType: 3
16:49:18.052 Disk 0 MBR read successfully
16:49:18.052 Disk 0 MBR scan
16:49:18.052 Disk 0 Windows VISTA default MBR code
16:49:18.068 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
16:49:18.083 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287533 MB offset 616448
16:49:18.286 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15360 MB offset 589484032
16:49:18.348 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 2043 MB offset 620941312
16:49:18.380 Disk 0 scanning sectors +625125376
16:49:18.489 Disk 0 scanning C:\windows\system32\drivers
16:49:40.391 Service scanning
16:50:00.593 Service SafeBoot C:\windows\System32\Drivers\SafeBoot.sys **LOCKED** 32
16:50:09.658 Modules scanning
16:50:34.899 Disk 0 trace - called modules:
16:50:34.930 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys iaStor.sys
16:50:34.945 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87bd7030]
16:50:34.961 3 CLASSPNP.SYS[8c00c59e] -> nt!IofCallDriver -> [0x87bd5960]
16:50:34.977 5 hpdskflt.sys[8cdb3090] -> nt!IofCallDriver -> [0x870e68b8]
16:50:34.992 7 ACPI.sys[8be983d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x870e2028]
16:50:44.930 AVAST engine scan C:\windows
16:50:52.932 AVAST engine scan C:\windows\system32
16:54:13.728 AVAST engine scan C:\windows\system32\drivers
16:54:30.670 AVAST engine scan C:\Users\Steffi Maaßen
17:18:42.655 Disk 0 MBR has been saved successfully to "C:\Users\Steffi Maaßen\Documents\Privat\Logs\MBR.dat"
17:18:42.671 The log file has been saved successfully to "C:\Users\Steffi Maaßen\Documents\Privat\Logs\aswMBR.txt"
Code:
ATTFilter 17:19:49.0667 5516 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:19:50.0010 5516 ============================================================
17:19:50.0010 5516 Current date / time: 2013/03/26 17:19:50.0010
17:19:50.0010 5516 SystemInfo:
17:19:50.0010 5516
17:19:50.0010 5516 OS Version: 6.1.7601 ServicePack: 1.0
17:19:50.0010 5516 Product type: Workstation
17:19:50.0010 5516 ComputerName: GVSSTEFFIMAAßEN
17:19:50.0010 5516 UserName: Steffi Maaßen
17:19:50.0010 5516 Windows directory: C:\windows
17:19:50.0010 5516 System windows directory: C:\windows
17:19:50.0010 5516 Processor architecture: Intel x86
17:19:50.0010 5516 Number of processors: 4
17:19:50.0010 5516 Page size: 0x1000
17:19:50.0010 5516 Boot type: Normal boot
17:19:50.0010 5516 ============================================================
17:19:50.0790 5516 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:19:50.0837 5516 ============================================================
17:19:50.0837 5516 \Device\Harddisk0\DR0:
17:19:50.0837 5516 MBR partitions:
17:19:50.0837 5516 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
17:19:50.0837 5516 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x23196800
17:19:50.0837 5516 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2322D000, BlocksNum 0x1E00000
17:19:50.0837 5516 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x2502D000, BlocksNum 0x3FD800
17:19:50.0837 5516 ============================================================
17:19:50.0853 5516 C: <-> \Device\Harddisk0\DR0\Partition2
17:19:50.0884 5516 F: <-> \Device\Harddisk0\DR0\Partition4
17:19:50.0884 5516 ============================================================
17:19:50.0884 5516 Initialize success
17:19:50.0884 5516 ============================================================
17:20:01.0664 7916 ============================================================
17:20:01.0664 7916 Scan started
17:20:01.0664 7916 Mode: Manual; SigCheck; TDLFS;
17:20:01.0664 7916 ============================================================
17:20:02.0710 7916 ================ Scan system memory ========================
17:20:02.0710 7916 System memory - ok
17:20:02.0710 7916 ================ Scan services =============================
17:20:02.0897 7916 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
17:20:03.0115 7916 1394ohci - ok
17:20:03.0225 7916 [ 00659E56339389469473AEC41587E706 ] ac.sharedstore C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
17:20:03.0256 7916 ac.sharedstore - ok
17:20:03.0287 7916 [ 4DF5E6215A102A192B2B6DBB61F2FBA5 ] Accelerometer C:\windows\system32\DRIVERS\Accelerometer.sys
17:20:03.0303 7916 Accelerometer - ok
17:20:03.0334 7916 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys
17:20:03.0365 7916 ACPI - ok
17:20:03.0412 7916 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
17:20:03.0505 7916 AcpiPmi - ok
17:20:03.0615 7916 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:20:03.0646 7916 AdobeARMservice - ok
17:20:03.0755 7916 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:20:03.0786 7916 AdobeFlashPlayerUpdateSvc - ok
17:20:03.0802 7916 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
17:20:03.0849 7916 adp94xx - ok
17:20:03.0880 7916 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
17:20:03.0911 7916 adpahci - ok
17:20:03.0942 7916 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
17:20:03.0973 7916 adpu320 - ok
17:20:04.0005 7916 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
17:20:04.0067 7916 AeLookupSvc - ok
17:20:04.0129 7916 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Program Files\IDT\WDM\aestsrv.exe
17:20:04.0176 7916 AESTFilters - ok
17:20:04.0239 7916 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys
17:20:04.0285 7916 AFD - ok
17:20:04.0317 7916 [ 6416F9B6B220F0A890525C38235AFAD7 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
17:20:04.0332 7916 AgereModemAudio - ok
17:20:04.0379 7916 [ 07758C2196A62F207F77556311E7459A ] AgereSoftModem C:\windows\system32\DRIVERS\AGRSM.sys
17:20:04.0473 7916 AgereSoftModem - ok
17:20:04.0504 7916 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys
17:20:04.0535 7916 agp440 - ok
17:20:04.0597 7916 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
17:20:04.0629 7916 aic78xx - ok
17:20:04.0660 7916 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
17:20:04.0707 7916 ALG - ok
17:20:04.0738 7916 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys
17:20:04.0753 7916 aliide - ok
17:20:04.0785 7916 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys
17:20:04.0800 7916 amdagp - ok
17:20:04.0816 7916 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys
17:20:04.0863 7916 amdide - ok
17:20:04.0894 7916 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
17:20:04.0941 7916 AmdK8 - ok
17:20:04.0956 7916 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
17:20:04.0987 7916 AmdPPM - ok
17:20:05.0019 7916 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\windows\system32\drivers\amdsata.sys
17:20:05.0050 7916 amdsata - ok
17:20:05.0081 7916 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
17:20:05.0112 7916 amdsbs - ok
17:20:05.0128 7916 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\windows\system32\drivers\amdxata.sys
17:20:05.0159 7916 amdxata - ok
17:20:05.0253 7916 [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
17:20:05.0284 7916 AOL ACS - ok
17:20:05.0331 7916 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys
17:20:05.0393 7916 AppID - ok
17:20:05.0440 7916 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
17:20:05.0518 7916 AppIDSvc - ok
17:20:05.0549 7916 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\windows\System32\appinfo.dll
17:20:05.0611 7916 Appinfo - ok
17:20:05.0721 7916 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:20:05.0752 7916 Apple Mobile Device - ok
17:20:05.0783 7916 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\windows\System32\appmgmts.dll
17:20:05.0845 7916 AppMgmt - ok
17:20:05.0877 7916 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
17:20:05.0908 7916 arc - ok
17:20:05.0908 7916 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
17:20:05.0939 7916 arcsas - ok
17:20:06.0001 7916 [ CCDA8D84FD02AEC52E62F296433AE9DC ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
17:20:06.0064 7916 aswFsBlk - ok
17:20:06.0095 7916 [ A65FC444F7660F0CAC9A9E22203FD4BA ] aswFW C:\windows\system32\drivers\aswFW.sys
17:20:06.0157 7916 aswFW - ok
17:20:06.0251 7916 [ 4691B3FE3717F9D9C64A5282C8543D4D ] aswKbd C:\windows\system32\drivers\aswKbd.sys
17:20:06.0313 7916 aswKbd - ok
17:20:06.0376 7916 [ A6E20E62871A28A0F1C05B1681848FA7 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
17:20:06.0438 7916 aswMonFlt - ok
17:20:06.0469 7916 [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis C:\windows\system32\DRIVERS\aswNdis.sys
17:20:06.0532 7916 aswNdis - ok
17:20:06.0563 7916 [ 672A45E2AA1FA8178DB8CF1A39BEFC83 ] aswNdis2 C:\windows\system32\drivers\aswNdis2.sys
17:20:06.0625 7916 aswNdis2 - ok
17:20:06.0688 7916 [ 6844738D52970A0F482768EEA941C78E ] aswRdr C:\windows\System32\Drivers\aswrdr2.sys
17:20:06.0750 7916 aswRdr - ok
17:20:06.0844 7916 [ 657A61979F40D67CA29716149766FFA7 ] aswRvrt C:\windows\system32\drivers\aswRvrt.sys
17:20:06.0906 7916 aswRvrt - ok
17:20:06.0984 7916 [ 0E604867FC28F00D91CB0B00D2EC830D ] aswSnx C:\windows\system32\drivers\aswSnx.sys
17:20:07.0078 7916 aswSnx - ok
17:20:07.0249 7916 [ 6FC4AA106AA505394C908D37CCCB9148 ] aswSP C:\windows\system32\drivers\aswSP.sys
17:20:07.0312 7916 aswSP - ok
17:20:07.0437 7916 [ 33E21FFB063CA6C7E00D568467DC72E4 ] aswTdi C:\windows\system32\drivers\aswTdi.sys
17:20:07.0499 7916 aswTdi - ok
17:20:07.0561 7916 [ EDB0C9BA44B748E420CCA989FD8B826E ] aswVmm C:\windows\system32\drivers\aswVmm.sys
17:20:07.0624 7916 aswVmm - ok
17:20:07.0686 7916 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
17:20:07.0764 7916 AsyncMac - ok
17:20:07.0858 7916 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys
17:20:07.0889 7916 atapi - ok
17:20:08.0139 7916 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
17:20:08.0248 7916 AudioEndpointBuilder - ok
17:20:08.0310 7916 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll
17:20:08.0388 7916 Audiosrv - ok
17:20:08.0685 7916 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:20:08.0747 7916 avast! Antivirus - ok
17:20:08.0825 7916 [ DA387EDDBA421A7A8132E256343C2799 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
17:20:08.0887 7916 avast! Firewall - ok
17:20:09.0028 7916 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll
17:20:09.0090 7916 AxInstSV - ok
17:20:09.0184 7916 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
17:20:09.0246 7916 b06bdrv - ok
17:20:09.0371 7916 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
17:20:09.0433 7916 b57nd60x - ok
17:20:09.0496 7916 BCMH43XX - ok
17:20:09.0527 7916 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
17:20:09.0574 7916 BDESVC - ok
17:20:09.0667 7916 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
17:20:09.0761 7916 Beep - ok
17:20:09.0933 7916 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll
17:20:10.0089 7916 BFE - ok
17:20:10.0198 7916 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\System32\qmgr.dll
17:20:10.0338 7916 BITS - ok
17:20:10.0369 7916 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
17:20:10.0416 7916 blbdrive - ok
17:20:10.0666 7916 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:20:10.0713 7916 Bonjour Service - ok
17:20:10.0791 7916 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys
17:20:10.0837 7916 bowser - ok
17:20:10.0931 7916 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
17:20:10.0978 7916 BrFiltLo - ok
17:20:11.0009 7916 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
17:20:11.0118 7916 BrFiltUp - ok
17:20:11.0149 7916 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll
17:20:11.0212 7916 Browser - ok
17:20:11.0274 7916 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
17:20:11.0321 7916 Brserid - ok
17:20:11.0352 7916 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
17:20:11.0415 7916 BrSerWdm - ok
17:20:11.0477 7916 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
17:20:11.0555 7916 BrUsbMdm - ok
17:20:11.0633 7916 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
17:20:11.0680 7916 BrUsbSer - ok
17:20:11.0851 7916 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
17:20:11.0898 7916 BthEnum - ok
17:20:11.0976 7916 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
17:20:12.0023 7916 BTHMODEM - ok
17:20:12.0148 7916 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
17:20:12.0210 7916 BthPan - ok
17:20:12.0319 7916 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
17:20:12.0397 7916 BTHPORT - ok
17:20:12.0475 7916 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
17:20:12.0585 7916 bthserv - ok
17:20:12.0616 7916 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
17:20:12.0663 7916 BTHUSB - ok
17:20:12.0803 7916 [ CE5833C144CA6623BCBDE93B188AA850 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
17:20:12.0865 7916 btwaudio - ok
17:20:12.0943 7916 [ AF9148C3E844131AC954CB53FF43D971 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
17:20:13.0021 7916 btwavdt - ok
17:20:13.0193 7916 [ F55C99818FD1EACFC7784958A8592536 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:20:13.0255 7916 btwdins - ok
17:20:13.0318 7916 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
17:20:13.0349 7916 btwl2cap - ok
17:20:13.0380 7916 [ 480B3D195854B2E55299CDDDDC50BCF9 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
17:20:13.0443 7916 btwrchid - ok
17:20:13.0552 7916 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
17:20:13.0645 7916 cdfs - ok
17:20:13.0770 7916 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\drivers\cdrom.sys
17:20:13.0833 7916 cdrom - ok
17:20:13.0942 7916 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll
17:20:14.0035 7916 CertPropSvc - ok
17:20:14.0067 7916 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
17:20:14.0129 7916 circlass - ok
17:20:14.0223 7916 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
17:20:14.0254 7916 CLFS - ok
17:20:14.0425 7916 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:20:14.0457 7916 clr_optimization_v2.0.50727_32 - ok
17:20:14.0597 7916 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:20:14.0644 7916 clr_optimization_v4.0.30319_32 - ok
17:20:14.0737 7916 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
17:20:14.0784 7916 CmBatt - ok
17:20:14.0878 7916 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys
17:20:14.0909 7916 cmdide - ok
17:20:15.0034 7916 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\windows\system32\Drivers\cng.sys
17:20:15.0112 7916 CNG - ok
17:20:15.0361 7916 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
17:20:15.0393 7916 Com4QLBEx - ok
17:20:15.0517 7916 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
17:20:15.0533 7916 Compbatt - ok
17:20:15.0689 7916 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
17:20:15.0736 7916 CompositeBus - ok
17:20:15.0829 7916 COMSysApp - ok
17:20:15.0876 7916 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
17:20:15.0907 7916 crcdisk - ok
17:20:16.0017 7916 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\windows\system32\cryptsvc.dll
17:20:16.0079 7916 CryptSvc - ok
17:20:16.0173 7916 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\windows\system32\drivers\csc.sys
17:20:16.0235 7916 CSC - ok
17:20:16.0344 7916 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\windows\System32\cscsvc.dll
17:20:16.0407 7916 CscService - ok
17:20:16.0547 7916 [ A05433F6218DCB8F0DEC232DE65F8B26 ] DAMDrv C:\windows\system32\DRIVERS\DAMDrv.sys
17:20:16.0563 7916 DAMDrv - ok
17:20:16.0625 7916 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll
17:20:16.0703 7916 DcomLaunch - ok
17:20:16.0750 7916 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
17:20:16.0812 7916 defragsvc - ok
17:20:17.0031 7916 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys
17:20:17.0124 7916 DfsC - ok
17:20:17.0202 7916 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll
17:20:17.0280 7916 Dhcp - ok
17:20:17.0311 7916 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
17:20:17.0358 7916 discache - ok
17:20:17.0405 7916 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
17:20:17.0421 7916 Disk - ok
17:20:17.0483 7916 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll
17:20:17.0545 7916 Dnscache - ok
17:20:17.0592 7916 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll
17:20:17.0686 7916 dot3svc - ok
17:20:17.0764 7916 [ CACE0FDD5D1EA41A36AC8CE590330834 ] DpHost C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
17:20:17.0795 7916 DpHost - ok
17:20:17.0811 7916 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll
17:20:17.0904 7916 DPS - ok
17:20:17.0935 7916 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
17:20:17.0998 7916 drmkaud - ok
17:20:18.0045 7916 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
17:20:18.0107 7916 DXGKrnl - ok
17:20:18.0138 7916 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
17:20:18.0232 7916 EapHost - ok
17:20:18.0325 7916 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
17:20:18.0513 7916 ebdrv - ok
17:20:18.0544 7916 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe
17:20:18.0591 7916 EFS - ok
17:20:18.0669 7916 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\windows\ehome\ehRecvr.exe
17:20:18.0747 7916 ehRecvr - ok
17:20:18.0778 7916 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe
17:20:18.0825 7916 ehSched - ok
17:20:18.0871 7916 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
17:20:18.0903 7916 elxstor - ok
17:20:18.0965 7916 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys
17:20:19.0012 7916 ErrDev - ok
17:20:19.0075 7916 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
17:20:19.0153 7916 EventSystem - ok
17:20:19.0200 7916 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
17:20:19.0262 7916 exfat - ok
17:20:19.0278 7916 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
17:20:19.0340 7916 fastfat - ok
17:20:19.0387 7916 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe
17:20:19.0434 7916 Fax - ok
17:20:19.0465 7916 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
17:20:19.0512 7916 fdc - ok
17:20:19.0528 7916 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
17:20:19.0621 7916 fdPHost - ok
17:20:19.0652 7916 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
17:20:19.0699 7916 FDResPub - ok
17:20:19.0715 7916 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
17:20:19.0746 7916 FileInfo - ok
17:20:19.0746 7916 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
17:20:19.0824 7916 Filetrace - ok
17:20:19.0871 7916 [ 58B43566FF67F2255AF1CA916D2FDACB ] FLCDLOCK c:\Windows\system32\flcdlock.exe
17:20:19.0902 7916 FLCDLOCK - ok
17:20:19.0918 7916 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
17:20:19.0949 7916 flpydisk - ok
17:20:19.0980 7916 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
17:20:20.0011 7916 FltMgr - ok
17:20:20.0074 7916 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\windows\system32\FntCache.dll
17:20:20.0167 7916 FontCache - ok
17:20:20.0214 7916 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:20:20.0230 7916 FontCache3.0.0.0 - ok
17:20:20.0245 7916 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
17:20:20.0261 7916 FsDepends - ok
17:20:20.0308 7916 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
17:20:20.0323 7916 Fs_Rec - ok
17:20:20.0386 7916 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
17:20:20.0417 7916 fvevol - ok
17:20:20.0448 7916 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
17:20:20.0479 7916 gagp30kx - ok
17:20:20.0526 7916 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
17:20:20.0542 7916 GEARAspiWDM - ok
17:20:20.0604 7916 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll
17:20:20.0713 7916 gpsvc - ok
17:20:20.0807 7916 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:20:20.0822 7916 gupdate - ok
17:20:20.0838 7916 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:20:20.0854 7916 gupdatem - ok
17:20:20.0869 7916 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
17:20:20.0916 7916 hcw85cir - ok
17:20:20.0994 7916 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:20:21.0041 7916 HdAudAddService - ok
17:20:21.0056 7916 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
17:20:21.0119 7916 HDAudBus - ok
17:20:21.0150 7916 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\windows\system32\DRIVERS\HECI.sys
17:20:21.0197 7916 HECI - ok
17:20:21.0228 7916 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
17:20:21.0275 7916 HidBatt - ok
17:20:21.0306 7916 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
17:20:21.0337 7916 HidBth - ok
17:20:21.0368 7916 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
17:20:21.0415 7916 HidIr - ok
17:20:21.0446 7916 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll
17:20:21.0540 7916 hidserv - ok
17:20:21.0571 7916 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
17:20:21.0680 7916 HidUsb - ok
17:20:21.0727 7916 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll
17:20:21.0805 7916 hkmsvc - ok
17:20:21.0961 7916 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
17:20:21.0992 7916 HomeGroupListener - ok
17:20:22.0070 7916 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
17:20:22.0133 7916 HomeGroupProvider - ok
17:20:22.0195 7916 [ 280A094A2862F0D2AFC117A49A5189D7 ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
17:20:22.0226 7916 HP Power Assistant Service - ok
17:20:22.0273 7916 [ 657E81DF0625198C97F91C09AE9611FC ] HP ProtectTools Service C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
17:20:22.0304 7916 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - warning
17:20:22.0304 7916 HP ProtectTools Service - detected UnsignedFile.Multi.Generic (1)
17:20:22.0429 7916 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
17:20:22.0445 7916 HP Support Assistant Service - ok
17:20:22.0523 7916 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
17:20:22.0554 7916 HP Wireless Assistant Service - ok
17:20:22.0648 7916 [ D17F9E527F01770BD04A9223BC40EC22 ] HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
17:20:22.0679 7916 HPDrvMntSvc.exe - ok
17:20:22.0710 7916 [ E1D82F0C8456ABB03B7DF5D623CA47D1 ] hpdskflt C:\windows\system32\DRIVERS\hpdskflt.sys
17:20:22.0726 7916 hpdskflt - ok
17:20:22.0772 7916 [ 5AFB3F9B74553BD933555E1C800D2CE1 ] HpFkCryptService C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
17:20:22.0835 7916 HpFkCryptService - ok
17:20:22.0882 7916 [ 1BF7C574DBA7630F88D74A84AE8D80B2 ] HPFSService C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
17:20:22.0913 7916 HPFSService ( UnsignedFile.Multi.Generic ) - warning
17:20:22.0913 7916 HPFSService - detected UnsignedFile.Multi.Generic (1)
17:20:22.0944 7916 [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr C:\windows\system32\DRIVERS\HpqKbFiltr.sys
17:20:22.0975 7916 HpqKbFiltr - ok
17:20:23.0038 7916 [ 0955C23C041451FB4E7099D6B2CF1C06 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
17:20:23.0084 7916 hpqwmiex - ok
17:20:23.0131 7916 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
17:20:23.0162 7916 HpSAMD - ok
17:20:23.0178 7916 [ D1F817E61D52816996B8F1EBA9A38276 ] hpsrv C:\windows\system32\Hpservice.exe
17:20:23.0209 7916 hpsrv - ok
17:20:23.0287 7916 [ F624E93AD16E11BD0004EB4475F009A8 ] HRService C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe
17:20:23.0303 7916 HRService - ok
17:20:23.0365 7916 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys
17:20:23.0490 7916 HTTP - ok
17:20:23.0537 7916 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
17:20:23.0552 7916 hwpolicy - ok
17:20:23.0615 7916 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
17:20:23.0646 7916 i8042prt - ok
17:20:23.0708 7916 [ F54B3DB096ABD6E9BBBD052FD3878A48 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
17:20:23.0786 7916 IAANTMON - ok
17:20:23.0818 7916 [ 01446278D4563B3013C92830AE6CBB26 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
17:20:23.0880 7916 iaStor - ok
17:20:23.0942 7916 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys
17:20:23.0989 7916 iaStorV - ok
17:20:24.0052 7916 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:20:24.0083 7916 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:20:24.0083 7916 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:20:24.0161 7916 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:20:24.0223 7916 idsvc - ok
17:20:24.0379 7916 [ FAF70667BE6D1E1FFBACC8D4FC15D645 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
17:20:24.0644 7916 igfx - ok
17:20:24.0676 7916 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
17:20:24.0707 7916 iirsp - ok
17:20:24.0769 7916 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll
17:20:24.0847 7916 IKEEXT - ok
17:20:24.0878 7916 [ 2DB41BA61D5E44D0667CF126D35DCF34 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
17:20:24.0910 7916 Impcd - ok
17:20:24.0972 7916 [ 29061F25ABB6E60A5B49FBEED7A5698A ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
17:20:25.0003 7916 IntcDAud - ok
17:20:25.0050 7916 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys
17:20:25.0081 7916 intelide - ok
17:20:25.0112 7916 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
17:20:25.0159 7916 intelppm - ok
17:20:25.0206 7916 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
17:20:25.0284 7916 IPBusEnum - ok
17:20:25.0331 7916 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
17:20:25.0424 7916 IpFilterDriver - ok
17:20:25.0487 7916 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\windows\System32\iphlpsvc.dll
17:20:25.0549 7916 iphlpsvc - ok
17:20:25.0565 7916 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
17:20:25.0627 7916 IPMIDRV - ok
17:20:25.0643 7916 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
17:20:25.0721 7916 IPNAT - ok
17:20:25.0814 7916 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:20:25.0877 7916 iPod Service - ok
17:20:25.0892 7916 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
17:20:25.0955 7916 IRENUM - ok
17:20:25.0986 7916 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys
17:20:26.0017 7916 isapnp - ok
17:20:26.0064 7916 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
17:20:26.0095 7916 iScsiPrt - ok
17:20:26.0126 7916 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\drivers\kbdclass.sys
17:20:26.0158 7916 kbdclass - ok
17:20:26.0189 7916 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
17:20:26.0220 7916 kbdhid - ok
17:20:26.0236 7916 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe
17:20:26.0267 7916 KeyIso - ok
17:20:26.0314 7916 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
17:20:26.0345 7916 KSecDD - ok
17:20:26.0392 7916 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
17:20:26.0423 7916 KSecPkg - ok
17:20:26.0454 7916 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
17:20:26.0548 7916 KtmRm - ok
17:20:26.0610 7916 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\system32\srvsvc.dll
17:20:26.0704 7916 LanmanServer - ok
17:20:26.0735 7916 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
17:20:26.0828 7916 LanmanWorkstation - ok
17:20:26.0891 7916 Lexware_Professional_Datenbank - ok
17:20:26.0938 7916 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:20:26.0969 7916 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:20:26.0969 7916 LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:20:27.0016 7916 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
17:20:27.0094 7916 lltdio - ok
17:20:27.0140 7916 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
17:20:27.0234 7916 lltdsvc - ok
17:20:27.0250 7916 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
17:20:27.0312 7916 lmhosts - ok
17:20:27.0359 7916 [ BB4E55778D8DE3885E1CDAC795DE7BCE ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:20:27.0421 7916 LMS - ok
17:20:27.0468 7916 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
17:20:27.0499 7916 LSI_FC - ok
17:20:27.0515 7916 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
17:20:27.0546 7916 LSI_SAS - ok
17:20:27.0562 7916 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
17:20:27.0577 7916 LSI_SAS2 - ok
17:20:27.0608 7916 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
17:20:27.0624 7916 LSI_SCSI - ok
17:20:27.0640 7916 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
17:20:27.0733 7916 luafv - ok
17:20:27.0764 7916 massfilter - ok
17:20:27.0780 7916 massfilter_hs - ok
17:20:27.0827 7916 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
17:20:27.0905 7916 MBAMProtector - ok
17:20:27.0936 7916 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:20:27.0983 7916 MBAMScheduler - ok
17:20:27.0998 7916 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:20:28.0061 7916 MBAMService - ok
17:20:28.0108 7916 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
17:20:28.0139 7916 Mcx2Svc - ok
17:20:28.0170 7916 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
17:20:28.0186 7916 megasas - ok
17:20:28.0217 7916 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
17:20:28.0248 7916 MegaSR - ok
17:20:28.0279 7916 [ 64B96DE8C492BD435372D9130A535F1D ] MfeAVFK C:\windows\system32\drivers\MfeAVFK.sys
17:20:28.0357 7916 MfeAVFK - ok
17:20:28.0373 7916 [ 078E87A89D36CC3516F19D5FB518BDDC ] MfeBOPK C:\windows\system32\drivers\MfeBOPK.sys
17:20:28.0435 7916 MfeBOPK - ok
17:20:28.0466 7916 [ 168C565101FD5B9DB694EFDEC91FAFA9 ] mfehidk C:\windows\system32\drivers\mfehidk.sys
17:20:28.0529 7916 mfehidk - ok
17:20:28.0544 7916 [ E0842F67DC9BC4D21D1E319610EBE9E5 ] MfeRKDK C:\windows\system32\drivers\MfeRKDK.sys
17:20:28.0607 7916 MfeRKDK - ok
17:20:28.0622 7916 [ 43A7ACBBD70ECD62F0B63486C72089A3 ] mfetdik C:\windows\system32\drivers\mfetdik.sys
17:20:28.0685 7916 mfetdik - ok
17:20:28.0716 7916 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
17:20:28.0810 7916 MMCSS - ok
17:20:28.0841 7916 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
17:20:28.0903 7916 Modem - ok
17:20:28.0934 7916 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
17:20:28.0981 7916 monitor - ok
17:20:29.0028 7916 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
17:20:29.0059 7916 mouclass - ok
17:20:29.0090 7916 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
17:20:29.0106 7916 mouhid - ok
17:20:29.0153 7916 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys
17:20:29.0184 7916 mountmgr - ok
17:20:29.0278 7916 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:20:29.0309 7916 MozillaMaintenance - ok
17:20:29.0356 7916 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys
17:20:29.0387 7916 mpio - ok
17:20:29.0402 7916 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
17:20:29.0496 7916 mpsdrv - ok
17:20:29.0558 7916 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll
17:20:29.0636 7916 MpsSvc - ok
17:20:29.0668 7916 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
17:20:29.0699 7916 MRxDAV - ok
17:20:29.0746 7916 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
17:20:29.0777 7916 mrxsmb - ok
17:20:29.0824 7916 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
17:20:29.0855 7916 mrxsmb10 - ok
17:20:29.0870 7916 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
17:20:29.0902 7916 mrxsmb20 - ok
17:20:29.0948 7916 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys
17:20:29.0964 7916 msahci - ok
17:20:29.0995 7916 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys
17:20:30.0026 7916 msdsm - ok
17:20:30.0042 7916 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
17:20:30.0104 7916 MSDTC - ok
17:20:30.0151 7916 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
17:20:30.0229 7916 Msfs - ok
17:20:30.0260 7916 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
17:20:30.0354 7916 mshidkmdf - ok
17:20:30.0370 7916 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
17:20:30.0401 7916 msisadrv - ok
17:20:30.0432 7916 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
17:20:30.0526 7916 MSiSCSI - ok
17:20:30.0526 7916 msiserver - ok
17:20:30.0557 7916 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
17:20:30.0635 7916 MSKSSRV - ok
17:20:30.0682 7916 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
17:20:30.0760 7916 MSPCLOCK - ok
17:20:30.0791 7916 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
17:20:30.0884 7916 MSPQM - ok
17:20:30.0900 7916 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
17:20:30.0931 7916 MsRPC - ok
17:20:30.0947 7916 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
17:20:30.0978 7916 mssmbios - ok
17:20:30.0994 7916 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
17:20:31.0056 7916 MSTEE - ok
17:20:31.0072 7916 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
17:20:31.0103 7916 MTConfig - ok
17:20:31.0118 7916 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
17:20:31.0150 7916 Mup - ok
17:20:31.0212 7916 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll
17:20:31.0306 7916 napagent - ok
17:20:31.0352 7916 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
17:20:31.0415 7916 NativeWifiP - ok
17:20:31.0462 7916 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\windows\system32\drivers\ndis.sys
17:20:31.0540 7916 NDIS - ok
17:20:31.0571 7916 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
17:20:31.0649 7916 NdisCap - ok
17:20:31.0696 7916 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
17:20:31.0774 7916 NdisTapi - ok
17:20:31.0820 7916 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
17:20:31.0898 7916 Ndisuio - ok
17:20:31.0945 7916 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
17:20:32.0023 7916 NdisWan - ok
17:20:32.0054 7916 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
17:20:32.0148 7916 NDProxy - ok
17:20:32.0164 7916 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
17:20:32.0226 7916 NetBIOS - ok
17:20:32.0288 7916 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
17:20:32.0382 7916 NetBT - ok
17:20:32.0413 7916 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe
17:20:32.0429 7916 Netlogon - ok
17:20:32.0476 7916 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
17:20:32.0569 7916 Netman - ok
17:20:32.0600 7916 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
17:20:32.0710 7916 netprofm - ok
17:20:32.0741 7916 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:20:32.0772 7916 NetTcpPortSharing - ok
17:20:32.0944 7916 [ 5B2DFA9C5C02DDF2A113CC0F551B59DF ] NETw5s32 C:\windows\system32\DRIVERS\NETw5s32.sys
17:20:33.0178 7916 NETw5s32 - ok
17:20:33.0224 7916 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
17:20:33.0240 7916 nfrd960 - ok
17:20:33.0287 7916 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\windows\System32\nlasvc.dll
17:20:33.0334 7916 NlaSvc - ok
17:20:33.0396 7916 [ 33A4B24A4C4DCF3C168E2C1151A62FC5 ] nmwcd C:\windows\system32\drivers\ccdcmb.sys
17:20:33.0458 7916 nmwcd - ok
17:20:33.0521 7916 [ A77265EF7BF998B8BB22A1A23E72B45D ] nmwcdc C:\windows\system32\drivers\ccdcmbo.sys
17:20:33.0583 7916 nmwcdc - ok
17:20:33.0599 7916 NPF - ok
17:20:33.0630 7916 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
17:20:33.0708 7916 Npfs - ok
17:20:33.0724 7916 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
17:20:33.0802 7916 nsi - ok
17:20:33.0802 7916 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
17:20:33.0864 7916 nsiproxy - ok
17:20:33.0926 7916 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
17:20:34.0004 7916 Ntfs - ok
17:20:34.0020 7916 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
17:20:34.0098 7916 Null - ok
17:20:34.0160 7916 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys
17:20:34.0192 7916 nvraid - ok
17:20:34.0207 7916 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys
17:20:34.0238 7916 nvstor - ok
17:20:34.0254 7916 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys
17:20:34.0285 7916 nv_agp - ok
17:20:34.0394 7916 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:20:34.0426 7916 odserv - ok
17:20:34.0457 7916 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
17:20:34.0504 7916 ohci1394 - ok
17:20:34.0597 7916 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:20:34.0613 7916 ose - ok
17:20:34.0660 7916 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
17:20:34.0722 7916 p2pimsvc - ok
17:20:34.0753 7916 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
17:20:34.0816 7916 p2psvc - ok
17:20:34.0847 7916 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
17:20:34.0894 7916 Parport - ok
17:20:34.0925 7916 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys
17:20:34.0956 7916 partmgr - ok
17:20:34.0956 7916 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
17:20:35.0003 7916 Parvdm - ok
17:20:35.0034 7916 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
17:20:35.0096 7916 PcaSvc - ok
17:20:35.0143 7916 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\windows\system32\DRIVERS\pccsmcfd.sys
17:20:35.0190 7916 pccsmcfd - ok
17:20:35.0221 7916 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys
17:20:35.0252 7916 pci - ok
17:20:35.0268 7916 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys
17:20:35.0284 7916 pciide - ok
17:20:35.0299 7916 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
17:20:35.0330 7916 pcmcia - ok
17:20:35.0362 7916 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
17:20:35.0377 7916 pcw - ok
17:20:35.0408 7916 pdfcDispatcher - ok
17:20:35.0455 7916 [ 4A8CC4D25525F456069887D5E8C53225 ] PdiService C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
17:20:35.0518 7916 PdiService - ok
17:20:35.0533 7916 [ 1BF91F352D746AD7469FA71783B5FAE8 ] PDNMp50 C:\windows\system32\drivers\PDNMp50.sys
17:20:35.0596 7916 PDNMp50 - ok
17:20:35.0642 7916 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] PDNSp50 C:\windows\system32\drivers\PDNSp50.sys
17:20:35.0689 7916 PDNSp50 - ok
17:20:35.0720 7916 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
17:20:35.0814 7916 PEAUTH - ok
17:20:35.0861 7916 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\windows\system32\peerdistsvc.dll
17:20:35.0939 7916 PeerDistSvc - ok
17:20:36.0032 7916 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll
17:20:36.0173 7916 pla - ok
17:20:36.0235 7916 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll
17:20:36.0282 7916 PlugPlay - ok
17:20:36.0298 7916 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
17:20:36.0344 7916 PNRPAutoReg - ok
17:20:36.0391 7916 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
17:20:36.0422 7916 PNRPsvc - ok
17:20:36.0454 7916 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll
17:20:36.0516 7916 PolicyAgent - ok
17:20:36.0563 7916 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll
17:20:36.0625 7916 Power - ok
17:20:36.0656 7916 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
17:20:36.0750 7916 PptpMiniport - ok
17:20:36.0781 7916 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
17:20:36.0797 7916 Processor - ok
17:20:36.0844 7916 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\windows\system32\profsvc.dll
17:20:36.0906 7916 ProfSvc - ok
17:20:36.0937 7916 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
17:20:36.0968 7916 ProtectedStorage - ok
17:20:37.0000 7916 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
17:20:37.0078 7916 Psched - ok
17:20:37.0124 7916 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\windows\system32\DRIVERS\psi_mf.sys
17:20:37.0171 7916 PSI - ok
17:20:37.0218 7916 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\windows\system32\Drivers\PxHelp20.sys
17:20:37.0265 7916 PxHelp20 - ok
17:20:37.0327 7916 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
17:20:37.0405 7916 ql2300 - ok
17:20:37.0436 7916 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
17:20:37.0468 7916 ql40xx - ok
17:20:37.0483 7916 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
17:20:37.0561 7916 QWAVE - ok
17:20:37.0592 7916 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
17:20:37.0639 7916 QWAVEdrv - ok
17:20:37.0670 7916 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
17:20:37.0748 7916 RasAcd - ok
17:20:37.0764 7916 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
17:20:37.0842 7916 RasAgileVpn - ok
17:20:37.0873 7916 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
17:20:37.0951 7916 RasAuto - ok
17:20:37.0967 7916 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
17:20:38.0014 7916 Rasl2tp - ok
17:20:38.0060 7916 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll
17:20:38.0154 7916 RasMan - ok
17:20:38.0170 7916 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
17:20:38.0232 7916 RasPppoe - ok
17:20:38.0263 7916 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
17:20:38.0326 7916 RasSstp - ok
17:20:38.0372 7916 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
17:20:38.0450 7916 rdbss - ok
17:20:38.0482 7916 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
17:20:38.0513 7916 rdpbus - ok
17:20:38.0560 7916 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
17:20:38.0638 7916 RDPCDD - ok
17:20:38.0669 7916 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\windows\system32\drivers\rdpdr.sys
17:20:38.0716 7916 RDPDR - ok
17:20:38.0747 7916 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
17:20:38.0825 7916 RDPENCDD - ok
17:20:38.0840 7916 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
17:20:38.0934 7916 RDPREFMP - ok
17:20:38.0965 7916 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
17:20:38.0996 7916 RDPWD - ok
17:20:39.0043 7916 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
17:20:39.0074 7916 rdyboost - ok
17:20:39.0090 7916 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
17:20:39.0184 7916 RemoteAccess - ok
17:20:39.0215 7916 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
17:20:39.0308 7916 RemoteRegistry - ok
17:20:39.0355 7916 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
17:20:39.0418 7916 RFCOMM - ok
17:20:39.0449 7916 [ DF672613FBBCD58C38BB0BC2694BCFB0 ] rimmptsk C:\windows\system32\DRIVERS\rimmptsk.sys
17:20:39.0480 7916 rimmptsk - ok
17:20:39.0511 7916 [ E891F07815AF88075705EF6A248711F6 ] rimspci C:\windows\system32\DRIVERS\rimspe86.sys
17:20:39.0558 7916 rimspci - ok
17:20:39.0589 7916 [ 9BFB54D3559F2FF7301271D29D383564 ] rimsptsk C:\windows\system32\DRIVERS\rimsptsk.sys
17:20:39.0620 7916 rimsptsk - ok
17:20:39.0636 7916 [ D853D35F792A3A44726A794BF9A0BBC3 ] risdpcie C:\windows\system32\DRIVERS\risdpe86.sys
17:20:39.0667 7916 risdpcie - ok
17:20:39.0683 7916 [ DCB87DA83CC1010CBC9FC4DC9E395BBC ] rismxdp C:\windows\system32\DRIVERS\rixdptsk.sys
17:20:39.0714 7916 rismxdp - ok
17:20:39.0714 7916 [ 6A60626412129C713CC30C81870A8095 ] rixdpcie C:\windows\system32\DRIVERS\rixdpe86.sys
17:20:39.0761 7916 rixdpcie - ok
17:20:39.0886 7916 [ 85F9924FB26D924C4A10DC620AE2C350 ] RoxMediaDB10 c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
17:20:39.0995 7916 RoxMediaDB10 - ok
17:20:40.0026 7916 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
17:20:40.0104 7916 RpcEptMapper - ok
17:20:40.0135 7916 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
17:20:40.0182 7916 RpcLocator - ok
17:20:40.0229 7916 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\system32\rpcss.dll
17:20:40.0291 7916 RpcSs - ok
17:20:40.0338 7916 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
17:20:40.0400 7916 rspndr - ok
17:20:40.0447 7916 [ 6C50ADED23D160C95FC9859748C253DD ] RsvLock C:\windows\system32\drivers\RsvLock.sys
17:20:40.0510 7916 RsvLock - ok
17:20:40.0541 7916 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\windows\system32\drivers\vms3cap.sys
17:20:40.0603 7916 s3cap - ok
17:20:40.0650 7916 [ 31B48CB3D35D076291E3B8AFD9A7F203 ] SafeBoot C:\windows\system32\drivers\SafeBoot.sys
17:20:40.0650 7916 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 31B48CB3D35D076291E3B8AFD9A7F203
17:20:40.0650 7916 SafeBoot ( LockedFile.Multi.Generic ) - warning
17:20:40.0650 7916 SafeBoot - detected LockedFile.Multi.Generic (1)
17:20:40.0681 7916 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe
17:20:40.0697 7916 SamSs - ok
17:20:40.0728 7916 [ 67215032A3039E5B78BBBBB4F21B904E ] SbAlg C:\windows\system32\drivers\SbAlg.sys
17:20:40.0790 7916 SbAlg - ok
17:20:40.0806 7916 [ CD8E12BB9B16C55DEF2AC52B78A09F09 ] SbFsLock C:\windows\system32\drivers\SbFsLock.sys
17:20:40.0853 7916 SbFsLock - ok
17:20:40.0884 7916 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys
17:20:40.0915 7916 sbp2port - ok
17:20:40.0946 7916 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
17:20:41.0024 7916 SCardSvr - ok
17:20:41.0056 7916 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
17:20:41.0102 7916 scfilter - ok
17:20:41.0165 7916 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll
17:20:41.0258 7916 Schedule - ok
17:20:41.0290 7916 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll
17:20:41.0336 7916 SCPolicySvc - ok
17:20:41.0352 7916 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\windows\system32\drivers\sdbus.sys
17:20:41.0383 7916 sdbus - ok
17:20:41.0430 7916 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll
17:20:41.0477 7916 SDRSVC - ok
17:20:41.0508 7916 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
17:20:41.0570 7916 secdrv - ok
17:20:41.0602 7916 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
17:20:41.0680 7916 seclogon - ok
17:20:41.0758 7916 [ 9901DCF2B6DD2AD12CB42BD559E0C92D ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
17:20:41.0882 7916 Secunia PSI Agent - ok
17:20:41.0914 7916 [ 4F2056349F8BA4154D5213BF8A476B14 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
17:20:42.0007 7916 Secunia Update Agent - ok
17:20:42.0023 7916 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll
17:20:42.0070 7916 SENS - ok
17:20:42.0101 7916 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\windows\system32\sensrsvc.dll
17:20:42.0148 7916 SensrSvc - ok
17:20:42.0194 7916 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
17:20:42.0241 7916 Serenum - ok
17:20:42.0272 7916 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
17:20:42.0319 7916 Serial - ok
17:20:42.0350 7916 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
17:20:42.0397 7916 sermouse - ok
17:20:42.0506 7916 [ 9BDE8F1F5D060E912FCF9FB58B71CBC1 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
17:20:42.0553 7916 ServiceLayer - ok
17:20:42.0631 7916 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll
17:20:42.0709 7916 SessionEnv - ok
17:20:42.0756 7916 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys
17:20:42.0787 7916 sffdisk - ok
17:20:42.0803 7916 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
17:20:42.0834 7916 sffp_mmc - ok
17:20:42.0850 7916 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
17:20:42.0881 7916 sffp_sd - ok
17:20:42.0912 7916 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
17:20:42.0959 7916 sfloppy - ok
17:20:43.0006 7916 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
17:20:43.0099 7916 SharedAccess - ok
17:20:43.0146 7916 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
17:20:43.0208 7916 ShellHWDetection - ok
17:20:43.0224 7916 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys
17:20:43.0255 7916 sisagp - ok
17:20:43.0286 7916 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
17:20:43.0318 7916 SiSRaid2 - ok
17:20:43.0333 7916 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
17:20:43.0349 7916 SiSRaid4 - ok
17:20:43.0427 7916 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:20:43.0458 7916 SkypeUpdate - ok
17:20:43.0489 7916 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
17:20:43.0552 7916 Smb - ok
17:20:43.0598 7916 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
17:20:43.0645 7916 SNMPTRAP - ok
17:20:43.0739 7916 [ 1DB08CBDDA27E3F143137638D422CF45 ] SNP2UVC C:\windows\system32\DRIVERS\snp2uvc.sys
17:20:43.0848 7916 SNP2UVC - ok
17:20:43.0879 7916 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
17:20:43.0895 7916 spldr - ok
17:20:43.0926 7916 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\windows\System32\spoolsv.exe
17:20:44.0004 7916 Spooler - ok
17:20:44.0113 7916 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe
17:20:44.0316 7916 sppsvc - ok
17:20:44.0363 7916 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll
17:20:44.0441 7916 sppuinotify - ok
17:20:44.0488 7916 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys
17:20:44.0550 7916 srv - ok
17:20:44.0597 7916 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys
17:20:44.0644 7916 srv2 - ok
17:20:44.0690 7916 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
17:20:44.0737 7916 srvnet - ok
17:20:44.0784 7916 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
17:20:44.0878 7916 SSDPSRV - ok
17:20:44.0909 7916 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
17:20:45.0018 7916 SstpSvc - ok
17:20:45.0127 7916 [ 03F6CF42A1DB74290448CDE668578C87 ] STacSV C:\Program Files\IDT\WDM\STacSV.exe
17:20:45.0158 7916 STacSV - ok
17:20:45.0190 7916 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
17:20:45.0221 7916 stexstor - ok
17:20:45.0252 7916 [ 8A8246F40792956E957F3E8D0C188963 ] STHDA C:\windows\system32\DRIVERS\stwrt.sys
17:20:45.0314 7916 STHDA - ok
17:20:45.0377 7916 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\windows\system32\DRIVERS\serscan.sys
17:20:45.0408 7916 StillCam - ok
17:20:45.0455 7916 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll
17:20:45.0533 7916 StiSvc - ok
17:20:45.0564 7916 [ AD989072596AB313D7FA13BCF69573F7 ] stllssvr c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
17:20:45.0580 7916 stllssvr - ok
17:20:45.0611 7916 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\windows\system32\drivers\vmstorfl.sys
17:20:45.0626 7916 storflt - ok
17:20:45.0658 7916 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\windows\system32\storsvc.dll
17:20:45.0704 7916 StorSvc - ok
17:20:45.0751 7916 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\windows\system32\drivers\storvsc.sys
17:20:45.0782 7916 storvsc - ok
17:20:45.0798 7916 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\drivers\swenum.sys
17:20:45.0829 7916 swenum - ok
17:20:45.0860 7916 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
17:20:45.0970 7916 swprv - ok
17:20:46.0063 7916 [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
17:20:46.0188 7916 SynTP - ok
17:20:46.0250 7916 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll
17:20:46.0360 7916 SysMain - ok
17:20:46.0406 7916 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
17:20:46.0469 7916 TabletInputService - ok
17:20:46.0516 7916 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll
17:20:46.0625 7916 TapiSrv - ok
17:20:46.0656 7916 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
17:20:46.0750 7916 TBS - ok
17:20:46.0812 7916 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\windows\system32\drivers\tcpip.sys
17:20:46.0890 7916 Tcpip - ok
17:20:46.0937 7916 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
17:20:47.0015 7916 TCPIP6 - ok
17:20:47.0077 7916 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
17:20:47.0124 7916 tcpipreg - ok
17:20:47.0171 7916 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
17:20:47.0202 7916 TDPIPE - ok
17:20:47.0249 7916 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
17:20:47.0264 7916 TDTCP - ok
17:20:47.0296 7916 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys
17:20:47.0374 7916 tdx - ok
17:20:47.0576 7916 [ 6B1B2F8D62D606B200C2072564090104 ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
17:20:47.0779 7916 TeamViewer8 - ok
17:20:47.0795 7916 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\drivers\termdd.sys
17:20:47.0826 7916 TermDD - ok
17:20:47.0873 7916 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll
17:20:47.0966 7916 TermService - ok
17:20:48.0013 7916 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
17:20:48.0076 7916 Themes - ok
17:20:48.0091 7916 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
17:20:48.0169 7916 THREADORDER - ok
17:20:48.0200 7916 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\windows\system32\drivers\tpm.sys
17:20:48.0232 7916 TPM - ok
17:20:48.0247 7916 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
17:20:48.0310 7916 TrkWks - ok
17:20:48.0372 7916 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
17:20:48.0450 7916 TrustedInstaller - ok
17:20:48.0497 7916 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
17:20:48.0575 7916 tssecsrv - ok
17:20:48.0622 7916 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
17:20:48.0668 7916 TsUsbFlt - ok
17:20:48.0731 7916 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
17:20:48.0809 7916 tunnel - ok
17:20:48.0824 7916 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
17:20:48.0856 7916 uagp35 - ok
17:20:48.0902 7916 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys
17:20:48.0965 7916 udfs - ok
17:20:48.0996 7916 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
17:20:49.0074 7916 UI0Detect - ok
17:20:49.0136 7916 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
17:20:49.0168 7916 uliagpkx - ok
17:20:49.0183 7916 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\DRIVERS\umbus.sys
17:20:49.0230 7916 umbus - ok
17:20:49.0277 7916 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
17:20:49.0324 7916 UmPass - ok
17:20:49.0370 7916 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\windows\System32\umrdp.dll
17:20:49.0402 7916 UmRdpService - ok
17:20:49.0526 7916 [ 44AA8D5D3B3B5610FEF46CA8A9C52D8C ] UNS C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:20:49.0682 7916 UNS - ok
17:20:49.0729 7916 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
17:20:49.0823 7916 upnphost - ok
17:20:49.0870 7916 [ B671514497DF7417F83919A6A5BD6BB9 ] upperdev C:\windows\system32\DRIVERS\usbser_lowerflt.sys
17:20:49.0963 7916 upperdev - ok
17:20:50.0026 7916 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\windows\system32\Drivers\usbaapl.sys
17:20:50.0057 7916 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
17:20:50.0057 7916 USBAAPL - detected UnsignedFile.Multi.Generic (1)
17:20:50.0088 7916 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
17:20:50.0135 7916 usbccgp - ok
17:20:50.0182 7916 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys
17:20:50.0228 7916 usbcir - ok
17:20:50.0275 7916 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\windows\system32\drivers\usbehci.sys
17:20:50.0291 7916 usbehci - ok
17:20:50.0322 7916 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
17:20:50.0353 7916 usbhub - ok
17:20:50.0369 7916 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\windows\system32\drivers\usbohci.sys
17:20:50.0400 7916 usbohci - ok
17:20:50.0447 7916 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
17:20:50.0478 7916 usbprint - ok
17:20:50.0494 7916 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
17:20:50.0556 7916 usbscan - ok
17:20:50.0603 7916 [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser C:\windows\system32\drivers\usbser.sys
17:20:50.0634 7916 usbser - ok
17:20:50.0650 7916 [ FF358FD3176B2E5605C4ACCD5026A5AC ] UsbserFilt C:\windows\system32\DRIVERS\usbser_lowerfltj.sys
17:20:50.0696 7916 UsbserFilt - ok
17:20:50.0728 7916 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
17:20:50.0759 7916 USBSTOR - ok
17:20:50.0774 7916 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\windows\system32\drivers\usbuhci.sys
17:20:50.0821 7916 usbuhci - ok
17:20:50.0899 7916 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
17:20:50.0930 7916 usbvideo - ok
17:20:50.0977 7916 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\windows\system32\drivers\usb8023x.sys
17:20:51.0008 7916 usb_rndisx - ok
17:20:51.0040 7916 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
17:20:51.0118 7916 UxSms - ok
17:20:51.0133 7916 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe
17:20:51.0164 7916 VaultSvc - ok
17:20:51.0242 7916 [ 8C72E0E88E5A1A70691135864F2F7F1B ] vcsFPService C:\windows\system32\vcsFPService.exe
17:20:51.0352 7916 vcsFPService - ok
17:20:51.0383 7916 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
17:20:51.0414 7916 vdrvroot - ok
17:20:51.0461 7916 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe
17:20:51.0570 7916 vds - ok
17:20:51.0602 7916 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
17:20:51.0649 7916 vga - ok
17:20:51.0665 7916 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
17:20:51.0727 7916 VgaSave - ok
17:20:51.0758 7916 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
17:20:51.0789 7916 vhdmp - ok
17:20:51.0821 7916 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys
17:20:51.0836 7916 viaagp - ok
17:20:51.0867 7916 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
17:20:51.0883 7916 ViaC7 - ok
17:20:51.0899 7916 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys
17:20:51.0930 7916 viaide - ok
17:20:51.0945 7916 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\windows\system32\drivers\vmbus.sys
17:20:51.0977 7916 vmbus - ok
17:20:51.0992 7916 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\windows\system32\drivers\VMBusHID.sys
17:20:52.0039 7916 VMBusHID - ok
17:20:52.0070 7916 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys
17:20:52.0101 7916 volmgr - ok
17:20:52.0117 7916 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
17:20:52.0164 7916 volmgrx - ok
17:20:52.0179 7916 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\windows\system32\drivers\volsnap.sys
17:20:52.0211 7916 volsnap - ok
17:20:52.0242 7916 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
17:20:52.0273 7916 vsmraid - ok
17:20:52.0335 7916 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe
17:20:52.0445 7916 VSS - ok
17:20:52.0460 7916 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
17:20:52.0491 7916 vwifibus - ok
17:20:52.0523 7916 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
17:20:52.0569 7916 vwififlt - ok
17:20:52.0602 7916 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
17:20:52.0664 7916 vwifimp - ok
17:20:52.0711 7916 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
17:20:52.0789 7916 W32Time - ok
17:20:52.0820 7916 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
17:20:52.0867 7916 WacomPen - ok
17:20:52.0914 7916 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
17:20:52.0976 7916 WANARP - ok
17:20:52.0992 7916 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
17:20:53.0038 7916 Wanarpv6 - ok
17:20:53.0101 7916 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\windows\system32\DRIVERS\wanatw4.sys
17:20:53.0116 7916 wanatw - ok
17:20:53.0163 7916 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe
17:20:53.0257 7916 wbengine - ok
17:20:53.0288 7916 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
17:20:53.0350 7916 WbioSrvc - ok
17:20:53.0397 7916 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll
17:20:53.0475 7916 wcncsvc - ok
17:20:53.0506 7916 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
17:20:53.0538 7916 WcsPlugInService - ok
17:20:53.0553 7916 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
17:20:53.0569 7916 Wd - ok
17:20:53.0616 7916 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
17:20:53.0662 7916 Wdf01000 - ok
17:20:53.0678 7916 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
17:20:53.0725 7916 WdiServiceHost - ok
17:20:53.0740 7916 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
17:20:53.0772 7916 WdiSystemHost - ok
17:20:53.0803 7916 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll
17:20:53.0850 7916 WebClient - ok
17:20:53.0865 7916 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
17:20:53.0928 7916 Wecsvc - ok
17:20:53.0943 7916 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
17:20:54.0021 7916 wercplsupport - ok
17:20:54.0052 7916 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
17:20:54.0130 7916 WerSvc - ok
17:20:54.0177 7916 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
17:20:54.0240 7916 WfpLwf - ok
17:20:54.0255 7916 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
17:20:54.0271 7916 WIMMount - ok
17:20:54.0333 7916 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:20:54.0396 7916 WinDefend - ok
17:20:54.0411 7916 WinHttpAutoProxySvc - ok
17:20:54.0474 7916 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
17:20:54.0552 7916 Winmgmt - ok
17:20:54.0630 7916 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll
17:20:54.0708 7916 WinRM - ok
17:20:54.0801 7916 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUSB C:\windows\system32\DRIVERS\WinUSB.sys
17:20:54.0832 7916 WinUSB - ok
17:20:54.0864 7916 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
17:20:54.0957 7916 Wlansvc - ok
17:20:54.0988 7916 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
17:20:55.0004 7916 WmiAcpi - ok
17:20:55.0035 7916 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
17:20:55.0051 7916 wmiApSrv - ok
17:20:55.0113 7916 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:20:55.0207 7916 WMPNetworkSvc - ok
17:20:55.0238 7916 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
17:20:55.0269 7916 WPCSvc - ok
17:20:55.0316 7916 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
17:20:55.0347 7916 WPDBusEnum - ok
17:20:55.0378 7916 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
17:20:55.0441 7916 ws2ifsl - ok
17:20:55.0472 7916 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\System32\wscsvc.dll
17:20:55.0519 7916 wscsvc - ok
17:20:55.0566 7916 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
17:20:55.0597 7916 WSDPrintDevice - ok
17:20:55.0628 7916 [ 7DC0270CFD4A05B4112E3EBBF083B595 ] WSDScan C:\windows\system32\DRIVERS\WSDScan.sys
17:20:55.0659 7916 WSDScan - ok
17:20:55.0675 7916 WSearch - ok
17:20:55.0753 7916 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
17:20:55.0862 7916 wuauserv - ok
17:20:55.0909 7916 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
17:20:55.0940 7916 WudfPf - ok
17:20:55.0956 7916 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
17:20:55.0987 7916 WUDFRd - ok
17:20:56.0034 7916 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\windows\System32\WUDFSvc.dll
17:20:56.0080 7916 wudfsvc - ok
17:20:56.0112 7916 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
17:20:56.0174 7916 WwanSvc - ok
17:20:56.0221 7916 [ F0CEEA6CC0E5BFEFC745B66DC5E9816B ] yksvc C:\windows\System32\yk62x86.dll
17:20:56.0299 7916 yksvc - ok
17:20:56.0346 7916 [ 3EB1576F77B60A6C79DD7742B67219B8 ] yukonw7 C:\windows\system32\DRIVERS\yk62x86.sys
17:20:56.0393 7916 yukonw7 - ok
17:20:56.0408 7916 ZTEusbmdm6k - ok
17:20:56.0424 7916 ZTEusbnmea - ok
17:20:56.0439 7916 ZTEusbser6k - ok
17:20:56.0486 7916 ================ Scan global ===============================
17:20:56.0517 7916 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
17:20:56.0564 7916 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\windows\system32\winsrv.dll
17:20:56.0580 7916 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\windows\system32\winsrv.dll
17:20:56.0611 7916 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
17:20:56.0642 7916 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
17:20:56.0673 7916 [Global] - ok
17:20:56.0673 7916 ================ Scan MBR ==================================
17:20:56.0689 7916 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:20:57.0110 7916 \Device\Harddisk0\DR0 - ok
17:20:57.0110 7916 ================ Scan VBR ==================================
17:20:57.0141 7916 [ DAD5035771576784088C78B6F9EADAC7 ] \Device\Harddisk0\DR0\Partition1
17:20:57.0141 7916 \Device\Harddisk0\DR0\Partition1 - ok
17:20:57.0157 7916 [ 884C21594441C30E03C8BF9ED42F6DA1 ] \Device\Harddisk0\DR0\Partition2
17:20:57.0157 7916 \Device\Harddisk0\DR0\Partition2 - ok
17:20:57.0188 7916 [ 0953A2C5366B1EB73E79412F417AED70 ] \Device\Harddisk0\DR0\Partition3
17:20:57.0188 7916 \Device\Harddisk0\DR0\Partition3 - ok
17:20:57.0204 7916 [ AF07C1C79E081243F3065F0981F55DA9 ] \Device\Harddisk0\DR0\Partition4
17:20:57.0204 7916 \Device\Harddisk0\DR0\Partition4 - ok
17:20:57.0204 7916 ============================================================
17:20:57.0204 7916 Scan finished
17:20:57.0204 7916 ============================================================
17:20:57.0235 5020 Detected object count: 6
17:20:57.0235 5020 Actual detected object count: 6
17:21:21.0743 5020 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:21:21.0743 5020 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:21:21.0743 5020 HPFSService ( UnsignedFile.Multi.Generic ) - skipped by user
17:21:21.0743 5020 HPFSService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:21:21.0743 5020 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:21:21.0743 5020 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:21:21.0758 5020 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:21:21.0758 5020 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:21:21.0758 5020 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
17:21:21.0758 5020 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
17:21:21.0758 5020 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
17:21:21.0758 5020 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:21:42.0144 6264 Deinitialize success
|
|
26.03.2013, 22:34
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Archivbombe und 2 Trojaner Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2013, 13:12
| #13 |
| | Archivbombe und 2 Trojaner hier die Log com ComboFix [code] Combofix Logfile: Code:
ATTFilter ComboFix 13-03-27.01 - Steffi Maaßen 27.03.2013 12:34:07.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2998.1387 [GMT 1:00]
ausgeführt von:: c:\users\Steffi Maa¯en\Downloads\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3D53F6F602.sys
C:\Thumbs.db
c:\users\Steffi Maaßen\AppData\Local\Microsoft\Windows\Temporary Internet Files\udDownload.tmp
c:\windows\system32\pt
c:\windows\system32\pt\DPCont32.dll.mui
c:\windows\system32\pt\DPStoreMan.dll.mui
c:\windows\system32\zip32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-27 bis 2013-03-27 ))))))))))))))))))))))))))))))
.
.
2013-03-27 11:51 . 2013-03-27 11:55 -------- d-----w- c:\users\Steffi Maaßen\AppData\Local\temp
2013-03-27 11:51 . 2013-03-27 11:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-26 16:18 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-03-26 16:18 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-24 17:46 . 2013-03-24 17:46 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-24 17:46 . 2013-03-24 17:46 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-24 08:55 . 2013-03-24 08:55 -------- d-----w- c:\program files\Common Files\Skype
2013-03-23 18:56 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-23 18:56 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-23 18:39 . 2013-03-06 23:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-23 18:39 . 2013-03-06 23:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-23 18:39 . 2013-03-06 23:33 101656 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-03-23 18:38 . 2013-03-06 23:33 199384 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-03-23 18:38 . 2013-03-06 23:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-23 18:38 . 2013-03-06 23:33 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-23 18:38 . 2013-03-06 23:33 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-03-23 18:38 . 2013-03-06 23:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-23 18:38 . 2013-03-06 23:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-23 18:38 . 2012-07-13 11:47 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-03-23 18:38 . 2013-03-06 23:32 41664 ----a-w- c:\windows\avastSS.scr
2013-03-23 18:38 . 2013-03-06 23:32 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-23 18:37 . 2013-03-23 18:37 -------- d-----w- c:\programdata\AVAST Software
2013-03-23 18:37 . 2013-03-23 18:37 -------- d-----w- c:\program files\AVAST Software
2013-03-23 18:00 . 2013-03-23 18:00 123534648 ----a-w- C:\avast_internet_security_setup.exe
2013-03-18 18:57 . 2013-03-18 18:57 -------- d-----w- c:\program files\Common Files\Haufe
2013-02-27 17:23 . 2013-02-27 17:23 -------- d-----w- c:\programdata\Viewpoint
2013-02-27 17:18 . 2013-02-27 17:18 -------- d-----w- c:\program files\CCleaner
2013-02-26 13:39 . 2013-02-26 13:39 -------- d-----w- c:\program files\iPod
2013-02-26 13:39 . 2013-02-26 13:40 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-02-26 13:39 . 2013-02-26 13:40 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-12 04:48 . 2013-03-13 09:13 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 09:13 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-05 05:00 . 2013-02-16 16:25 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-16 16:25 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 04:50 . 2013-02-16 16:21 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-17 16:11 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-16 16:25 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-16 16:25 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-09 09:59 . 2013-03-09 09:58 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"AOL Fast Start"="c:\program files\AOL 9.0 VR\AOL.EXE" [2007-06-21 50480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-09-03 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-11-28 1791272]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-04 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-04 400936]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-11-04 11264000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-14 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-14 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-14 166424]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-08-17 14904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-11-14 495708]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
c:\users\Steffi Maaßen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]
Marketsplash Drucksoftware.lnk - c:\program files\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe [2010-10-11 93752]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-9-24 573536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-10-06 02:43 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ControlCenter.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ControlCenter.lnk
backup=c:\windows\pss\ControlCenter.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2007-06-21 14:11 50480 ----a-w- c:\program files\AOL 9.0 VR\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\aol\1320602271\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2009-06-18 17:07 563736 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
R3 aswVmm;aswVmm; [x]
R3 BCMH43XX;Treiber für Broadcom 802.11-USB-Netzwerkadapter;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x]
R3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [x]
R3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
R3 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
S0 aswKbd;aswKbd; [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 aswRvrt;aswRvrt; [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 RsvLock;RsvLock; [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HRService;Haufe iDesk-Service in c:\program files\Haufe\iDesk\iDeskService\Zope;c:\program files\Haufe\iDesk\iDeskService\iDeskService.exe [x]
S2 Lexware_Professional_Datenbank;Lexware Professional Datenbank;c:\program files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
yksvcs REG_MULTI_SZ yksvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-15 14:14 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-24 17:46]
.
2013-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-10 19:01]
.
2013-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-10 19:01]
.
2013-03-26 c:\windows\Tasks\HPCeeScheduleForSteffi Maaßen.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.0.9
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10005’
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Web-Suche - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
FF - ProfilePath - c:\users\Steffi Maaßen\AppData\Roaming\Mozilla\Firefox\Profiles\dlpwjelg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - 5e8a60090000000000000026c71c0e3b
FF - user.js: extensions.BabylonToolbar_i.hardId - 5e8a60090000000000000026c71c0e3b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15444
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=5e8a60090000000000000026c71c0e3b&q=
FF - user.js: extensions.BabylonToolbar.id - 5e8a60090000000000000026c71c0e3b
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15613
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1211:56
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110195&tt=270912_nocpc_3912_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\DPFPApi.DLL
.
- - - - - - - > 'Explorer.exe'(6524)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Haufe\iDesk\iDeskService\ideskpython.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\program files\TeamViewer\Version8\TeamViewer.exe
c:\program files\TeamViewer\Version8\tv_w32.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\AOL 9.0 VR\waol.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\AOL 9.0 VR\shellmon.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
c:\program files\Common Files\Portrait Displays\Drivers\pdiSdkHelper.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
c:\windows\system32\igfxext.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-27 13:02:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-03-27 12:02
.
Vor Suchlauf: 12 Verzeichnis(se), 127.817.805.824 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 133.772.521.472 Bytes frei
.
- - End Of File - - A8E956364EF20A9E07CDB1C05146FDB8
LG Kirsche0815 |
|
27.03.2013, 16:07
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Archivbombe und 2 Trojaner JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2013, 19:35
| #15 |
| | Archivbombe und 2 Trojaner hier die Logs JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Professional x86
Ran by Steffi Maaáen on 27.03.2013 at 18:56:35,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1128291690-297645493-3885562247-1002\software\microsoft\internet explorer\searchscopes\\DefaultScope
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\menuext\web-suche
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\active setup\installed components\{03f998b2-0e00-11d3-a498-00104b6eb52e}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\active setup\installed components\{1b00725b-c455-4de6-bfb6-ad540ad427cd}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\bundlesweetimsetup_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\bundlesweetimsetup_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\viewpoint"
Successfully deleted: [Folder] "C:\Users\Steffi Maaáen\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Steffi Maaáen\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Program Files\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files\viewpoint"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Steffi Maaáen\AppData\Roaming\mozilla\firefox\profiles\dlpwjelg.default\user.js
Successfully deleted: [File] C:\Users\Steffi Maaáen\AppData\Roaming\mozilla\firefox\profiles\dlpwjelg.default\searchplugins\sweetim.xml
Successfully deleted the following from C:\Users\Steffi Maaáen\AppData\Roaming\mozilla\firefox\profiles\dlpwjelg.default\prefs.js
user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
user_pref("browser.search.order.1", "Search the web (Babylon)");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.autoRvrt", "false");
user_pref("extensions.BabylonToolbar.babExt", "");
user_pref("extensions.BabylonToolbar.babTrack", "affID=110195&tt=270912_nocpc_3912_2");
user_pref("extensions.BabylonToolbar.babext", "babExt");
user_pref("extensions.BabylonToolbar.babtrack", "babTrack");
user_pref("extensions.BabylonToolbar.bbDpng", 15);
user_pref("extensions.BabylonToolbar.cntry", "DE");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.dfltSrch", false);
user_pref("extensions.BabylonToolbar.dfltlng", "en");
user_pref("extensions.BabylonToolbar.dfltsrch", "false");
user_pref("extensions.BabylonToolbar.envrmnt", "production");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.firstrun", false);
user_pref("extensions.BabylonToolbar.hdrMd5", "590832A9A31B73E91402D5106B47CDF0");
user_pref("extensions.BabylonToolbar.hmpg", false);
user_pref("extensions.BabylonToolbar.hrdid", "5e8a60090000000000000026c71c0e3b");
user_pref("extensions.BabylonToolbar.id", "5e8a60090000000000000026c71c0e3b");
user_pref("extensions.BabylonToolbar.instlDay", "15613");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.instlday", "15613");
user_pref("extensions.BabylonToolbar.instlref", "sst");
user_pref("extensions.BabylonToolbar.isdcmntcmplt", "false");
user_pref("extensions.BabylonToolbar.keywordurl", "");
user_pref("extensions.BabylonToolbar.lastDP", 15);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1211:56:03");
user_pref("extensions.BabylonToolbar.lastdp", 30);
user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "11.0");
user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
user_pref("extensions.BabylonToolbar.newTab", false);
user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
user_pref("extensions.BabylonToolbar.newtab", "false");
user_pref("extensions.BabylonToolbar.newtaburl", "hxxp://search.babylon.com/?babsrc=NT_bb");
user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"29\",\"lastVrsn\":\"29\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0}");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.propectorlck", 73037538);
user_pref("extensions.BabylonToolbar.prtkDS", 1);
user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.prtnrid", "babylon");
user_pref("extensions.BabylonToolbar.ptch_0717", true);
user_pref("extensions.BabylonToolbar.savedVrsnTs", "1");
user_pref("extensions.BabylonToolbar.sg", "azb");
user_pref("extensions.BabylonToolbar.smplGrp", "azb");
user_pref("extensions.BabylonToolbar.smplgrp", "azb");
user_pref("extensions.BabylonToolbar.srcExt", "ss");
user_pref("extensions.BabylonToolbar.srcext", "ss");
user_pref("extensions.BabylonToolbar.srch", "");
user_pref("extensions.BabylonToolbar.srchprvdr", "");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=5e8a60090000000000000026c71c0e3b&q=");
user_pref("extensions.BabylonToolbar.tlbrid", "base");
user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=5e8a60090000000000000026c71c0e3b&q=");
user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1211:56:03");
user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
user_pref("extensions.BabylonToolbar.vrsnts", "1.6.9.1211:56:03");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110195&tt=270912_nocpc_3912_2");
user_pref("extensions.BabylonToolbar_i.hardId", "5e8a60090000000000000026c71c0e3b");
user_pref("extensions.BabylonToolbar_i.id", "5e8a60090000000000000026c71c0e3b");
user_pref("extensions.BabylonToolbar_i.instlDay", "15444");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&tt=050412_30b&babsrc=NT_ss&mntrId=5e8a60090000000000000026c71c0e3b");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1211:56:03");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Emptied folder: C:\Users\Steffi Maaáen\AppData\Roaming\mozilla\firefox\profiles\dlpwjelg.default\minidumps [165 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.03.2013 at 19:03:08,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.115 - Datei am 27/03/2013 um 19:07:55 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Steffi Maaßen - GVSSTEFFIMAAßEN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Steffi Maaßen\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\END
Datei Gefunden : C:\Users\Steffi Maaßen\AppData\Roaming\Mozilla\Firefox\Profiles\dlpwjelg.default\searchplugins\safesearch.xml
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Schlüssel Gefunden : HKLM\Software\Viewpoint
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Steffi Maaßen\AppData\Roaming\Mozilla\Firefox\Profiles\dlpwjelg.default\prefs.js
Gefunden : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"29\",\"lastVrsn\":\"29\",\"vrsnLoad\[...]
-\\ Google Chrome v25.0.1364.172
Datei : C:\Users\Steffi Maaßen\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gefunden [l.34] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Gefunden [l.37] : keyword = "babylon.com",
Gefunden [l.40] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm",
Gefunden [l.1805] : homepage = "hxxp://search.babylon.com/?affID=110195&tt=270912_nocpc_3912_2&babsrc=HP_ss&mntrId=5e8a60090000000000000026c71c0e3b",
Gefunden [l.2021] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110195&tt=270912_nocpc_3912_2&babsrc=HP_ss&mntrId=5e8a60090000000000000026c71c0e3b" ]
*************************
AdwCleaner[R1].txt - [2659 octets] - [27/03/2013 19:07:55]
########## EOF - C:\AdwCleaner[R1].txt - [2719 octets] ##########
OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 3/27/2013 7:10:48 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steffi Maaßen\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.93 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 57.90% Memory free 5.85 Gb Paging File | 4.00 Gb Available in Paging File | 68.31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 280.79 Gb Total Space | 120.69 Gb Free Space | 42.98% Space Free | Partition Type: NTFS Drive F: | 1.99 Gb Total Space | 1.47 Gb Free Space | 74.03% Space Free | Partition Type: FAT32 Computer Name: GVSSTEFFIMAAßEN | User Name: Steffi Maaßen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Steffi Maaßen\Downloads\adwcleaner.exe () PRC - C:\Users\Steffi Maaßen\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software) PRC - C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) PRC - C:\Program Files\Haufe\iDesk\iDeskService\ideskservice.exe () PRC - C:\Program Files\Haufe\iDesk\iDeskService\ideskpython.exe (Haufe Mediengruppe) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.) PRC - C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company) PRC - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.) PRC - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.) PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe (Portrait Displays, Inc.) PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (Portrait Displays, Inc) PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) PRC - C:\Program Files\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.) PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.) PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard) PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation) PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity) PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) PRC - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) PRC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC) PRC - C:\Program Files\Common Files\aol\1320602271\ee\aolsoftware.exe (America Online, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\Steffi Maaßen\Downloads\adwcleaner.exe () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a7424b1be331f4b534ea24e0c21dbe47\UIAutomationTypes.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\571b85634abf2fba6bab80c21a347081\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll () MOD - C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll () MOD - C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll () MOD - C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll () MOD - C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll () MOD - C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll () MOD - C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll () MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll () MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll () MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll () MOD - C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_de_31bf3856ad364e35\WindowsBase.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll () MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll () MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll () MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software) SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (HRService) -- C:\Program Files\Haufe\iDesk\iDeskService\ideskservice.exe () SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia) SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation) SRV - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company) SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (Lexware_Professional_Datenbank) -- C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.) SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) SRV - (PdiService) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.) SRV - (HP ProtectTools Service) -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company) SRV - (DpHost) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.) SRV - (vcsFPService) -- C:\Windows\System32\vcsFPService.exe (Validity Sensors, Inc.) SRV - (HpFkCryptService) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.) SRV - (UNS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (HPFSService) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) SRV - (FLCDLOCK) -- C:\Windows\System32\flcdlock.exe (Hewlett-Packard Ltd) SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation) SRV - (yksvc) -- C:\Windows\System32\yk62x86.dll (Marvell) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (RoxMediaDB10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (ac.sharedstore) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity) SRV - (AOL ACS) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC) ========== Driver Services (SafeList) ========== DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found DRV - (massfilter_hs) -- system32\drivers\massfilter_hs.sys File not found DRV - (massfilter) -- system32\drivers\massfilter.sys File not found DRV - (catchme) -- C:\Users\STEFFI~1\AppData\Local\Temp\catchme.sys File not found DRV - (BCMH43XX) -- system32\DRIVERS\bcmwlhigh6.sys File not found DRV - (aswSnx) -- C:\windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswVmm) -- C:\windows\System32\drivers\aswVmm.sys () DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRvrt) -- C:\windows\System32\drivers\aswRvrt.sys () DRV - (aswNdis2) -- C:\windows\System32\drivers\aswNdis2.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software) DRV - (aswFW) -- C:\windows\System32\drivers\aswFW.sys (AVAST Software) DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (aswKbd) -- C:\windows\System32\drivers\aswKbd.sys (AVAST Software) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (aswNdis) -- C:\Windows\System32\drivers\aswNdis.sys (ALWIL Software) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (SbAlg) -- C:\windows\System32\drivers\SbAlg.sys (McAfee, Inc.) DRV - (SbFsLock) -- C:\windows\System32\drivers\SbFsLock.sys (McAfee, Inc.) DRV - (RsvLock) -- C:\windows\System32\drivers\rsvlock.sys (McAfee, Inc.) DRV - (SafeBoot) -- C:\windows\System32\drivers\SafeBoot.sys () DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation) DRV - (risdpcie) -- C:\Windows\System32\drivers\risdpe86.sys (REDC) DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC) DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation) DRV - (rixdpcie) -- C:\Windows\System32\drivers\rixdpe86.sys (REDC) DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (DAMDrv) -- C:\Windows\System32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (MfeAVFK) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.) DRV - (MfeBOPK) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (MfeRKDK) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (wanatw) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.) DRV - (PDNMp50) -- C:\Windows\System32\drivers\PDNMp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (PDNSp50) -- C:\Windows\System32\drivers\PDNSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a} IE - HKLM\..\SearchScopes\{009652DF-1177-499A-872B-B3D00B1A74F8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.0.9 IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a} IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.0.9 IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a} IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.0.9 IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\URLSearchHook: - C:\Program Files\Serif\PanoramaPlus\3.0\Program\PanoramaPlus.exe (Serif (Europe) Ltd.) IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a} IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\SearchScopes\{4BEFFE0F-BA43-4CB0-8120-31EAB77DC573}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\SearchScopes\{E65EF2A5-5D91-47F8-99AF-8A98541F9FA3}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7WZPC_de IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4238 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npdeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/23 19:56:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/09 10:59:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/09 10:58:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/12/23 15:26:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/09 10:59:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/09 10:58:57 | 000,000,000 | ---D | M] [2010/12/14 18:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi Maaßen\AppData\Roaming\mozilla\Extensions [2010/12/14 18:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi Maaßen\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de [2012/10/23 19:13:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi Maaßen\AppData\Roaming\mozilla\Firefox\Profiles\dlpwjelg.default\extensions [2011/04/26 18:06:36 | 000,002,449 | ---- | M] () -- C:\Users\Steffi Maaßen\AppData\Roaming\mozilla\firefox\profiles\dlpwjelg.default\searchplugins\safesearch.xml [2013/03/09 10:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/03/09 10:58:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013/03/09 10:59:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013/02/24 13:35:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013/02/24 13:35:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/02/24 13:35:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013/02/24 13:35:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013/02/24 13:35:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013/02/24 13:35:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Search the web (Babylon) (Enabled) CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://search.babylon.com/?affID=110195&tt=270912_nocpc_3912_2&babsrc=HP_ss&mntrId=5e8a60090000000000000026c71c0e3b CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\Steffi Maa\u00DFen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: D'Fusion @Home Web Plug-In (3.10.17859) (Enabled) = C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll CHR - Extension: Norton Identity Protection = C:\Users\Steffi Maaßen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\ O1 HOSTS File: ([2013/03/27 12:54:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.) O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\__avast! sandbox\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O15 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O15 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..Trusted Ranges: Range2 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.7.0_09) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B1192F0-6900-4F7F-83F0-AC5C5EC4ABCA}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB00B81A-F251-4F01-A5C8-BFFFCB547EEA}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2A7F3C7-9329-4EDD-A901-CAB96226C7D8}: DhcpNameServer = 192.168.1.250 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\System32\DeviceNP.dll (Hewlett-Packard Limited) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/27 18:56:30 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2013/03/27 18:55:59 | 000,000,000 | ---D | C] -- C:\JRT [2013/03/27 12:54:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/03/27 12:51:59 | 000,000,000 | ---D | C] -- C:\Users\Steffi Maaßen\AppData\Local\temp [2013/03/27 12:30:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013/03/27 12:30:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013/03/27 12:30:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013/03/27 12:29:49 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/03/27 12:29:22 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013/03/26 17:18:24 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usb8023.sys [2013/03/25 19:49:09 | 000,000,000 | ---D | C] -- C:\Users\Steffi Maaßen\Desktop\mbar [2013/03/24 18:46:21 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2013/03/24 18:46:21 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2013/03/24 09:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013/03/24 09:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013/03/23 19:39:24 | 000,368,176 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys [2013/03/23 19:39:24 | 000,029,816 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys [2013/03/23 19:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security [2013/03/23 19:39:23 | 000,101,656 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFW.sys [2013/03/23 19:38:55 | 000,199,384 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswNdis2.sys [2013/03/23 19:38:54 | 000,062,376 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys [2013/03/23 19:38:54 | 000,060,656 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys [2013/03/23 19:38:54 | 000,021,576 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswKbd.sys [2013/03/23 19:38:53 | 000,765,736 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys [2013/03/23 19:38:53 | 000,066,336 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys [2013/03/23 19:38:10 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswNdis.sys [2013/03/23 19:38:08 | 000,041,664 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [2013/03/23 19:38:07 | 000,228,600 | ---- | C] (AVAST Software) -- C:\windows\System32\aswBoot.exe [2013/03/23 19:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013/03/23 19:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013/03/18 19:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Haufe [2013/03/13 12:22:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2013/03/13 12:22:47 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2013/03/13 12:22:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2013/03/13 12:22:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2013/03/13 12:22:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2013/03/13 12:22:46 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2013/03/13 12:22:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2013/03/13 12:22:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2013/03/09 10:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/03/01 14:46:15 | 000,000,000 | ---D | C] -- C:\Users\Steffi Maaßen\Desktop\CT [2013/02/27 18:38:45 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIAnimation.dll [2013/02/27 18:38:39 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll [2013/02/27 18:38:37 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll [2013/02/27 18:38:37 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll [2013/02/27 18:38:37 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/02/27 18:38:37 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/02/27 18:38:37 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/02/27 18:38:37 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/02/27 18:38:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013/02/27 18:38:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/02/27 18:38:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013/02/27 18:38:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/02/27 18:38:37 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/02/27 18:38:36 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll [2013/02/27 18:38:36 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msmpeg2vdec.dll [2013/02/27 18:38:36 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll [2013/02/27 18:38:36 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll [2013/02/27 18:38:36 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll [2013/02/27 18:38:36 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10.dll [2013/02/27 18:38:36 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll [2013/02/27 18:38:36 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll [2013/02/27 18:38:36 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll [2013/02/27 18:38:36 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10core.dll [2013/02/27 18:38:36 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsCodecsExt.dll [2013/02/27 18:38:36 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll [2013/02/27 18:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013/02/26 14:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/02/26 14:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/02/26 14:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/02/26 14:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 ========== Files - Modified Within 30 Days ========== [2013/03/27 19:12:11 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/27 18:56:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/03/27 17:53:30 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/27 17:53:30 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/27 17:52:10 | 000,654,400 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013/03/27 17:52:10 | 000,616,242 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013/03/27 17:52:10 | 000,130,240 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013/03/27 17:52:10 | 000,106,622 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013/03/27 17:46:17 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/27 17:45:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/03/27 17:45:16 | 2357,620,736 | -HS- | M] () -- C:\hiberfil.sys [2013/03/27 12:54:34 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts [2013/03/26 16:42:02 | 000,000,352 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForSteffi Maaßen.job [2013/03/24 18:46:21 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2013/03/24 18:46:21 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2013/03/23 19:56:40 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt [2013/03/23 19:39:24 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2013/03/23 19:00:02 | 123,534,648 | ---- | M] () -- C:\avast_internet_security_setup.exe [2013/03/23 10:32:05 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013/03/18 20:14:33 | 000,002,239 | ---- | M] () -- C:\Users\Public\Desktop\Haufe Steuer Office aufrufen.lnk [2013/03/18 19:49:56 | 000,002,863 | ---- | M] () -- C:\Users\Public\Desktop\Haufe Formular-Manager.lnk [2013/03/15 15:16:08 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/03/07 00:33:24 | 000,765,736 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys [2013/03/07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys [2013/03/07 00:33:24 | 000,164,736 | ---- | M] () -- C:\windows\System32\drivers\aswVmm.sys [2013/03/07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys [2013/03/07 00:33:24 | 000,049,248 | ---- | M] () -- C:\windows\System32\drivers\aswRvrt.sys [2013/03/07 00:33:23 | 000,199,384 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswNdis2.sys [2013/03/07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys [2013/03/07 00:33:23 | 000,060,656 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys [2013/03/07 00:33:22 | 000,101,656 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFW.sys [2013/03/07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys [2013/03/07 00:33:22 | 000,021,576 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswKbd.sys [2013/03/07 00:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr [2013/03/07 00:32:42 | 000,228,600 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe [2013/02/28 18:14:40 | 000,480,968 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013/02/27 18:18:24 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/02/26 14:40:25 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk ========== Files Created - No Company Name ========== [2013/03/27 12:30:17 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013/03/27 12:30:17 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013/03/27 12:30:17 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013/03/27 12:30:17 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013/03/27 12:30:17 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013/03/24 18:46:22 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/03/23 19:56:41 | 000,164,736 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys [2013/03/23 19:56:40 | 000,049,248 | ---- | C] () -- C:\windows\System32\drivers\aswRvrt.sys [2013/03/23 19:39:24 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2013/03/23 19:00:00 | 123,534,648 | ---- | C] () -- C:\avast_internet_security_setup.exe [2013/03/18 20:14:33 | 000,002,239 | ---- | C] () -- C:\Users\Public\Desktop\Haufe Steuer Office aufrufen.lnk [2013/03/18 19:49:56 | 000,002,863 | ---- | C] () -- C:\Users\Public\Desktop\Haufe Formular-Manager.lnk [2013/03/04 18:15:33 | 000,000,352 | ---- | C] () -- C:\windows\tasks\HPCeeScheduleForSteffi Maaßen.job [2013/02/27 18:26:04 | 000,001,020 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013/02/27 18:26:04 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013/02/27 18:18:24 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/02/26 14:40:25 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/11/04 11:39:42 | 000,000,062 | ---- | C] () -- C:\Users\Steffi Maaßen\AppData\Roaming\mbam.context.scan [2012/05/15 18:57:39 | 000,000,501 | ---- | C] () -- C:\windows\ODBC.INI [2012/04/26 20:35:25 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012/02/27 09:41:52 | 000,202,240 | ---- | C] () -- C:\windows\System32\LXPrnUtil10.dll [2012/02/27 09:40:44 | 000,304,128 | ---- | C] () -- C:\windows\System32\LxDNT100.dll [2012/02/27 09:38:36 | 000,133,120 | ---- | C] () -- C:\windows\System32\LxDNTvmc100.dll [2012/02/27 09:38:18 | 000,069,120 | ---- | C] () -- C:\windows\System32\LxDNTvm100.dll [2012/02/19 10:52:25 | 000,000,046 | ---- | C] () -- C:\windows\hmview.ini [2011/12/15 15:15:12 | 000,007,666 | ---- | C] () -- C:\Users\Steffi Maaßen\AppData\Roaming\.freeciv-client-rc-2.3 [2011/11/06 18:56:35 | 000,000,335 | ---- | C] () -- C:\windows\nsreg.dat [2011/07/08 18:59:17 | 000,688,128 | ---- | C] () -- C:\windows\System32\libeay32.dll [2011/07/08 18:59:17 | 000,155,648 | ---- | C] () -- C:\windows\System32\ssleay32.dll [2011/05/27 16:15:56 | 070,509,774 | ---- | C] () -- C:\Users\Steffi Maaßen\catalogo2010.pdf [2011/05/19 20:23:20 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe [2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign [2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign [2011/03/20 20:39:33 | 002,287,245 | ---- | C] () -- C:\Users\Steffi Maaßen\Buchungsbestätigung Fewo Rügen.pdf [2011/01/19 21:43:00 | 000,001,940 | ---- | C] () -- C:\Users\Steffi Maaßen\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010/10/19 19:36:32 | 000,007,680 | ---- | C] () -- C:\Users\Steffi Maaßen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/19 19:07:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011/12/15 15:26:39 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\.freeciv [2010/06/11 10:18:23 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Ahnenblatt [2010/04/19 16:37:44 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\DigitalPersona [2011/10/10 19:39:36 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\elsterformular [2011/07/09 18:01:59 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\EurekaLog [2010/11/02 17:08:03 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Haufe [2010/12/14 18:22:37 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Haufe Mediengruppe [2012/11/24 18:04:59 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\ICQ [2011/11/03 15:56:34 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\IrfanView [2012/11/01 17:51:56 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Jumping Bytes [2012/10/10 18:24:00 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Lexware [2012/05/14 20:19:33 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\mresreg [2012/11/01 20:16:04 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Nokia [2010/10/13 18:00:15 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Nokia Ovi Suite [2012/11/01 20:23:53 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Nokia Suite [2013/01/02 21:06:01 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\PC Suite [2012/10/22 19:54:23 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Reiser [2010/12/28 21:20:08 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Serif [2012/04/14 18:06:49 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\SumatraPDF [2012/09/20 17:47:26 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\TeamViewer [2011/08/10 20:05:37 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Telefónica [2012/11/12 20:54:37 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Thunderbird [2010/09/19 19:42:49 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Tific [2013/01/11 18:34:41 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\TS3Client [2011/12/16 12:12:10 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Usenet.nl [2012/11/02 12:59:03 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\WindSolutions [2012/04/26 11:20:29 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\XnView [2012/11/04 14:54:09 | 000,000,000 | ---D | M] -- C:\Users\Steffi`s Laptop\AppData\Roaming\DigitalPersona [2012/11/04 14:59:25 | 000,000,000 | ---D | M] -- C:\Users\Steffi`s Laptop\AppData\Roaming\TS3Client ========== Purity Check ========== < End of report > OTL Extra: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 3/27/2013 7:10:48 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steffi Maaßen\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.93 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 57.90% Memory free
5.85 Gb Paging File | 4.00 Gb Available in Paging File | 68.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.79 Gb Total Space | 120.69 Gb Free Space | 42.98% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.47 Gb Free Space | 74.03% Space Free | Partition Type: FAT32
Computer Name: GVSSTEFFIMAAßEN | User Name: Steffi Maaßen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-1128291690-297645493-3885562247-1002\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065F0294-8942-40F6-8E48-2B0DBBB643DC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0DF1FB25-8312-4939-8E23-0EE1BFACB8F8}" = lport=137 | protocol=17 | dir=in | app=system |
"{16AA1A12-99FF-464A-B9DB-FEAC34C3F9E1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2378674E-B64C-4055-B195-BBC75DBC1050}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{333CFC7C-FDF6-4795-B972-8FBEEF7650C0}" = rport=139 | protocol=6 | dir=out | app=system |
"{5D548F72-0411-4D1B-A9E6-A880A7787109}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{627EF6E6-7780-4FC1-A7CD-F10F5C5C577D}" = rport=138 | protocol=17 | dir=out | app=system |
"{63E12426-4B89-493E-B78F-BEC148A0612E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{6763E6AC-65AC-4764-B05E-363460D5E9AD}" = lport=445 | protocol=6 | dir=in | app=system |
"{6C52C83A-DFDD-4E43-BCAB-1DCA40367245}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{710BA40F-E5A8-405B-B108-EA316AC275D4}" = rport=445 | protocol=6 | dir=out | app=system |
"{73EA0E95-08C5-48B0-BF82-109C90158097}" = lport=138 | protocol=17 | dir=in | app=system |
"{8CF44C45-87C6-41DD-87F5-9990DC782E67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{A1CB8782-6DDE-4866-91D3-8FF346C86080}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A46F7DCA-A1DC-412E-9B98-42E4810BBC7B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) |
"{A62E7CF8-E223-43C8-B596-6106CE648FB0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA5AECDA-12D7-4CA3-9DEF-B1E771887A94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF13E3C5-E3BB-4977-BA87-D20C7FBA3733}" = rport=137 | protocol=17 | dir=out | app=system |
"{C017EECE-8519-4597-9B9D-9336BC33A097}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{CA7108BA-CE96-42C3-9B89-0243E3702057}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CAFC0885-4ED7-41FA-9C71-6096F2B827C1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CECFBD63-10EE-4731-A5B7-ACA0785095FC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{CF8A8FA1-D920-4F9E-8CED-BEC2A1D70FBD}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0138BD7D-D930-4DCC-8323-B11350CF705E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{020D27AE-E12C-4278-806E-6ACA8A53F0B1}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{03EB9D5E-AFCA-4E57-9841-D9E4CF2CD824}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A23F382-6D83-4953-A468-391AED823CE2}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{0EA2BA58-BEA0-4DD3-830C-10BD5BB6B297}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1320602271\ee\aolsoftware.exe |
"{106D6752-3113-492D-AA49-EA52819EE09C}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{15494796-AC76-4EFE-9BC6-022EC9C0CC2B}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{1AD827E0-12B5-48FC-9FB2-02B1D747D0CE}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{1CEE352B-B9B0-43FA-8385-20B381900FF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1DE44C3A-D462-4794-A3C6-81929984015C}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{1E8714A6-428E-4AA7-9797-9CAF12C7C224}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{1F84759D-76D3-405E-A8DE-9D2AA9016C7A}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) |
"{275CF15B-7BBC-4DF1-9F09-3CE8C41A762A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1320602271\ee\aolsoftware.exe |
"{289D115B-F602-4BB6-91AA-8FD3582AEF24}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{29BEA155-9A46-4BF6-84D1-65FC9440431F}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{30A2B21B-4BE6-4609-9524-8521D6E3682D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{33F6095A-5BFE-4EB6-A3E5-5A49262539D7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{3B7259CE-01BC-4144-93EF-EB990BE30B21}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{3BCC5F43-E113-4880-A97C-47C6F3287345}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) |
"{3D3FE86C-1204-4BB1-A2DA-E62D7731EBA4}" = protocol=17 | dir=in | app=c:\program files\sybase\sql anywhere 9\win32\dbsrv9.exe |
"{44C76DE1-E509-4A80-BC5F-11739F31597E}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{51AECCE7-5C23-4CE0-A751-35E3873B964A}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{5EBFB1D5-71DF-4C48-9074-EF349115B87D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FA0234B-FA58-4CFF-9C6A-F49C8A3DA649}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{60DD832A-E073-4BBB-9D48-4C9F0366EF03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{655C86BB-E277-44FF-B442-8863E0ADDC9A}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{6BE2AC02-541B-4758-8537-5C2280BF7DCF}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{74760DC9-2203-4741-A237-DC7917D8D927}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BE2BD80-4581-4B2D-A58F-D53418DAB891}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7CD3A963-9CA7-4A16-939C-32B40F72A7DC}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{7E0651ED-CC25-4B8E-9554-4952CC56863E}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{89DE36E1-30F8-473E-898B-BE071C84E439}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8BFDAAB4-3F83-4914-A895-1BB904B0FA51}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8C95737E-61DA-47B7-934E-A0218D00DBB8}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{8D50761D-D460-4026-8A19-1F10B49EA223}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{989A500A-6D31-4414-8C0E-6AC22F8B1318}" = protocol=6 | dir=in | app=c:\program files\sybase\sql anywhere 9\win32\dbsrv9.exe |
"{994735FF-4B79-438B-BFB2-C0BAC4B18B41}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9B37FE67-2387-4D99-8609-3E170A26CA2E}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{9B695A9A-F01E-4042-A797-DDB55DDBD41B}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) |
"{9BEE31C8-6492-49B1-B8F7-8A7BD9DB4D13}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{9D823BB9-D575-46BC-9587-2A0C3EB33A5B}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{9E9917E3-7958-4E70-847A-608906DA6914}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9EE183B6-0F32-48D8-921B-83916D45500C}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{A499E1C7-48D4-4FAB-8C2D-AEC1A2931663}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{AC9531A4-D64B-4D76-976D-B06F3003EC42}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{B197DEDF-A8A5-4D5D-8F03-039D414579E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDDA21CB-53FA-4972-996C-B9C1B0FB4BC2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BE2256B0-B926-40A2-9043-04CCAC86F9AA}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{BF82175C-D03D-43BE-AFC2-7995B4E52D0B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C68D52C7-CF65-48B6-B326-64C85F69DE2D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{C9EE51BB-46AE-419E-A4CF-B76DD071D20A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{CD5C9BFB-17BE-414F-9049-DF6738CDEB44}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{CF1ABF62-EE69-45C9-AEFF-67E05CDAE65D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{D1C86D32-7D80-49D2-A971-E654F3C23E43}" = protocol=6 | dir=out | app=system |
"{D6290DB5-66F9-4362-A92A-2EB387731AE6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB816D89-4FE3-4E3B-9322-DAA3A874C185}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{DBC95B44-A714-4EEA-81DF-FB16F0C42AF9}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{DCB488D3-4E16-4853-9D3A-71FD3C192FB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E623DE33-CC4E-4B9C-84E3-BFBF9B70465A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{E794ED9B-4EBE-40B6-B899-CD86280DBFA9}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{E9816B40-FD0C-4DE6-99D6-E43557699F53}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EA6B450D-FAE7-40E8-857B-C42A8B7853BB}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{F1498B64-77B7-4D02-AB5C-049B88DC8468}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{FA9F35AE-C089-43FD-ACD2-6BFD78F13FDE}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) |
"{FD8D4F3A-61F5-4BEF-8290-BF2F90B39344}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002C9FA8-ED6A-4B44-883A-29A5EEE3A7F6}" = Lexware financial office pro 2012
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{051F9CB0-1499-4A0E-A861-CB19A5AAA906}" = NetObjects Fusion 12.0
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{10A11115-4EFC-4E86-BFC1-D53A478556A1}" = HP User Guides 0142
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient x86
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{20E08DBB-9708-45E6-B4CD-3526ABC5BC6E}" = Zeugnis-Generator 10.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{32737B70-A271-4AE8-8631-6CBF6B697D45}" = SKAN
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{33EBF075-8593-4698-BDAF-CF8DED80BB5B}" = Nokia Suite
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{58215966-9BA6-485D-B8DA-4AE31150B92E}" = HP Common Access Service Library
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{5C9AA073-814D-4EB3-BE9C-4C1BACBC974C}" = Haufe Formular-Manager
"{64893BC9-D912-4A2D-A47A-E38650112781}" = Serif PanoramaPlus 3
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B54B1AE-EBCA-48BE-92AF-61D02118F093}" = Lexware online banking
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7239A06F-235B-43B1-970D-7A411FD95683}" = Nokia Software Updater
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78365FC6-09CA-4AC3-BC01-70FB46596047}" = Validity Fingerprint Driver
"{7861911B-4270-498A-8F7A-FCF0570F48E3}" = HP QuickWeb
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95EFD16D-3A38-4E7A-901A-24A92399547C}" = Lexware Elster
"{98BCAD50-58AE-4EDD-9BBA-388B221E750B}" = Privacy Manager for HP ProtectTools
"{991A4895-3346-4980-990F-A1041B73C6F7}" = HP 3D DriveGuard
"{99CBA603-937D-4058-806F-7A9AF711A1AA}" = Eumex RNDIS Driver V1.00
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABCB696E-2494-48FC-826D-0666CEE460DB}" = Drive Encryption for HP ProtectTools
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B962E962-6369-4F66-AF35-79CB39270D12}" = NetObjects Fusion 12.0
"{BA3EECE9-86A8-44B2-B655-CB3FCFE7EDF3}" = Haufe iDesk-Service
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{BAEE9CD5-A680-43A2-A5FA-6F700C5AD45A}" = HP QuickLook
"{BB3085D5-7D88-4AF2-B08E-226E26E2A169}" = Haufe iDesk-Browser
"{BB5C44BC-1ADA-4BB3-B054-4514CF582009}" = NetObjects Fusion 12.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE3AD89B-F9B2-4E22-8FAB-BCF63190ABCD}" = HP ProtectTools Security Manager
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C8439116-685C-4B25-B294-14F1C7BC4A68}" = Haufe Steuer Office
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{D5024462-1E13-4D83-B480-D586CCF0371B}" = Serif AlbumPlus SE PRO
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E2E25F53-EB64-4BC1-8A9E-B970BBEF8C1C}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E546139F-B099-4a36-BCC2-AC7D68CA9383}" = Lexware financial office pro 2012
"{E8972F40-874D-4FA6-A6F4-52A8C99D8DDA}" = Serif PhotoPlus X3
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4477CC0-7293-414A-93BC-20EE897A80F0}" = Java Card Security for HP ProtectTools
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7823B8F-05D0-457B-8F61-CA98ABE21D2D}" = HP Power Assistant
"{F8DD059A-FDA6-403A-81FC-51E522158683}" = Marketsplash Drucksoftware
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FACE9D51-E374-4DDB-857C-816FCB1D6B40}" = Eumex 800 V1.30
"{FD8234FF-A70D-4632-B146-F41AB37C0B24}" = HP Business Card Reader
"{FDC5E0B1-2739-48A1-8027-F76F2E68AC84}" = Lexware professional Datenbank 2012
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFBDA363-A033-4F32-8DE0-AEF0F105410E}" = HP ESU for Microsoft Windows 7
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"7-Zip" = 7-Zip 9.20
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ahnenblatt_is1" = Ahnenblatt 2.62
"Alice" = Alice-Installationsdateien entfernen
"AOL Deinstallation" = AOL Deinstallation
"avast" = avast! Internet Security
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"CCleaner" = CCleaner
"Drive Encryption" = Drive Encryption for HP ProtectTools
"ElsterFormular 13.0.0.8086k" = ElsterFormular
"ElsterFormular 2008 - 2009 2008-2009" = ElsterFormular 2008 - 2009
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HPProtectTools" = HP ProtectTools Security Manager
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"InstallShield_{FACE9D51-E374-4DDB-857C-816FCB1D6B40}" = Eumex 800 V1.30
"John Deere North American Farmer_is1" = John Deere North American Farmer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Nokia Suite" = Nokia Suite
"PDF Complete" = PDF Complete Special Edition
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 8" = TeamViewer 8
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1128291690-297645493-3885562247-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab PDF Reader" = FoxTab PDF Reader
========== Last 20 Event Log Errors ==========
[ Hewlett-Packard Events ]
Error - 4/23/2012 1:03:13 PM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description =
Error - 6/4/2012 1:20:53 PM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description =
Error - 7/2/2012 10:06:29 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description =
Error - 9/10/2012 10:26:16 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description =
Error - 9/10/2012 10:26:37 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description =
Error - 9/17/2012 11:23:30 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description =
Error - 9/24/2012 11:02:55 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description =
Error - 10/8/2012 11:08:37 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description =
Error - 11/13/2012 3:35:15 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description =
Error - 11/13/2012 3:29:27 PM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description =
[ HP Power Assistant Events ]
Error - 12/4/2012 5:04:45 PM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 12/29/2012 9:12:20 AM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 1/1/2013 8:17:57 AM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 1/5/2013 8:37:11 AM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 1/11/2013 1:06:30 PM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 1/13/2013 6:38:20 AM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 1/21/2013 12:52:14 PM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 2/20/2013 12:54:16 PM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 2/24/2013 1:54:59 PM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
Error - 2/25/2013 11:28:11 AM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
[ HP Wireless Assistant Events ]
Error - 11/12/2010 12:52:54 PM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 11/12/2010 12:52:54 PM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 11/13/2010 11:52:42 AM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 11/13/2010 11:52:42 AM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 6/22/2011 2:08:46 PM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
System.Management.ManagementBaseObject.get_Item(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 9/10/2011 7:09:06 AM | Computer Name = GVSSteffiMaaßen | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
bei HardwareAccess.Hardware.Instance() bei PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme
powerScheme)
Error - 12/27/2011 7:49:45 AM | Computer Name = GVSSteffiMaaßen | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
bei HardwareAccess.Hardware.Instance() bei PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme
powerScheme)
Error - 5/14/2012 6:33:25 AM | Computer Name = GVSSteffiMaaßen | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
bei HardwareAccess.Hardware.Instance() bei PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme
powerScheme)
Error - 6/2/2012 12:44:39 PM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize()
bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) bei HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
radio) bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() bei
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() bei HPPA_Service.CurrentConfiguration.ApplyFriendlyNames()
bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 9/29/2012 1:10:50 PM | Computer Name = GVSSteffiMaaßen | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
bei HardwareAccess.Hardware.Instance() bei PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme
powerScheme)
[ OSession Events ]
Error - 12/24/2010 11:08:52 AM | Computer Name = GVSSteffiMaaßen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5446
seconds with 240 seconds of active time. This session ended with a crash.
Error - 7/29/2012 5:20:33 AM | Computer Name = GVSSteffiMaaßen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 202
seconds with 180 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 3/27/2013 2:05:20 PM | Computer Name = GVSSteffiMaaßen | Source = PNRPSvc | ID = 102
Description =
Error - 3/27/2013 2:05:20 PM | Computer Name = GVSSteffiMaaßen | Source = PNRPSvc | ID = 102
Description =
Error - 3/27/2013 2:05:20 PM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 3/27/2013 2:05:20 PM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 3/27/2013 2:05:20 PM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 3/27/2013 2:05:20 PM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 3/27/2013 2:06:07 PM | Computer Name = GVSSteffiMaaßen | Source = PNRPSvc | ID = 102
Description =
Error - 3/27/2013 2:06:07 PM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 3/27/2013 2:06:07 PM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
< End of report >
LG Kirsche0815 |
|
| Themen zu Archivbombe und 2 Trojaner |
| .dll, .dll fehler, appdata, avast, c:\windows, code, dateien, fehler, google, infiziert, internet, laptop, löschen, musik, norton, norton internet security, ordner, recycle.bin, screenshot, security, sp3, temp, trojan-gen, trojaner, win32, windows |
Linear-Darstellung
