Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Archivbombe und 2 Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.03.2013, 10:50   #1
Kirsche0815
 
Archivbombe und 2 Trojaner - Standard

Archivbombe und 2 Trojaner



Hallo Ihr Fleißigen,

ich bräuchte schon wieder mal eure Hilfe, diesmal ist mein Laptop betroffen.
Nachdem ich mich gestern von Norton Internet Security verabschiedet habe und Avast! installiert habe, hat das auch beim Schnellscan sofort eine Archivbombe und 2 Trojaner sowie Mailware gefunden.

Anschließend habe ich einen Startzeitscan durch geführt. Hier das Protokoll dazu:

Code:
ATTFilter
03/23/2013 21:13
Prüfung aller lokalen Laufwerke

Datei C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\Colonization.rar|>Colonization\CLOSING.EXE|>$TEMP\Server.exe|>$SYSDIR\WinUpdateMan.exe ist infiziert von Win32:Trojan-gen, In Container verschieben: Fehler 0xC0000035 {Der Objektname ist bereits vorhanden.}, Löschen: Fehler 0xC0000035 {Der Objektname ist bereits vorhanden.}, In Container verschoben
Datei C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\Colonization.rar|>Colonization\CLOSING.EXE|>$TEMP\Server.exe|>$SYSDIR\Msdirectx.exe ist infiziert von Win32:Trojan-gen, In Container verschoben
Datei C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\Colonization.rar|>Colonization\INSTALL.EXE|>$TEMP\Server.exe|>$SYSDIR\WinUpdateMan.exe ist infiziert von Win32:Trojan-gen, In Container verschoben
Datei C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\Colonization.rar|>Colonization\INSTALL.EXE|>$TEMP\Server.exe|>$SYSDIR\Msdirectx.exe ist infiziert von Win32:Trojan-gen, In Container verschoben
Datei C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\Colonization.rar|>Colonization\MPSCOPY.EXE|>$TEMP\Server.exe|>$SYSDIR\WinUpdateMan.exe ist infiziert von Win32:Trojan-gen, In Container verschieben: Fehler 0xC0000035 {Der Objektname ist bereits vorhanden.}, In Container verschieben: Fehler 0xC0000035 {Der Objektname ist bereits vorhanden.}, Löschen: Fehler 0xC0000035 {Der Objektname ist bereits vorhanden.}, Gelöscht
Datei C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\Colonization.rar|>Colonization\MPSCOPY.EXE|>$TEMP\Server.exe|>$SYSDIR\Msdirectx.exe ist infiziert von Win32:Trojan-gen, Gelöscht
Datei C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\Colonization.rar|>Colonization\OPENING.EXE|>$TEMP\Server.exe|>$SYSDIR\WinUpdateMan.exe ist infiziert von Win32:Trojan-gen, In Container verschieben: Fehler 0xC0000035 {Der Objektname ist bereits vorhanden.}, Gelöscht
Datei C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\Colonization.rar|>Colonization\OPENING.EXE|>$TEMP\Server.exe|>$SYSDIR\Msdirectx.exe ist infiziert von Win32:Trojan-gen, Gelöscht
Datei C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\Colonization.rar|>Colonization\VICEROY.EXE|>$TEMP\Server.exe|>$SYSDIR\WinUpdateMan.exe ist infiziert von Win32:Trojan-gen, In Container verschieben: Fehler 0xC0000035 {Der Objektname ist bereits vorhanden.}, Gelöscht
Datei C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\Colonization.rar|>Colonization\VICEROY.EXE|>$TEMP\Server.exe|>$SYSDIR\Msdirectx.exe ist infiziert von Win32:Trojan-gen, Gelöscht
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000099|>ja.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_00009c|>pt-BR.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_00009e|>sk.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0000a7|>fr.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0000b8|>sr.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000126|>default.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_00012d|>vi.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000130|>tr.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000199|>ru.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0001e0|>lv.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0001f9|>th.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000206|>lt.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000222|>uk.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000229|>it.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_00025a|>ru.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_00026a|>sr.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000285|>default.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_00028d|>sk.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000293|>pl.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0002bf|>pt-PT.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0002e3|>id.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000311|>fr.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000312|>lt.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000318|>ru.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_00031b|>sr.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_00031e|>ja.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_00031f|>ko.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0003e1|>ja.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_00040a|>tr.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_00040d|>sl.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0005bb|>ja.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0005d0|>zh-CN.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0005e9|>id.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0006b6|>ko.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0006b7|>lt.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0006ba|>no.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0006c9|>hr.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0006e8|>lt.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0006e9|>pl.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_0006ef|>sk.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000700|>he.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\AppData\LocalLow\Google\GoogleEarth\webdata\f_000706|>zh-TW.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\Documents\Eigene Dokumente alter PC\Eigene Dateien\Eigene Dokumente\Privat\Lars\Umsatzsteuererklärung.zip|>Umsatzsteuererklärung.pdf Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\Documents\Eigene Dokumente alter PC\Eigene Dateien\Eigene Musik\Step\steplive.part1.rar|>steplive\i will survive.mp3 Fehler 42126 {RAR-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\Documents\Eigene Dokumente alter PC\Eigene Dateien\Eigene Musik\Step\steplive.part1.rar|>steplive\walking on sunshine.mp3 Fehler 42126 {RAR-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\Documents\Eigene Dokumente alter PC\Eigene Dateien\Eigene Musik\Step\steplive.part2.rar|>steplive\walking on sunshine.mp3 Fehler 42126 {RAR-Archiv ist beschädigt.}
Datei C:\Users\Steffi Maaßen\Documents\Eigene Dokumente alter PC\Privat\Lars\Umsatzsteuererklärung.zip|>Umsatzsteuererklärung.pdf Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Windows\Installer\19f692.msi|>Binary.Binary_jet40sp6_xp.exe|>msjetol1.dll Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Windows\Installer\19f692.msi|>Binary.Binary_jet40sp6_w2k.exe|>msltus40.dll Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Windows\Installer\19f692.msi|>Binary.Binary_jet40sp3_comp.exe|>jetsetup.cab|>msjet40.dll Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Windows\Installer\19f692.msi|>Binary.Binary_jet40sp3_comp.exe|>jetsetup.cab Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Windows\Installer\19f692.msi|>Binary.binMdactyp.C9C35FC7_5AEE_4C1E_8BD2_80ED9FA87FFF|>sqlnet.cab|>cliconfg.rll Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Windows\Installer\19f692.msi|>Binary.binMdactyp.C9C35FC7_5AEE_4C1E_8BD2_80ED9FA87FFF|>sqlnet.cab Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Windows\Installer\19f692.msi|>Binary.New_Binary3.6FC97963_2511_11D4_BB8A_|>oleaut32.dll Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Windows\Temp\000000AA|>\hpquickweb.exe Fehler 42127 {CAB-Archiv ist beschädigt.}
Anzahl durchsuchter Ordner: 36049
Anzahl der geprüften Dateien: 2429988
Anzahl infizierter Dateien: 10
         
Das Protokoll des Schnellscans, ist nicht unter Avast/report abgelegt. Aus unerklärlichen Gründen kann auch keinen Screenshot machen!?

Daher tippe ich die Funde jetzt mal per Hand ab:
C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\VICEROY.EXE|>$TEMP\Server.exe|>$SYSDIR\Msdirectx.exe --> Schweregrad: Hoch -->Bedrohung: Win32:Trojan-gen

C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7AOFHR.nl\Filemaster\Colonization\VICEROY.EXE|>$TEMP\Server.exe|>$SYSDIR\WinUpdateMan.exe --> Schweregrad: Hoch -->Bedrohung: Win32:Trojan-gen

C:\$Recycle.Bin\S-1-5-21-1128291690-297645493-3885562247-1002\$RRITCLCG.exe --> Schweregrad: Hoch -->Bedrohung: Win32:Malware-gen

C:\Users\Steffi Maaßen\Downloads\DFusionHomeWebPlugIn.Installer.exe|>nsis.hdr --> Fehler: Die Datei ist eine Archiv-Bombe

und jede Menge
C:\Users\Steffi Maaßen\Downloads\install_flashplayer11x32au_mssa_aih.exe| .... --> Fehler: Archiv ist kennwortgeschützt

Ich hoffe ihr könnt mir helfen!
LG Steffi

Alt 24.03.2013, 15:00   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Archivbombe und 2 Trojaner - Standard

Archivbombe und 2 Trojaner



Hallo,

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________

__________________

Alt 24.03.2013, 17:41   #3
Kirsche0815
 
Archivbombe und 2 Trojaner - Standard

Archivbombe und 2 Trojaner



Hier die OTL.Txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 3/24/2013 3:45:27 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Steffi Maaßen\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.93 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 52.35% Memory free
5.85 Gb Paging File | 3.70 Gb Available in Paging File | 63.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.79 Gb Total Space | 117.42 Gb Free Space | 41.82% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.47 Gb Free Space | 74.04% Space Free | Partition Type: FAT32
 
Computer Name: GVSSTEFFIMAAßEN | User Name: Steffi Maaßen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Steffi Maaßen\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files\Haufe\iDesk\iDeskService\ideskservice.exe ()
PRC - C:\Program Files\Haufe\iDesk\iDeskService\ideskpython.exe (Haufe Mediengruppe)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe (Portrait Displays, Inc.)
PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (Portrait Displays, Inc)
PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - C:\Program Files\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
PRC - C:\Program Files\AOL 9.0 VR\shellmon.exe (AOL, LLC.)
PRC - C:\Program Files\AOL 9.0 VR\waol.exe (AOL, LLC.)
PRC - C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe (AOL LLC)
PRC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Common Files\aol\1320602271\ee\aolsoftware.exe (America Online, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a7424b1be331f4b534ea24e0c21dbe47\UIAutomationTypes.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\571b85634abf2fba6bab80c21a347081\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll ()
MOD - C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_de_31bf3856ad364e35\WindowsBase.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()
MOD - C:\Program Files\AOL 9.0 VR\components\Tier2Svc.dll ()
MOD - C:\Program Files\AOL 9.0 VR\components\DataSvcs.dll ()
MOD - c:\Program Files\Common Files\aol\1320602271\ee\services\proxyprovider\ver1_0_0_1\proxyprovider.dll ()
MOD - C:\Program Files\AOL 9.0 VR\zlib.dll ()
MOD - C:\Program Files\AOL 9.0 VR\xmltok.dll ()
MOD - C:\Program Files\AOL 9.0 VR\xmlparse.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (HRService) -- C:\Program Files\Haufe\iDesk\iDeskService\ideskservice.exe ()
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (Lexware_Professional_Datenbank) -- C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (PdiService) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (HP ProtectTools Service) -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV - (DpHost) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (vcsFPService) -- C:\Windows\System32\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (HpFkCryptService) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
SRV - (UNS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (HPFSService) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (FLCDLOCK) -- C:\Windows\System32\flcdlock.exe (Hewlett-Packard Ltd)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (yksvc) -- C:\Windows\System32\yk62x86.dll (Marvell)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (RoxMediaDB10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (ac.sharedstore) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
SRV - (AOL ACS) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found
DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found
DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found
DRV - (NPF) -- system32\DRIVERS\npf.sys File not found
DRV - (massfilter_hs) -- system32\drivers\massfilter_hs.sys File not found
DRV - (massfilter) -- system32\drivers\massfilter.sys File not found
DRV - (BCMH43XX) -- system32\DRIVERS\bcmwlhigh6.sys File not found
DRV - (aswSnx) -- C:\windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\windows\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\windows\System32\drivers\aswRvrt.sys ()
DRV - (aswNdis2) -- C:\windows\System32\drivers\aswNdis2.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFW) -- C:\windows\System32\drivers\aswFW.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswKbd) -- C:\windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswNdis) -- C:\Windows\System32\drivers\aswNdis.sys (ALWIL Software)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (SbAlg) -- C:\windows\System32\drivers\SbAlg.sys (McAfee, Inc.)
DRV - (SbFsLock) -- C:\windows\System32\drivers\SbFsLock.sys (McAfee, Inc.)
DRV - (RsvLock) -- C:\windows\System32\drivers\rsvlock.sys (McAfee, Inc.)
DRV - (SafeBoot) -- C:\windows\System32\drivers\SafeBoot.sys ()
DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (risdpcie) -- C:\Windows\System32\drivers\risdpe86.sys (REDC)
DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (rixdpcie) -- C:\Windows\System32\drivers\rixdpe86.sys (REDC)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (DAMDrv) -- C:\Windows\System32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (MfeAVFK) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (MfeBOPK) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MfeRKDK) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (wanatw) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (PDNMp50) -- C:\Windows\System32\drivers\PDNMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PDNSp50) -- C:\Windows\System32\drivers\PDNSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10005’
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{009652DF-1177-499A-872B-B3D00B1A74F8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.0.9
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.0.9
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.0.9
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.0.9
 
IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.0.9
IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\URLSearchHook:  - C:\Program Files\Serif\PanoramaPlus\3.0\Program\PanoramaPlus.exe (Serif (Europe) Ltd.)
IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110195&tt=270912_nocpc_3912_2&babsrc=SP_ss&mntrId=5e8a60090000000000000026c71c0e3b
IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\SearchScopes\{4BEFFE0F-BA43-4CB0-8120-31EAB77DC573}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\SearchScopes\{E65EF2A5-5D91-47F8-99AF-8A98541F9FA3}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7WZPC_de
IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’
IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4238
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/23 19:56:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/09 10:59:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/09 10:58:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/12/23 15:26:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/09 10:59:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/09 10:58:57 | 000,000,000 | ---D | M]
 
[2010/12/14 18:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi Maaßen\AppData\Roaming\mozilla\Extensions
[2010/12/14 18:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi Maaßen\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2012/10/23 19:13:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi Maaßen\AppData\Roaming\mozilla\Firefox\Profiles\dlpwjelg.default\extensions
[2011/04/26 18:06:36 | 000,002,449 | ---- | M] () -- C:\Users\Steffi Maaßen\AppData\Roaming\mozilla\firefox\profiles\dlpwjelg.default\searchplugins\safesearch.xml
[2012/04/21 15:06:33 | 000,003,915 | ---- | M] () -- C:\Users\Steffi Maaßen\AppData\Roaming\mozilla\firefox\profiles\dlpwjelg.default\searchplugins\sweetim.xml
[2013/03/09 10:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/09 10:58:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/03/09 10:59:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/02/24 13:35:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/30 10:55:37 | 000,002,362 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2013/02/24 13:35:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/24 13:35:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013/02/24 13:35:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/02/24 13:35:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/02/24 13:35:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://search.babylon.com/?affID=110195&tt=270912_nocpc_3912_2&babsrc=HP_ss&mntrId=5e8a60090000000000000026c71c0e3b
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Steffi Maa\u00DFen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: D'Fusion @Home Web Plug-In (3.10.17859) (Enabled) = C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - Extension: Norton Identity Protection = C:\Users\Steffi Maaßen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002..\Run: []  File not found
O4 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O15 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..Trusted Ranges: Range2 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B1192F0-6900-4F7F-83F0-AC5C5EC4ABCA}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB00B81A-F251-4F01-A5C8-BFFFCB547EEA}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2A7F3C7-9329-4EDD-A901-CAB96226C7D8}: DhcpNameServer = 192.168.1.250
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/24 09:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/03/24 09:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/03/23 19:39:24 | 000,368,176 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2013/03/23 19:39:24 | 000,029,816 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2013/03/23 19:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/03/23 19:39:23 | 000,101,656 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFW.sys
[2013/03/23 19:38:55 | 000,199,384 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswNdis2.sys
[2013/03/23 19:38:54 | 000,062,376 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2013/03/23 19:38:54 | 000,060,656 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2013/03/23 19:38:54 | 000,021,576 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswKbd.sys
[2013/03/23 19:38:53 | 000,765,736 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2013/03/23 19:38:53 | 000,066,336 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2013/03/23 19:38:10 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswNdis.sys
[2013/03/23 19:38:08 | 000,041,664 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2013/03/23 19:38:07 | 000,228,600 | ---- | C] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2013/03/23 19:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/03/23 19:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/03/18 19:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Haufe
[2013/03/13 12:22:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/03/13 12:22:47 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/03/13 12:22:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/03/13 12:22:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2013/03/13 12:22:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/03/13 12:22:46 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/03/13 12:22:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2013/03/13 12:22:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2013/03/09 10:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/01 14:46:15 | 000,000,000 | ---D | C] -- C:\Users\Steffi Maaßen\Desktop\CT
[2013/02/27 18:38:45 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIAnimation.dll
[2013/02/27 18:38:39 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll
[2013/02/27 18:38:37 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2013/02/27 18:38:37 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2013/02/27 18:38:37 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 18:38:37 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 18:38:37 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 18:38:37 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 18:38:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 18:38:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 18:38:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 18:38:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 18:38:37 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 18:38:36 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll
[2013/02/27 18:38:36 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msmpeg2vdec.dll
[2013/02/27 18:38:36 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll
[2013/02/27 18:38:36 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2013/02/27 18:38:36 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2013/02/27 18:38:36 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10.dll
[2013/02/27 18:38:36 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll
[2013/02/27 18:38:36 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll
[2013/02/27 18:38:36 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2013/02/27 18:38:36 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10core.dll
[2013/02/27 18:38:36 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsCodecsExt.dll
[2013/02/27 18:38:36 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2013/02/27 18:23:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2013/02/27 18:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/02/26 14:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/02/26 14:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/02/26 14:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/02/26 14:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/02/24 13:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox.bak
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/24 15:45:21 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/24 15:45:21 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/24 15:37:41 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/24 15:36:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/03/24 15:36:48 | 2357,620,736 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/24 13:12:00 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/23 19:56:40 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2013/03/23 19:39:24 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/03/23 19:00:02 | 123,534,648 | ---- | M] () -- C:\avast_internet_security_setup.exe
[2013/03/23 10:32:05 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/03/23 06:52:46 | 000,654,400 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/03/23 06:52:46 | 000,616,242 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/03/23 06:52:46 | 000,130,240 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/03/23 06:52:46 | 000,106,622 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/03/18 20:14:33 | 000,002,239 | ---- | M] () -- C:\Users\Public\Desktop\Haufe Steuer Office aufrufen.lnk
[2013/03/18 19:49:56 | 000,002,863 | ---- | M] () -- C:\Users\Public\Desktop\Haufe Formular-Manager.lnk
[2013/03/15 15:16:08 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/07 00:33:24 | 000,765,736 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2013/03/07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2013/03/07 00:33:24 | 000,164,736 | ---- | M] () -- C:\windows\System32\drivers\aswVmm.sys
[2013/03/07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2013/03/07 00:33:24 | 000,049,248 | ---- | M] () -- C:\windows\System32\drivers\aswRvrt.sys
[2013/03/07 00:33:23 | 000,199,384 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswNdis2.sys
[2013/03/07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2013/03/07 00:33:23 | 000,060,656 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2013/03/07 00:33:22 | 000,101,656 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFW.sys
[2013/03/07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2013/03/07 00:33:22 | 000,021,576 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswKbd.sys
[2013/03/07 00:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013/03/07 00:32:42 | 000,228,600 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2013/03/05 18:23:28 | 000,000,352 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForSteffi Maaßen.job
[2013/02/28 18:14:40 | 000,480,968 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/02/27 18:18:24 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/26 14:40:25 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
 
========== Files Created - No Company Name ==========
 
[2013/03/23 19:56:41 | 000,164,736 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys
[2013/03/23 19:56:40 | 000,049,248 | ---- | C] () -- C:\windows\System32\drivers\aswRvrt.sys
[2013/03/23 19:39:24 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/03/23 19:00:00 | 123,534,648 | ---- | C] () -- C:\avast_internet_security_setup.exe
[2013/03/18 20:14:33 | 000,002,239 | ---- | C] () -- C:\Users\Public\Desktop\Haufe Steuer Office aufrufen.lnk
[2013/03/18 19:49:56 | 000,002,863 | ---- | C] () -- C:\Users\Public\Desktop\Haufe Formular-Manager.lnk
[2013/03/04 18:15:33 | 000,000,352 | ---- | C] () -- C:\windows\tasks\HPCeeScheduleForSteffi Maaßen.job
[2013/02/27 18:26:04 | 000,001,020 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/02/27 18:26:04 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/02/27 18:18:24 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/26 14:40:25 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/04 11:39:42 | 000,000,062 | ---- | C] () -- C:\Users\Steffi Maaßen\AppData\Roaming\mbam.context.scan
[2012/05/15 18:57:39 | 000,000,501 | ---- | C] () -- C:\windows\ODBC.INI
[2012/04/26 20:35:25 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/04/26 20:35:25 | 000,000,088 | RHS- | C] () -- C:\ProgramData\3D53F6F602.sys
[2012/02/27 09:41:52 | 000,202,240 | ---- | C] () -- C:\windows\System32\LXPrnUtil10.dll
[2012/02/27 09:40:44 | 000,304,128 | ---- | C] () -- C:\windows\System32\LxDNT100.dll
[2012/02/27 09:38:36 | 000,133,120 | ---- | C] () -- C:\windows\System32\LxDNTvmc100.dll
[2012/02/27 09:38:18 | 000,069,120 | ---- | C] () -- C:\windows\System32\LxDNTvm100.dll
[2012/02/19 10:52:25 | 000,000,046 | ---- | C] () -- C:\windows\hmview.ini
[2011/12/15 15:15:12 | 000,007,666 | ---- | C] () -- C:\Users\Steffi Maaßen\AppData\Roaming\.freeciv-client-rc-2.3
[2011/11/06 18:56:35 | 000,000,335 | ---- | C] () -- C:\windows\nsreg.dat
[2011/07/08 18:59:17 | 000,688,128 | ---- | C] () -- C:\windows\System32\libeay32.dll
[2011/07/08 18:59:17 | 000,155,648 | ---- | C] () -- C:\windows\System32\ssleay32.dll
[2011/05/27 16:15:56 | 070,509,774 | ---- | C] () -- C:\Users\Steffi Maaßen\catalogo2010.pdf
[2011/05/19 20:23:20 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign
[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign
[2011/03/20 20:39:33 | 002,287,245 | ---- | C] () -- C:\Users\Steffi Maaßen\Buchungsbestätigung Fewo Rügen.pdf
[2011/01/19 21:43:00 | 000,001,940 | ---- | C] () -- C:\Users\Steffi Maaßen\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/19 19:36:32 | 000,007,680 | ---- | C] () -- C:\Users\Steffi Maaßen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/19 19:07:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2011/11/07 17:16:34 | 000,001,112 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1128291690-297645493-3885562247-1002\$R7N1PZH\l.htm
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/12/15 15:26:39 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\.freeciv
[2010/06/11 10:18:23 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Ahnenblatt
[2012/04/03 12:40:06 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Babylon
[2010/04/19 16:37:44 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\DigitalPersona
[2011/10/10 19:39:36 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\elsterformular
[2011/07/09 18:01:59 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\EurekaLog
[2010/11/02 17:08:03 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Haufe
[2010/12/14 18:22:37 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Haufe Mediengruppe
[2012/11/24 18:04:59 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\ICQ
[2011/11/03 15:56:34 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\IrfanView
[2012/11/01 17:51:56 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Jumping Bytes
[2012/10/10 18:24:00 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Lexware
[2012/05/14 20:19:33 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\mresreg
[2012/11/01 20:16:04 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Nokia
[2010/10/13 18:00:15 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Nokia Ovi Suite
[2012/11/01 20:23:53 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Nokia Suite
[2013/01/02 21:06:01 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\PC Suite
[2012/04/03 12:40:01 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\pdfforge
[2012/10/22 19:54:23 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Reiser
[2010/12/28 21:20:08 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Serif
[2012/04/14 18:06:49 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\SumatraPDF
[2012/09/20 17:47:26 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\TeamViewer
[2011/08/10 20:05:37 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Telefónica
[2012/11/12 20:54:37 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Thunderbird
[2010/09/19 19:42:49 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Tific
[2013/01/11 18:34:41 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\TS3Client
[2011/12/16 12:12:10 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Usenet.nl
[2012/11/02 12:59:03 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\WindSolutions
[2012/04/26 11:20:29 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\XnView
[2012/11/04 14:54:09 | 000,000,000 | ---D | M] -- C:\Users\Steffi`s Laptop\AppData\Roaming\DigitalPersona
[2012/11/04 14:59:25 | 000,000,000 | ---D | M] -- C:\Users\Steffi`s Laptop\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


und die Extra.Txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 3/24/2013 3:45:27 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Steffi Maaßen\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.93 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 52.35% Memory free
5.85 Gb Paging File | 3.70 Gb Available in Paging File | 63.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.79 Gb Total Space | 117.42 Gb Free Space | 41.82% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.47 Gb Free Space | 74.04% Space Free | Partition Type: FAT32
 
Computer Name: GVSSTEFFIMAAßEN | User Name: Steffi Maaßen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-1128291690-297645493-3885562247-1002\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065F0294-8942-40F6-8E48-2B0DBBB643DC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0DF1FB25-8312-4939-8E23-0EE1BFACB8F8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{16AA1A12-99FF-464A-B9DB-FEAC34C3F9E1}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2378674E-B64C-4055-B195-BBC75DBC1050}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{333CFC7C-FDF6-4795-B972-8FBEEF7650C0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5D548F72-0411-4D1B-A9E6-A880A7787109}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{627EF6E6-7780-4FC1-A7CD-F10F5C5C577D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{63E12426-4B89-493E-B78F-BEC148A0612E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{6763E6AC-65AC-4764-B05E-363460D5E9AD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6C52C83A-DFDD-4E43-BCAB-1DCA40367245}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{710BA40F-E5A8-405B-B108-EA316AC275D4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{73EA0E95-08C5-48B0-BF82-109C90158097}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8CF44C45-87C6-41DD-87F5-9990DC782E67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{A1CB8782-6DDE-4866-91D3-8FF346C86080}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A46F7DCA-A1DC-412E-9B98-42E4810BBC7B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) | 
"{A62E7CF8-E223-43C8-B596-6106CE648FB0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AA5AECDA-12D7-4CA3-9DEF-B1E771887A94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BF13E3C5-E3BB-4977-BA87-D20C7FBA3733}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C017EECE-8519-4597-9B9D-9336BC33A097}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{CA7108BA-CE96-42C3-9B89-0243E3702057}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CAFC0885-4ED7-41FA-9C71-6096F2B827C1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CECFBD63-10EE-4731-A5B7-ACA0785095FC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe | 
"{CF8A8FA1-D920-4F9E-8CED-BEC2A1D70FBD}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0138BD7D-D930-4DCC-8323-B11350CF705E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 
"{020D27AE-E12C-4278-806E-6ACA8A53F0B1}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{03EB9D5E-AFCA-4E57-9841-D9E4CF2CD824}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0A23F382-6D83-4953-A468-391AED823CE2}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{0EA2BA58-BEA0-4DD3-830C-10BD5BB6B297}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1320602271\ee\aolsoftware.exe | 
"{106D6752-3113-492D-AA49-EA52819EE09C}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{15494796-AC76-4EFE-9BC6-022EC9C0CC2B}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe | 
"{1AD827E0-12B5-48FC-9FB2-02B1D747D0CE}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{1CEE352B-B9B0-43FA-8385-20B381900FF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1DE44C3A-D462-4794-A3C6-81929984015C}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{1E8714A6-428E-4AA7-9797-9CAF12C7C224}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{1F84759D-76D3-405E-A8DE-9D2AA9016C7A}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) | 
"{275CF15B-7BBC-4DF1-9F09-3CE8C41A762A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1320602271\ee\aolsoftware.exe | 
"{289D115B-F602-4BB6-91AA-8FD3582AEF24}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{29BEA155-9A46-4BF6-84D1-65FC9440431F}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{30A2B21B-4BE6-4609-9524-8521D6E3682D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{33F6095A-5BFE-4EB6-A3E5-5A49262539D7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 
"{3B7259CE-01BC-4144-93EF-EB990BE30B21}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{3BCC5F43-E113-4880-A97C-47C6F3287345}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) | 
"{3D3FE86C-1204-4BB1-A2DA-E62D7731EBA4}" = protocol=17 | dir=in | app=c:\program files\sybase\sql anywhere 9\win32\dbsrv9.exe | 
"{44C76DE1-E509-4A80-BC5F-11739F31597E}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | 
"{51AECCE7-5C23-4CE0-A751-35E3873B964A}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{5EBFB1D5-71DF-4C48-9074-EF349115B87D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5FA0234B-FA58-4CFF-9C6A-F49C8A3DA649}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{60DD832A-E073-4BBB-9D48-4C9F0366EF03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{655C86BB-E277-44FF-B442-8863E0ADDC9A}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{6BE2AC02-541B-4758-8537-5C2280BF7DCF}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{74760DC9-2203-4741-A237-DC7917D8D927}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7BE2BD80-4581-4B2D-A58F-D53418DAB891}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{7CD3A963-9CA7-4A16-939C-32B40F72A7DC}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{7E0651ED-CC25-4B8E-9554-4952CC56863E}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | 
"{89DE36E1-30F8-473E-898B-BE071C84E439}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8BFDAAB4-3F83-4914-A895-1BB904B0FA51}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8C95737E-61DA-47B7-934E-A0218D00DBB8}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{8D50761D-D460-4026-8A19-1F10B49EA223}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{989A500A-6D31-4414-8C0E-6AC22F8B1318}" = protocol=6 | dir=in | app=c:\program files\sybase\sql anywhere 9\win32\dbsrv9.exe | 
"{994735FF-4B79-438B-BFB2-C0BAC4B18B41}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9B37FE67-2387-4D99-8609-3E170A26CA2E}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{9B695A9A-F01E-4042-A797-DDB55DDBD41B}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) | 
"{9BEE31C8-6492-49B1-B8F7-8A7BD9DB4D13}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{9D823BB9-D575-46BC-9587-2A0C3EB33A5B}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{9E9917E3-7958-4E70-847A-608906DA6914}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9EE183B6-0F32-48D8-921B-83916D45500C}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{A499E1C7-48D4-4FAB-8C2D-AEC1A2931663}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{AC9531A4-D64B-4D76-976D-B06F3003EC42}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{B197DEDF-A8A5-4D5D-8F03-039D414579E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BDDA21CB-53FA-4972-996C-B9C1B0FB4BC2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BE2256B0-B926-40A2-9043-04CCAC86F9AA}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{BF82175C-D03D-43BE-AFC2-7995B4E52D0B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C68D52C7-CF65-48B6-B326-64C85F69DE2D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{C9EE51BB-46AE-419E-A4CF-B76DD071D20A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{CD5C9BFB-17BE-414F-9049-DF6738CDEB44}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{CF1ABF62-EE69-45C9-AEFF-67E05CDAE65D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{D1C86D32-7D80-49D2-A971-E654F3C23E43}" = protocol=6 | dir=out | app=system | 
"{D6290DB5-66F9-4362-A92A-2EB387731AE6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DB816D89-4FE3-4E3B-9322-DAA3A874C185}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{DBC95B44-A714-4EEA-81DF-FB16F0C42AF9}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | 
"{DCB488D3-4E16-4853-9D3A-71FD3C192FB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E623DE33-CC4E-4B9C-84E3-BFBF9B70465A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{E794ED9B-4EBE-40B6-B899-CD86280DBFA9}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{E9816B40-FD0C-4DE6-99D6-E43557699F53}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{EA6B450D-FAE7-40E8-857B-C42A8B7853BB}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{F1498B64-77B7-4D02-AB5C-049B88DC8468}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{FA9F35AE-C089-43FD-ACD2-6BFD78F13FDE}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) | 
"{FD8D4F3A-61F5-4BEF-8290-BF2F90B39344}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002C9FA8-ED6A-4B44-883A-29A5EEE3A7F6}" = Lexware financial office pro 2012
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{051F9CB0-1499-4A0E-A861-CB19A5AAA906}" = NetObjects Fusion 12.0
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{10A11115-4EFC-4E86-BFC1-D53A478556A1}" = HP User Guides 0142
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient x86
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{20E08DBB-9708-45E6-B4CD-3526ABC5BC6E}" = Zeugnis-Generator 10.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{32737B70-A271-4AE8-8631-6CBF6B697D45}" = SKAN
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{33EBF075-8593-4698-BDAF-CF8DED80BB5B}" = Nokia Suite
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{58215966-9BA6-485D-B8DA-4AE31150B92E}" = HP Common Access Service Library
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{5C9AA073-814D-4EB3-BE9C-4C1BACBC974C}" = Haufe Formular-Manager
"{64893BC9-D912-4A2D-A47A-E38650112781}" = Serif PanoramaPlus 3
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B54B1AE-EBCA-48BE-92AF-61D02118F093}" = Lexware online banking
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7239A06F-235B-43B1-970D-7A411FD95683}" = Nokia Software Updater
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78365FC6-09CA-4AC3-BC01-70FB46596047}" = Validity Fingerprint Driver
"{7861911B-4270-498A-8F7A-FCF0570F48E3}" = HP QuickWeb
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95EFD16D-3A38-4E7A-901A-24A92399547C}" = Lexware Elster
"{98BCAD50-58AE-4EDD-9BBA-388B221E750B}" = Privacy Manager for HP ProtectTools
"{991A4895-3346-4980-990F-A1041B73C6F7}" = HP 3D DriveGuard
"{99CBA603-937D-4058-806F-7A9AF711A1AA}" = Eumex RNDIS Driver V1.00
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABCB696E-2494-48FC-826D-0666CEE460DB}" = Drive Encryption for HP ProtectTools
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B962E962-6369-4F66-AF35-79CB39270D12}" = NetObjects Fusion 12.0
"{BA3EECE9-86A8-44B2-B655-CB3FCFE7EDF3}" = Haufe iDesk-Service
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{BAEE9CD5-A680-43A2-A5FA-6F700C5AD45A}" = HP QuickLook
"{BB3085D5-7D88-4AF2-B08E-226E26E2A169}" = Haufe iDesk-Browser
"{BB5C44BC-1ADA-4BB3-B054-4514CF582009}" = NetObjects Fusion 12.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE3AD89B-F9B2-4E22-8FAB-BCF63190ABCD}" = HP ProtectTools Security Manager
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C8439116-685C-4B25-B294-14F1C7BC4A68}" = Haufe Steuer Office
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{D5024462-1E13-4D83-B480-D586CCF0371B}" = Serif AlbumPlus SE PRO
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E2E25F53-EB64-4BC1-8A9E-B970BBEF8C1C}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E546139F-B099-4a36-BCC2-AC7D68CA9383}" = Lexware financial office pro 2012
"{E8972F40-874D-4FA6-A6F4-52A8C99D8DDA}" = Serif PhotoPlus X3
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4477CC0-7293-414A-93BC-20EE897A80F0}" = Java Card Security for HP ProtectTools
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7823B8F-05D0-457B-8F61-CA98ABE21D2D}" = HP Power Assistant
"{F8DD059A-FDA6-403A-81FC-51E522158683}" = Marketsplash Drucksoftware
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FACE9D51-E374-4DDB-857C-816FCB1D6B40}" = Eumex 800 V1.30
"{FD8234FF-A70D-4632-B146-F41AB37C0B24}" = HP Business Card Reader
"{FDC5E0B1-2739-48A1-8027-F76F2E68AC84}" = Lexware professional Datenbank 2012
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFBDA363-A033-4F32-8DE0-AEF0F105410E}" = HP ESU for Microsoft Windows 7
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0)
"7-Zip" = 7-Zip 9.20
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"Ahnenblatt_is1" = Ahnenblatt 2.62
"Alice" = Alice-Installationsdateien entfernen
"AOL Deinstallation" = AOL Deinstallation
"avast" = avast! Internet Security
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"CCleaner" = CCleaner
"Drive Encryption" = Drive Encryption for HP ProtectTools
"ElsterFormular 13.0.0.8086k" = ElsterFormular
"ElsterFormular 2008 - 2009 2008-2009" = ElsterFormular 2008 - 2009
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HPProtectTools" = HP ProtectTools Security Manager
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"InstallShield_{FACE9D51-E374-4DDB-857C-816FCB1D6B40}" = Eumex 800 V1.30
"John Deere North American Farmer_is1" = John Deere North American Farmer
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Nokia Suite" = Nokia Suite
"PDF Complete" = PDF Complete Special Edition
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 8" = TeamViewer 8
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1128291690-297645493-3885562247-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab PDF Reader" = FoxTab PDF Reader
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/4/2013 1:41:08 PM | Computer Name = GVSSteffiMaaßen | Source = Application Hang | ID = 1002
Description = Programm pica.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1f58    Startzeit:
 01ce18f7b562b43f    Endzeit: 16    Anwendungspfad: C:\Program Files\ElsterFormular\bin\pica.exe

Berichts-ID:
 aefeed82-84f2-11e2-aeb5-002713be1760  
 
Error - 3/9/2013 2:37:00 PM | Computer Name = GVSSteffiMaaßen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/9/2013 2:37:00 PM | Computer Name = GVSSteffiMaaßen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15615
 
Error - 3/9/2013 2:37:00 PM | Computer Name = GVSSteffiMaaßen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15615
 
Error - 3/10/2013 2:00:02 PM | Computer Name = GVSSteffiMaaßen | Source = Windows Backup | ID = 4103
Description = 
 
Error - 3/18/2013 2:47:03 PM | Computer Name = GVSSteffiMaaßen | Source = Windows Backup | ID = 4103
Description = 
 
Error - 3/18/2013 2:55:45 PM | Computer Name = GVSSteffiMaaßen | Source = Haufe iDesk-Service | ID = 61440
Description = Installation von Produkt PI19 gescheitert: 1
 
Error - 3/23/2013 10:39:45 AM | Computer Name = GVSSteffiMaaßen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/23/2013 10:39:45 AM | Computer Name = GVSSteffiMaaßen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9833243
 
Error - 3/23/2013 10:39:45 AM | Computer Name = GVSSteffiMaaßen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9833243
 
Error - 3/24/2013 10:52:26 AM | Computer Name = GVSSteffiMaaßen | Source = Application Hang | ID = 1002
Description = Programm waol.exe, Version 9.5.0.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e5c    Startzeit: 
01ce289d4a907b7e    Endzeit: 32    Anwendungspfad: C:\Program Files\AOL 9.0 VR\waol.exe    Berichts-ID:
   
 
[ Hewlett-Packard Events ]
Error - 4/23/2012 1:03:13 PM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 6/4/2012 1:20:53 PM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 7/2/2012 10:06:29 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 9/10/2012 10:26:16 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 9/10/2012 10:26:37 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 9/17/2012 11:23:30 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 9/24/2012 11:02:55 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 10/8/2012 11:08:37 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/13/2012 3:35:15 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/13/2012 3:29:27 PM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description = 
 
[ HP Power Assistant Events ]
Error - 12/4/2012 5:04:45 PM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
 
Error - 12/29/2012 9:12:20 AM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
 
Error - 1/1/2013 8:17:57 AM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
 
Error - 1/5/2013 8:37:11 AM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
 
Error - 1/11/2013 1:06:30 PM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
 
Error - 1/13/2013 6:38:20 AM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
 
Error - 1/21/2013 12:52:14 PM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
 
Error - 2/20/2013 12:54:16 PM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
 
Error - 2/24/2013 1:54:59 PM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
 
Error - 2/25/2013 11:28:11 AM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
 
[ HP Wireless Assistant Events ]
Error - 11/12/2010 12:52:54 PM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt     bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 11/12/2010 12:52:54 PM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt     bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 11/13/2010 11:52:42 AM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt     bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 11/13/2010 11:52:42 AM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt     bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 6/22/2011 2:08:46 PM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 System.Management.ManagementBaseObject.get_Item(String propertyName)     bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 9/10/2011 7:09:06 AM | Computer Name = GVSSteffiMaaßen | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  bei HardwareAccess.Hardware.Instance()     bei PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme
 powerScheme)
 
Error - 12/27/2011 7:49:45 AM | Computer Name = GVSSteffiMaaßen | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  bei HardwareAccess.Hardware.Instance()     bei PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme
 powerScheme)
 
Error - 5/14/2012 6:33:25 AM | Computer Name = GVSSteffiMaaßen | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  bei HardwareAccess.Hardware.Instance()     bei PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme
 powerScheme)
 
Error - 6/2/2012 12:44:39 PM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObjectSearcher.Initialize()

   bei System.Management.ManagementObjectSearcher.Get()     bei HPPA_Service.CurrentConfiguration.FindDevice(String
 hostPath, String portName)     bei HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
 radio)     bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()     bei 
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()     bei HPPA_Service.CurrentConfiguration.ApplyFriendlyNames()

   bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 9/29/2012 1:10:50 PM | Computer Name = GVSSteffiMaaßen | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  bei HardwareAccess.Hardware.Instance()     bei PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme
 powerScheme)
 
[ Media Center Events ]
Error - 5/2/2010 2:52:19 PM | Computer Name = GVSSteffiMaaßen | Source = MCUpdate | ID = 0
Description = 20:52:19 - Fehler beim Herstellen der Internetverbindung.  20:52:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/9/2010 10:44:09 AM | Computer Name = GVSSteffiMaaßen | Source = MCUpdate | ID = 0
Description = 16:44:09 - Directory konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten)  
 
[ OSession Events ]
Error - 12/24/2010 11:08:52 AM | Computer Name = GVSSteffiMaaßen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5446
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 7/29/2012 5:20:33 AM | Computer Name = GVSSteffiMaaßen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 202
 seconds with 180 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 3/24/2013 10:38:39 AM | Computer Name = GVSSteffiMaaßen | Source = DCOM | ID = 10016
Description = 
 
Error - 3/24/2013 10:38:51 AM | Computer Name = GVSSteffiMaaßen | Source = PNRPSvc | ID = 102
Description = 
 
Error - 3/24/2013 10:38:51 AM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 3/24/2013 10:38:51 AM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 3/24/2013 10:38:57 AM | Computer Name = GVSSteffiMaaßen | Source = PNRPSvc | ID = 102
Description = 
 
Error - 3/24/2013 10:38:57 AM | Computer Name = GVSSteffiMaaßen | Source = PNRPSvc | ID = 102
Description = 
 
Error - 3/24/2013 10:38:57 AM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 3/24/2013 10:38:57 AM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 3/24/2013 10:38:57 AM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 3/24/2013 10:38:57 AM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
 
< End of report >
         
--- --- ---
__________________

Alt 24.03.2013, 17:52   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Archivbombe und 2 Trojaner - Standard

Archivbombe und 2 Trojaner



Zitat:
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum hast du eine Professional Edition für Windows?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.03.2013, 18:35   #5
Kirsche0815
 
Archivbombe und 2 Trojaner - Standard

Archivbombe und 2 Trojaner



Hallo Cosinus,

hab ich so gekauft im Verbund mit dem Laptop.
Der wird fast ausschließlich privat genutzt, bis auf meine Buchhaltung für meinen Nebenerwerb.

LG Steffi


Alt 25.03.2013, 15:15   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Archivbombe und 2 Trojaner - Standard

Archivbombe und 2 Trojaner



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Archivbombe und 2 Trojaner

Alt 25.03.2013, 20:29   #7
Kirsche0815
 
Archivbombe und 2 Trojaner - Standard

Archivbombe und 2 Trojaner



Hallo Cosinus,

die Gmer-Log aufgrund der Länge als Archiv-Anhang.


und die MBAR-Log:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.25.13

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Steffi Maaßen :: GVSSTEFFIMAAßEN [administrator]

25.03.2013 20:16:53
mbar-log-2013-03-25 (20-16-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 33601
Time elapsed: 25 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
LG Kirsche0815

Alt 25.03.2013, 20:48   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Archivbombe und 2 Trojaner - Standard

Archivbombe und 2 Trojaner



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.03.2013, 20:54   #9
Kirsche0815
 
Archivbombe und 2 Trojaner - Standard

Archivbombe und 2 Trojaner



eine Frage dazu:
Muss ich bei dem Scan mit aswMBR.exe mein Avast! deaktivieren?

Alt 25.03.2013, 21:06   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Archivbombe und 2 Trojaner - Standard

Archivbombe und 2 Trojaner



Ja bitte deaktivieren
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.03.2013, 17:25   #11
Kirsche0815
 
Archivbombe und 2 Trojaner - Standard

Archivbombe und 2 Trojaner



hier die aswMBR-Log:
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-26 16:49:02
-----------------------------
16:49:02.171    OS Version: Windows 6.1.7601 Service Pack 1
16:49:02.171    Number of processors: 4 586 0x2502
16:49:02.171    ComputerName: GVSSTEFFIMAAßEN  UserName: Steffi Maaßen
16:49:11.562    Initialize success
16:49:12.358    AVAST engine defs: 13032400
16:49:17.880    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:49:17.880    Disk 0 Vendor: ST932042 0006 Size: 305245MB BusType: 3
16:49:18.052    Disk 0 MBR read successfully
16:49:18.052    Disk 0 MBR scan
16:49:18.052    Disk 0 Windows VISTA default MBR code
16:49:18.068    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          300 MB offset 2048
16:49:18.083    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       287533 MB offset 616448
16:49:18.286    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        15360 MB offset 589484032
16:49:18.348    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0     2043 MB offset 620941312
16:49:18.380    Disk 0 scanning sectors +625125376
16:49:18.489    Disk 0 scanning C:\windows\system32\drivers
16:49:40.391    Service scanning
16:50:00.593    Service SafeBoot C:\windows\System32\Drivers\SafeBoot.sys **LOCKED** 32
16:50:09.658    Modules scanning
16:50:34.899    Disk 0 trace - called modules:
16:50:34.930    ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys iaStor.sys 
16:50:34.945    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87bd7030]
16:50:34.961    3 CLASSPNP.SYS[8c00c59e] -> nt!IofCallDriver -> [0x87bd5960]
16:50:34.977    5 hpdskflt.sys[8cdb3090] -> nt!IofCallDriver -> [0x870e68b8]
16:50:34.992    7 ACPI.sys[8be983d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x870e2028]
16:50:44.930    AVAST engine scan C:\windows
16:50:52.932    AVAST engine scan C:\windows\system32
16:54:13.728    AVAST engine scan C:\windows\system32\drivers
16:54:30.670    AVAST engine scan C:\Users\Steffi Maaßen
17:18:42.655    Disk 0 MBR has been saved successfully to "C:\Users\Steffi Maaßen\Documents\Privat\Logs\MBR.dat"
17:18:42.671    The log file has been saved successfully to "C:\Users\Steffi Maaßen\Documents\Privat\Logs\aswMBR.txt"
         
und die TDSKiller-Log:
Code:
ATTFilter
17:19:49.0667 5516  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:19:50.0010 5516  ============================================================
17:19:50.0010 5516  Current date / time: 2013/03/26 17:19:50.0010
17:19:50.0010 5516  SystemInfo:
17:19:50.0010 5516  
17:19:50.0010 5516  OS Version: 6.1.7601 ServicePack: 1.0
17:19:50.0010 5516  Product type: Workstation
17:19:50.0010 5516  ComputerName: GVSSTEFFIMAAßEN
17:19:50.0010 5516  UserName: Steffi Maaßen
17:19:50.0010 5516  Windows directory: C:\windows
17:19:50.0010 5516  System windows directory: C:\windows
17:19:50.0010 5516  Processor architecture: Intel x86
17:19:50.0010 5516  Number of processors: 4
17:19:50.0010 5516  Page size: 0x1000
17:19:50.0010 5516  Boot type: Normal boot
17:19:50.0010 5516  ============================================================
17:19:50.0790 5516  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:19:50.0837 5516  ============================================================
17:19:50.0837 5516  \Device\Harddisk0\DR0:
17:19:50.0837 5516  MBR partitions:
17:19:50.0837 5516  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
17:19:50.0837 5516  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x23196800
17:19:50.0837 5516  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2322D000, BlocksNum 0x1E00000
17:19:50.0837 5516  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x2502D000, BlocksNum 0x3FD800
17:19:50.0837 5516  ============================================================
17:19:50.0853 5516  C: <-> \Device\Harddisk0\DR0\Partition2
17:19:50.0884 5516  F: <-> \Device\Harddisk0\DR0\Partition4
17:19:50.0884 5516  ============================================================
17:19:50.0884 5516  Initialize success
17:19:50.0884 5516  ============================================================
17:20:01.0664 7916  ============================================================
17:20:01.0664 7916  Scan started
17:20:01.0664 7916  Mode: Manual; SigCheck; TDLFS; 
17:20:01.0664 7916  ============================================================
17:20:02.0710 7916  ================ Scan system memory ========================
17:20:02.0710 7916  System memory - ok
17:20:02.0710 7916  ================ Scan services =============================
17:20:02.0897 7916  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
17:20:03.0115 7916  1394ohci - ok
17:20:03.0225 7916  [ 00659E56339389469473AEC41587E706 ] ac.sharedstore  C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
17:20:03.0256 7916  ac.sharedstore - ok
17:20:03.0287 7916  [ 4DF5E6215A102A192B2B6DBB61F2FBA5 ] Accelerometer   C:\windows\system32\DRIVERS\Accelerometer.sys
17:20:03.0303 7916  Accelerometer - ok
17:20:03.0334 7916  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\windows\system32\drivers\ACPI.sys
17:20:03.0365 7916  ACPI - ok
17:20:03.0412 7916  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
17:20:03.0505 7916  AcpiPmi - ok
17:20:03.0615 7916  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:20:03.0646 7916  AdobeARMservice - ok
17:20:03.0755 7916  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:20:03.0786 7916  AdobeFlashPlayerUpdateSvc - ok
17:20:03.0802 7916  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
17:20:03.0849 7916  adp94xx - ok
17:20:03.0880 7916  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
17:20:03.0911 7916  adpahci - ok
17:20:03.0942 7916  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
17:20:03.0973 7916  adpu320 - ok
17:20:04.0005 7916  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
17:20:04.0067 7916  AeLookupSvc - ok
17:20:04.0129 7916  [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters     C:\Program Files\IDT\WDM\aestsrv.exe
17:20:04.0176 7916  AESTFilters - ok
17:20:04.0239 7916  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\windows\system32\drivers\afd.sys
17:20:04.0285 7916  AFD - ok
17:20:04.0317 7916  [ 6416F9B6B220F0A890525C38235AFAD7 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
17:20:04.0332 7916  AgereModemAudio - ok
17:20:04.0379 7916  [ 07758C2196A62F207F77556311E7459A ] AgereSoftModem  C:\windows\system32\DRIVERS\AGRSM.sys
17:20:04.0473 7916  AgereSoftModem - ok
17:20:04.0504 7916  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\windows\system32\drivers\agp440.sys
17:20:04.0535 7916  agp440 - ok
17:20:04.0597 7916  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\windows\system32\DRIVERS\djsvs.sys
17:20:04.0629 7916  aic78xx - ok
17:20:04.0660 7916  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\windows\System32\alg.exe
17:20:04.0707 7916  ALG - ok
17:20:04.0738 7916  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\windows\system32\drivers\aliide.sys
17:20:04.0753 7916  aliide - ok
17:20:04.0785 7916  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\windows\system32\drivers\amdagp.sys
17:20:04.0800 7916  amdagp - ok
17:20:04.0816 7916  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\windows\system32\drivers\amdide.sys
17:20:04.0863 7916  amdide - ok
17:20:04.0894 7916  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
17:20:04.0941 7916  AmdK8 - ok
17:20:04.0956 7916  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
17:20:04.0987 7916  AmdPPM - ok
17:20:05.0019 7916  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\windows\system32\drivers\amdsata.sys
17:20:05.0050 7916  amdsata - ok
17:20:05.0081 7916  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
17:20:05.0112 7916  amdsbs - ok
17:20:05.0128 7916  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\windows\system32\drivers\amdxata.sys
17:20:05.0159 7916  amdxata - ok
17:20:05.0253 7916  [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS         C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
17:20:05.0284 7916  AOL ACS - ok
17:20:05.0331 7916  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\windows\system32\drivers\appid.sys
17:20:05.0393 7916  AppID - ok
17:20:05.0440 7916  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\windows\System32\appidsvc.dll
17:20:05.0518 7916  AppIDSvc - ok
17:20:05.0549 7916  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\windows\System32\appinfo.dll
17:20:05.0611 7916  Appinfo - ok
17:20:05.0721 7916  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:20:05.0752 7916  Apple Mobile Device - ok
17:20:05.0783 7916  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\windows\System32\appmgmts.dll
17:20:05.0845 7916  AppMgmt - ok
17:20:05.0877 7916  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\windows\system32\DRIVERS\arc.sys
17:20:05.0908 7916  arc - ok
17:20:05.0908 7916  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
17:20:05.0939 7916  arcsas - ok
17:20:06.0001 7916  [ CCDA8D84FD02AEC52E62F296433AE9DC ] aswFsBlk        C:\windows\system32\drivers\aswFsBlk.sys
17:20:06.0064 7916  aswFsBlk - ok
17:20:06.0095 7916  [ A65FC444F7660F0CAC9A9E22203FD4BA ] aswFW           C:\windows\system32\drivers\aswFW.sys
17:20:06.0157 7916  aswFW - ok
17:20:06.0251 7916  [ 4691B3FE3717F9D9C64A5282C8543D4D ] aswKbd          C:\windows\system32\drivers\aswKbd.sys
17:20:06.0313 7916  aswKbd - ok
17:20:06.0376 7916  [ A6E20E62871A28A0F1C05B1681848FA7 ] aswMonFlt       C:\windows\system32\drivers\aswMonFlt.sys
17:20:06.0438 7916  aswMonFlt - ok
17:20:06.0469 7916  [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis         C:\windows\system32\DRIVERS\aswNdis.sys
17:20:06.0532 7916  aswNdis - ok
17:20:06.0563 7916  [ 672A45E2AA1FA8178DB8CF1A39BEFC83 ] aswNdis2        C:\windows\system32\drivers\aswNdis2.sys
17:20:06.0625 7916  aswNdis2 - ok
17:20:06.0688 7916  [ 6844738D52970A0F482768EEA941C78E ] aswRdr          C:\windows\System32\Drivers\aswrdr2.sys
17:20:06.0750 7916  aswRdr - ok
17:20:06.0844 7916  [ 657A61979F40D67CA29716149766FFA7 ] aswRvrt         C:\windows\system32\drivers\aswRvrt.sys
17:20:06.0906 7916  aswRvrt - ok
17:20:06.0984 7916  [ 0E604867FC28F00D91CB0B00D2EC830D ] aswSnx          C:\windows\system32\drivers\aswSnx.sys
17:20:07.0078 7916  aswSnx - ok
17:20:07.0249 7916  [ 6FC4AA106AA505394C908D37CCCB9148 ] aswSP           C:\windows\system32\drivers\aswSP.sys
17:20:07.0312 7916  aswSP - ok
17:20:07.0437 7916  [ 33E21FFB063CA6C7E00D568467DC72E4 ] aswTdi          C:\windows\system32\drivers\aswTdi.sys
17:20:07.0499 7916  aswTdi - ok
17:20:07.0561 7916  [ EDB0C9BA44B748E420CCA989FD8B826E ] aswVmm          C:\windows\system32\drivers\aswVmm.sys
17:20:07.0624 7916  aswVmm - ok
17:20:07.0686 7916  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
17:20:07.0764 7916  AsyncMac - ok
17:20:07.0858 7916  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\windows\system32\drivers\atapi.sys
17:20:07.0889 7916  atapi - ok
17:20:08.0139 7916  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
17:20:08.0248 7916  AudioEndpointBuilder - ok
17:20:08.0310 7916  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\windows\System32\Audiosrv.dll
17:20:08.0388 7916  Audiosrv - ok
17:20:08.0685 7916  [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:20:08.0747 7916  avast! Antivirus - ok
17:20:08.0825 7916  [ DA387EDDBA421A7A8132E256343C2799 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
17:20:08.0887 7916  avast! Firewall - ok
17:20:09.0028 7916  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\windows\System32\AxInstSV.dll
17:20:09.0090 7916  AxInstSV - ok
17:20:09.0184 7916  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\windows\system32\DRIVERS\bxvbdx.sys
17:20:09.0246 7916  b06bdrv - ok
17:20:09.0371 7916  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
17:20:09.0433 7916  b57nd60x - ok
17:20:09.0496 7916  BCMH43XX - ok
17:20:09.0527 7916  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\windows\System32\bdesvc.dll
17:20:09.0574 7916  BDESVC - ok
17:20:09.0667 7916  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\windows\system32\drivers\Beep.sys
17:20:09.0761 7916  Beep - ok
17:20:09.0933 7916  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\windows\System32\bfe.dll
17:20:10.0089 7916  BFE - ok
17:20:10.0198 7916  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\windows\System32\qmgr.dll
17:20:10.0338 7916  BITS - ok
17:20:10.0369 7916  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
17:20:10.0416 7916  blbdrive - ok
17:20:10.0666 7916  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:20:10.0713 7916  Bonjour Service - ok
17:20:10.0791 7916  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
17:20:10.0837 7916  bowser - ok
17:20:10.0931 7916  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
17:20:10.0978 7916  BrFiltLo - ok
17:20:11.0009 7916  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
17:20:11.0118 7916  BrFiltUp - ok
17:20:11.0149 7916  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\windows\System32\browser.dll
17:20:11.0212 7916  Browser - ok
17:20:11.0274 7916  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\windows\System32\Drivers\Brserid.sys
17:20:11.0321 7916  Brserid - ok
17:20:11.0352 7916  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
17:20:11.0415 7916  BrSerWdm - ok
17:20:11.0477 7916  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
17:20:11.0555 7916  BrUsbMdm - ok
17:20:11.0633 7916  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
17:20:11.0680 7916  BrUsbSer - ok
17:20:11.0851 7916  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
17:20:11.0898 7916  BthEnum - ok
17:20:11.0976 7916  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
17:20:12.0023 7916  BTHMODEM - ok
17:20:12.0148 7916  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
17:20:12.0210 7916  BthPan - ok
17:20:12.0319 7916  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
17:20:12.0397 7916  BTHPORT - ok
17:20:12.0475 7916  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\windows\system32\bthserv.dll
17:20:12.0585 7916  bthserv - ok
17:20:12.0616 7916  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
17:20:12.0663 7916  BTHUSB - ok
17:20:12.0803 7916  [ CE5833C144CA6623BCBDE93B188AA850 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
17:20:12.0865 7916  btwaudio - ok
17:20:12.0943 7916  [ AF9148C3E844131AC954CB53FF43D971 ] btwavdt         C:\windows\system32\DRIVERS\btwavdt.sys
17:20:13.0021 7916  btwavdt - ok
17:20:13.0193 7916  [ F55C99818FD1EACFC7784958A8592536 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:20:13.0255 7916  btwdins - ok
17:20:13.0318 7916  [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
17:20:13.0349 7916  btwl2cap - ok
17:20:13.0380 7916  [ 480B3D195854B2E55299CDDDDC50BCF9 ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
17:20:13.0443 7916  btwrchid - ok
17:20:13.0552 7916  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
17:20:13.0645 7916  cdfs - ok
17:20:13.0770 7916  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\windows\system32\drivers\cdrom.sys
17:20:13.0833 7916  cdrom - ok
17:20:13.0942 7916  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\windows\System32\certprop.dll
17:20:14.0035 7916  CertPropSvc - ok
17:20:14.0067 7916  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
17:20:14.0129 7916  circlass - ok
17:20:14.0223 7916  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\windows\system32\CLFS.sys
17:20:14.0254 7916  CLFS - ok
17:20:14.0425 7916  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:20:14.0457 7916  clr_optimization_v2.0.50727_32 - ok
17:20:14.0597 7916  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:20:14.0644 7916  clr_optimization_v4.0.30319_32 - ok
17:20:14.0737 7916  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
17:20:14.0784 7916  CmBatt - ok
17:20:14.0878 7916  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\windows\system32\drivers\cmdide.sys
17:20:14.0909 7916  cmdide - ok
17:20:15.0034 7916  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\windows\system32\Drivers\cng.sys
17:20:15.0112 7916  CNG - ok
17:20:15.0361 7916  [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx       C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
17:20:15.0393 7916  Com4QLBEx - ok
17:20:15.0517 7916  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
17:20:15.0533 7916  Compbatt - ok
17:20:15.0689 7916  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
17:20:15.0736 7916  CompositeBus - ok
17:20:15.0829 7916  COMSysApp - ok
17:20:15.0876 7916  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
17:20:15.0907 7916  crcdisk - ok
17:20:16.0017 7916  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\windows\system32\cryptsvc.dll
17:20:16.0079 7916  CryptSvc - ok
17:20:16.0173 7916  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\windows\system32\drivers\csc.sys
17:20:16.0235 7916  CSC - ok
17:20:16.0344 7916  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\windows\System32\cscsvc.dll
17:20:16.0407 7916  CscService - ok
17:20:16.0547 7916  [ A05433F6218DCB8F0DEC232DE65F8B26 ] DAMDrv          C:\windows\system32\DRIVERS\DAMDrv.sys
17:20:16.0563 7916  DAMDrv - ok
17:20:16.0625 7916  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\windows\system32\rpcss.dll
17:20:16.0703 7916  DcomLaunch - ok
17:20:16.0750 7916  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\windows\System32\defragsvc.dll
17:20:16.0812 7916  defragsvc - ok
17:20:17.0031 7916  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
17:20:17.0124 7916  DfsC - ok
17:20:17.0202 7916  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\windows\system32\dhcpcore.dll
17:20:17.0280 7916  Dhcp - ok
17:20:17.0311 7916  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\windows\system32\drivers\discache.sys
17:20:17.0358 7916  discache - ok
17:20:17.0405 7916  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\windows\system32\DRIVERS\disk.sys
17:20:17.0421 7916  Disk - ok
17:20:17.0483 7916  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\windows\System32\dnsrslvr.dll
17:20:17.0545 7916  Dnscache - ok
17:20:17.0592 7916  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\windows\System32\dot3svc.dll
17:20:17.0686 7916  dot3svc - ok
17:20:17.0764 7916  [ CACE0FDD5D1EA41A36AC8CE590330834 ] DpHost          C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
17:20:17.0795 7916  DpHost - ok
17:20:17.0811 7916  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\windows\system32\dps.dll
17:20:17.0904 7916  DPS - ok
17:20:17.0935 7916  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
17:20:17.0998 7916  drmkaud - ok
17:20:18.0045 7916  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
17:20:18.0107 7916  DXGKrnl - ok
17:20:18.0138 7916  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\windows\System32\eapsvc.dll
17:20:18.0232 7916  EapHost - ok
17:20:18.0325 7916  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\windows\system32\DRIVERS\evbdx.sys
17:20:18.0513 7916  ebdrv - ok
17:20:18.0544 7916  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\windows\System32\lsass.exe
17:20:18.0591 7916  EFS - ok
17:20:18.0669 7916  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
17:20:18.0747 7916  ehRecvr - ok
17:20:18.0778 7916  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\windows\ehome\ehsched.exe
17:20:18.0825 7916  ehSched - ok
17:20:18.0871 7916  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
17:20:18.0903 7916  elxstor - ok
17:20:18.0965 7916  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\windows\system32\drivers\errdev.sys
17:20:19.0012 7916  ErrDev - ok
17:20:19.0075 7916  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\windows\system32\es.dll
17:20:19.0153 7916  EventSystem - ok
17:20:19.0200 7916  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\windows\system32\drivers\exfat.sys
17:20:19.0262 7916  exfat - ok
17:20:19.0278 7916  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\windows\system32\drivers\fastfat.sys
17:20:19.0340 7916  fastfat - ok
17:20:19.0387 7916  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\windows\system32\fxssvc.exe
17:20:19.0434 7916  Fax - ok
17:20:19.0465 7916  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\windows\system32\DRIVERS\fdc.sys
17:20:19.0512 7916  fdc - ok
17:20:19.0528 7916  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\windows\system32\fdPHost.dll
17:20:19.0621 7916  fdPHost - ok
17:20:19.0652 7916  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\windows\system32\fdrespub.dll
17:20:19.0699 7916  FDResPub - ok
17:20:19.0715 7916  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
17:20:19.0746 7916  FileInfo - ok
17:20:19.0746 7916  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
17:20:19.0824 7916  Filetrace - ok
17:20:19.0871 7916  [ 58B43566FF67F2255AF1CA916D2FDACB ] FLCDLOCK        c:\Windows\system32\flcdlock.exe
17:20:19.0902 7916  FLCDLOCK - ok
17:20:19.0918 7916  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
17:20:19.0949 7916  flpydisk - ok
17:20:19.0980 7916  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
17:20:20.0011 7916  FltMgr - ok
17:20:20.0074 7916  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\windows\system32\FntCache.dll
17:20:20.0167 7916  FontCache - ok
17:20:20.0214 7916  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:20:20.0230 7916  FontCache3.0.0.0 - ok
17:20:20.0245 7916  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
17:20:20.0261 7916  FsDepends - ok
17:20:20.0308 7916  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
17:20:20.0323 7916  Fs_Rec - ok
17:20:20.0386 7916  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
17:20:20.0417 7916  fvevol - ok
17:20:20.0448 7916  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
17:20:20.0479 7916  gagp30kx - ok
17:20:20.0526 7916  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
17:20:20.0542 7916  GEARAspiWDM - ok
17:20:20.0604 7916  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\windows\System32\gpsvc.dll
17:20:20.0713 7916  gpsvc - ok
17:20:20.0807 7916  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
17:20:20.0822 7916  gupdate - ok
17:20:20.0838 7916  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:20:20.0854 7916  gupdatem - ok
17:20:20.0869 7916  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
17:20:20.0916 7916  hcw85cir - ok
17:20:20.0994 7916  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:20:21.0041 7916  HdAudAddService - ok
17:20:21.0056 7916  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
17:20:21.0119 7916  HDAudBus - ok
17:20:21.0150 7916  [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI            C:\windows\system32\DRIVERS\HECI.sys
17:20:21.0197 7916  HECI - ok
17:20:21.0228 7916  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
17:20:21.0275 7916  HidBatt - ok
17:20:21.0306 7916  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
17:20:21.0337 7916  HidBth - ok
17:20:21.0368 7916  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
17:20:21.0415 7916  HidIr - ok
17:20:21.0446 7916  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\windows\system32\hidserv.dll
17:20:21.0540 7916  hidserv - ok
17:20:21.0571 7916  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
17:20:21.0680 7916  HidUsb - ok
17:20:21.0727 7916  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\windows\system32\kmsvc.dll
17:20:21.0805 7916  hkmsvc - ok
17:20:21.0961 7916  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
17:20:21.0992 7916  HomeGroupListener - ok
17:20:22.0070 7916  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
17:20:22.0133 7916  HomeGroupProvider - ok
17:20:22.0195 7916  [ 280A094A2862F0D2AFC117A49A5189D7 ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
17:20:22.0226 7916  HP Power Assistant Service - ok
17:20:22.0273 7916  [ 657E81DF0625198C97F91C09AE9611FC ] HP ProtectTools Service C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
17:20:22.0304 7916  HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - warning
17:20:22.0304 7916  HP ProtectTools Service - detected UnsignedFile.Multi.Generic (1)
17:20:22.0429 7916  [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
17:20:22.0445 7916  HP Support Assistant Service - ok
17:20:22.0523 7916  [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
17:20:22.0554 7916  HP Wireless Assistant Service - ok
17:20:22.0648 7916  [ D17F9E527F01770BD04A9223BC40EC22 ] HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
17:20:22.0679 7916  HPDrvMntSvc.exe - ok
17:20:22.0710 7916  [ E1D82F0C8456ABB03B7DF5D623CA47D1 ] hpdskflt        C:\windows\system32\DRIVERS\hpdskflt.sys
17:20:22.0726 7916  hpdskflt - ok
17:20:22.0772 7916  [ 5AFB3F9B74553BD933555E1C800D2CE1 ] HpFkCryptService C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
17:20:22.0835 7916  HpFkCryptService - ok
17:20:22.0882 7916  [ 1BF7C574DBA7630F88D74A84AE8D80B2 ] HPFSService     C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
17:20:22.0913 7916  HPFSService ( UnsignedFile.Multi.Generic ) - warning
17:20:22.0913 7916  HPFSService - detected UnsignedFile.Multi.Generic (1)
17:20:22.0944 7916  [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr      C:\windows\system32\DRIVERS\HpqKbFiltr.sys
17:20:22.0975 7916  HpqKbFiltr - ok
17:20:23.0038 7916  [ 0955C23C041451FB4E7099D6B2CF1C06 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
17:20:23.0084 7916  hpqwmiex - ok
17:20:23.0131 7916  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
17:20:23.0162 7916  HpSAMD - ok
17:20:23.0178 7916  [ D1F817E61D52816996B8F1EBA9A38276 ] hpsrv           C:\windows\system32\Hpservice.exe
17:20:23.0209 7916  hpsrv - ok
17:20:23.0287 7916  [ F624E93AD16E11BD0004EB4475F009A8 ] HRService       C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe
17:20:23.0303 7916  HRService - ok
17:20:23.0365 7916  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\windows\system32\drivers\HTTP.sys
17:20:23.0490 7916  HTTP - ok
17:20:23.0537 7916  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
17:20:23.0552 7916  hwpolicy - ok
17:20:23.0615 7916  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
17:20:23.0646 7916  i8042prt - ok
17:20:23.0708 7916  [ F54B3DB096ABD6E9BBBD052FD3878A48 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
17:20:23.0786 7916  IAANTMON - ok
17:20:23.0818 7916  [ 01446278D4563B3013C92830AE6CBB26 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
17:20:23.0880 7916  iaStor - ok
17:20:23.0942 7916  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
17:20:23.0989 7916  iaStorV - ok
17:20:24.0052 7916  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:20:24.0083 7916  IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:20:24.0083 7916  IDriverT - detected UnsignedFile.Multi.Generic (1)
17:20:24.0161 7916  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:20:24.0223 7916  idsvc - ok
17:20:24.0379 7916  [ FAF70667BE6D1E1FFBACC8D4FC15D645 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
17:20:24.0644 7916  igfx - ok
17:20:24.0676 7916  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
17:20:24.0707 7916  iirsp - ok
17:20:24.0769 7916  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\windows\System32\ikeext.dll
17:20:24.0847 7916  IKEEXT - ok
17:20:24.0878 7916  [ 2DB41BA61D5E44D0667CF126D35DCF34 ] Impcd           C:\windows\system32\DRIVERS\Impcd.sys
17:20:24.0910 7916  Impcd - ok
17:20:24.0972 7916  [ 29061F25ABB6E60A5B49FBEED7A5698A ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
17:20:25.0003 7916  IntcDAud - ok
17:20:25.0050 7916  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\windows\system32\drivers\intelide.sys
17:20:25.0081 7916  intelide - ok
17:20:25.0112 7916  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
17:20:25.0159 7916  intelppm - ok
17:20:25.0206 7916  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
17:20:25.0284 7916  IPBusEnum - ok
17:20:25.0331 7916  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
17:20:25.0424 7916  IpFilterDriver - ok
17:20:25.0487 7916  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
17:20:25.0549 7916  iphlpsvc - ok
17:20:25.0565 7916  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
17:20:25.0627 7916  IPMIDRV - ok
17:20:25.0643 7916  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\windows\system32\drivers\ipnat.sys
17:20:25.0721 7916  IPNAT - ok
17:20:25.0814 7916  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:20:25.0877 7916  iPod Service - ok
17:20:25.0892 7916  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\windows\system32\drivers\irenum.sys
17:20:25.0955 7916  IRENUM - ok
17:20:25.0986 7916  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\windows\system32\drivers\isapnp.sys
17:20:26.0017 7916  isapnp - ok
17:20:26.0064 7916  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
17:20:26.0095 7916  iScsiPrt - ok
17:20:26.0126 7916  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
17:20:26.0158 7916  kbdclass - ok
17:20:26.0189 7916  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
17:20:26.0220 7916  kbdhid - ok
17:20:26.0236 7916  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\windows\system32\lsass.exe
17:20:26.0267 7916  KeyIso - ok
17:20:26.0314 7916  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
17:20:26.0345 7916  KSecDD - ok
17:20:26.0392 7916  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
17:20:26.0423 7916  KSecPkg - ok
17:20:26.0454 7916  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\windows\system32\msdtckrm.dll
17:20:26.0548 7916  KtmRm - ok
17:20:26.0610 7916  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\windows\system32\srvsvc.dll
17:20:26.0704 7916  LanmanServer - ok
17:20:26.0735 7916  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
17:20:26.0828 7916  LanmanWorkstation - ok
17:20:26.0891 7916  Lexware_Professional_Datenbank - ok
17:20:26.0938 7916  [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:20:26.0969 7916  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:20:26.0969 7916  LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:20:27.0016 7916  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
17:20:27.0094 7916  lltdio - ok
17:20:27.0140 7916  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\windows\System32\lltdsvc.dll
17:20:27.0234 7916  lltdsvc - ok
17:20:27.0250 7916  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\windows\System32\lmhsvc.dll
17:20:27.0312 7916  lmhosts - ok
17:20:27.0359 7916  [ BB4E55778D8DE3885E1CDAC795DE7BCE ] LMS             C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:20:27.0421 7916  LMS - ok
17:20:27.0468 7916  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
17:20:27.0499 7916  LSI_FC - ok
17:20:27.0515 7916  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
17:20:27.0546 7916  LSI_SAS - ok
17:20:27.0562 7916  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
17:20:27.0577 7916  LSI_SAS2 - ok
17:20:27.0608 7916  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
17:20:27.0624 7916  LSI_SCSI - ok
17:20:27.0640 7916  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\windows\system32\drivers\luafv.sys
17:20:27.0733 7916  luafv - ok
17:20:27.0764 7916  massfilter - ok
17:20:27.0780 7916  massfilter_hs - ok
17:20:27.0827 7916  [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
17:20:27.0905 7916  MBAMProtector - ok
17:20:27.0936 7916  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:20:27.0983 7916  MBAMScheduler - ok
17:20:27.0998 7916  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:20:28.0061 7916  MBAMService - ok
17:20:28.0108 7916  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
17:20:28.0139 7916  Mcx2Svc - ok
17:20:28.0170 7916  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
17:20:28.0186 7916  megasas - ok
17:20:28.0217 7916  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
17:20:28.0248 7916  MegaSR - ok
17:20:28.0279 7916  [ 64B96DE8C492BD435372D9130A535F1D ] MfeAVFK         C:\windows\system32\drivers\MfeAVFK.sys
17:20:28.0357 7916  MfeAVFK - ok
17:20:28.0373 7916  [ 078E87A89D36CC3516F19D5FB518BDDC ] MfeBOPK         C:\windows\system32\drivers\MfeBOPK.sys
17:20:28.0435 7916  MfeBOPK - ok
17:20:28.0466 7916  [ 168C565101FD5B9DB694EFDEC91FAFA9 ] mfehidk         C:\windows\system32\drivers\mfehidk.sys
17:20:28.0529 7916  mfehidk - ok
17:20:28.0544 7916  [ E0842F67DC9BC4D21D1E319610EBE9E5 ] MfeRKDK         C:\windows\system32\drivers\MfeRKDK.sys
17:20:28.0607 7916  MfeRKDK - ok
17:20:28.0622 7916  [ 43A7ACBBD70ECD62F0B63486C72089A3 ] mfetdik         C:\windows\system32\drivers\mfetdik.sys
17:20:28.0685 7916  mfetdik - ok
17:20:28.0716 7916  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\windows\system32\mmcss.dll
17:20:28.0810 7916  MMCSS - ok
17:20:28.0841 7916  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\windows\system32\drivers\modem.sys
17:20:28.0903 7916  Modem - ok
17:20:28.0934 7916  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
17:20:28.0981 7916  monitor - ok
17:20:29.0028 7916  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
17:20:29.0059 7916  mouclass - ok
17:20:29.0090 7916  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
17:20:29.0106 7916  mouhid - ok
17:20:29.0153 7916  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
17:20:29.0184 7916  mountmgr - ok
17:20:29.0278 7916  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:20:29.0309 7916  MozillaMaintenance - ok
17:20:29.0356 7916  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\windows\system32\drivers\mpio.sys
17:20:29.0387 7916  mpio - ok
17:20:29.0402 7916  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
17:20:29.0496 7916  mpsdrv - ok
17:20:29.0558 7916  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\windows\system32\mpssvc.dll
17:20:29.0636 7916  MpsSvc - ok
17:20:29.0668 7916  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
17:20:29.0699 7916  MRxDAV - ok
17:20:29.0746 7916  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
17:20:29.0777 7916  mrxsmb - ok
17:20:29.0824 7916  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
17:20:29.0855 7916  mrxsmb10 - ok
17:20:29.0870 7916  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
17:20:29.0902 7916  mrxsmb20 - ok
17:20:29.0948 7916  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\windows\system32\drivers\msahci.sys
17:20:29.0964 7916  msahci - ok
17:20:29.0995 7916  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\windows\system32\drivers\msdsm.sys
17:20:30.0026 7916  msdsm - ok
17:20:30.0042 7916  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\windows\System32\msdtc.exe
17:20:30.0104 7916  MSDTC - ok
17:20:30.0151 7916  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\windows\system32\drivers\Msfs.sys
17:20:30.0229 7916  Msfs - ok
17:20:30.0260 7916  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
17:20:30.0354 7916  mshidkmdf - ok
17:20:30.0370 7916  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
17:20:30.0401 7916  msisadrv - ok
17:20:30.0432 7916  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
17:20:30.0526 7916  MSiSCSI - ok
17:20:30.0526 7916  msiserver - ok
17:20:30.0557 7916  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
17:20:30.0635 7916  MSKSSRV - ok
17:20:30.0682 7916  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
17:20:30.0760 7916  MSPCLOCK - ok
17:20:30.0791 7916  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
17:20:30.0884 7916  MSPQM - ok
17:20:30.0900 7916  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
17:20:30.0931 7916  MsRPC - ok
17:20:30.0947 7916  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
17:20:30.0978 7916  mssmbios - ok
17:20:30.0994 7916  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
17:20:31.0056 7916  MSTEE - ok
17:20:31.0072 7916  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
17:20:31.0103 7916  MTConfig - ok
17:20:31.0118 7916  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\windows\system32\Drivers\mup.sys
17:20:31.0150 7916  Mup - ok
17:20:31.0212 7916  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\windows\system32\qagentRT.dll
17:20:31.0306 7916  napagent - ok
17:20:31.0352 7916  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
17:20:31.0415 7916  NativeWifiP - ok
17:20:31.0462 7916  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\windows\system32\drivers\ndis.sys
17:20:31.0540 7916  NDIS - ok
17:20:31.0571 7916  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
17:20:31.0649 7916  NdisCap - ok
17:20:31.0696 7916  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
17:20:31.0774 7916  NdisTapi - ok
17:20:31.0820 7916  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
17:20:31.0898 7916  Ndisuio - ok
17:20:31.0945 7916  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
17:20:32.0023 7916  NdisWan - ok
17:20:32.0054 7916  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
17:20:32.0148 7916  NDProxy - ok
17:20:32.0164 7916  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
17:20:32.0226 7916  NetBIOS - ok
17:20:32.0288 7916  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
17:20:32.0382 7916  NetBT - ok
17:20:32.0413 7916  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\windows\system32\lsass.exe
17:20:32.0429 7916  Netlogon - ok
17:20:32.0476 7916  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\windows\System32\netman.dll
17:20:32.0569 7916  Netman - ok
17:20:32.0600 7916  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\windows\System32\netprofm.dll
17:20:32.0710 7916  netprofm - ok
17:20:32.0741 7916  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:20:32.0772 7916  NetTcpPortSharing - ok
17:20:32.0944 7916  [ 5B2DFA9C5C02DDF2A113CC0F551B59DF ] NETw5s32        C:\windows\system32\DRIVERS\NETw5s32.sys
17:20:33.0178 7916  NETw5s32 - ok
17:20:33.0224 7916  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
17:20:33.0240 7916  nfrd960 - ok
17:20:33.0287 7916  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\windows\System32\nlasvc.dll
17:20:33.0334 7916  NlaSvc - ok
17:20:33.0396 7916  [ 33A4B24A4C4DCF3C168E2C1151A62FC5 ] nmwcd           C:\windows\system32\drivers\ccdcmb.sys
17:20:33.0458 7916  nmwcd - ok
17:20:33.0521 7916  [ A77265EF7BF998B8BB22A1A23E72B45D ] nmwcdc          C:\windows\system32\drivers\ccdcmbo.sys
17:20:33.0583 7916  nmwcdc - ok
17:20:33.0599 7916  NPF - ok
17:20:33.0630 7916  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\windows\system32\drivers\Npfs.sys
17:20:33.0708 7916  Npfs - ok
17:20:33.0724 7916  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\windows\system32\nsisvc.dll
17:20:33.0802 7916  nsi - ok
17:20:33.0802 7916  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
17:20:33.0864 7916  nsiproxy - ok
17:20:33.0926 7916  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
17:20:34.0004 7916  Ntfs - ok
17:20:34.0020 7916  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\windows\system32\drivers\Null.sys
17:20:34.0098 7916  Null - ok
17:20:34.0160 7916  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\windows\system32\drivers\nvraid.sys
17:20:34.0192 7916  nvraid - ok
17:20:34.0207 7916  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\windows\system32\drivers\nvstor.sys
17:20:34.0238 7916  nvstor - ok
17:20:34.0254 7916  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
17:20:34.0285 7916  nv_agp - ok
17:20:34.0394 7916  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:20:34.0426 7916  odserv - ok
17:20:34.0457 7916  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
17:20:34.0504 7916  ohci1394 - ok
17:20:34.0597 7916  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:20:34.0613 7916  ose - ok
17:20:34.0660 7916  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
17:20:34.0722 7916  p2pimsvc - ok
17:20:34.0753 7916  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\windows\system32\p2psvc.dll
17:20:34.0816 7916  p2psvc - ok
17:20:34.0847 7916  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\windows\system32\DRIVERS\parport.sys
17:20:34.0894 7916  Parport - ok
17:20:34.0925 7916  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\windows\system32\drivers\partmgr.sys
17:20:34.0956 7916  partmgr - ok
17:20:34.0956 7916  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
17:20:35.0003 7916  Parvdm - ok
17:20:35.0034 7916  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\windows\System32\pcasvc.dll
17:20:35.0096 7916  PcaSvc - ok
17:20:35.0143 7916  [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd        C:\windows\system32\DRIVERS\pccsmcfd.sys
17:20:35.0190 7916  pccsmcfd - ok
17:20:35.0221 7916  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\windows\system32\drivers\pci.sys
17:20:35.0252 7916  pci - ok
17:20:35.0268 7916  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\windows\system32\drivers\pciide.sys
17:20:35.0284 7916  pciide - ok
17:20:35.0299 7916  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
17:20:35.0330 7916  pcmcia - ok
17:20:35.0362 7916  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\windows\system32\drivers\pcw.sys
17:20:35.0377 7916  pcw - ok
17:20:35.0408 7916  pdfcDispatcher - ok
17:20:35.0455 7916  [ 4A8CC4D25525F456069887D5E8C53225 ] PdiService      C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
17:20:35.0518 7916  PdiService - ok
17:20:35.0533 7916  [ 1BF91F352D746AD7469FA71783B5FAE8 ] PDNMp50         C:\windows\system32\drivers\PDNMp50.sys
17:20:35.0596 7916  PDNMp50 - ok
17:20:35.0642 7916  [ 1961590AA191B6B7DCF18A6A693AF7B8 ] PDNSp50         C:\windows\system32\drivers\PDNSp50.sys
17:20:35.0689 7916  PDNSp50 - ok
17:20:35.0720 7916  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\windows\system32\drivers\peauth.sys
17:20:35.0814 7916  PEAUTH - ok
17:20:35.0861 7916  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\windows\system32\peerdistsvc.dll
17:20:35.0939 7916  PeerDistSvc - ok
17:20:36.0032 7916  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\windows\system32\pla.dll
17:20:36.0173 7916  pla - ok
17:20:36.0235 7916  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\windows\system32\umpnpmgr.dll
17:20:36.0282 7916  PlugPlay - ok
17:20:36.0298 7916  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
17:20:36.0344 7916  PNRPAutoReg - ok
17:20:36.0391 7916  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
17:20:36.0422 7916  PNRPsvc - ok
17:20:36.0454 7916  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
17:20:36.0516 7916  PolicyAgent - ok
17:20:36.0563 7916  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\windows\system32\umpo.dll
17:20:36.0625 7916  Power - ok
17:20:36.0656 7916  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
17:20:36.0750 7916  PptpMiniport - ok
17:20:36.0781 7916  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\windows\system32\DRIVERS\processr.sys
17:20:36.0797 7916  Processor - ok
17:20:36.0844 7916  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\windows\system32\profsvc.dll
17:20:36.0906 7916  ProfSvc - ok
17:20:36.0937 7916  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
17:20:36.0968 7916  ProtectedStorage - ok
17:20:37.0000 7916  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\windows\system32\DRIVERS\pacer.sys
17:20:37.0078 7916  Psched - ok
17:20:37.0124 7916  [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI             C:\windows\system32\DRIVERS\psi_mf.sys
17:20:37.0171 7916  PSI - ok
17:20:37.0218 7916  [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20        C:\windows\system32\Drivers\PxHelp20.sys
17:20:37.0265 7916  PxHelp20 - ok
17:20:37.0327 7916  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
17:20:37.0405 7916  ql2300 - ok
17:20:37.0436 7916  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
17:20:37.0468 7916  ql40xx - ok
17:20:37.0483 7916  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\windows\system32\qwave.dll
17:20:37.0561 7916  QWAVE - ok
17:20:37.0592 7916  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
17:20:37.0639 7916  QWAVEdrv - ok
17:20:37.0670 7916  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
17:20:37.0748 7916  RasAcd - ok
17:20:37.0764 7916  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
17:20:37.0842 7916  RasAgileVpn - ok
17:20:37.0873 7916  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\windows\System32\rasauto.dll
17:20:37.0951 7916  RasAuto - ok
17:20:37.0967 7916  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
17:20:38.0014 7916  Rasl2tp - ok
17:20:38.0060 7916  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\windows\System32\rasmans.dll
17:20:38.0154 7916  RasMan - ok
17:20:38.0170 7916  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
17:20:38.0232 7916  RasPppoe - ok
17:20:38.0263 7916  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
17:20:38.0326 7916  RasSstp - ok
17:20:38.0372 7916  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
17:20:38.0450 7916  rdbss - ok
17:20:38.0482 7916  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
17:20:38.0513 7916  rdpbus - ok
17:20:38.0560 7916  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
17:20:38.0638 7916  RDPCDD - ok
17:20:38.0669 7916  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\windows\system32\drivers\rdpdr.sys
17:20:38.0716 7916  RDPDR - ok
17:20:38.0747 7916  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
17:20:38.0825 7916  RDPENCDD - ok
17:20:38.0840 7916  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
17:20:38.0934 7916  RDPREFMP - ok
17:20:38.0965 7916  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
17:20:38.0996 7916  RDPWD - ok
17:20:39.0043 7916  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
17:20:39.0074 7916  rdyboost - ok
17:20:39.0090 7916  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\windows\System32\mprdim.dll
17:20:39.0184 7916  RemoteAccess - ok
17:20:39.0215 7916  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\windows\system32\regsvc.dll
17:20:39.0308 7916  RemoteRegistry - ok
17:20:39.0355 7916  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
17:20:39.0418 7916  RFCOMM - ok
17:20:39.0449 7916  [ DF672613FBBCD58C38BB0BC2694BCFB0 ] rimmptsk        C:\windows\system32\DRIVERS\rimmptsk.sys
17:20:39.0480 7916  rimmptsk - ok
17:20:39.0511 7916  [ E891F07815AF88075705EF6A248711F6 ] rimspci         C:\windows\system32\DRIVERS\rimspe86.sys
17:20:39.0558 7916  rimspci - ok
17:20:39.0589 7916  [ 9BFB54D3559F2FF7301271D29D383564 ] rimsptsk        C:\windows\system32\DRIVERS\rimsptsk.sys
17:20:39.0620 7916  rimsptsk - ok
17:20:39.0636 7916  [ D853D35F792A3A44726A794BF9A0BBC3 ] risdpcie        C:\windows\system32\DRIVERS\risdpe86.sys
17:20:39.0667 7916  risdpcie - ok
17:20:39.0683 7916  [ DCB87DA83CC1010CBC9FC4DC9E395BBC ] rismxdp         C:\windows\system32\DRIVERS\rixdptsk.sys
17:20:39.0714 7916  rismxdp - ok
17:20:39.0714 7916  [ 6A60626412129C713CC30C81870A8095 ] rixdpcie        C:\windows\system32\DRIVERS\rixdpe86.sys
17:20:39.0761 7916  rixdpcie - ok
17:20:39.0886 7916  [ 85F9924FB26D924C4A10DC620AE2C350 ] RoxMediaDB10    c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
17:20:39.0995 7916  RoxMediaDB10 - ok
17:20:40.0026 7916  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
17:20:40.0104 7916  RpcEptMapper - ok
17:20:40.0135 7916  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\windows\system32\locator.exe
17:20:40.0182 7916  RpcLocator - ok
17:20:40.0229 7916  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\windows\system32\rpcss.dll
17:20:40.0291 7916  RpcSs - ok
17:20:40.0338 7916  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
17:20:40.0400 7916  rspndr - ok
17:20:40.0447 7916  [ 6C50ADED23D160C95FC9859748C253DD ] RsvLock         C:\windows\system32\drivers\RsvLock.sys
17:20:40.0510 7916  RsvLock - ok
17:20:40.0541 7916  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\windows\system32\drivers\vms3cap.sys
17:20:40.0603 7916  s3cap - ok
17:20:40.0650 7916  [ 31B48CB3D35D076291E3B8AFD9A7F203 ] SafeBoot        C:\windows\system32\drivers\SafeBoot.sys
17:20:40.0650 7916  Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 31B48CB3D35D076291E3B8AFD9A7F203
17:20:40.0650 7916  SafeBoot ( LockedFile.Multi.Generic ) - warning
17:20:40.0650 7916  SafeBoot - detected LockedFile.Multi.Generic (1)
17:20:40.0681 7916  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\windows\system32\lsass.exe
17:20:40.0697 7916  SamSs - ok
17:20:40.0728 7916  [ 67215032A3039E5B78BBBBB4F21B904E ] SbAlg           C:\windows\system32\drivers\SbAlg.sys
17:20:40.0790 7916  SbAlg - ok
17:20:40.0806 7916  [ CD8E12BB9B16C55DEF2AC52B78A09F09 ] SbFsLock        C:\windows\system32\drivers\SbFsLock.sys
17:20:40.0853 7916  SbFsLock - ok
17:20:40.0884 7916  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
17:20:40.0915 7916  sbp2port - ok
17:20:40.0946 7916  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\windows\System32\SCardSvr.dll
17:20:41.0024 7916  SCardSvr - ok
17:20:41.0056 7916  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
17:20:41.0102 7916  scfilter - ok
17:20:41.0165 7916  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\windows\system32\schedsvc.dll
17:20:41.0258 7916  Schedule - ok
17:20:41.0290 7916  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\windows\System32\certprop.dll
17:20:41.0336 7916  SCPolicySvc - ok
17:20:41.0352 7916  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\windows\system32\drivers\sdbus.sys
17:20:41.0383 7916  sdbus - ok
17:20:41.0430 7916  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\windows\System32\SDRSVC.dll
17:20:41.0477 7916  SDRSVC - ok
17:20:41.0508 7916  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
17:20:41.0570 7916  secdrv - ok
17:20:41.0602 7916  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\windows\system32\seclogon.dll
17:20:41.0680 7916  seclogon - ok
17:20:41.0758 7916  [ 9901DCF2B6DD2AD12CB42BD559E0C92D ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
17:20:41.0882 7916  Secunia PSI Agent - ok
17:20:41.0914 7916  [ 4F2056349F8BA4154D5213BF8A476B14 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
17:20:42.0007 7916  Secunia Update Agent - ok
17:20:42.0023 7916  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\windows\System32\sens.dll
17:20:42.0070 7916  SENS - ok
17:20:42.0101 7916  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\windows\system32\sensrsvc.dll
17:20:42.0148 7916  SensrSvc - ok
17:20:42.0194 7916  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
17:20:42.0241 7916  Serenum - ok
17:20:42.0272 7916  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\windows\system32\DRIVERS\serial.sys
17:20:42.0319 7916  Serial - ok
17:20:42.0350 7916  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
17:20:42.0397 7916  sermouse - ok
17:20:42.0506 7916  [ 9BDE8F1F5D060E912FCF9FB58B71CBC1 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
17:20:42.0553 7916  ServiceLayer - ok
17:20:42.0631 7916  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\windows\system32\sessenv.dll
17:20:42.0709 7916  SessionEnv - ok
17:20:42.0756 7916  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
17:20:42.0787 7916  sffdisk - ok
17:20:42.0803 7916  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
17:20:42.0834 7916  sffp_mmc - ok
17:20:42.0850 7916  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
17:20:42.0881 7916  sffp_sd - ok
17:20:42.0912 7916  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
17:20:42.0959 7916  sfloppy - ok
17:20:43.0006 7916  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\windows\System32\ipnathlp.dll
17:20:43.0099 7916  SharedAccess - ok
17:20:43.0146 7916  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
17:20:43.0208 7916  ShellHWDetection - ok
17:20:43.0224 7916  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\windows\system32\drivers\sisagp.sys
17:20:43.0255 7916  sisagp - ok
17:20:43.0286 7916  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
17:20:43.0318 7916  SiSRaid2 - ok
17:20:43.0333 7916  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
17:20:43.0349 7916  SiSRaid4 - ok
17:20:43.0427 7916  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
17:20:43.0458 7916  SkypeUpdate - ok
17:20:43.0489 7916  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\windows\system32\DRIVERS\smb.sys
17:20:43.0552 7916  Smb - ok
17:20:43.0598 7916  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
17:20:43.0645 7916  SNMPTRAP - ok
17:20:43.0739 7916  [ 1DB08CBDDA27E3F143137638D422CF45 ] SNP2UVC         C:\windows\system32\DRIVERS\snp2uvc.sys
17:20:43.0848 7916  SNP2UVC - ok
17:20:43.0879 7916  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\windows\system32\drivers\spldr.sys
17:20:43.0895 7916  spldr - ok
17:20:43.0926 7916  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\windows\System32\spoolsv.exe
17:20:44.0004 7916  Spooler - ok
17:20:44.0113 7916  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\windows\system32\sppsvc.exe
17:20:44.0316 7916  sppsvc - ok
17:20:44.0363 7916  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\windows\system32\sppuinotify.dll
17:20:44.0441 7916  sppuinotify - ok
17:20:44.0488 7916  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\windows\system32\DRIVERS\srv.sys
17:20:44.0550 7916  srv - ok
17:20:44.0597 7916  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\windows\system32\DRIVERS\srv2.sys
17:20:44.0644 7916  srv2 - ok
17:20:44.0690 7916  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
17:20:44.0737 7916  srvnet - ok
17:20:44.0784 7916  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
17:20:44.0878 7916  SSDPSRV - ok
17:20:44.0909 7916  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\windows\system32\sstpsvc.dll
17:20:45.0018 7916  SstpSvc - ok
17:20:45.0127 7916  [ 03F6CF42A1DB74290448CDE668578C87 ] STacSV          C:\Program Files\IDT\WDM\STacSV.exe
17:20:45.0158 7916  STacSV - ok
17:20:45.0190 7916  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
17:20:45.0221 7916  stexstor - ok
17:20:45.0252 7916  [ 8A8246F40792956E957F3E8D0C188963 ] STHDA           C:\windows\system32\DRIVERS\stwrt.sys
17:20:45.0314 7916  STHDA - ok
17:20:45.0377 7916  [ EDB05BD63148796F23EA78506404A538 ] StillCam        C:\windows\system32\DRIVERS\serscan.sys
17:20:45.0408 7916  StillCam - ok
17:20:45.0455 7916  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\windows\System32\wiaservc.dll
17:20:45.0533 7916  StiSvc - ok
17:20:45.0564 7916  [ AD989072596AB313D7FA13BCF69573F7 ] stllssvr        c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
17:20:45.0580 7916  stllssvr - ok
17:20:45.0611 7916  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\windows\system32\drivers\vmstorfl.sys
17:20:45.0626 7916  storflt - ok
17:20:45.0658 7916  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\windows\system32\storsvc.dll
17:20:45.0704 7916  StorSvc - ok
17:20:45.0751 7916  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\windows\system32\drivers\storvsc.sys
17:20:45.0782 7916  storvsc - ok
17:20:45.0798 7916  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\windows\system32\drivers\swenum.sys
17:20:45.0829 7916  swenum - ok
17:20:45.0860 7916  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\windows\System32\swprv.dll
17:20:45.0970 7916  swprv - ok
17:20:46.0063 7916  [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
17:20:46.0188 7916  SynTP - ok
17:20:46.0250 7916  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\windows\system32\sysmain.dll
17:20:46.0360 7916  SysMain - ok
17:20:46.0406 7916  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
17:20:46.0469 7916  TabletInputService - ok
17:20:46.0516 7916  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\windows\System32\tapisrv.dll
17:20:46.0625 7916  TapiSrv - ok
17:20:46.0656 7916  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\windows\System32\tbssvc.dll
17:20:46.0750 7916  TBS - ok
17:20:46.0812 7916  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
17:20:46.0890 7916  Tcpip - ok
17:20:46.0937 7916  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
17:20:47.0015 7916  TCPIP6 - ok
17:20:47.0077 7916  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
17:20:47.0124 7916  tcpipreg - ok
17:20:47.0171 7916  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
17:20:47.0202 7916  TDPIPE - ok
17:20:47.0249 7916  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
17:20:47.0264 7916  TDTCP - ok
17:20:47.0296 7916  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
17:20:47.0374 7916  tdx - ok
17:20:47.0576 7916  [ 6B1B2F8D62D606B200C2072564090104 ] TeamViewer8     C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
17:20:47.0779 7916  TeamViewer8 - ok
17:20:47.0795 7916  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\windows\system32\drivers\termdd.sys
17:20:47.0826 7916  TermDD - ok
17:20:47.0873 7916  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\windows\System32\termsrv.dll
17:20:47.0966 7916  TermService - ok
17:20:48.0013 7916  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\windows\system32\themeservice.dll
17:20:48.0076 7916  Themes - ok
17:20:48.0091 7916  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\windows\system32\mmcss.dll
17:20:48.0169 7916  THREADORDER - ok
17:20:48.0200 7916  [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM             C:\windows\system32\drivers\tpm.sys
17:20:48.0232 7916  TPM - ok
17:20:48.0247 7916  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\windows\System32\trkwks.dll
17:20:48.0310 7916  TrkWks - ok
17:20:48.0372 7916  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
17:20:48.0450 7916  TrustedInstaller - ok
17:20:48.0497 7916  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
17:20:48.0575 7916  tssecsrv - ok
17:20:48.0622 7916  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
17:20:48.0668 7916  TsUsbFlt - ok
17:20:48.0731 7916  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
17:20:48.0809 7916  tunnel - ok
17:20:48.0824 7916  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
17:20:48.0856 7916  uagp35 - ok
17:20:48.0902 7916  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\windows\system32\DRIVERS\udfs.sys
17:20:48.0965 7916  udfs - ok
17:20:48.0996 7916  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\windows\system32\UI0Detect.exe
17:20:49.0074 7916  UI0Detect - ok
17:20:49.0136 7916  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
17:20:49.0168 7916  uliagpkx - ok
17:20:49.0183 7916  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\windows\system32\DRIVERS\umbus.sys
17:20:49.0230 7916  umbus - ok
17:20:49.0277 7916  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
17:20:49.0324 7916  UmPass - ok
17:20:49.0370 7916  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\windows\System32\umrdp.dll
17:20:49.0402 7916  UmRdpService - ok
17:20:49.0526 7916  [ 44AA8D5D3B3B5610FEF46CA8A9C52D8C ] UNS             C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:20:49.0682 7916  UNS - ok
17:20:49.0729 7916  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\windows\System32\upnphost.dll
17:20:49.0823 7916  upnphost - ok
17:20:49.0870 7916  [ B671514497DF7417F83919A6A5BD6BB9 ] upperdev        C:\windows\system32\DRIVERS\usbser_lowerflt.sys
17:20:49.0963 7916  upperdev - ok
17:20:50.0026 7916  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL         C:\windows\system32\Drivers\usbaapl.sys
17:20:50.0057 7916  USBAAPL ( UnsignedFile.Multi.Generic ) - warning
17:20:50.0057 7916  USBAAPL - detected UnsignedFile.Multi.Generic (1)
17:20:50.0088 7916  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
17:20:50.0135 7916  usbccgp - ok
17:20:50.0182 7916  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\windows\system32\drivers\usbcir.sys
17:20:50.0228 7916  usbcir - ok
17:20:50.0275 7916  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\windows\system32\drivers\usbehci.sys
17:20:50.0291 7916  usbehci - ok
17:20:50.0322 7916  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
17:20:50.0353 7916  usbhub - ok
17:20:50.0369 7916  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\windows\system32\drivers\usbohci.sys
17:20:50.0400 7916  usbohci - ok
17:20:50.0447 7916  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
17:20:50.0478 7916  usbprint - ok
17:20:50.0494 7916  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
17:20:50.0556 7916  usbscan - ok
17:20:50.0603 7916  [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser          C:\windows\system32\drivers\usbser.sys
17:20:50.0634 7916  usbser - ok
17:20:50.0650 7916  [ FF358FD3176B2E5605C4ACCD5026A5AC ] UsbserFilt      C:\windows\system32\DRIVERS\usbser_lowerfltj.sys
17:20:50.0696 7916  UsbserFilt - ok
17:20:50.0728 7916  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
17:20:50.0759 7916  USBSTOR - ok
17:20:50.0774 7916  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
17:20:50.0821 7916  usbuhci - ok
17:20:50.0899 7916  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
17:20:50.0930 7916  usbvideo - ok
17:20:50.0977 7916  [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx      C:\windows\system32\drivers\usb8023x.sys
17:20:51.0008 7916  usb_rndisx - ok
17:20:51.0040 7916  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\windows\System32\uxsms.dll
17:20:51.0118 7916  UxSms - ok
17:20:51.0133 7916  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\windows\system32\lsass.exe
17:20:51.0164 7916  VaultSvc - ok
17:20:51.0242 7916  [ 8C72E0E88E5A1A70691135864F2F7F1B ] vcsFPService    C:\windows\system32\vcsFPService.exe
17:20:51.0352 7916  vcsFPService - ok
17:20:51.0383 7916  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
17:20:51.0414 7916  vdrvroot - ok
17:20:51.0461 7916  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\windows\System32\vds.exe
17:20:51.0570 7916  vds - ok
17:20:51.0602 7916  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
17:20:51.0649 7916  vga - ok
17:20:51.0665 7916  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\windows\System32\drivers\vga.sys
17:20:51.0727 7916  VgaSave - ok
17:20:51.0758 7916  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
17:20:51.0789 7916  vhdmp - ok
17:20:51.0821 7916  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\windows\system32\drivers\viaagp.sys
17:20:51.0836 7916  viaagp - ok
17:20:51.0867 7916  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\windows\system32\DRIVERS\viac7.sys
17:20:51.0883 7916  ViaC7 - ok
17:20:51.0899 7916  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\windows\system32\drivers\viaide.sys
17:20:51.0930 7916  viaide - ok
17:20:51.0945 7916  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\windows\system32\drivers\vmbus.sys
17:20:51.0977 7916  vmbus - ok
17:20:51.0992 7916  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\windows\system32\drivers\VMBusHID.sys
17:20:52.0039 7916  VMBusHID - ok
17:20:52.0070 7916  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\windows\system32\drivers\volmgr.sys
17:20:52.0101 7916  volmgr - ok
17:20:52.0117 7916  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
17:20:52.0164 7916  volmgrx - ok
17:20:52.0179 7916  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\windows\system32\drivers\volsnap.sys
17:20:52.0211 7916  volsnap - ok
17:20:52.0242 7916  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
17:20:52.0273 7916  vsmraid - ok
17:20:52.0335 7916  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\windows\system32\vssvc.exe
17:20:52.0445 7916  VSS - ok
17:20:52.0460 7916  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
17:20:52.0491 7916  vwifibus - ok
17:20:52.0523 7916  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
17:20:52.0569 7916  vwififlt - ok
17:20:52.0602 7916  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
17:20:52.0664 7916  vwifimp - ok
17:20:52.0711 7916  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\windows\system32\w32time.dll
17:20:52.0789 7916  W32Time - ok
17:20:52.0820 7916  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
17:20:52.0867 7916  WacomPen - ok
17:20:52.0914 7916  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
17:20:52.0976 7916  WANARP - ok
17:20:52.0992 7916  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
17:20:53.0038 7916  Wanarpv6 - ok
17:20:53.0101 7916  [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw          C:\windows\system32\DRIVERS\wanatw4.sys
17:20:53.0116 7916  wanatw - ok
17:20:53.0163 7916  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\windows\system32\wbengine.exe
17:20:53.0257 7916  wbengine - ok
17:20:53.0288 7916  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
17:20:53.0350 7916  WbioSrvc - ok
17:20:53.0397 7916  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\windows\System32\wcncsvc.dll
17:20:53.0475 7916  wcncsvc - ok
17:20:53.0506 7916  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
17:20:53.0538 7916  WcsPlugInService - ok
17:20:53.0553 7916  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\windows\system32\DRIVERS\wd.sys
17:20:53.0569 7916  Wd - ok
17:20:53.0616 7916  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
17:20:53.0662 7916  Wdf01000 - ok
17:20:53.0678 7916  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\windows\system32\wdi.dll
17:20:53.0725 7916  WdiServiceHost - ok
17:20:53.0740 7916  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\windows\system32\wdi.dll
17:20:53.0772 7916  WdiSystemHost - ok
17:20:53.0803 7916  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\windows\System32\webclnt.dll
17:20:53.0850 7916  WebClient - ok
17:20:53.0865 7916  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\windows\system32\wecsvc.dll
17:20:53.0928 7916  Wecsvc - ok
17:20:53.0943 7916  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\windows\System32\wercplsupport.dll
17:20:54.0021 7916  wercplsupport - ok
17:20:54.0052 7916  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\windows\System32\WerSvc.dll
17:20:54.0130 7916  WerSvc - ok
17:20:54.0177 7916  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
17:20:54.0240 7916  WfpLwf - ok
17:20:54.0255 7916  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\windows\system32\drivers\wimmount.sys
17:20:54.0271 7916  WIMMount - ok
17:20:54.0333 7916  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:20:54.0396 7916  WinDefend - ok
17:20:54.0411 7916  WinHttpAutoProxySvc - ok
17:20:54.0474 7916  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
17:20:54.0552 7916  Winmgmt - ok
17:20:54.0630 7916  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\windows\system32\WsmSvc.dll
17:20:54.0708 7916  WinRM - ok
17:20:54.0801 7916  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUSB          C:\windows\system32\DRIVERS\WinUSB.sys
17:20:54.0832 7916  WinUSB - ok
17:20:54.0864 7916  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\windows\System32\wlansvc.dll
17:20:54.0957 7916  Wlansvc - ok
17:20:54.0988 7916  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
17:20:55.0004 7916  WmiAcpi - ok
17:20:55.0035 7916  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
17:20:55.0051 7916  wmiApSrv - ok
17:20:55.0113 7916  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:20:55.0207 7916  WMPNetworkSvc - ok
17:20:55.0238 7916  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\windows\System32\wpcsvc.dll
17:20:55.0269 7916  WPCSvc - ok
17:20:55.0316 7916  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
17:20:55.0347 7916  WPDBusEnum - ok
17:20:55.0378 7916  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
17:20:55.0441 7916  ws2ifsl - ok
17:20:55.0472 7916  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\windows\System32\wscsvc.dll
17:20:55.0519 7916  wscsvc - ok
17:20:55.0566 7916  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice  C:\windows\system32\DRIVERS\WSDPrint.sys
17:20:55.0597 7916  WSDPrintDevice - ok
17:20:55.0628 7916  [ 7DC0270CFD4A05B4112E3EBBF083B595 ] WSDScan         C:\windows\system32\DRIVERS\WSDScan.sys
17:20:55.0659 7916  WSDScan - ok
17:20:55.0675 7916  WSearch - ok
17:20:55.0753 7916  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\windows\system32\wuaueng.dll
17:20:55.0862 7916  wuauserv - ok
17:20:55.0909 7916  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
17:20:55.0940 7916  WudfPf - ok
17:20:55.0956 7916  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
17:20:55.0987 7916  WUDFRd - ok
17:20:56.0034 7916  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
17:20:56.0080 7916  wudfsvc - ok
17:20:56.0112 7916  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\windows\System32\wwansvc.dll
17:20:56.0174 7916  WwanSvc - ok
17:20:56.0221 7916  [ F0CEEA6CC0E5BFEFC745B66DC5E9816B ] yksvc           C:\windows\System32\yk62x86.dll
17:20:56.0299 7916  yksvc - ok
17:20:56.0346 7916  [ 3EB1576F77B60A6C79DD7742B67219B8 ] yukonw7         C:\windows\system32\DRIVERS\yk62x86.sys
17:20:56.0393 7916  yukonw7 - ok
17:20:56.0408 7916  ZTEusbmdm6k - ok
17:20:56.0424 7916  ZTEusbnmea - ok
17:20:56.0439 7916  ZTEusbser6k - ok
17:20:56.0486 7916  ================ Scan global ===============================
17:20:56.0517 7916  [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
17:20:56.0564 7916  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\windows\system32\winsrv.dll
17:20:56.0580 7916  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\windows\system32\winsrv.dll
17:20:56.0611 7916  [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
17:20:56.0642 7916  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
17:20:56.0673 7916  [Global] - ok
17:20:56.0673 7916  ================ Scan MBR ==================================
17:20:56.0689 7916  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:20:57.0110 7916  \Device\Harddisk0\DR0 - ok
17:20:57.0110 7916  ================ Scan VBR ==================================
17:20:57.0141 7916  [ DAD5035771576784088C78B6F9EADAC7 ] \Device\Harddisk0\DR0\Partition1
17:20:57.0141 7916  \Device\Harddisk0\DR0\Partition1 - ok
17:20:57.0157 7916  [ 884C21594441C30E03C8BF9ED42F6DA1 ] \Device\Harddisk0\DR0\Partition2
17:20:57.0157 7916  \Device\Harddisk0\DR0\Partition2 - ok
17:20:57.0188 7916  [ 0953A2C5366B1EB73E79412F417AED70 ] \Device\Harddisk0\DR0\Partition3
17:20:57.0188 7916  \Device\Harddisk0\DR0\Partition3 - ok
17:20:57.0204 7916  [ AF07C1C79E081243F3065F0981F55DA9 ] \Device\Harddisk0\DR0\Partition4
17:20:57.0204 7916  \Device\Harddisk0\DR0\Partition4 - ok
17:20:57.0204 7916  ============================================================
17:20:57.0204 7916  Scan finished
17:20:57.0204 7916  ============================================================
17:20:57.0235 5020  Detected object count: 6
17:20:57.0235 5020  Actual detected object count: 6
17:21:21.0743 5020  HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:21:21.0743 5020  HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:21:21.0743 5020  HPFSService ( UnsignedFile.Multi.Generic ) - skipped by user
17:21:21.0743 5020  HPFSService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:21:21.0743 5020  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:21:21.0743 5020  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:21:21.0758 5020  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:21:21.0758 5020  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:21:21.0758 5020  SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
17:21:21.0758 5020  SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip 
17:21:21.0758 5020  USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
17:21:21.0758 5020  USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:21:42.0144 6264  Deinitialize success
         
LG Kirsche0815

Alt 26.03.2013, 22:34   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Archivbombe und 2 Trojaner - Standard

Archivbombe und 2 Trojaner



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.03.2013, 13:12   #13
Kirsche0815
 
Archivbombe und 2 Trojaner - Standard

Archivbombe und 2 Trojaner



hier die Log com ComboFix

[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-03-27.01 - Steffi Maaßen 27.03.2013  12:34:07.1.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2998.1387 [GMT 1:00]
ausgeführt von:: c:\users\Steffi Maa¯en\Downloads\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3D53F6F602.sys
C:\Thumbs.db
c:\users\Steffi Maaßen\AppData\Local\Microsoft\Windows\Temporary Internet Files\udDownload.tmp
c:\windows\system32\pt
c:\windows\system32\pt\DPCont32.dll.mui
c:\windows\system32\pt\DPStoreMan.dll.mui
c:\windows\system32\zip32.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-27 bis 2013-03-27  ))))))))))))))))))))))))))))))
.
.
2013-03-27 11:51 . 2013-03-27 11:55	--------	d-----w-	c:\users\Steffi Maaßen\AppData\Local\temp
2013-03-27 11:51 . 2013-03-27 11:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-26 16:18 . 2013-02-12 03:32	15872	----a-w-	c:\windows\system32\drivers\usb8023x.sys
2013-03-26 16:18 . 2013-02-12 03:32	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-03-24 17:46 . 2013-03-24 17:46	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-24 17:46 . 2013-03-24 17:46	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-24 08:55 . 2013-03-24 08:55	--------	d-----w-	c:\program files\Common Files\Skype
2013-03-23 18:56 . 2013-03-06 23:33	164736	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-03-23 18:56 . 2013-03-06 23:33	49248	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-03-23 18:39 . 2013-03-06 23:33	368176	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-03-23 18:39 . 2013-03-06 23:33	29816	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-03-23 18:39 . 2013-03-06 23:33	101656	----a-w-	c:\windows\system32\drivers\aswFW.sys
2013-03-23 18:38 . 2013-03-06 23:33	199384	----a-w-	c:\windows\system32\drivers\aswNdis2.sys
2013-03-23 18:38 . 2013-03-06 23:33	62376	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-03-23 18:38 . 2013-03-06 23:33	60656	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-03-23 18:38 . 2013-03-06 23:33	21576	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2013-03-23 18:38 . 2013-03-06 23:33	765736	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-03-23 18:38 . 2013-03-06 23:33	66336	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-03-23 18:38 . 2012-07-13 11:47	12112	----a-w-	c:\windows\system32\drivers\aswNdis.sys
2013-03-23 18:38 . 2013-03-06 23:32	41664	----a-w-	c:\windows\avastSS.scr
2013-03-23 18:38 . 2013-03-06 23:32	228600	----a-w-	c:\windows\system32\aswBoot.exe
2013-03-23 18:37 . 2013-03-23 18:37	--------	d-----w-	c:\programdata\AVAST Software
2013-03-23 18:37 . 2013-03-23 18:37	--------	d-----w-	c:\program files\AVAST Software
2013-03-23 18:00 . 2013-03-23 18:00	123534648	----a-w-	C:\avast_internet_security_setup.exe
2013-03-18 18:57 . 2013-03-18 18:57	--------	d-----w-	c:\program files\Common Files\Haufe
2013-02-27 17:23 . 2013-02-27 17:23	--------	d-----w-	c:\programdata\Viewpoint
2013-02-27 17:18 . 2013-02-27 17:18	--------	d-----w-	c:\program files\CCleaner
2013-02-26 13:39 . 2013-02-26 13:39	--------	d-----w-	c:\program files\iPod
2013-02-26 13:39 . 2013-02-26 13:40	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-02-26 13:39 . 2013-02-26 13:40	--------	d-----w-	c:\program files\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-12 04:48 . 2013-03-13 09:13	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 09:13	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-01-05 05:00 . 2013-02-16 16:25	3967848	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-16 16:25	3913064	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-04 04:50 . 2013-02-16 16:21	169984	----a-w-	c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-17 16:11	2347008	----a-w-	c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-16 16:25	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-16 16:25	187752	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-09 09:59 . 2013-03-09 09:58	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32	121968	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"AOL Fast Start"="c:\program files\AOL 9.0 VR\AOL.EXE" [2007-06-21 50480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-09-03 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-11-28 1791272]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-04 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-04 400936]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-11-04 11264000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-14 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-14 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-14 166424]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-08-17 14904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-11-14 495708]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
c:\users\Steffi Maaßen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]
Marketsplash Drucksoftware.lnk - c:\program files\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe [2010-10-11 93752]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-9-24 573536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-10-06 02:43	75320	----a-w-	c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ControlCenter.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ControlCenter.lnk
backup=c:\windows\pss\ControlCenter.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2007-06-21 14:11	50480	----a-w-	c:\program files\AOL 9.0 VR\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52	50736	----a-w-	c:\program files\Common Files\aol\1320602271\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2009-06-18 17:07	563736	----a-w-	c:\program files\PDF Complete\pdfsty.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
R3 aswVmm;aswVmm; [x]
R3 BCMH43XX;Treiber für Broadcom 802.11-USB-Netzwerkadapter;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x]
R3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [x]
R3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
R3 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
S0 aswKbd;aswKbd; [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 aswRvrt;aswRvrt; [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 RsvLock;RsvLock; [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HRService;Haufe iDesk-Service in c:\program files\Haufe\iDesk\iDeskService\Zope;c:\program files\Haufe\iDesk\iDeskService\iDeskService.exe [x]
S2 Lexware_Professional_Datenbank;Lexware Professional Datenbank;c:\program files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
yksvcs	REG_MULTI_SZ   	yksvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-15 14:14	1629648	----a-w-	c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-24 17:46]
.
2013-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-10 19:01]
.
2013-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-10 19:01]
.
2013-03-26 c:\windows\Tasks\HPCeeScheduleForSteffi Maaßen.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.0.9
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10005’
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Web-Suche - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
FF - ProfilePath - c:\users\Steffi Maaßen\AppData\Roaming\Mozilla\Firefox\Profiles\dlpwjelg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - 5e8a60090000000000000026c71c0e3b
FF - user.js: extensions.BabylonToolbar_i.hardId - 5e8a60090000000000000026c71c0e3b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15444
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=5e8a60090000000000000026c71c0e3b&q=
FF - user.js: extensions.BabylonToolbar.id - 5e8a60090000000000000026c71c0e3b
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15613
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1211:56
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110195&tt=270912_nocpc_3912_2
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\DPFPApi.DLL
.
- - - - - - - > 'Explorer.exe'(6524)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Haufe\iDesk\iDeskService\ideskpython.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\program files\TeamViewer\Version8\TeamViewer.exe
c:\program files\TeamViewer\Version8\tv_w32.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\AOL 9.0 VR\waol.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\AOL 9.0 VR\shellmon.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
c:\program files\Common Files\Portrait Displays\Drivers\pdiSdkHelper.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
c:\windows\system32\igfxext.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-27  13:02:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-03-27 12:02
.
Vor Suchlauf: 12 Verzeichnis(se), 127.817.805.824 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 133.772.521.472 Bytes frei
.
- - End Of File - - A8E956364EF20A9E07CDB1C05146FDB8
         
--- --- ---


LG Kirsche0815

Alt 27.03.2013, 16:07   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Archivbombe und 2 Trojaner - Standard

Archivbombe und 2 Trojaner



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.03.2013, 19:35   #15
Kirsche0815
 
Archivbombe und 2 Trojaner - Standard

Archivbombe und 2 Trojaner



hier die Logs

JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Professional x86
Ran by Steffi Maaáen on 27.03.2013 at 18:56:35,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1128291690-297645493-3885562247-1002\software\microsoft\internet explorer\searchscopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\menuext\web-suche
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\active setup\installed components\{03f998b2-0e00-11d3-a498-00104b6eb52e}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\active setup\installed components\{1b00725b-c455-4de6-bfb6-ad540ad427cd}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\bundlesweetimsetup_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\bundlesweetimsetup_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\viewpoint"
Successfully deleted: [Folder] "C:\Users\Steffi Maaáen\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Steffi Maaáen\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Program Files\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files\viewpoint"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Steffi Maaáen\AppData\Roaming\mozilla\firefox\profiles\dlpwjelg.default\user.js
Successfully deleted: [File] C:\Users\Steffi Maaáen\AppData\Roaming\mozilla\firefox\profiles\dlpwjelg.default\searchplugins\sweetim.xml
Successfully deleted the following from C:\Users\Steffi Maaáen\AppData\Roaming\mozilla\firefox\profiles\dlpwjelg.default\prefs.js

user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
user_pref("browser.search.order.1", "Search the web (Babylon)");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.autoRvrt", "false");
user_pref("extensions.BabylonToolbar.babExt", "");
user_pref("extensions.BabylonToolbar.babTrack", "affID=110195&tt=270912_nocpc_3912_2");
user_pref("extensions.BabylonToolbar.babext", "babExt");
user_pref("extensions.BabylonToolbar.babtrack", "babTrack");
user_pref("extensions.BabylonToolbar.bbDpng", 15);
user_pref("extensions.BabylonToolbar.cntry", "DE");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.dfltSrch", false);
user_pref("extensions.BabylonToolbar.dfltlng", "en");
user_pref("extensions.BabylonToolbar.dfltsrch", "false");
user_pref("extensions.BabylonToolbar.envrmnt", "production");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.firstrun", false);
user_pref("extensions.BabylonToolbar.hdrMd5", "590832A9A31B73E91402D5106B47CDF0");
user_pref("extensions.BabylonToolbar.hmpg", false);
user_pref("extensions.BabylonToolbar.hrdid", "5e8a60090000000000000026c71c0e3b");
user_pref("extensions.BabylonToolbar.id", "5e8a60090000000000000026c71c0e3b");
user_pref("extensions.BabylonToolbar.instlDay", "15613");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.instlday", "15613");
user_pref("extensions.BabylonToolbar.instlref", "sst");
user_pref("extensions.BabylonToolbar.isdcmntcmplt", "false");
user_pref("extensions.BabylonToolbar.keywordurl", "");
user_pref("extensions.BabylonToolbar.lastDP", 15);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1211:56:03");
user_pref("extensions.BabylonToolbar.lastdp", 30);
user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "11.0");
user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
user_pref("extensions.BabylonToolbar.newTab", false);
user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
user_pref("extensions.BabylonToolbar.newtab", "false");
user_pref("extensions.BabylonToolbar.newtaburl", "hxxp://search.babylon.com/?babsrc=NT_bb");
user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"29\",\"lastVrsn\":\"29\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0}");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.propectorlck", 73037538);
user_pref("extensions.BabylonToolbar.prtkDS", 1);
user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.prtnrid", "babylon");
user_pref("extensions.BabylonToolbar.ptch_0717", true);
user_pref("extensions.BabylonToolbar.savedVrsnTs", "1");
user_pref("extensions.BabylonToolbar.sg", "azb");
user_pref("extensions.BabylonToolbar.smplGrp", "azb");
user_pref("extensions.BabylonToolbar.smplgrp", "azb");
user_pref("extensions.BabylonToolbar.srcExt", "ss");
user_pref("extensions.BabylonToolbar.srcext", "ss");
user_pref("extensions.BabylonToolbar.srch", "");
user_pref("extensions.BabylonToolbar.srchprvdr", "");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=5e8a60090000000000000026c71c0e3b&q=");
user_pref("extensions.BabylonToolbar.tlbrid", "base");
user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=5e8a60090000000000000026c71c0e3b&q=");
user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1211:56:03");
user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
user_pref("extensions.BabylonToolbar.vrsnts", "1.6.9.1211:56:03");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110195&tt=270912_nocpc_3912_2");
user_pref("extensions.BabylonToolbar_i.hardId", "5e8a60090000000000000026c71c0e3b");
user_pref("extensions.BabylonToolbar_i.id", "5e8a60090000000000000026c71c0e3b");
user_pref("extensions.BabylonToolbar_i.instlDay", "15444");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&tt=050412_30b&babsrc=NT_ss&mntrId=5e8a60090000000000000026c71c0e3b");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1211:56:03");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Emptied folder: C:\Users\Steffi Maaáen\AppData\Roaming\mozilla\firefox\profiles\dlpwjelg.default\minidumps [165 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.03.2013 at 19:03:08,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
adwCleaner:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.115 - Datei am 27/03/2013 um 19:07:55 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Steffi Maaßen - GVSSTEFFIMAAßEN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Steffi Maaßen\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\END
Datei Gefunden : C:\Users\Steffi Maaßen\AppData\Roaming\Mozilla\Firefox\Profiles\dlpwjelg.default\searchplugins\safesearch.xml
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Schlüssel Gefunden : HKLM\Software\Viewpoint

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Steffi Maaßen\AppData\Roaming\Mozilla\Firefox\Profiles\dlpwjelg.default\prefs.js

Gefunden : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"29\",\"lastVrsn\":\"29\",\"vrsnLoad\[...]

-\\ Google Chrome v25.0.1364.172

Datei : C:\Users\Steffi Maaßen\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.34] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Gefunden [l.37] : keyword = "babylon.com",
Gefunden [l.40] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm",
Gefunden [l.1805] : homepage = "hxxp://search.babylon.com/?affID=110195&tt=270912_nocpc_3912_2&babsrc=HP_ss&mntrId=5e8a60090000000000000026c71c0e3b",
Gefunden [l.2021] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110195&tt=270912_nocpc_3912_2&babsrc=HP_ss&mntrId=5e8a60090000000000000026c71c0e3b" ]

*************************

AdwCleaner[R1].txt - [2659 octets] - [27/03/2013 19:07:55]

########## EOF - C:\AdwCleaner[R1].txt - [2719 octets] ##########
         
--- --- ---


OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 3/27/2013 7:10:48 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Steffi Maaßen\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.93 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 57.90% Memory free
5.85 Gb Paging File | 4.00 Gb Available in Paging File | 68.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.79 Gb Total Space | 120.69 Gb Free Space | 42.98% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.47 Gb Free Space | 74.03% Space Free | Partition Type: FAT32
 
Computer Name: GVSSTEFFIMAAßEN | User Name: Steffi Maaßen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Steffi Maaßen\Downloads\adwcleaner.exe ()
PRC - C:\Users\Steffi Maaßen\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files\Haufe\iDesk\iDeskService\ideskservice.exe ()
PRC - C:\Program Files\Haufe\iDesk\iDeskService\ideskpython.exe (Haufe Mediengruppe)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe (Portrait Displays, Inc.)
PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (Portrait Displays, Inc)
PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - C:\Program Files\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
PRC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Common Files\aol\1320602271\ee\aolsoftware.exe (America Online, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Steffi Maaßen\Downloads\adwcleaner.exe ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a7424b1be331f4b534ea24e0c21dbe47\UIAutomationTypes.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\571b85634abf2fba6bab80c21a347081\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll ()
MOD - C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_de_31bf3856ad364e35\WindowsBase.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (HRService) -- C:\Program Files\Haufe\iDesk\iDeskService\ideskservice.exe ()
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (Lexware_Professional_Datenbank) -- C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (PdiService) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (HP ProtectTools Service) -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV - (DpHost) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (vcsFPService) -- C:\Windows\System32\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (HpFkCryptService) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
SRV - (UNS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (HPFSService) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (FLCDLOCK) -- C:\Windows\System32\flcdlock.exe (Hewlett-Packard Ltd)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (yksvc) -- C:\Windows\System32\yk62x86.dll (Marvell)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (RoxMediaDB10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (ac.sharedstore) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
SRV - (AOL ACS) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found
DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found
DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found
DRV - (massfilter_hs) -- system32\drivers\massfilter_hs.sys File not found
DRV - (massfilter) -- system32\drivers\massfilter.sys File not found
DRV - (catchme) -- C:\Users\STEFFI~1\AppData\Local\Temp\catchme.sys File not found
DRV - (BCMH43XX) -- system32\DRIVERS\bcmwlhigh6.sys File not found
DRV - (aswSnx) -- C:\windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\windows\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\windows\System32\drivers\aswRvrt.sys ()
DRV - (aswNdis2) -- C:\windows\System32\drivers\aswNdis2.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFW) -- C:\windows\System32\drivers\aswFW.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswKbd) -- C:\windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswNdis) -- C:\Windows\System32\drivers\aswNdis.sys (ALWIL Software)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (SbAlg) -- C:\windows\System32\drivers\SbAlg.sys (McAfee, Inc.)
DRV - (SbFsLock) -- C:\windows\System32\drivers\SbFsLock.sys (McAfee, Inc.)
DRV - (RsvLock) -- C:\windows\System32\drivers\rsvlock.sys (McAfee, Inc.)
DRV - (SafeBoot) -- C:\windows\System32\drivers\SafeBoot.sys ()
DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (risdpcie) -- C:\Windows\System32\drivers\risdpe86.sys (REDC)
DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (rixdpcie) -- C:\Windows\System32\drivers\rixdpe86.sys (REDC)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (DAMDrv) -- C:\Windows\System32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (MfeAVFK) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (MfeBOPK) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MfeRKDK) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (wanatw) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (PDNMp50) -- C:\Windows\System32\drivers\PDNMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PDNSp50) -- C:\Windows\System32\drivers\PDNSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{009652DF-1177-499A-872B-B3D00B1A74F8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.0.9
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.0.9
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
 
IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.0.9
IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\URLSearchHook:  - C:\Program Files\Serif\PanoramaPlus\3.0\Program\PanoramaPlus.exe (Serif (Europe) Ltd.)
IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\SearchScopes\{4BEFFE0F-BA43-4CB0-8120-31EAB77DC573}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\SearchScopes\{E65EF2A5-5D91-47F8-99AF-8A98541F9FA3}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7WZPC_de
IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4238
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/23 19:56:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/09 10:59:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/09 10:58:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/12/23 15:26:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/09 10:59:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/09 10:58:57 | 000,000,000 | ---D | M]
 
[2010/12/14 18:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi Maaßen\AppData\Roaming\mozilla\Extensions
[2010/12/14 18:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi Maaßen\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2012/10/23 19:13:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi Maaßen\AppData\Roaming\mozilla\Firefox\Profiles\dlpwjelg.default\extensions
[2011/04/26 18:06:36 | 000,002,449 | ---- | M] () -- C:\Users\Steffi Maaßen\AppData\Roaming\mozilla\firefox\profiles\dlpwjelg.default\searchplugins\safesearch.xml
[2013/03/09 10:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/09 10:58:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/03/09 10:59:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/02/24 13:35:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/02/24 13:35:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/24 13:35:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013/02/24 13:35:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/02/24 13:35:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/02/24 13:35:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://search.babylon.com/?affID=110195&tt=270912_nocpc_3912_2&babsrc=HP_ss&mntrId=5e8a60090000000000000026c71c0e3b
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Steffi Maa\u00DFen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: D'Fusion @Home Web Plug-In (3.10.17859) (Enabled) = C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - Extension: Norton Identity Protection = C:\Users\Steffi Maaßen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\
 
O1 HOSTS File: ([2013/03/27 12:54:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\__avast! sandbox\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O15 - HKU\S-1-5-21-1128291690-297645493-3885562247-1002\..Trusted Ranges: Range2 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B1192F0-6900-4F7F-83F0-AC5C5EC4ABCA}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB00B81A-F251-4F01-A5C8-BFFFCB547EEA}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2A7F3C7-9329-4EDD-A901-CAB96226C7D8}: DhcpNameServer = 192.168.1.250
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/27 18:56:30 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/03/27 18:55:59 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/27 12:54:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/27 12:51:59 | 000,000,000 | ---D | C] -- C:\Users\Steffi Maaßen\AppData\Local\temp
[2013/03/27 12:30:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/03/27 12:30:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/03/27 12:30:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/03/27 12:29:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/27 12:29:22 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/03/26 17:18:24 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usb8023.sys
[2013/03/25 19:49:09 | 000,000,000 | ---D | C] -- C:\Users\Steffi Maaßen\Desktop\mbar
[2013/03/24 18:46:21 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/03/24 18:46:21 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/03/24 09:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/03/24 09:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/03/23 19:39:24 | 000,368,176 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2013/03/23 19:39:24 | 000,029,816 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2013/03/23 19:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/03/23 19:39:23 | 000,101,656 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFW.sys
[2013/03/23 19:38:55 | 000,199,384 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswNdis2.sys
[2013/03/23 19:38:54 | 000,062,376 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2013/03/23 19:38:54 | 000,060,656 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2013/03/23 19:38:54 | 000,021,576 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswKbd.sys
[2013/03/23 19:38:53 | 000,765,736 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2013/03/23 19:38:53 | 000,066,336 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2013/03/23 19:38:10 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswNdis.sys
[2013/03/23 19:38:08 | 000,041,664 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2013/03/23 19:38:07 | 000,228,600 | ---- | C] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2013/03/23 19:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/03/23 19:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/03/18 19:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Haufe
[2013/03/13 12:22:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/03/13 12:22:47 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/03/13 12:22:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/03/13 12:22:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2013/03/13 12:22:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/03/13 12:22:46 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/03/13 12:22:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2013/03/13 12:22:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2013/03/09 10:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/01 14:46:15 | 000,000,000 | ---D | C] -- C:\Users\Steffi Maaßen\Desktop\CT
[2013/02/27 18:38:45 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIAnimation.dll
[2013/02/27 18:38:39 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll
[2013/02/27 18:38:37 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2013/02/27 18:38:37 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2013/02/27 18:38:37 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 18:38:37 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 18:38:37 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 18:38:37 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 18:38:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 18:38:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 18:38:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 18:38:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 18:38:37 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 18:38:36 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll
[2013/02/27 18:38:36 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msmpeg2vdec.dll
[2013/02/27 18:38:36 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll
[2013/02/27 18:38:36 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2013/02/27 18:38:36 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2013/02/27 18:38:36 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10.dll
[2013/02/27 18:38:36 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll
[2013/02/27 18:38:36 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll
[2013/02/27 18:38:36 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2013/02/27 18:38:36 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10core.dll
[2013/02/27 18:38:36 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsCodecsExt.dll
[2013/02/27 18:38:36 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2013/02/27 18:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/02/26 14:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/02/26 14:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/02/26 14:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/02/26 14:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/27 19:12:11 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/27 18:56:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/03/27 17:53:30 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/27 17:53:30 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/27 17:52:10 | 000,654,400 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/03/27 17:52:10 | 000,616,242 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/03/27 17:52:10 | 000,130,240 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/03/27 17:52:10 | 000,106,622 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/03/27 17:46:17 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/27 17:45:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/03/27 17:45:16 | 2357,620,736 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/27 12:54:34 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2013/03/26 16:42:02 | 000,000,352 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForSteffi Maaßen.job
[2013/03/24 18:46:21 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/03/24 18:46:21 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/03/23 19:56:40 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2013/03/23 19:39:24 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/03/23 19:00:02 | 123,534,648 | ---- | M] () -- C:\avast_internet_security_setup.exe
[2013/03/23 10:32:05 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/03/18 20:14:33 | 000,002,239 | ---- | M] () -- C:\Users\Public\Desktop\Haufe Steuer Office aufrufen.lnk
[2013/03/18 19:49:56 | 000,002,863 | ---- | M] () -- C:\Users\Public\Desktop\Haufe Formular-Manager.lnk
[2013/03/15 15:16:08 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/07 00:33:24 | 000,765,736 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2013/03/07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2013/03/07 00:33:24 | 000,164,736 | ---- | M] () -- C:\windows\System32\drivers\aswVmm.sys
[2013/03/07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2013/03/07 00:33:24 | 000,049,248 | ---- | M] () -- C:\windows\System32\drivers\aswRvrt.sys
[2013/03/07 00:33:23 | 000,199,384 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswNdis2.sys
[2013/03/07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2013/03/07 00:33:23 | 000,060,656 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2013/03/07 00:33:22 | 000,101,656 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFW.sys
[2013/03/07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2013/03/07 00:33:22 | 000,021,576 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswKbd.sys
[2013/03/07 00:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013/03/07 00:32:42 | 000,228,600 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2013/02/28 18:14:40 | 000,480,968 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/02/27 18:18:24 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/26 14:40:25 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
 
========== Files Created - No Company Name ==========
 
[2013/03/27 12:30:17 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/03/27 12:30:17 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/03/27 12:30:17 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/03/27 12:30:17 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/03/27 12:30:17 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/03/24 18:46:22 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/03/23 19:56:41 | 000,164,736 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys
[2013/03/23 19:56:40 | 000,049,248 | ---- | C] () -- C:\windows\System32\drivers\aswRvrt.sys
[2013/03/23 19:39:24 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/03/23 19:00:00 | 123,534,648 | ---- | C] () -- C:\avast_internet_security_setup.exe
[2013/03/18 20:14:33 | 000,002,239 | ---- | C] () -- C:\Users\Public\Desktop\Haufe Steuer Office aufrufen.lnk
[2013/03/18 19:49:56 | 000,002,863 | ---- | C] () -- C:\Users\Public\Desktop\Haufe Formular-Manager.lnk
[2013/03/04 18:15:33 | 000,000,352 | ---- | C] () -- C:\windows\tasks\HPCeeScheduleForSteffi Maaßen.job
[2013/02/27 18:26:04 | 000,001,020 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/02/27 18:26:04 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/02/27 18:18:24 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/26 14:40:25 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/04 11:39:42 | 000,000,062 | ---- | C] () -- C:\Users\Steffi Maaßen\AppData\Roaming\mbam.context.scan
[2012/05/15 18:57:39 | 000,000,501 | ---- | C] () -- C:\windows\ODBC.INI
[2012/04/26 20:35:25 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/02/27 09:41:52 | 000,202,240 | ---- | C] () -- C:\windows\System32\LXPrnUtil10.dll
[2012/02/27 09:40:44 | 000,304,128 | ---- | C] () -- C:\windows\System32\LxDNT100.dll
[2012/02/27 09:38:36 | 000,133,120 | ---- | C] () -- C:\windows\System32\LxDNTvmc100.dll
[2012/02/27 09:38:18 | 000,069,120 | ---- | C] () -- C:\windows\System32\LxDNTvm100.dll
[2012/02/19 10:52:25 | 000,000,046 | ---- | C] () -- C:\windows\hmview.ini
[2011/12/15 15:15:12 | 000,007,666 | ---- | C] () -- C:\Users\Steffi Maaßen\AppData\Roaming\.freeciv-client-rc-2.3
[2011/11/06 18:56:35 | 000,000,335 | ---- | C] () -- C:\windows\nsreg.dat
[2011/07/08 18:59:17 | 000,688,128 | ---- | C] () -- C:\windows\System32\libeay32.dll
[2011/07/08 18:59:17 | 000,155,648 | ---- | C] () -- C:\windows\System32\ssleay32.dll
[2011/05/27 16:15:56 | 070,509,774 | ---- | C] () -- C:\Users\Steffi Maaßen\catalogo2010.pdf
[2011/05/19 20:23:20 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign
[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign
[2011/03/20 20:39:33 | 002,287,245 | ---- | C] () -- C:\Users\Steffi Maaßen\Buchungsbestätigung Fewo Rügen.pdf
[2011/01/19 21:43:00 | 000,001,940 | ---- | C] () -- C:\Users\Steffi Maaßen\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/19 19:36:32 | 000,007,680 | ---- | C] () -- C:\Users\Steffi Maaßen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/19 19:07:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/12/15 15:26:39 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\.freeciv
[2010/06/11 10:18:23 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Ahnenblatt
[2010/04/19 16:37:44 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\DigitalPersona
[2011/10/10 19:39:36 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\elsterformular
[2011/07/09 18:01:59 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\EurekaLog
[2010/11/02 17:08:03 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Haufe
[2010/12/14 18:22:37 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Haufe Mediengruppe
[2012/11/24 18:04:59 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\ICQ
[2011/11/03 15:56:34 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\IrfanView
[2012/11/01 17:51:56 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Jumping Bytes
[2012/10/10 18:24:00 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Lexware
[2012/05/14 20:19:33 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\mresreg
[2012/11/01 20:16:04 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Nokia
[2010/10/13 18:00:15 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Nokia Ovi Suite
[2012/11/01 20:23:53 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Nokia Suite
[2013/01/02 21:06:01 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\PC Suite
[2012/10/22 19:54:23 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Reiser
[2010/12/28 21:20:08 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Serif
[2012/04/14 18:06:49 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\SumatraPDF
[2012/09/20 17:47:26 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\TeamViewer
[2011/08/10 20:05:37 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Telefónica
[2012/11/12 20:54:37 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Thunderbird
[2010/09/19 19:42:49 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Tific
[2013/01/11 18:34:41 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\TS3Client
[2011/12/16 12:12:10 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\Usenet.nl
[2012/11/02 12:59:03 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\WindSolutions
[2012/04/26 11:20:29 | 000,000,000 | ---D | M] -- C:\Users\Steffi Maaßen\AppData\Roaming\XnView
[2012/11/04 14:54:09 | 000,000,000 | ---D | M] -- C:\Users\Steffi`s Laptop\AppData\Roaming\DigitalPersona
[2012/11/04 14:59:25 | 000,000,000 | ---D | M] -- C:\Users\Steffi`s Laptop\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


OTL Extra:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 3/27/2013 7:10:48 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Steffi Maaßen\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.93 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 57.90% Memory free
5.85 Gb Paging File | 4.00 Gb Available in Paging File | 68.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.79 Gb Total Space | 120.69 Gb Free Space | 42.98% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.47 Gb Free Space | 74.03% Space Free | Partition Type: FAT32
 
Computer Name: GVSSTEFFIMAAßEN | User Name: Steffi Maaßen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-1128291690-297645493-3885562247-1002\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065F0294-8942-40F6-8E48-2B0DBBB643DC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0DF1FB25-8312-4939-8E23-0EE1BFACB8F8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{16AA1A12-99FF-464A-B9DB-FEAC34C3F9E1}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2378674E-B64C-4055-B195-BBC75DBC1050}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{333CFC7C-FDF6-4795-B972-8FBEEF7650C0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5D548F72-0411-4D1B-A9E6-A880A7787109}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{627EF6E6-7780-4FC1-A7CD-F10F5C5C577D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{63E12426-4B89-493E-B78F-BEC148A0612E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{6763E6AC-65AC-4764-B05E-363460D5E9AD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6C52C83A-DFDD-4E43-BCAB-1DCA40367245}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{710BA40F-E5A8-405B-B108-EA316AC275D4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{73EA0E95-08C5-48B0-BF82-109C90158097}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8CF44C45-87C6-41DD-87F5-9990DC782E67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{A1CB8782-6DDE-4866-91D3-8FF346C86080}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A46F7DCA-A1DC-412E-9B98-42E4810BBC7B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) | 
"{A62E7CF8-E223-43C8-B596-6106CE648FB0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AA5AECDA-12D7-4CA3-9DEF-B1E771887A94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BF13E3C5-E3BB-4977-BA87-D20C7FBA3733}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C017EECE-8519-4597-9B9D-9336BC33A097}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{CA7108BA-CE96-42C3-9B89-0243E3702057}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CAFC0885-4ED7-41FA-9C71-6096F2B827C1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CECFBD63-10EE-4731-A5B7-ACA0785095FC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe | 
"{CF8A8FA1-D920-4F9E-8CED-BEC2A1D70FBD}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0138BD7D-D930-4DCC-8323-B11350CF705E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 
"{020D27AE-E12C-4278-806E-6ACA8A53F0B1}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{03EB9D5E-AFCA-4E57-9841-D9E4CF2CD824}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0A23F382-6D83-4953-A468-391AED823CE2}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{0EA2BA58-BEA0-4DD3-830C-10BD5BB6B297}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1320602271\ee\aolsoftware.exe | 
"{106D6752-3113-492D-AA49-EA52819EE09C}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{15494796-AC76-4EFE-9BC6-022EC9C0CC2B}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe | 
"{1AD827E0-12B5-48FC-9FB2-02B1D747D0CE}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{1CEE352B-B9B0-43FA-8385-20B381900FF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1DE44C3A-D462-4794-A3C6-81929984015C}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{1E8714A6-428E-4AA7-9797-9CAF12C7C224}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{1F84759D-76D3-405E-A8DE-9D2AA9016C7A}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) | 
"{275CF15B-7BBC-4DF1-9F09-3CE8C41A762A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1320602271\ee\aolsoftware.exe | 
"{289D115B-F602-4BB6-91AA-8FD3582AEF24}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{29BEA155-9A46-4BF6-84D1-65FC9440431F}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{30A2B21B-4BE6-4609-9524-8521D6E3682D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{33F6095A-5BFE-4EB6-A3E5-5A49262539D7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 
"{3B7259CE-01BC-4144-93EF-EB990BE30B21}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{3BCC5F43-E113-4880-A97C-47C6F3287345}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) | 
"{3D3FE86C-1204-4BB1-A2DA-E62D7731EBA4}" = protocol=17 | dir=in | app=c:\program files\sybase\sql anywhere 9\win32\dbsrv9.exe | 
"{44C76DE1-E509-4A80-BC5F-11739F31597E}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | 
"{51AECCE7-5C23-4CE0-A751-35E3873B964A}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{5EBFB1D5-71DF-4C48-9074-EF349115B87D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5FA0234B-FA58-4CFF-9C6A-F49C8A3DA649}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{60DD832A-E073-4BBB-9D48-4C9F0366EF03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{655C86BB-E277-44FF-B442-8863E0ADDC9A}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{6BE2AC02-541B-4758-8537-5C2280BF7DCF}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{74760DC9-2203-4741-A237-DC7917D8D927}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7BE2BD80-4581-4B2D-A58F-D53418DAB891}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{7CD3A963-9CA7-4A16-939C-32B40F72A7DC}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{7E0651ED-CC25-4B8E-9554-4952CC56863E}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | 
"{89DE36E1-30F8-473E-898B-BE071C84E439}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8BFDAAB4-3F83-4914-A895-1BB904B0FA51}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8C95737E-61DA-47B7-934E-A0218D00DBB8}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{8D50761D-D460-4026-8A19-1F10B49EA223}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{989A500A-6D31-4414-8C0E-6AC22F8B1318}" = protocol=6 | dir=in | app=c:\program files\sybase\sql anywhere 9\win32\dbsrv9.exe | 
"{994735FF-4B79-438B-BFB2-C0BAC4B18B41}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9B37FE67-2387-4D99-8609-3E170A26CA2E}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{9B695A9A-F01E-4042-A797-DDB55DDBD41B}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) | 
"{9BEE31C8-6492-49B1-B8F7-8A7BD9DB4D13}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{9D823BB9-D575-46BC-9587-2A0C3EB33A5B}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{9E9917E3-7958-4E70-847A-608906DA6914}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9EE183B6-0F32-48D8-921B-83916D45500C}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{A499E1C7-48D4-4FAB-8C2D-AEC1A2931663}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{AC9531A4-D64B-4D76-976D-B06F3003EC42}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{B197DEDF-A8A5-4D5D-8F03-039D414579E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BDDA21CB-53FA-4972-996C-B9C1B0FB4BC2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BE2256B0-B926-40A2-9043-04CCAC86F9AA}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{BF82175C-D03D-43BE-AFC2-7995B4E52D0B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C68D52C7-CF65-48B6-B326-64C85F69DE2D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{C9EE51BB-46AE-419E-A4CF-B76DD071D20A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{CD5C9BFB-17BE-414F-9049-DF6738CDEB44}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{CF1ABF62-EE69-45C9-AEFF-67E05CDAE65D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{D1C86D32-7D80-49D2-A971-E654F3C23E43}" = protocol=6 | dir=out | app=system | 
"{D6290DB5-66F9-4362-A92A-2EB387731AE6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DB816D89-4FE3-4E3B-9322-DAA3A874C185}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{DBC95B44-A714-4EEA-81DF-FB16F0C42AF9}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | 
"{DCB488D3-4E16-4853-9D3A-71FD3C192FB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E623DE33-CC4E-4B9C-84E3-BFBF9B70465A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{E794ED9B-4EBE-40B6-B899-CD86280DBFA9}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{E9816B40-FD0C-4DE6-99D6-E43557699F53}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{EA6B450D-FAE7-40E8-857B-C42A8B7853BB}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{F1498B64-77B7-4D02-AB5C-049B88DC8468}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{FA9F35AE-C089-43FD-ACD2-6BFD78F13FDE}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) | 
"{FD8D4F3A-61F5-4BEF-8290-BF2F90B39344}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002C9FA8-ED6A-4B44-883A-29A5EEE3A7F6}" = Lexware financial office pro 2012
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{051F9CB0-1499-4A0E-A861-CB19A5AAA906}" = NetObjects Fusion 12.0
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{10A11115-4EFC-4E86-BFC1-D53A478556A1}" = HP User Guides 0142
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient x86
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{20E08DBB-9708-45E6-B4CD-3526ABC5BC6E}" = Zeugnis-Generator 10.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{32737B70-A271-4AE8-8631-6CBF6B697D45}" = SKAN
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{33EBF075-8593-4698-BDAF-CF8DED80BB5B}" = Nokia Suite
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{58215966-9BA6-485D-B8DA-4AE31150B92E}" = HP Common Access Service Library
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{5C9AA073-814D-4EB3-BE9C-4C1BACBC974C}" = Haufe Formular-Manager
"{64893BC9-D912-4A2D-A47A-E38650112781}" = Serif PanoramaPlus 3
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B54B1AE-EBCA-48BE-92AF-61D02118F093}" = Lexware online banking
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7239A06F-235B-43B1-970D-7A411FD95683}" = Nokia Software Updater
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78365FC6-09CA-4AC3-BC01-70FB46596047}" = Validity Fingerprint Driver
"{7861911B-4270-498A-8F7A-FCF0570F48E3}" = HP QuickWeb
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95EFD16D-3A38-4E7A-901A-24A92399547C}" = Lexware Elster
"{98BCAD50-58AE-4EDD-9BBA-388B221E750B}" = Privacy Manager for HP ProtectTools
"{991A4895-3346-4980-990F-A1041B73C6F7}" = HP 3D DriveGuard
"{99CBA603-937D-4058-806F-7A9AF711A1AA}" = Eumex RNDIS Driver V1.00
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABCB696E-2494-48FC-826D-0666CEE460DB}" = Drive Encryption for HP ProtectTools
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B962E962-6369-4F66-AF35-79CB39270D12}" = NetObjects Fusion 12.0
"{BA3EECE9-86A8-44B2-B655-CB3FCFE7EDF3}" = Haufe iDesk-Service
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{BAEE9CD5-A680-43A2-A5FA-6F700C5AD45A}" = HP QuickLook
"{BB3085D5-7D88-4AF2-B08E-226E26E2A169}" = Haufe iDesk-Browser
"{BB5C44BC-1ADA-4BB3-B054-4514CF582009}" = NetObjects Fusion 12.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE3AD89B-F9B2-4E22-8FAB-BCF63190ABCD}" = HP ProtectTools Security Manager
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C8439116-685C-4B25-B294-14F1C7BC4A68}" = Haufe Steuer Office
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{D5024462-1E13-4D83-B480-D586CCF0371B}" = Serif AlbumPlus SE PRO
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E2E25F53-EB64-4BC1-8A9E-B970BBEF8C1C}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E546139F-B099-4a36-BCC2-AC7D68CA9383}" = Lexware financial office pro 2012
"{E8972F40-874D-4FA6-A6F4-52A8C99D8DDA}" = Serif PhotoPlus X3
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4477CC0-7293-414A-93BC-20EE897A80F0}" = Java Card Security for HP ProtectTools
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7823B8F-05D0-457B-8F61-CA98ABE21D2D}" = HP Power Assistant
"{F8DD059A-FDA6-403A-81FC-51E522158683}" = Marketsplash Drucksoftware
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FACE9D51-E374-4DDB-857C-816FCB1D6B40}" = Eumex 800 V1.30
"{FD8234FF-A70D-4632-B146-F41AB37C0B24}" = HP Business Card Reader
"{FDC5E0B1-2739-48A1-8027-F76F2E68AC84}" = Lexware professional Datenbank 2012
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFBDA363-A033-4F32-8DE0-AEF0F105410E}" = HP ESU for Microsoft Windows 7
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0)
"7-Zip" = 7-Zip 9.20
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ahnenblatt_is1" = Ahnenblatt 2.62
"Alice" = Alice-Installationsdateien entfernen
"AOL Deinstallation" = AOL Deinstallation
"avast" = avast! Internet Security
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"CCleaner" = CCleaner
"Drive Encryption" = Drive Encryption for HP ProtectTools
"ElsterFormular 13.0.0.8086k" = ElsterFormular
"ElsterFormular 2008 - 2009 2008-2009" = ElsterFormular 2008 - 2009
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HPProtectTools" = HP ProtectTools Security Manager
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"InstallShield_{FACE9D51-E374-4DDB-857C-816FCB1D6B40}" = Eumex 800 V1.30
"John Deere North American Farmer_is1" = John Deere North American Farmer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Nokia Suite" = Nokia Suite
"PDF Complete" = PDF Complete Special Edition
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 8" = TeamViewer 8
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1128291690-297645493-3885562247-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab PDF Reader" = FoxTab PDF Reader
 
========== Last 20 Event Log Errors ==========
 
[ Hewlett-Packard Events ]
Error - 4/23/2012 1:03:13 PM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 6/4/2012 1:20:53 PM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 7/2/2012 10:06:29 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 9/10/2012 10:26:16 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 9/10/2012 10:26:37 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 9/17/2012 11:23:30 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 9/24/2012 11:02:55 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 10/8/2012 11:08:37 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/13/2012 3:35:15 AM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/13/2012 3:29:27 PM | Computer Name = GVSSteffiMaaßen | Source = HPSF.exe | ID = 4000
Description = 
 
[ HP Power Assistant Events ]
Error - 12/4/2012 5:04:45 PM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
 
Error - 12/29/2012 9:12:20 AM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
 
Error - 1/1/2013 8:17:57 AM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
 
Error - 1/5/2013 8:37:11 AM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
 
Error - 1/11/2013 1:06:30 PM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
 
Error - 1/13/2013 6:38:20 AM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
 
Error - 1/21/2013 12:52:14 PM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
 
Error - 2/20/2013 12:54:16 PM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
 
Error - 2/24/2013 1:54:59 PM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
 
Error - 2/25/2013 11:28:11 AM | Computer Name = GVSSteffiMaaßen | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]
 
[ HP Wireless Assistant Events ]
Error - 11/12/2010 12:52:54 PM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt     bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 11/12/2010 12:52:54 PM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt     bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 11/13/2010 11:52:42 AM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt     bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 11/13/2010 11:52:42 AM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt     bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 6/22/2011 2:08:46 PM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 System.Management.ManagementBaseObject.get_Item(String propertyName)     bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 9/10/2011 7:09:06 AM | Computer Name = GVSSteffiMaaßen | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  bei HardwareAccess.Hardware.Instance()     bei PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme
 powerScheme)
 
Error - 12/27/2011 7:49:45 AM | Computer Name = GVSSteffiMaaßen | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  bei HardwareAccess.Hardware.Instance()     bei PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme
 powerScheme)
 
Error - 5/14/2012 6:33:25 AM | Computer Name = GVSSteffiMaaßen | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  bei HardwareAccess.Hardware.Instance()     bei PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme
 powerScheme)
 
Error - 6/2/2012 12:44:39 PM | Computer Name = GVSSteffiMaaßen | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObjectSearcher.Initialize()

   bei System.Management.ManagementObjectSearcher.Get()     bei HPPA_Service.CurrentConfiguration.FindDevice(String
 hostPath, String portName)     bei HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
 radio)     bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()     bei 
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()     bei HPPA_Service.CurrentConfiguration.ApplyFriendlyNames()

   bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 9/29/2012 1:10:50 PM | Computer Name = GVSSteffiMaaßen | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  bei HardwareAccess.Hardware.Instance()     bei PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme
 powerScheme)
 
[ OSession Events ]
Error - 12/24/2010 11:08:52 AM | Computer Name = GVSSteffiMaaßen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5446
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 7/29/2012 5:20:33 AM | Computer Name = GVSSteffiMaaßen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 202
 seconds with 180 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 3/27/2013 2:05:20 PM | Computer Name = GVSSteffiMaaßen | Source = PNRPSvc | ID = 102
Description = 
 
Error - 3/27/2013 2:05:20 PM | Computer Name = GVSSteffiMaaßen | Source = PNRPSvc | ID = 102
Description = 
 
Error - 3/27/2013 2:05:20 PM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 3/27/2013 2:05:20 PM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 3/27/2013 2:05:20 PM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 3/27/2013 2:05:20 PM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 3/27/2013 2:06:07 PM | Computer Name = GVSSteffiMaaßen | Source = PNRPSvc | ID = 102
Description = 
 
Error - 3/27/2013 2:06:07 PM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 3/27/2013 2:06:07 PM | Computer Name = GVSSteffiMaaßen | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
 
< End of report >
         
--- --- ---


LG Kirsche0815

Antwort

Themen zu Archivbombe und 2 Trojaner
.dll, .dll fehler, appdata, avast, c:\windows, code, dateien, fehler, google, infiziert, internet, laptop, löschen, musik, norton, norton internet security, ordner, recycle.bin, screenshot, security, sp3, temp, trojan-gen, trojaner, win32, windows




Zum Thema Archivbombe und 2 Trojaner - Hallo Ihr Fleißigen, ich bräuchte schon wieder mal eure Hilfe, diesmal ist mein Laptop betroffen. Nachdem ich mich gestern von Norton Internet Security verabschiedet habe und Avast! installiert habe, hat - Archivbombe und 2 Trojaner...
Archiv
Du betrachtest: Archivbombe und 2 Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.