Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner blockiert PC

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.06.2013, 18:17   #1
guv_victim
 
GVU Trojaner blockiert PC - Standard

GVU Trojaner blockiert PC



Hallo,

ich habe das Problem, dass ich mir heute auf meinem PC den GVU-Trojaner eingefangen habe. D.H. es erschien nach dem surfen plötzlich die Meldung, dass ich 100,- € zahlen soll, etc.

Nun muss dringen wieder an meinen PC und lese mich schon etwas in die Thematik ein.
ICh wollte es mit dem Kaspersky unlocker versuchen und lade diesen gerade herunter. Ist die Erfolgsaussicht hierbei hoch? Was kann ich alternativ machen?

Habe hier schon gelesen, dass ich OLTPENET nutzen soll?!

Das OS ist Windows 7.

Ich hoffe auf Eure Unterstützung, da ich auf dem PC wichtige Dateien habe, die ich wirklich zeitnah wieder benötige...!

Vielen Dank im Voraus

Martin

Alt 25.06.2013, 18:25   #2
aharonov
/// TB-Ausbilder
 
GVU Trojaner blockiert PC - Standard

GVU Trojaner blockiert PC



Hallo Martin,

Zitat:
Das OS ist Windows 7.
Und ist das ein 32-bit oder ein 64-bit System?
__________________

__________________

Alt 25.06.2013, 18:27   #3
guv_victim
 
GVU Trojaner blockiert PC - Standard

GVU Trojaner blockiert PC



Danke für die schnelle Antwort. Wie finde ich das denn heraus? Ich meine es wäre ein 64Bit, bin mir aber ohne System Manager nicht sicher!
__________________

Alt 25.06.2013, 18:30   #4
aharonov
/// TB-Ausbilder
 
GVU Trojaner blockiert PC - Standard

GVU Trojaner blockiert PC



Ok, dann versuchen wir es mal mit der 64-bit Version:


Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere diese auf einen USB Stick (nicht in einen Unterordner!).
Schliesse den USB Stick an den infizierten Rechner an.

Du musst das System nun in die System Reparatur Option booten:
Variante 1 - Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während des Hochfahrens drücke mehrmals die F8 Taste.
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils Weiter.

oder

Variante 2 - Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und boote von der CD.
  • Wähle die Spracheinstellungen und klicke Weiter.
  • Klicke auf Computerreparaturoptionen.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils Weiter.

Wenn du jetzt in den Reparaturoptionen bist, wähle Eingabeaufforderung.
  • Gib nun bitte notepad ein und drücke Enter.
    • Es öffnet sich ein Textdokument. Klicke auf Datei -> Speichern unter und wähle Computer.
    • Lese nun hier den Laufwerksbuchstaben deines USB Sticks (z.B. e:\) ab.
    • Schliesse Notepad wieder.
  • Gib nun bitte folgenden Befehl ein und drücke Enter:
    e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan.
Das Tool erstellt eine Datei FRST.txt auf deinem USB Stick. Poste dessen Inhalt bitte hier.
__________________
cheers,
Leo

Alt 25.06.2013, 18:48   #5
guv_victim
 
GVU Trojaner blockiert PC - Standard

GVU Trojaner blockiert PC



Super, hat bis hierhin geklappt - lieben Dank! Lt. der Datei ist es auch ein 64Bit System!
Die Datei ist im Anhang. Was kann ich denn nun tun?

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2013 01
Ran by SYSTEM on 25-06-2013 19:48:12
Running from G:\
WIN_7 Service Pack 1 (X64) OS Language: English(US)
Boot Mode: Recovery
Attention: Could not load system hive.
Attention: System hive is missing.

==================== Registry (Whitelisted) ==================

Attention: Software hive is missing.

ATTENTION: Software hive is not loaded.

BootExecute: 

==================== Services (Whitelisted) =================


==================== Drivers (Whitelisted) ====================


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========


==================== One Month Modified Files and Folders =======


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.

==================== EXE ASSOCIATION =====================

HKLM\...\.exe:  <===== ATTENTION!
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION!
HKLM\...\exefile\open\command:  <===== ATTENTION!

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 10%
Total physical RAM: 8133.42 MB
Available physical RAM: 7300.04 MB
Total Pagefile: 8131.62 MB
Available Pagefile: 7283.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive f: (KRD10) (CDROM) (Total:0.31 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:7.41 GB) (Free:7.41 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:3.87 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238 GB) (Disk ID: 135CCE5B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=60 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=167 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================
         
--- --- ---

Angehängte Dateien
Dateityp: txt FRST.txt (3,4 KB, 143x aufgerufen)

Geändert von guv_victim (25.06.2013 um 19:03 Uhr)

Alt 25.06.2013, 19:43   #6
guv_victim
 
GVU Trojaner blockiert PC - Standard

GVU Trojaner blockiert PC



Entschuldigt bitte den erneuten Post, aber meine Nerven liegen gerade total brach! Auf dem PC liegt meine Bachelorthesis, an die ich dringend muss.

Ich habe schon versucht, mit anderen Live-Systemen zu booten, scheitere aber daran, dass die HDD mit TrueCrypt verschlüsselt ist und ich diese mit der Kaspersky Unlock-Boot CD nicht zugreifen kann.

Hat einer weitere Ideen? Bitte, ich tue echt alles, um hier nicht alleine zu stehen!

Alt 25.06.2013, 19:52   #7
aharonov
/// TB-Ausbilder
 
GVU Trojaner blockiert PC - Standard

GVU Trojaner blockiert PC



Zitat:
Ich habe schon versucht, mit anderen Live-Systemen zu booten, scheitere aber daran, dass die HDD mit TrueCrypt verschlüsselt ist
Ja, und daran ist auch der FRST-Scan gescheitert.. Damit kann man auch nichts anfangen..

Ich muss mal überlegen, was man da machen kann..
__________________
cheers,
Leo

Alt 25.06.2013, 19:53   #8
aharonov
/// TB-Ausbilder
 
GVU Trojaner blockiert PC - Standard

GVU Trojaner blockiert PC



Übrigens: Hast du eigentlich schon mal versucht, ob der abgesicherte Modus mit Eingabeaufforderung noch funktioniert, so dass du dort in das schwarze Konsolenfenster gelangst?
__________________
cheers,
Leo

Alt 25.06.2013, 19:57   #9
guv_victim
 
GVU Trojaner blockiert PC - Standard

GVU Trojaner blockiert PC



Danke,
ich habe die Anleitung hier befolgt: http://www.trojaner-board.de/132035-...scan-tool.html

Wurde aber auch nicht nach Benutzernamen gefragt, sondern konnte sofort den Bioldschirm "Wiederherstellungsoptionen" sehen.

Liegt dann vielleicht daran, dass der Scan gescheiter ist - kann ich die explizite Anmeldung irgendwie provozieren?
Wenn ich in den abgesicherten Modus gehe, kann ich mich anmelden - soll ich hier nochmal den Scan versuchen?

Alt 25.06.2013, 20:04   #10
aharonov
/// TB-Ausbilder
 
GVU Trojaner blockiert PC - Standard

GVU Trojaner blockiert PC



Du hast den FRST-Scan schon richtig gemacht, aber in den Reperaturoptionen ist die Platte halt nicht entschlüsselt und dadurch konnte FRST nichts lesen..

Zitat:
Wenn ich in den abgesicherten Modus gehe, kann ich mich anmelden - soll ich hier nochmal den Scan versuchen?
Kommst du also im abgesicherten Modus mit Eingabeaufforderung auf das schwarze Konsolenfenster oder nicht?
__________________
cheers,
Leo

Alt 25.06.2013, 20:10   #11
guv_victim
 
GVU Trojaner blockiert PC - Standard

GVU Trojaner blockiert PC



Also, folgendes:
- wenn ich im abgesicherten Modus mit Eingabeaufforderung starte, erhalte ich direkt den Windows 7 Anmeldeprompt. Nach Anmeldung erscheint dann der cmd Prompt.
--> ist es das, worauf Du hinaus wolltest?


- Wenn ich im abgesicherten Modus nach meiner Benutzeranmeldung den Scan erneut starte, erhalte ich eine leere Datei!

Kann ich mit noch mehr Infos dienen?

Ich habe den Scan nun so nocheinmal durchgeführt, allerdings erhalte nich nur das folgende Ergebnis:
Code:
ATTFilter

LastRegBack: 2013-01-14 11:44

==================== End Of Log ============================
         
Außerdem habe ich keinen Zugriff auf mein zweites Laufwerk, auf dem sich alle weiteren Daten und mein Benutzerprofil befinden. Ich sehe nur das Laufwerk C mit dem Betriebssystem. Ist das normal?

Alt 25.06.2013, 20:30   #12
aharonov
/// TB-Ausbilder
 
GVU Trojaner blockiert PC - Standard

GVU Trojaner blockiert PC



Hm. Versuch bitte mal das:



Lade dir auf einem Zweitrechner bitte OTL (von Oldtimer) herunter und speichere es auf einen USB-Stick (nicht in einen Unterordner!).
  • Schliesse diesen USB-Stick nun an den infizierten Rechner an.
  • Starte den infizierten Computer in den abgesicherten Modus mit Eingabeaufforderung. (Anleitung)
  • In der Kommandozeile gib nun notepad ein und drücke Enter.
    • Es öffnet sich ein Textdokument. Klicke auf Datei -> Speichern unter und wähle Arbeitsplatz.
    • Lese hier nun den Laufwerksbuchstaben deines USB Sticks (z.B. e:\) ab.
    • Schliesse Notepad wieder.
  • Gib nun bitte folgenden Befehl in die Kommandozeile ein und drücke Enter:
    e:\OTL.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
    Es sollte sich nun das Fenster von OTL öffnen.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Setze den Haken bei Scan all Users.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) angezeigt und auf den USB-Stick gespeichert.
  • Poste bitte auf dem Zweitrechner den Inhalt dieser Logfiles hier in den Thread.
__________________
cheers,
Leo

Alt 25.06.2013, 20:49   #13
guv_victim
 
GVU Trojaner blockiert PC - Standard

GVU Trojaner blockiert PC



Alles klar, habe ich ausgeführt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 25.06.2013 21:45:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,94 Gb Total Physical Memory | 7,28 Gb Available Physical Memory | 91,61% Memory free
15,81 Gb Paging File | 15,15 Gb Available in Paging File | 95,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,57 Gb Total Space | 8,72 Gb Free Space | 14,64% Space Free | Partition Type: NTFS
Drive F: | 7,41 Gb Total Space | 7,40 Gb Free Space | 99,97% Space Free | Partition Type: FAT32
 
Computer Name: LAPTOP | User Name: XXX | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DA94FA-4C2A-49D5-A805-D9A74FD0FD36}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe | 
"{0A070C0F-E315-4B37-A637-2B60BCFDD27C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1F03400E-8C9F-4DCE-8B87-9E9B7722DF2D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{978DA08B-F0D4-4982-960D-0BE933C9E2FB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24AE7CE9-BD93-4B09-A75D-93AF56AA0115}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{5000EA37-6F65-4539-BEB6-0798AC1384C0}" = protocol=17 | dir=in | app=g:\users\username\appdata\roaming\dropbox\bin\dropbox.exe | 
"{54FE7AAE-75CA-46D3-B026-B30F04F50FC4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{5A1EBC67-359F-48EC-9057-61F8A729BF65}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5C6AD51B-D97B-441C-A058-06CDD43F1BBE}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{81187E32-8BC3-4196-A3C8-BD6A26BBBA43}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{8B31EA57-B124-499A-B646-4DBF846390EB}" = protocol=17 | dir=in | app=g:\users\username\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A55BDF89-FC85-4459-9C57-CDC62EBFA0B7}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe | 
"{BCF17EEB-25AD-416A-AAE0-86ADAE285F08}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{D6174F44-F1B6-4E0D-B88D-1D8104D3D413}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{E64B3D36-23AA-4F4D-AE09-A5A44B911E3C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{E749CC88-CF40-48BA-A179-30E6ACE65F2D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{E97CC76A-5EA8-4F70-A47C-AA17B0A6A674}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{F3D3E5EE-2A64-4FE4-AEC2-3514DD0C0A83}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{F63D2648-C04C-4B26-A012-16030CBF3938}" = protocol=6 | dir=in | app=g:\users\username\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FDF83697-4FCF-42F5-8E78-B91E19086AF6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{FED56AA4-4636-41D7-89ED-696FB44013FF}" = protocol=6 | dir=in | app=g:\users\username\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2CD270A2-98D0-41C2-9FC3-696950BAB01B}" = DNE Update
"{2CDF9857-2CC5-423C-8415-F2D796517C7F}" = Dell ControlVault Host Components Installer 64 bit
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{30C2392C-C7D6-4FE2-9617-05D2C6E9D3EE}" = Wave Infrastructure Installer
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5F5CBF39-BD29-43C8-B63A-B9758F0FD090}" = EMBASSY Client Core
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6438A99C-A37E-4758-A0AE-95F8A63AAFF5}" = Intel(R) Network Connections 16.8.45.02
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2013
"{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}" = Dell Feature Enhancement Pack
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = WIDCOMM Bluetooth Software
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.14
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.14
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.14
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{E9A97832-83B6-42B6-BAC6-492E344C2561}" = NTRU TCG Software Stack
"{ECE5B218-A086-4E18-A362-D11181681457}" = Intel® PROSet/Wireless WiFi-Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows-Treiberpaket - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel(R) Network Connections 16.8.45.02
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04566294-A6B6-4462-9721-031073EB3694}" = Dell Client System Update
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{130D3951-8029-4115-A2BE-68F19B63B491}" = HTC Sync Manager
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DC8AD9A-28D0-4800-818D-61667A971ED1}" = O2Micro Flash Memory Card Windows Driver
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E839820-0BBA-4310-9D06-4463BAEA6641}" = Secure Download Manager
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{703BB500-F54C-4F33-9D3C-D7A28CEAFBCF}" = toolkit32for64bit
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8C0600A3-E772-4FC8-A67D-ED110E69665C}" = Wave Crypto Runtime 2.0.7.0 x86
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0054-0407-0000-0000000FF1CE}" = Microsoft Visio MUI (German) 2013
"{90150000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-00A1-0407-0000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00B4-0407-0000-0000000FF1CE}" = Microsoft Project MUI (German) 2013
"{90150000-00E1-0407-0000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{91150000-003B-0000-0000-0000000FF1CE}" = Microsoft Project Professional 2013
"{91150000-0051-0000-0000-0000000FF1CE}" = Microsoft Visio Professional 2013
"{91150000-00A1-0000-0000-0000000FF1CE}" = Microsoft OneNote 2013
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}" = ST Microelectronics 3 Axis Digital Accelerometer Solution
"{9D583F01-A973-4B04-90BD-FB7886779090}" = Dell Wireless HSPA Mini-Card Drivers
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86)
"{AC76BA86-1033-F400-BA7E-000000000005}" = Adobe Acrobat X Standard - English, Français, Deutsch
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{C6A5D6E2-19B4-4005-9670-C4D36C3AD55A}" = Nero BackItUp and Burn Essentials
"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Areca" = Areca
"DAEMON Tools Lite" = DAEMON Tools Lite
"FRITZ! 2.0" = AVM FRITZ!
"FRITZ! LAN Assistent" = AVM FRITZ! LAN Assistent
"GanttProject" = GanttProject
"ImgBurn" = ImgBurn
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6DC8AD9A-28D0-4800-818D-61667A971ED1}" = O2Micro Flash Memory Card Windows Driver
"KeePass Password Safe_is1" = KeePass Password Safe 1.25
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.7.0 (Full)
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NIS" = Norton Internet Security
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Office15.ONENOTER" = Microsoft OneNote 2013
"Office15.PRJPROR" = Microsoft Project Professional 2013
"Office15.VISPROR" = Microsoft Visio Professional 2013
"PhonerLite_is1" = PhonerLite 1.95
"SAP Enterprise Central Component 6.0, SR1 German" = SAP Enterprise Central Component 6.0, SR1 German
"SAP NetWeaver 2004s Support Package Stack 07 including BI Content Add-On 3  German" = SAP NetWeaver 2004s Support Package Stack 07 including BI Content Add-On 3  German
"SAP_Engineering Client Viewer 7.0" = Engineering Client Viewer 7.0
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI for Windows 7.20
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"SnapShot_is1" = SnapShot
"TeamViewer 8" = TeamViewer 8
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 2.0.5
"winscp3_is1" = WinSCP 5.1.5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
 
< End of report >
         
--- --- ---

[/CODE]

Und die zweite:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 25.06.2013 21:45:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,94 Gb Total Physical Memory | 7,28 Gb Available Physical Memory | 91,61% Memory free
15,81 Gb Paging File | 15,15 Gb Available in Paging File | 95,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,57 Gb Total Space | 8,72 Gb Free Space | 14,64% Space Free | Partition Type: NTFS
Drive F: | 7,41 Gb Total Space | 7,40 Gb Free Space | 99,97% Space Free | Partition Type: FAT32
 
Computer Name: LAPTOP | User Name: XXX | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.25 21:33:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.11.09 19:38:06 | 000,189,608 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.12 08:53:12 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.03 16:54:18 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.24 10:10:07 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013.05.10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.12.12 20:00:02 | 000,087,368 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService)
SRV - [2012.12.07 18:26:56 | 000,167,424 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.10.01 21:47:24 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2012.08.28 05:04:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.08.28 02:56:10 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.08.23 17:05:12 | 003,342,640 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2012.08.23 17:04:28 | 000,272,688 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2012.08.23 17:04:00 | 000,629,040 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012.08.23 17:03:14 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2012.08.15 17:38:04 | 002,280,504 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Programme\Dell\Feature Enhancement Pack\DFEPService.exe -- (DFEPService)
SRV - [2012.07.19 11:00:54 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.07.19 11:00:52 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.07.19 11:00:28 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.06.19 20:10:34 | 000,634,632 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.04.25 00:00:16 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.02.22 14:09:52 | 000,945,440 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2012.02.13 23:20:00 | 000,313,856 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2012.01.17 08:45:16 | 000,218,504 | ---- | M] () [Auto | Stopped] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe -- (EmbassyService)
SRV - [2012.01.16 16:29:58 | 000,198,144 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe -- (WvPCR)
SRV - [2012.01.05 16:02:14 | 001,679,872 | ---- | M] (Wave Systems Corp.) [Auto | Stopped] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service)
SRV - [2011.12.08 11:45:42 | 004,146,032 | ---- | M] (Wave Systems Corp.) [Auto | Stopped] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2011.12.02 15:03:00 | 001,043,872 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2011.12.02 15:03:00 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2011.11.29 21:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.11.18 15:43:58 | 000,655,912 | R--- | M] (Ericsson AB) [Auto | Stopped] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2011.11.11 15:42:14 | 002,167,176 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2011.10.08 23:48:08 | 001,637,888 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2011.01.14 12:55:14 | 000,572,712 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.11.25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010.11.25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010.11.21 05:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.10.25 17:08:58 | 000,206,128 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVM\de_serv.exe -- (de_serv)
SRV - [2003.04.18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.06.19 09:55:09 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013.05.23 07:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013.05.21 07:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013.05.16 07:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013.04.25 02:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013.04.16 04:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013.03.05 03:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013.03.05 03:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013.02.07 17:15:01 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.01.21 16:06:40 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV:64bit: - [2013.01.21 12:03:43 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013.01.14 13:17:51 | 000,615,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2013.01.14 13:17:51 | 000,211,496 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2013.01.14 13:17:51 | 000,184,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2013.01.14 13:17:51 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2013.01.14 13:17:51 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2013.01.14 13:17:51 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012.12.07 19:27:50 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012.09.30 12:24:08 | 011,523,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012.09.19 12:16:20 | 000,447,864 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2012.08.28 05:04:00 | 000,284,008 | ---- | M] (NVIDIA Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2012.08.28 05:04:00 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.08.10 16:44:18 | 000,482,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012.07.03 09:25:18 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.07.02 16:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.05.21 13:54:04 | 000,068,208 | ---- | M] (STMicroelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ST_ACCEL.sys -- (ST_ACCEL)
DRV:64bit: - [2012.03.26 20:09:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.27 05:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.02.27 05:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.02.27 05:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.02.13 23:20:00 | 000,535,552 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.12.07 11:54:20 | 000,282,152 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ)
DRV:64bit: - [2011.12.02 15:03:12 | 000,015,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wbfcvusbdrv.sys -- (wbfcvusbdrv)
DRV:64bit: - [2011.12.02 15:03:08 | 000,045,672 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2011.11.29 20:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.11.14 16:44:46 | 000,084,712 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011.11.09 18:27:18 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2011.10.05 12:38:32 | 000,029,736 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2011.10.05 12:38:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2011.10.05 11:52:08 | 000,102,440 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\d554gps64.sys -- (d554gps)
DRV:64bit: - [2011.08.22 16:47:50 | 000,483,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm)
DRV:64bit: - [2011.08.22 16:47:50 | 000,430,664 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt)
DRV:64bit: - [2011.08.22 16:47:50 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl)
DRV:64bit: - [2011.08.22 16:47:44 | 000,419,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV:64bit: - [2011.08.17 15:31:08 | 000,061,992 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\d554scard.sys -- (d554scard)
DRV:64bit: - [2011.08.04 01:10:56 | 000,132,184 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dnelwf64.sys -- (DNE)
DRV:64bit: - [2011.07.15 22:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.20 15:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 13:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010.11.20 13:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.09.30 21:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.09.30 21:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.06.23 19:17:36 | 000,025,144 | ---- | M] (Evoluent) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EvoMouseDriverFilterHidUsb.sys -- (EvoMouseDriverFilterHidUsb)
DRV:64bit: - [2010.06.23 19:17:36 | 000,022,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EvoMouseDriverMini.sys -- (EvoMouseDriverMini)
DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.11.02 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.05.31 18:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130620.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013.05.22 09:46:41 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130624.020\ex64.sys -- (NAVEX15)
DRV - [2013.05.22 09:46:41 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130624.020\eng64.sys -- (NAVENG)
DRV - [2013.03.14 04:27:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013.02.01 17:34:14 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130622.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.08.18 03:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.05.17 14:21:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2013.06.25 21:32:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\ [2013.02.04 13:50:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.05.24 10:10:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.24 10:10:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [DFEPApplication] C:\Programme\Dell\Feature Enhancement Pack\DFEPApplication.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [TdmNotify] C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\AppData [2009.07.14 06:55:33 | 000,000,000 | --SD | M]
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\Desktop [2013.06.21 08:06:04 | 000,000,000 | R--D | M]
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\ntuser.dat ()
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\ntuser.dat.LOG1 ()
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\ntuser.dat.LOG2 ()
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\ntuser.dat{8f8464fe-6ec4-11e2-8ffe-028037ec0200}.TM.blf ()
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\ntuser.dat{8f8464fe-6ec4-11e2-8ffe-028037ec0200}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\ntuser.dat{8f8464fe-6ec4-11e2-8ffe-028037ec0200}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\ntuser.dat{8f846505-6ec4-11e2-8ffe-028037ec0200}.TM.blf ()
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\ntuser.dat{8f846505-6ec4-11e2-8ffe-028037ec0200}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\ntuser.dat{8f846505-6ec4-11e2-8ffe-028037ec0200}.TMContainer00000000000000000002.regtrans-ms ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{054893B0-11FE-4170-AAC9-27124EC92BF3}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63DE33C2-5915-4AE7-B796-6BB653027FC7}: NameServer = 193.254.160.001,193.254.160.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E3C9537-856F-48D4-AE91-024E505E5D75}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A921560-CB50-44F0-97EB-51B7CAE20C2A}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) -  File not found
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.25 21:04:08 | 000,000,000 | ---D | C] -- C:\FRST
[2013.06.25 21:04:08 | 000,000,000 | ---D | C] -- \FRST
[2013.06.25 17:35:57 | 000,000,000 | ---D | C] -- C:\Mozilla
[2013.06.25 17:35:57 | 000,000,000 | ---D | C] -- \Mozilla
[2013.06.25 14:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2013.06.25 14:47:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP
[2013.06.20 08:36:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.06.19 08:09:39 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.19 08:09:39 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.19 08:09:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.19 08:09:39 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.06.19 08:09:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.19 08:09:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.19 08:09:39 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.19 08:09:39 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.19 08:09:39 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.19 08:09:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.19 08:09:38 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.19 08:09:38 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.19 08:09:38 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.19 08:08:07 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.19 08:08:07 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.12 08:52:19 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.12 08:52:19 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.12 08:52:19 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.12 08:52:19 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.12 08:52:18 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.12 08:52:17 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.12 08:52:17 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.12 08:52:17 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.12 08:52:17 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.12 08:52:17 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.12 08:52:17 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.12 08:51:56 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.12 08:51:55 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.25 21:40:53 | 001,501,024 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.25 21:40:53 | 000,655,506 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.25 21:40:53 | 000,617,088 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.25 21:40:53 | 000,130,046 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.25 21:40:53 | 000,106,270 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.25 21:39:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.25 21:39:41 | 2101,415,935 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.25 19:16:45 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.25 19:16:45 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.25 18:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.25 17:05:15 | 002,927,924 | ---- | M] () -- C:\ProgramData\2433f433
[2013.06.25 14:47:01 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\WinSCP.lnk
[2013.06.20 08:36:53 | 002,118,659 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\Cat.DB
[2013.06.20 08:36:45 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\VT20130115.021
[2013.06.19 09:55:09 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.06.19 09:55:09 | 000,007,631 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.06.19 09:55:09 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.06.12 08:53:11 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.12 08:53:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.04 08:34:29 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\isolate.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.25 17:05:15 | 002,927,924 | ---- | C] () -- C:\ProgramData\2433f433
[2013.06.25 14:47:01 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\WinSCP.lnk
[2013.03.19 14:19:50 | 000,755,793 | ---- | C] () -- \rfc03292_01072.trc
[2013.03.19 14:19:47 | 001,500,716 | ---- | C] () -- \CPICTRC3292
[2013.03.18 10:24:21 | 001,424,518 | ---- | C] () -- \rfc03208_03080.trc
[2013.03.18 10:24:15 | 017,577,066 | ---- | C] () -- \CPICTRC3208
[2013.03.18 10:21:56 | 000,000,223 | ---- | C] () -- \rfc01688_03564.trc
[2013.03.18 10:21:54 | 000,000,739 | ---- | C] () -- \dev_rfc.trc
[2013.03.18 10:21:38 | 000,005,430 | ---- | C] () -- \CPICTRC1688
[2013.02.13 08:45:09 | 000,000,075 | ---- | C] () -- \settings.dat
[2013.01.21 16:07:20 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2013.01.18 16:14:17 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll
[2013.01.18 16:14:17 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll
[2013.01.18 16:14:17 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll
[2013.01.18 16:14:17 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll
[2013.01.18 16:14:17 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll
[2013.01.18 16:00:15 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.01.18 13:16:44 | 000,035,404 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat
[2013.01.14 13:19:08 | 001,524,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.14 12:16:34 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe
[2013.01.14 12:16:34 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2013.01.14 12:04:23 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2013.01.14 12:04:22 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2013.01.14 12:04:18 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013.01.14 12:04:16 | 013,024,768 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2013.01.14 11:44:32 | 2101,415,935 | -HS- | C] () -- \hiberfil.sys
[2012.06.19 19:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.11.14 11:29:30 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_zh-HK.dll
[2011.11.14 11:29:28 | 000,088,064 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_th.dll
[2011.11.14 11:29:26 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_sl.dll
[2011.11.14 11:29:24 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_hr.dll
[2011.11.14 11:29:24 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_sk.dll
[2011.11.14 11:29:20 | 000,089,088 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_tr.dll
[2011.11.14 11:29:18 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ro.dll
[2011.11.14 11:29:16 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_pt-BR.dll
[2011.11.14 11:29:14 | 000,092,160 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_hu.dll
[2011.11.14 11:29:12 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_fi.dll
[2011.11.14 11:29:12 | 000,084,992 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_he.dll
[2011.11.14 11:29:10 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_el.dll
[2011.11.14 11:29:08 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_cs.dll
[2011.11.14 11:29:08 | 000,087,040 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ar.dll
[2011.11.14 11:29:06 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_zh-CHT.dll
[2011.11.14 11:29:04 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_zh-CHS.dll
[2011.11.14 11:29:02 | 000,091,648 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_sv.dll
[2011.11.14 11:29:00 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ru.dll
[2011.11.14 11:28:58 | 000,094,720 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_pt.dll
[2011.11.14 11:28:58 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_pl.dll
[2011.11.14 11:28:56 | 000,089,600 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_no.dll
[2011.11.14 11:28:54 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_nl.dll
[2011.11.14 11:28:54 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ko.dll
[2011.11.14 11:28:52 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ja.dll
[2011.11.14 11:28:50 | 000,094,720 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_it.dll
[2011.11.14 11:28:48 | 000,095,232 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_fr.dll
[2011.11.14 11:28:46 | 000,094,720 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_es.dll
[2011.11.14 11:28:44 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_de.dll
[2011.11.14 11:28:42 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_da.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---

[/CODE]

Ist das was brauchbares?

Alt 25.06.2013, 21:34   #14
aharonov
/// TB-Ausbilder
 
GVU Trojaner blockiert PC - Standard

GVU Trojaner blockiert PC



Hm, das ist schon eine vertrackte Sache hier.. Man sieht viel zu wenig im Log. Gewisse Daten sind immer noch nicht zugänglich.

Ich versuch mal einen blinden Fix.
Mach bitte Folgendes und schau dann, ob dir immer noch der GVU-Sperrschirm im Wege steht danach.



Erstelle zuerst auf einem Zweitrechner das Fixskript:
  • Drücke dazu bitte die + R Taste, schreibe "notepad" in das Ausführen Fenster und drücke OK.
  • Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument:
    Code:
    ATTFilter
    :files
    C:\2433f433 /s
    
    :commands
    [emptytemp]
             
  • Speichere dann die Datei als fix.txt auf den USB-Stick, wo die OTL.exe liegt.
Danach führe folgendermassen den Fix aus:
  • Schliesse den USB-Stick wieder an den infizierten Rechner an und starte diesen in den abgesicherten Modus mit Eingabeaufforderung.
  • Gib nun bitte folgenden Befehl in die Kommandozeile ein und drücke Enter:
    e:\OTL.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
    Es sollte sich nun das Fenster von OTL öffnen.
  • Klicke auf den Fix Button.
  • Drücke dann OK, um den Fix von einem File zu laden.
  • Wähle die erstellte fix.txt auf dem USB-Stick aus. Ihr Inhalt wird in die Textbox eingefügt.
  • Klicke nun erneut auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach einem Neustart versuche wieder in den normalen Modus zu booten.
  • Auf deinem USB-Stick sollte im Ordner _OTL ein Log-File (\_OTL\MovedFiles\<time_date>.txt) erstellt worden sein.
  • Kopiere nun dessen Inhalt hier in deinen Thread.
__________________
cheers,
Leo

Alt 25.06.2013, 21:40   #15
guv_victim
 
GVU Trojaner blockiert PC - Standard

GVU Trojaner blockiert PC



Was geschieht denn hierbei, kann ich hierbei "nochmehr" zerstören?

Antwort

Themen zu GVU Trojaner blockiert PC
alter, blockiert, dateien, dringen, eingefangen, gen, heute, hoffe, kaspersky, meldung, nutze, nutzen, plötzlich, problem, surfe, surfen, thema, trojaner, unlocker, unterstützung, versuche, wichtige, windows, wirklich, zahlen



Ähnliche Themen: GVU Trojaner blockiert PC


  1. Virus / Trojaner blockiert Avira "...wurde durch eine Gruppenrichtlinie blockiert"
    Log-Analyse und Auswertung - 19.03.2014 (7)
  2. 50-€-Trojaner, Windows 7 blockiert!
    Log-Analyse und Auswertung - 01.04.2012 (6)
  3. 50€ Trojaner, Windows blockiert
    Plagegeister aller Art und deren Bekämpfung - 29.03.2012 (6)
  4. Window blockiert, 50€ Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.03.2012 (13)
  5. AKM Trojaner blockiert PC
    Log-Analyse und Auswertung - 18.03.2012 (1)
  6. Windowssystem blockiert, Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.03.2012 (14)
  7. Trojaner Windows blockiert
    Log-Analyse und Auswertung - 23.02.2012 (32)
  8. Pc wird blockiert: Aus Sicherheitsgründen wurde ihr Windows System blockiert.....
    Log-Analyse und Auswertung - 29.12.2011 (19)
  9. Screen durch unbekanntes Programm blockiert; Taskmgr und Regedit blockiert.
    Plagegeister aller Art und deren Bekämpfung - 25.12.2011 (14)
  10. PC bzw.Screen durch Virus/Malware blockiert; Taskmgr und Regedit blockiert nur MS-Dos funktioniert
    Plagegeister aller Art und deren Bekämpfung - 24.12.2011 (14)
  11. Screen durch unbekanntes Programm blockiert; Taskmgr und Regedit blockiert.
    Plagegeister aller Art und deren Bekämpfung - 23.12.2011 (2)
  12. Pc wird blockiert: Aus Sicherheitsgründen wurde ihr Windows System blockiert.....
    Plagegeister aller Art und deren Bekämpfung - 12.12.2011 (7)
  13. BKA Trojaner blockiert alles
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  14. Trojaner blockiert Normalmodus
    Plagegeister aller Art und deren Bekämpfung - 24.08.2010 (6)
  15. Trojaner blockiert Browser und dll's
    Plagegeister aller Art und deren Bekämpfung - 24.03.2010 (1)
  16. Sämtliche Antivirensoftware wird blockiert + Sites mit hijackthis werden blockiert +
    Log-Analyse und Auswertung - 17.01.2010 (3)
  17. Browser blockiert und auch Antivir Update blockiert
    Plagegeister aller Art und deren Bekämpfung - 16.09.2009 (1)

Zum Thema GVU Trojaner blockiert PC - Hallo, ich habe das Problem, dass ich mir heute auf meinem PC den GVU-Trojaner eingefangen habe. D.H. es erschien nach dem surfen plötzlich die Meldung, dass ich 100,- € zahlen - GVU Trojaner blockiert PC...
Archiv
Du betrachtest: GVU Trojaner blockiert PC auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.