| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Again: Bundespolizei TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.12.2013, 00:11
| #1 |
| |  Again: Bundespolizei Trojaner Liebe Foren-Mitglieder, mich hat es nun auch mit dem ominösen Bundespolizei Trojaner im Firefox erwischt. Haben schon mehrere Anleitungen als Antworten auf frühere Threads gefunden. Allerdings weiß ich nicht, ob die Tipps bzgl. Tools auf den zuvor geposteten Logfiles basierten. Daher würde es mich sehr freuen, wenn ihr nochmals kurz eine Anleitung bzgl. Vorgehen geben könntet. Zuerst OTL-Scan? Oder Farbar's Recovery Scan Tool oder ComboFix? OTL hab ich schon laufen lassen. Die benutzerdefinierten Scans habe ich mit folgenden empfohlenen Einstellungen laufen lassen: Code:
ATTFilter /md5start
explorer.exe
lsass.exe
svchost.exe
wininit.exe
winlogon.exe
userinit.exe
/md5stop
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.exe /s
%APPDATA%\Adobe\Update\*.*
%APPDATA%\Update\*.*
%APPDATA%\Microsoft\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%ALLUSERSPROFILE%\*.*
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.*
%PROGRAMFILES%\Internet Explorer\*.*
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
%systemroot%\*. /mp /s
%systemroot%\*.exe /90
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.dll /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\*.exe /90
%systemroot%\system32\config\*.sav
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%systemroot%\assembly\GAC_64\*.* /S /MD5
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Hier OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.12.2013 23:13:55 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andreas M. \Downloads 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16476) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,69 Gb Total Physical Memory | 4,41 Gb Available Physical Memory | 57,33% Memory free 9,56 Gb Paging File | 6,09 Gb Available in Paging File | 63,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 118,90 Gb Total Space | 48,65 Gb Free Space | 40,92% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 35,96 Gb Free Space | 7,72% Space Free | Partition Type: NTFS Computer Name: THINKPADT430 | User Name: Andreas M. | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Andreas M. \Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Lenovo\SettingsDependency\SettingsService.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe () PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\Lenovo\Communications Utility\AVControlCenter32.exe (Lenovo Corporation) PRC - C:\Programme\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Corporation) PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Corporation) PRC - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe (Microsoft Corporation.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll () ========== Services (SafeList) ========== SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.) SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation) SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation) SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (BcmBtRSupport) -- C:\Windows\SysNative\BtwRSupportService.exe (Broadcom Corporation.) SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (MsKeyboardFilter) -- C:\Windows\SysNative\KeyboardFilterSvc.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Lenovo Settings Service) -- C:\Programme\Lenovo\SettingsDependency\SettingsService.exe (Lenovo Group Limited) SRV - (LocationTaskManager) -- C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe () SRV - (AVControlCenter) -- C:\Programme\Lenovo\Communications Utility\AVControlCenter32.exe (Lenovo Corporation) SRV - (LENOVO.TVTVCAM) -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Corporation) SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Corporation) SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe () SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation) SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (PelService) -- C:\Programme\Lenovo\Lenovo Mouse Suite\PelService.exe () SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe (Microsoft Corporation.) ========== Driver Services (SafeList) ========== DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited) DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.) DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC) DRV:64bit: - (NETwNe64) -- C:\Windows\SysNative\drivers\NETwew00.sys (Intel Corporation) DRV:64bit: - (kbldfltr) -- C:\Windows\SysNative\drivers\kbldfltr.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (Vid) -- C:\Windows\SysNative\drivers\Vid.sys (Microsoft Corporation) DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\drivers\vmbusr.sys (Microsoft Corporation) DRV:64bit: - (storvsp) -- C:\Windows\SysNative\drivers\storvsp.sys (Microsoft Corporation) DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\drivers\vpcivsp.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation) DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (ReFS) -- C:\Windows\SysNative\drivers\refs.sys (Microsoft Corporation) DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation) DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\drivers\BthLEEnum.sys (Microsoft Corporation) DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation) DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.) DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.) DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation) DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation) DRV:64bit: - (e1iexpress) -- C:\Windows\SysNative\drivers\e1i63x64.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (BTWPANFL) -- C:\Windows\SysNative\drivers\btwpanfl.sys (Broadcom Corporation.) DRV:64bit: - (LenovoRd) -- C:\Windows\SysNative\drivers\LenovoRd.sys (Gemalto) DRV:64bit: - (LnvHIDHW) -- C:\Windows\SysNative\drivers\LnvHIDHW.sys (Lenovo) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (pelmoubt) -- C:\Windows\SysNative\drivers\PELMOUBT.SYS (Primax Electronics Ltd.) DRV:64bit: - (pelbtm) -- C:\Windows\SysNative\drivers\PELBTM.SYS (Primax Electronics Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2132384609-1576062560-950552869-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ IE - HKU\S-1-5-21-2132384609-1576062560-950552869-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2132384609-1576062560-950552869-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 65 52 A0 ED F8 CE 01 [binary data] IE - HKU\S-1-5-21-2132384609-1576062560-950552869-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2132384609-1576062560-950552869-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKU\S-1-5-21-2132384609-1576062560-950552869-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7Bdf4e4df5-5cb7-46b0-9aef-6c784c3249f8%7D:1.2.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.12.15 16:36:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.12.14 19:29:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.12.14 18:03:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas M. \AppData\Roaming\mozilla\Extensions [2013.12.20 18:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas M. \AppData\Roaming\mozilla\Firefox\Profiles\gw14tk9t.default\extensions [2013.12.20 18:32:37 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Andreas M. \AppData\Roaming\mozilla\firefox\profiles\gw14tk9t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.12.20 18:31:47 | 000,026,290 | ---- | M] () (No name found) -- C:\Users\Andreas M. \AppData\Roaming\mozilla\firefox\profiles\gw14tk9t.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2013.12.14 18:02:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.12.14 18:02:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.11.15 03:30:36 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ========== Chrome ========== %%deleted by me - wenn notwendig, bitte melden! Danke! CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.12.25 15:56:01 | 000,000,000 | ---D | C] -- D:\Anwenderdaten\A. M. \Documents\Benutzerdefinierte Office-Vorlagen [2013.12.24 23:11:23 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Local\ElevatedDiagnostics [2013.12.21 09:58:26 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\FastCopy %%deleted by me - wenn notwendig, bitte melden! Danke! [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.12.25 23:13:00 | 000,001,162 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.12.25 20:47:04 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.12.25 20:46:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat %%deleted by me - wenn notwendig, bitte melden! Danke! [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.12.25 15:52:47 | 000,001,065 | ---- | C] () -- C:\Users\Andreas M. \Desktop\Dropbox.lnk [2013.12.21 09:58:26 | 000,001,007 | ---- | C] () -- C:\Users\Andreas M. \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FastCopy.lnk [2013.12.21 09:58:26 | 000,000,977 | ---- | C] () -- C:\Users\Andreas M. \Desktop\FastCopy.lnk %%deleted by me - wenn notwendig, bitte melden! Danke! ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.11.05 21:21:27 | 021,196,664 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.11.05 19:51:37 | 018,642,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013.08.22 10:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2013.08.22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013.08.22 10:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== < MD5 for: EXPLORER.EXE > [2013.10.22 07:03:47 | 002,065,448 | ---- | M] (Microsoft Corporation) MD5=1A0BC9598E4A58FC84570FFF5A108E58 -- C:\Windows\SysWOW64\explorer.exe [2013.10.22 07:03:47 | 002,065,448 | ---- | M] (Microsoft Corporation) MD5=1A0BC9598E4A58FC84570FFF5A108E58 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_4ceff22781f6788c\explorer.exe [2013.08.22 06:25:34 | 002,063,408 | ---- | M] (Microsoft Corporation) MD5=2CA8E3C9335C3C8BAEB335345E48364D -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16384_none_4cc7b16f8214372e\explorer.exe [2013.10.22 08:55:27 | 002,328,872 | ---- | M] (Microsoft Corporation) MD5=63DC38C3E4564B2405D562855643ABA2 -- C:\Windows\explorer.exe [2013.10.22 08:55:27 | 002,328,872 | ---- | M] (Microsoft Corporation) MD5=63DC38C3E4564B2405D562855643ABA2 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_429b47d54d95b691\explorer.exe [2013.09.21 10:37:39 | 002,065,960 | ---- | M] (Microsoft Corporation) MD5=712B0D2ADE5297563168C997DDC2DD13 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_4d2233dd81cfba29\explorer.exe [2013.08.22 13:39:51 | 002,328,880 | ---- | M] (Microsoft Corporation) MD5=8479DC46E9A09015C0777A16BC22A15D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16384_none_4273071d4db37533\explorer.exe [2013.09.21 11:54:20 | 002,328,328 | ---- | M] (Microsoft Corporation) MD5=C1400519D76A364E974E47BBA62B95B0 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_42cd898b4d6ef82e\explorer.exe < MD5 for: LSASS.EXE > [2013.08.22 14:25:35 | 000,045,008 | ---- | M] (Microsoft Corporation) MD5=F6F209DDB94959BA104FC8FC87C53759 -- C:\Windows\SysNative\lsass.exe [2013.08.22 14:25:35 | 000,045,008 | ---- | M] (Microsoft Corporation) MD5=F6F209DDB94959BA104FC8FC87C53759 -- C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.3.9600.16384_none_2e2a01a866456d93\lsass.exe [2013.08.22 14:25:35 | 000,045,008 | ---- | M] (Microsoft Corporation) MD5=F6F209DDB94959BA104FC8FC87C53759 -- C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.3.9600.16408_none_2e8484166600f08e\lsass.exe < MD5 for: SVCHOST.EXE > [2013.08.22 06:30:58 | 000,031,552 | ---- | M] (Microsoft Corporation) MD5=425E22D9F5C01616AFC92987791B19E9 -- C:\Windows\SysWOW64\svchost.exe [2013.08.22 06:30:58 | 000,031,552 | ---- | M] (Microsoft Corporation) MD5=425E22D9F5C01616AFC92987791B19E9 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_4a5b1e2820e75323\svchost.exe [2013.08.22 13:45:17 | 000,037,768 | ---- | M] (Microsoft Corporation) MD5=E4CA434F251681590D0538BC21C32D2F -- C:\Windows\SysNative\svchost.exe [2013.08.22 13:45:17 | 000,037,768 | ---- | M] (Microsoft Corporation) MD5=E4CA434F251681590D0538BC21C32D2F -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_a679b9abd944c459\svchost.exe < MD5 for: USERINIT.EXE > [2013.08.22 11:03:12 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=08C191B2917862BE90C33E31CB6B6D79 -- C:\Windows\SysNative\userinit.exe [2013.08.22 11:03:12 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=08C191B2917862BE90C33E31CB6B6D79 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_cce71a20a5a6fe7f\userinit.exe [2013.08.22 03:54:12 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=41636F77AD6D9A396EA34E4786B96F2B -- C:\Windows\SysWOW64\userinit.exe [2013.08.22 03:54:12 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=41636F77AD6D9A396EA34E4786B96F2B -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_70c87e9ced498d49\userinit.exe < MD5 for: WININIT.EXE > [2013.08.22 10:58:29 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=48CFA7BE561A7BE144C29BB912055016 -- C:\Windows\SysNative\wininit.exe [2013.08.22 10:58:29 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=48CFA7BE561A7BE144C29BB912055016 -- C:\Windows\WinSxS\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.3.9600.16384_none_21b118d9d847ad16\wininit.exe < MD5 for: WINLOGON.EXE > [2013.08.22 10:55:08 | 000,564,736 | ---- | M] (Microsoft Corporation) MD5=7C94FDA3809015B8F2208D2E1C221F17 -- C:\Windows\SysNative\winlogon.exe [2013.08.22 10:55:08 | 000,564,736 | ---- | M] (Microsoft Corporation) MD5=7C94FDA3809015B8F2208D2E1C221F17 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.16384_none_60816121a8e88269\winlogon.exe < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*.exe /s > [2013.12.18 02:02:36 | 030,714,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andreas M. \AppData\Roaming\Dropbox\bin\Dropbox.exe [2013.12.18 02:04:14 | 000,229,288 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andreas M. \AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe [2013.11.25 21:26:02 | 000,919,096 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andreas M. \AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2013.12.14 18:31:16 | 000,059,816 | R--- | M] (Acresso Software Inc.) -- C:\Users\Andreas M. \AppData\Roaming\Microsoft\Installer\{053ACA98-6B07-4DD0-9DB3-F51E3EB1780C}\ARPPRODUCTICON.exe [2013.12.14 18:31:15 | 000,059,816 | R--- | M] (Acresso Software Inc.) -- C:\Users\Andreas M. \AppData\Roaming\Microsoft\Installer\{C6FB6B4A-1378-4CD3-9CD3-42BA69FCBD43}\ARPPRODUCTICON.exe < %APPDATA%\Adobe\Update\*.* > < %APPDATA%\Update\*.* > < %APPDATA%\Microsoft\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %ALLUSERSPROFILE%\*.* > [2013.12.15 11:56:32 | 000,000,364 | ---- | M] () -- C:\ProgramData\hpzinstall.log < %SYSTEMDRIVE%\*.* > [2013.08.22 06:31:45 | 000,427,680 | RHS- | M] () -- C:\bootmgr [2013.06.18 13:18:29 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT [2013.12.15 16:40:10 | 2307,960,831 | -HS- | M] () -- C:\hiberfil.sys [2013.12.15 16:40:12 | 2013,265,920 | -HS- | M] () -- C:\pagefile.sys [2013.12.25 20:47:04 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys < %PROGRAMFILES%\*.* > [2013.08.22 16:34:52 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %PROGRAMFILES%\Internet Explorer\*.* > [2013.08.22 04:26:00 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\DiagnosticsTap.dll [2013.08.22 04:51:00 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ExtExport.exe [2013.09.26 09:08:47 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\F12Tools.dll [2013.08.22 04:48:01 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\hmmapi.dll [2013.06.18 13:22:11 | 000,002,843 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\ie9props.propdesc [2013.08.22 05:46:11 | 000,696,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iedvtool.dll [2013.11.26 08:55:03 | 000,469,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieinstal.exe [2013.08.22 04:44:25 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe [2013.09.26 07:34:13 | 000,270,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll [2013.11.26 07:41:48 | 000,251,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEShims.dll [2013.08.22 06:20:05 | 000,805,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013.08.22 04:16:23 | 000,438,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll [2013.08.22 04:17:13 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll [2013.08.22 04:28:46 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll [2013.08.22 04:16:40 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll [2013.07.26 18:02:22 | 000,312,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\msdbg2.dll [2013.08.22 04:08:05 | 000,999,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\networkinspection.dll [2013.07.26 18:02:22 | 000,410,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdm.dll [2013.07.26 18:02:22 | 000,097,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdmproxy100.dll [2013.08.22 04:43:57 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\sqmapi.dll < %USERPROFILE%\*.* > [2013.12.15 16:40:01 | 001,835,008 | -HS- | M] () -- C:\Users\Andreas M. \NTUSER.DAT [2013.12.14 17:56:06 | 005,185,536 | -HS- | M] () -- C:\Users\Andreas M. \ntuser.dat.LOG1 [2013.12.14 17:56:06 | 004,505,600 | -HS- | M] () -- C:\Users\Andreas M. \ntuser.dat.LOG2 [2013.12.14 18:10:57 | 000,065,536 | -HS- | M] () -- C:\Users\Andreas M. \NTUSER.DAT{2a7ba31a-0b81-11e3-93fd-90b11c2535ca}.TM.blf [2013.12.14 18:10:57 | 000,524,288 | -HS- | M] () -- C:\Users\Andreas M. \NTUSER.DAT{2a7ba31a-0b81-11e3-93fd-90b11c2535ca}.TMContainer00000000000000000001.regtrans-ms [2013.12.14 18:10:57 | 000,524,288 | -HS- | M] () -- C:\Users\Andreas M. \NTUSER.DAT{2a7ba31a-0b81-11e3-93fd-90b11c2535ca}.TMContainer00000000000000000002.regtrans-ms [2013.12.14 17:56:06 | 000,000,020 | -HS- | M] () -- C:\Users\Andreas M. \ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\*.exe /90 > [2013.10.22 08:55:27 | 002,328,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\system32\*.dll /90 > [2013.10.10 12:05:42 | 001,019,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\actxprxy.dll [2013.10.22 05:04:03 | 000,618,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\apphelp.dll [2013.11.08 05:42:52 | 000,366,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\appmgr.dll [2013.10.10 12:21:32 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\AppxAllUserStore.dll [2013.11.08 05:15:35 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\AppXDeploymentClient.dll [2013.10.22 02:47:12 | 002,295,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\authui.dll [2013.10.19 05:03:41 | 000,531,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\comdlg32.dll [2013.10.24 10:12:58 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\CredentialMigrationHandler.dll [2013.10.16 14:54:17 | 001,581,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll [2013.10.05 13:05:35 | 000,578,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll [2013.10.05 13:05:35 | 001,765,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d11.dll [2013.11.08 05:16:46 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dcomp.dll [2013.11.04 03:28:40 | 001,816,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Display.dll [2013.10.08 06:15:16 | 000,492,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dnsapi.dll [2013.11.04 02:30:33 | 001,765,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dwmcore.dll [2013.10.05 13:05:35 | 000,406,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxgi.dll [2013.10.05 09:39:55 | 001,067,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gdi32.dll [2013.11.26 07:34:55 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dll [2013.11.26 08:26:42 | 011,221,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll [2013.11.26 09:38:54 | 002,166,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll [2013.10.03 23:42:34 | 006,155,264 | ---- | M] (Intel Corporation) -- C:\Windows\system32\ig7icd32.dll [2013.10.03 23:42:36 | 013,272,576 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igd10iumd32.dll [2013.10.03 23:42:38 | 000,142,848 | ---- | M] () -- C:\Windows\system32\igdail32.dll [2013.10.03 23:42:38 | 000,290,816 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igdbcl32.dll [2013.10.03 23:42:40 | 000,180,736 | ---- | M] () -- C:\Windows\system32\igdde32.dll [2013.10.03 23:42:40 | 020,946,944 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igdfcl32.dll [2013.10.03 23:42:46 | 000,343,040 | ---- | M] () -- C:\Windows\system32\igdmd32.dll [2013.10.03 23:42:46 | 002,974,208 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igdrcl32.dll [2013.10.03 23:42:46 | 011,417,600 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igdumdim32.dll [2013.10.03 23:42:50 | 003,524,608 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igdusc32.dll [2013.10.03 23:42:50 | 000,128,000 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfx11cmrt32.dll [2013.10.03 23:42:50 | 001,814,016 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfxcmjit32.dll [2013.10.03 23:42:50 | 000,133,120 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfxcmrt32.dll [2013.10.03 23:42:52 | 000,492,032 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfxdv32.dll [2013.10.03 23:42:52 | 000,025,088 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfxexps32.dll [2013.10.03 23:43:00 | 000,179,712 | ---- | M] (Intel Corporation) -- C:\Windows\system32\iglhcp32.dll [2013.10.03 23:43:00 | 001,123,328 | ---- | M] (Intel Corporation) -- C:\Windows\system32\iglhsip32.dll [2013.10.19 08:14:14 | 000,070,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll [2013.10.03 23:43:02 | 000,253,440 | ---- | M] (Intel Corporation) -- C:\Windows\system32\IntelOpenCL32.dll [2013.10.03 23:43:06 | 000,060,416 | ---- | M] (Khronos Group) -- C:\Windows\system32\Intel_OpenCL_ICD32.dll [2013.11.26 09:16:12 | 004,243,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll [2013.10.22 05:02:40 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll [2013.11.25 14:12:02 | 016,820,784 | ---- | M] (Lenovo Corporation) -- C:\Windows\system32\LibDriverMft.dll [2013.11.25 14:12:14 | 000,067,120 | ---- | M] (Lenovo Corporation) -- C:\Windows\system32\LibDriverMftStart.dll [2013.11.09 06:52:04 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mdmregistration.dll [2013.10.23 09:59:16 | 000,698,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfplat.dll [2013.10.19 08:12:06 | 000,380,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfsvr.dll [2013.10.05 09:24:36 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\miutils.dll [2013.10.11 14:03:50 | 000,621,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MrmCoreR.dll [2013.10.02 10:47:07 | 001,018,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msctf.dll [2013.10.17 11:36:58 | 002,266,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msftedit.dll [2013.11.26 11:11:50 | 017,112,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll [2013.10.05 08:32:48 | 005,769,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll [2013.10.10 15:53:55 | 000,088,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncryptsslp.dll [2013.10.03 23:43:06 | 000,060,416 | ---- | M] (Khronos Group) -- C:\Windows\system32\OpenCL.DLL [2013.10.15 09:03:28 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scrrun.dll [2013.11.05 14:33:44 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\SettingSyncCore.dll [2013.11.05 19:51:37 | 018,642,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll [2013.10.08 06:58:55 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shsetup.dll [2013.10.20 17:46:56 | 000,268,288 | ---- | M] (IvoSoft) -- C:\Windows\system32\StartMenuHelper32.dll [2013.10.05 09:40:54 | 000,795,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\TSWorkspace.dll [2013.10.10 11:27:01 | 000,869,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\twinui.appcore.dll [2013.11.08 05:26:19 | 011,674,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\twinui.dll [2013.10.05 09:21:38 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\UIAutomationCore.dll [2013.11.26 07:27:32 | 001,157,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll [2013.10.22 03:38:12 | 001,362,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\user32.dll [2013.11.12 00:41:31 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll [2013.10.03 10:02:48 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Windows.Devices.Sensors.dll [2013.10.19 04:14:29 | 000,888,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Windows.Media.dll [2013.10.01 04:36:12 | 000,977,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Windows.Media.Streaming.dll [2013.10.05 08:35:00 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll [2013.11.05 17:20:05 | 013,925,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Windows.UI.Xaml.dll [2013.10.08 05:50:39 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Windows.Web.Http.dll [2013.12.15 16:44:53 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\WindowsAccessBridge-32.dll [2013.11.26 07:33:33 | 001,820,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll [2013.10.17 15:04:13 | 001,204,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winmde.dll [2013.10.10 15:53:54 | 000,235,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll [2013.11.01 06:57:11 | 000,544,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wlidcli.dll [2013.11.23 05:13:51 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMPhoto.dll [2013.11.12 00:27:10 | 000,701,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WSShared.dll < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\drivers\*.sys /90 > < %systemroot%\system32\*.exe /90 > [2013.10.22 07:03:47 | 002,065,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\explorer.exe [2013.12.04 01:05:48 | 000,693,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe [2013.10.03 23:43:02 | 000,279,000 | ---- | M] (Intel Corporation) -- C:\Windows\system32\IntelCpHeciSvc.exe [2013.12.15 16:44:52 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\java.exe [2013.12.15 16:44:53 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\javaw.exe [2013.12.15 16:44:53 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\javaws.exe [2013.11.05 14:57:39 | 000,479,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\SettingSyncHost.exe [2013.11.09 06:56:15 | 001,391,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMPDMC.exe [2013.10.16 10:34:26 | 000,518,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WWAHost.exe < %systemroot%\system32\config\*.sav > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\assembly\tmp\*.* /S /MD5 > < %systemroot%\assembly\GAC_32\*.* /S /MD5 > [2013.08.17 01:06:23 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=5BDCD6385333D6F29C71D660CC39FFF2 -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll [2013.08.17 01:06:26 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=9F7C0A8E593B838D22396E77FE2C5846 -- C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll [2013.08.22 06:24:11 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=E11F20E431CC0153115B3CF3AC4788FC -- C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll [2013.08.22 06:22:40 | 000,077,824 | ---- | M] ( ) MD5=53FD84596F2D6BA76F530DC3D3FB7E6F -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll [2013.08.03 05:41:46 | 000,163,840 | ---- | M] (Microsoft Corporation) MD5=ED2670D6E123303D443822E137D72855 -- C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll [2013.08.03 05:40:17 | 000,088,720 | ---- | M] (Microsoft Corporation) MD5=0653B51FE3E822CB95619D9E6388E37F -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe [2013.06.18 13:24:39 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config [2013.06.18 13:23:31 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp [2013.06.18 13:23:31 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp [2013.06.18 13:23:50 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp [2013.08.17 01:06:27 | 004,554,752 | ---- | M] (Microsoft Corporation) MD5=4FE4C5CE2DB661027D34D5F80A047DEB -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll [2013.06.18 13:24:09 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp [2013.06.18 13:24:09 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp [2013.06.18 13:24:09 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp [2013.06.18 13:24:09 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp [2013.06.18 13:24:09 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp [2013.06.18 13:24:09 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp [2013.06.18 13:24:09 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp [2013.06.18 13:24:12 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp [2013.06.18 13:24:12 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp [2013.06.18 13:24:36 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp [2013.08.03 05:41:50 | 004,218,880 | ---- | M] (Microsoft Corporation) MD5=C332EE073C2DEC348F255D62E20F8BF1 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll [2013.06.18 13:33:25 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config [2013.08.03 05:41:51 | 001,737,888 | ---- | M] (Microsoft Corporation) MD5=B4A43FCFDF2D2B29BBDE0BFDFD6A4E86 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll [2013.08.23 00:26:32 | 000,090,112 | ---- | M] (Microsoft Corporation) MD5=08E6D190D8A30D895214087913247289 -- C:\Windows\assembly\GAC_32\srmlib\1.0.0.0__31bf3856ad364e35\srmlib.dll [2013.08.17 01:06:29 | 000,487,424 | ---- | M] (Microsoft Corporation) MD5=4C120A51A3E20BFAF5F660C58E210B95 -- C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll [2013.08.17 01:06:29 | 002,972,672 | ---- | M] (Microsoft Corporation) MD5=CBFD32555AFE935CCB4BC37865A0195A -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll [2013.08.17 01:06:30 | 000,258,048 | ---- | M] (Microsoft Corporation) MD5=F044F73E92E8FD1E1A9022394FA6E7A7 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll [2013.08.17 01:06:31 | 000,113,664 | ---- | M] (Microsoft Corporation) MD5=FEB8E846293CAF114639EE1FBE3BDA48 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll [2013.08.03 05:41:51 | 000,372,736 | ---- | M] (Microsoft Corporation) MD5=A7DC1CAC8DFB194FDE57031B7FE69E6B -- C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll [2013.08.17 01:06:31 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=2E3B066C65AC3620B15F6A6ED7777169 -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll [2013.08.17 01:06:31 | 005,283,840 | ---- | M] (Microsoft Corporation) MD5=1828CC36F4C32E6E9107442C18BAB4D4 -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll < %systemroot%\assembly\GAC_64\*.* /S /MD5 > [2013.08.17 01:06:19 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=48AE30ED57CF6FEA8660AC51F6FB2566 -- C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll [2013.08.17 01:06:20 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=98549CA59E197BD23CC040566EFA96D9 -- C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll [2013.08.22 13:38:04 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=43FC43987838263E73BA5D9AE7DBA1BA -- C:\Windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll [2013.08.22 13:36:08 | 000,077,824 | ---- | M] ( ) MD5=7A4083F8BD141E2EC7528ECA41EA16EF -- C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll [2013.12.14 19:29:45 | 000,163,840 | ---- | M] (Microsoft Corporation) MD5=6FB8D5C4BF7120D120147FDBF794D39D -- C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll [2013.08.03 05:42:43 | 000,084,624 | ---- | M] (Microsoft Corporation) MD5=044CB423EEF5F1C1EE746DB33A8AE8E4 -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe [2013.06.18 15:46:10 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config [2013.06.18 15:46:58 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp [2013.06.18 15:46:58 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp [2013.06.18 15:47:06 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp [2013.08.17 01:06:21 | 004,571,136 | ---- | M] (Microsoft Corporation) MD5=549B3242868C2B69540B9DD53D1D7B20 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll [2013.06.18 15:47:22 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp [2013.06.18 15:47:22 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp [2013.06.18 15:47:22 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp [2013.06.18 15:47:22 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp [2013.06.18 15:47:22 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp [2013.06.18 15:47:22 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp [2013.06.18 15:47:22 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp [2013.06.18 15:47:25 | 000,262,148 | ---- | M] () Unable to obtain MD5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp [2013.06.18 15:47:25 | 000,020,320 | ---- | M] () Unable to obtain MD5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp [2013.06.18 15:47:38 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp [2013.08.03 05:47:53 | 003,999,232 | ---- | M] (Microsoft Corporation) MD5=2F667CF9056D0E64909519A2D5BC583B -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll [2013.06.18 15:53:54 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config [2013.08.03 05:48:02 | 002,256,032 | ---- | M] (Microsoft Corporation) MD5=1BC0B1E8043B335BE250AFC6648420B9 -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll [2013.08.23 00:26:36 | 000,090,112 | ---- | M] (Microsoft Corporation) MD5=B72F441896EA7E902CFFB1C5EA5EFBAF -- C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\srmlib.dll [2013.08.17 01:06:25 | 000,503,296 | ---- | M] (Microsoft Corporation) MD5=DBF9C310B1404E1DC4093DF153AA31F1 -- C:\Windows\assembly\GAC_64\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll [2013.08.17 01:06:25 | 003,145,728 | ---- | M] (Microsoft Corporation) MD5=21106999BC5C6B56B65506012EFDD112 -- C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll [2013.08.17 01:06:26 | 000,245,760 | ---- | M] (Microsoft Corporation) MD5=D819F329C782377AEE79560A10FF8E25 -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll [2013.08.17 01:06:26 | 000,133,120 | ---- | M] (Microsoft Corporation) MD5=161B8BE162757287648F15FC62658A52 -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll [2013.08.03 05:47:56 | 000,358,400 | ---- | M] (Microsoft Corporation) MD5=47FF2F27FA2C8B7BADE4B142091F0DD7 -- C:\Windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll [2013.08.17 01:06:27 | 000,283,136 | ---- | M] (Microsoft Corporation) MD5=161F8492416495C3C5962FD7BCF230E5 -- C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll [2013.08.17 01:06:27 | 005,292,032 | ---- | M] (Microsoft Corporation) MD5=02AE2CC1B00DAE66B08F1A1AE22F3407 -- C:\Windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections > "DefaultConnectionSettings" = 46 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data] "SavedLegacySettings" = 46 00 00 00 55 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data] < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 60 bytes -> D:\Anwenderdaten\A. M. \Documents\GlobalDriveMexico:AFP_AfpInfo < End of report > Und hier Extras.exe. OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.12.2013 23:13:55 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andreas M. \Downloads
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,69 Gb Total Physical Memory | 4,41 Gb Available Physical Memory | 57,33% Memory free
9,56 Gb Paging File | 6,09 Gb Available in Paging File | 63,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118,90 Gb Total Space | 48,65 Gb Free Space | 40,92% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 35,96 Gb Free Space | 7,72% Space Free | Partition Type: NTFS
Computer Name: THINKPADT430 | User Name: Andreas M. | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2132384609-1576062560-950552869-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{306C378C-8D83-42DC-84A5-695517837691}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C711CD-D865-4671-BDDA-A8DD45B09583}" = dir=out | name=@{microsoft.xboxlivegames_2.0.20.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{1157A581-173F-4F80-A2DC-3A4D20A85E52}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{20CAAA5E-E4DB-4C5E-867B-0F8A64A89F3C}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.176_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{21016335-F1CF-420B-BDEC-FE1047107539}" = dir=out | name=@{microsoft.bingnews_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{22927675-989C-4C45-A84A-419CF4DA911A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{2E698911-D35A-4DA9-B4AD-E961E0D18313}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{30E37877-CED1-4684-94AB-6199CC046C89}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{377B7A3E-7384-4EC6-B08E-39882649497D}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{39196211-9076-48E0-8DB0-A29AC600B6A3}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{3EA87278-1ACF-4880-B2CB-59D1CE5FA5F6}" = dir=in | name=skype |
"{3F499DA9-C2D1-42CA-B6AB-EF75073CCCAA}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{41E2C6E4-18BD-45EC-BB0E-F0A291824207}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{4D46C6F0-C497-4430-BD24-69B4BE341E70}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{4E34E4A9-D507-4A3B-B339-7B63105988F9}" = protocol=6 | dir=in | app=c:\users\andreas m. \appdata\roaming\dropbox\bin\dropbox.exe |
"{5312671D-5960-437C-850A-67BE763A97CF}" = dir=out | name=skype |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{5A2FAB04-AAA6-4FA1-A5E2-9C7245C2E93C}" = dir=out | name=@{microsoft.bingsports_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{5C82B2E1-0379-409F-BB95-B38584279DDB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{610FBE08-2D8C-4364-A198-C7B0DBB9FB8D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{6970939C-17C7-47AF-A8FF-22BE93B985BF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{6BC6249A-6A78-401D-B3AF-0A39A9CC9C53}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{7171D2CC-7AF8-4729-8A67-701F57FB3CD8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{73B6A715-AC25-4498-B1FD-6DDFF2558FA8}" = dir=out | name=@{microsoft.zunevideo_2.2.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{7CBB3A7D-9743-426D-9EAE-1E742EF6FB7C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |
"{7F510913-8486-4440-A38A-A42B6048CBB8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"{803A38F9-ACCB-4829-9A2B-E6DC6B76B004}" = dir=out | name=@{microsoft.zunemusic_2.2.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{88AA6008-F0F0-4AB4-81BF-AE166DE32937}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{8968F6B7-E3F3-4803-AD80-B74A79EC8246}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.177_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{9629B8C5-DBB2-4405-9097-B7A6932CF371}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{99A7D77A-7CB8-419F-BE7D-CCB889A8BFC8}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{9ECC950E-5736-4299-9F3C-DACC8F1957D5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{9F7125B5-D103-4260-8E7B-410165D9B2AD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{A238C08C-339D-48E4-B967-494E8284FD0F}" = dir=out | name=@{microsoft.bingtravel_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{A6102430-D85B-4653-8823-3CA55D7A4638}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{A8C233B1-0B24-415F-A070-31974681C9F2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{AB7A900C-6A04-4B7A-8EA3-DFB7CE356BFD}" = dir=out | name=@{microsoft.bingweather_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{B39AA74E-C8C7-450F-BDB4-6AEDF1C4C62D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{BB9C1657-C434-4BEB-AE3D-B93E9F1D2E3E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{D654DE6C-E68A-4146-A679-177ED8ED07A3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{DB0F2AA3-CB5D-4D33-B6FF-B918A94A06EE}" = dir=out | name=@{microsoft.bingfinance_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DED503CC-7011-4C3B-AB50-8CED5C326A01}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{E0549F9E-A90C-4D52-A6D1-D8727D8C66B1}" = protocol=17 | dir=in | app=c:\users\andreas m. \appdata\roaming\dropbox\bin\dropbox.exe |
"{E1A397B8-9CD6-4BA1-8B91-D1CC40D59350}" = dir=out | name=@{microsoft.bingmaps_2.0.2009.2356_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{E3CBD954-33FE-4FEB-9F26-7C28B45CAD38}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{F33B39CD-6269-4B1F-A127-CB5391311278}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{053ACA98-6B07-4DD0-9DB3-F51E3EB1780C}" = Lenovo Patch Utility 64 bit
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1" = Lenovo Settings UMDF driver
"{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1" = Lenovo Settings Dependency Package
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = Lenovo Settings - Camera Audio
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2013
"{98BB5224-BC5D-4028-9D20-536C1C263AA9}" = Classic Shell
"{A49C5804-8F24-433C-99B2-9F9F541090C7}" = HP Officejet 4500 G510a-f 14.0 Rel. 6
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"GIMP-2_is1" = GIMP 2.8.10
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"jdownloader2" = JDownloader 2
"Matlab R2013b" = MATLAB R2013b
"MouseSuite98" = Lenovo Mouse Suite
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = Lenovo Power Management Driver
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"VLC media player" = VLC media player 2.1.1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{3611CA6C-5FCA-4900-A329-6A118123CCFC}" = Bing Bar
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0407-0000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-0000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-0000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-0000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-0000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-0000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-0000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-0000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-0000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00E1-0407-0000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-0000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help
"{C6FB6B4A-1378-4CD3-9CD3-42BA69FCBD43}" = Lenovo Patch Utility
"{C79D4402-E622-4922-9C02-89F9080BF081}_is1" = Lenovo Settings - Location Awareness
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Google Chrome" = Google Chrome
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.24
"Mozilla Firefox 26.0 (x86 de)" = Mozilla Firefox 26.0 (x86 de)
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"SumatraPDF" = SumatraPDF
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2132384609-1576062560-950552869-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.12.2013 15:15:14 | Computer Name = ThinkPadT430 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\MATLAB\R2013b\toolbox\rtw\targets\xpc\xpc\bin\RecordISO.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.12.2013 15:25:56 | Computer Name = ThinkPadT430 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\MATLAB\R2013b\toolbox\rtw\targets\xpc\xpc\bin\RecordISO.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 20.12.2013 04:19:04 | Computer Name = ThinkPadT430 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: glcnd.exe, Version: 6.3.9600.16384,
Zeitstempel: 0x5215eaad Name des fehlerhaften Moduls: glcnd.exe, Version: 6.3.9600.16384,
Zeitstempel: 0x5215eaad Ausnahmecode: 0xc0000602 Fehleroffset: 0x000000000024ebd9
ID
des fehlerhaften Prozesses: 0x56c Startzeit der fehlerhaften Anwendung: 0x01cefd137282f22c
Pfad
der fehlerhaften Anwendung: C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16384_x64__8wekyb3d8bbwe\glcnd.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16384_x64__8wekyb3d8bbwe\glcnd.exe
Berichtskennung:
62d40164-694f-11e3-8258-f4b7e2cf5017 Vollständiger Name des fehlerhaften Pakets:
Microsoft.Reader_6.3.9600.16384_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum
fehlerhaften Paket ist: Microsoft.Reader
Error - 22.12.2013 09:48:21 | Computer Name = ThinkPadT430 | Source = Microsoft-Windows-Defrag | ID = 257
Description =
Error - 22.12.2013 09:49:39 | Computer Name = ThinkPadT430 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\MATLAB\R2013b\toolbox\rtw\targets\xpc\xpc\bin\RecordISO.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.12.2013 10:43:38 | Computer Name = ThinkPadT430 | Source = Microsoft-Windows-Defrag | ID = 257
Description =
Error - 25.12.2013 11:14:54 | Computer Name = ThinkPadT430 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PhotosApp.exe, Version: 6.3.9600.16384,
Zeitstempel: 0x5215d75e Name des fehlerhaften Moduls: Windows.UI.Xaml.dll, Version:
6.3.9600.16456, Zeitstempel: 0x52791760 Ausnahmecode: 0xc000027b Fehleroffset: 0x0000000000a4f17a
ID
des fehlerhaften Prozesses: 0x788 Startzeit der fehlerhaften Anwendung: 0x01cefaa50d43e05d
Pfad
der fehlerhaften Anwendung: C:\Windows\FileManager\PhotosApp.exe Pfad des fehlerhaften
Moduls: C:\Windows\System32\Windows.UI.Xaml.dll Berichtskennung: 4e71116c-6d77-11e3-8258-f4b7e2cf5017
Vollständiger
Name des fehlerhaften Pakets: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: Microsoft.Windows.PhotoManager
Error - 25.12.2013 13:06:56 | Computer Name = ThinkPadT430 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PhotosApp.exe, Version: 6.3.9600.16384,
Zeitstempel: 0x5215d75e Name des fehlerhaften Moduls: Windows.UI.Xaml.dll, Version:
6.3.9600.16456, Zeitstempel: 0x52791760 Ausnahmecode: 0xc000027b Fehleroffset: 0x0000000000a4f17a
ID
des fehlerhaften Prozesses: 0x21e4 Startzeit der fehlerhaften Anwendung: 0x01cf0184131898d7
Pfad
der fehlerhaften Anwendung: C:\Windows\FileManager\PhotosApp.exe Pfad des fehlerhaften
Moduls: C:\Windows\System32\Windows.UI.Xaml.dll Berichtskennung: f4f53717-6d86-11e3-8258-f4b7e2cf5017
Vollständiger
Name des fehlerhaften Pakets: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: Microsoft.Windows.PhotoManager
Error - 25.12.2013 18:02:36 | Computer Name = ThinkPadT430 | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 26.0.0.5087 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1674 Startzeit:
01cf017fc27c3cd9 Endzeit: 4294967295 Anwendungspfad: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Berichts-ID: 4258aa1e-6db0-11e3-8258-f4b7e2cf5017 Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 25.12.2013 18:14:41 | Computer Name = ThinkPadT430 | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert
.
[ System Events ]
Error - 18.12.2013 15:14:08 | Computer Name = ThinkPadT430 | Source = DCOM | ID = 10010
Description =
Error - 21.12.2013 04:47:51 | Computer Name = ThinkPadT430 | Source = DCOM | ID = 10010
Description =
Error - 21.12.2013 04:48:21 | Computer Name = ThinkPadT430 | Source = DCOM | ID = 10010
Description =
Error - 21.12.2013 09:12:43 | Computer Name = ThinkPadT430 | Source = DCOM | ID = 10010
Description =
Error - 21.12.2013 09:13:13 | Computer Name = ThinkPadT430 | Source = DCOM | ID = 10010
Description =
Error - 23.12.2013 11:58:36 | Computer Name = ThinkPadT430 | Source = DCOM | ID = 10010
Description =
Error - 24.12.2013 13:20:09 | Computer Name = ThinkPadT430 | Source = DCOM | ID = 10010
Description =
Error - 24.12.2013 13:20:39 | Computer Name = ThinkPadT430 | Source = DCOM | ID = 10010
Description =
Error - 25.12.2013 10:44:04 | Computer Name = ThinkPadT430 | Source = DCOM | ID = 10010
Description =
Error - 25.12.2013 10:44:34 | Computer Name = ThinkPadT430 | Source = DCOM | ID = 10010
Description =
< End of report >
Hab auch mit FRST schon einen Scan laufen lassen, hier FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2013 Ran by Andreas M. (administrator) on THINKPADT430 on 25-12-2013 23:53:15 Running from C:\Users\Andreas M. \Downloads Windows 8.1 Pro (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe () C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16384_x64__8wekyb3d8bbwe\glcnd.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (OldTimer Tools) C:\Users\Andreas M. \Downloads\OTL.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Andreas M. \Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - "C:\Windows\system32\hkcmd.exe" HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated) HKLM\...\Run: [LenovoOptMouseUpdate] - C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-20] (Lenovo Group Limited) HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [384296 2013-10-28] (Lenovo.) HKLM\...\Run: [Daemon for Mouse Suite] - C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe [87040 2013-03-26] (Primax Electronics Ltd.) HKLM\...\Run: [LENOVO.TPKNRRES] - rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub HKLM\...\Run: [Mouse Suite 98 Daemon] - ICO.EXE HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2065408 2013-11-03] (Dominik Reichl) HKLM-x32\...\Run: [PWMTRV] - C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [6623528 2013-11-21] (Lenovo Group Limited) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [457728 2013-08-23] (Microsoft Corporation) Startup: C:\Users\Andreas M. \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Andreas M. \AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC56552A0EDF8CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\Andreas M. \AppData\Roaming\Mozilla\Firefox\Profiles\gw14tk9t.default FF Homepage: www.google.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\Andreas M. \AppData\Roaming\Mozilla\Firefox\Profiles\gw14tk9t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: Fox!Box - C:\Users\Andreas M. \AppData\Roaming\Mozilla\Firefox\Profiles\gw14tk9t.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Andreas M. \AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Andreas M. \AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Andreas M. \AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Andreas M. \AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Google Wallet) - C:\Users\Andreas M. \AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Gmail) - C:\Users\Andreas M. \AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573488 2013-11-25] (Lenovo Corporation) S2 BcmBtRSupport; C:\Windows\system32\btwrsupportservice.exe [2252504 2013-09-04] (Broadcom Corporation.) R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2084160 2013-12-04] (Lenovo Group Limited) R3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [702512 2013-11-25] (Lenovo Corporation) R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [468288 2013-12-04] () R2 PelService; C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe [178688 2012-03-13] () S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-10-31] () R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [172760 2013-04-24] (Broadcom Corporation.) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation) R3 BTWPANFL; C:\Windows\system32\drivers\btwpanfl.sys [44912 2013-01-20] (Broadcom Corporation.) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation) S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-08-23] (Microsoft Corporation) R3 LenovoRd; C:\Windows\system32\DRIVERS\LenovoRd.sys [126848 2012-12-06] (Gemalto) R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [27496 2012-07-30] (Lenovo) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation) R3 pelbtm; C:\Windows\system32\DRIVERS\pelbtm.sys [16384 2012-06-19] (Primax Electronics Ltd.) R1 pelmoubt; C:\Windows\system32\DRIVERS\pelmoubt.sys [22528 2012-06-19] (Primax Electronics Ltd.) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== %%deleted by me - wenn notwendig, bitte melden! Danke! ==================== One Month Modified Files and Folders ======= %%deleted by me - wenn notwendig, bitte melden! Danke! Some content of TEMP: ==================== C:\Users\Andreas M. \AppData\Local\Temp\ose00000.exe C:\Users\Andreas M. \AppData\Local\Temp\proxy_vole1314064770830138225.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-14 16:49 ==================== End Of Log ============================ --- --- --- [/CODE] Ich hoffe, ihr könnt damit was anfangen. Vielen Dank schon einmal Euch für Eure Hilfe! Grüße Andi |
|
26.12.2013, 16:00
| #2 |
| | Again: Bundespolizei Trojaner Und hier noch die Addition.txt von FRST
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-12-2013
Ran by Andreas M. at 2013-12-25 23:53:48
Running from C:\Users\Andreas M. \Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
4500_G510af_Help (x32 Version: 1.00.0000)
4500G510af (x32 Version: 140.0.001.000)
4500G510af_Software_Min (x32 Version: 140.0.001.000)
64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Anzeige am Bildschirm (Version: 7.12.23)
Bing Bar (x32 Version: 7.1.355.0)
BufferChm (x32 Version: 140.0.298.000)
Classic Shell (Version: 4.0.2)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (x32)
Destinations (x32 Version: 140.0.253.000)
DeviceDiscovery (x32 Version: 140.0.298.000)
DocProc (x32 Version: 140.0.185.000)
Dropbox (HKCU Version: 2.4.10)
Fax (x32 Version: 140.0.307.000)
GIMP 2.8.10 (Version: 2.8.10)
Google Chrome (x32 Version: 31.0.1650.63)
Google Update Helper (x32 Version: 1.3.22.3)
GPBaseService2 (x32 Version: 140.0.297.000)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Officejet 4500 G510a-f 14.0 Rel. 6 (Version: 14.0)
HP Solution Center 14.0 (Version: 14.0)
HP Update (x32 Version: 5.002.006.003)
HPPhotoGadget (x32 Version: 140.0.524.000)
HPProductAssistant (x32 Version: 140.0.298.000)
HPSSupply (x32 Version: 140.0.297.000)
Intel(R) Processor Graphics (x32 Version: 10.18.10.3316)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
JDownloader 2 (Version: 2.0)
KeePass Password Safe 2.24 (x32 Version: 2.24)
Lenovo Mouse Suite (Version: 6.69)
Lenovo Patch Utility (x32 Version: 1.4.0.4)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4)
Lenovo Power Management Driver (Version: 1.67.04.04)
Lenovo Settings - Camera Audio (Version: 4.1.15.100)
Lenovo Settings - Location Awareness (x32 Version: 1.3.0.9)
Lenovo Settings Dependency Package (Version: 2.0.0.10)
Lenovo Settings UMDF driver (Version: 1.1.0.2)
Lenovo System Update (x32 Version: 5.03.0008)
MarketResearch (x32 Version: 140.0.212.000)
MATLAB R2013b (Version: 8.2)
Microsoft Access MUI (German) 2013 (x32 Version: 15.0.4420.1017)
Microsoft DCF MUI (German) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Excel MUI (German) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Groove MUI (German) 2013 (x32 Version: 15.0.4420.1017)
Microsoft InfoPath MUI (German) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Lync MUI (German) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017)
Microsoft Office Korrekturhilfen 2013 - Deutsch (x32 Version: 15.0.4420.1017)
Microsoft Office OSM MUI (German) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (German) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Proofing (German) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Italiano (x32 Version: 15.0.4420.1017)
Microsoft Office Shared 64-bit MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (German) 2013 (x32 Version: 15.0.4420.1017)
Microsoft OneNote MUI (German) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Outlook MUI (German) 2013 (x32 Version: 15.0.4420.1017)
Microsoft PowerPoint MUI (German) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Publisher MUI (German) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Word MUI (German) 2013 (x32 Version: 15.0.4420.1017)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0)
Mozilla Maintenance Service (x32 Version: 17.0.7)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4420.1017)
PDFCreator (x32 Version: 1.7.2)
Scan (x32 Version: 140.0.253.000)
Shop for HP Supplies (Version: 14.0)
SolutionCenter (x32 Version: 140.0.299.000)
Status (x32 Version: 140.0.342.000)
SumatraPDF (x32 Version: 2.4)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 12.0.0.6850)
ThinkPad UltraNav Driver (Version: 16.2.19.7)
ThinkVantage System für aktiven Festplattenschutz (Version: 1.78.0.10)
Toolbox (x32 Version: 140.0.596.000)
TrayApp (x32 Version: 140.0.297.000)
Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition (x32)
Update for Microsoft Access 2013 (KB2827233) 32-Bit Edition (x32)
Update for Microsoft InfoPath 2013 (KB2837648) 32-Bit Edition (x32)
Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817314) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2826004) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2837626) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2837637) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2837638) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2837655) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2850066) 32-Bit Edition (x32)
Update for Microsoft OneNote 2013 (KB2850063) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2013 (KB2767850) 32-Bit Edition (x32)
Update for Microsoft Project 2013 (KB2727085) 32-Bit Edition (x32)
Update for Microsoft Publisher 2013 (KB2837635) 32-Bit Edition (x32)
Update for Microsoft SkyDrive Pro (KB2817495) 32-Bit Edition (x32)
Update for Microsoft SkyDrive Pro (KB2837652) 32-Bit Edition (x32)
Update for Microsoft Visio 2013 (KB2817306) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition (x32)
Update for Microsoft Word 2013 (KB2837647) 32-Bit Edition (x32)
Update for Microsoft Word 2013 (KB2850060) 32-Bit Edition (x32)
VLC media player 2.1.1 (Version: 2.1.1)
WebReg (x32 Version: 140.0.297.017)
==================== Restore Points =========================
14-12-2013 16:54:03 Windows Modules Installer
25-12-2013 22:14:40 OTL Restore Point - 25.12.2013 23:14:40
==================== Hosts content: ==========================
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {013EDCAE-8924-4CD0-A230-0BC997D08198} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ThinkPadT430-Andreas M. ThinkPadT430 => C:\Program Files (x86)\Microsoft Office\Office15\MSOSYNC.EXE [2013-11-08] (Microsoft Corporation)
Task: {04BB30B0-6EC9-4E1B-B15A-A217DC0311EA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-14] (Google Inc.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {103CA8CD-5B28-4BED-9B9F-C750CE53CBD2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\System32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {56284297-A8BC-46FC-AEDB-1E513FDDF523} - System32\Tasks\MATLAB R2013b Startup Accelerator => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe [2013-08-05] ()
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B64E7006-6EC2-451C-BABE-0EE685DDE356} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {BF31629D-2D6D-4C54-B1C4-3071F248B5AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-14] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D3F747EB-7737-40D1-8F67-C058A70CB6FA} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-10-31] ()
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E0C0BB43-0E4A-45C5-BA76-AC99D295715F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EF6E84F8-D7EB-489F-8ED4-F022F84C028E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\System32\MRT.exe [2013-12-01] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe
==================== Loaded Modules (whitelisted) =============
2013-12-15 10:19 - 2013-11-21 07:44 - 00117248 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2013-12-15 10:13 - 2013-07-25 16:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2013-12-15 10:13 - 2013-07-25 16:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2013-12-14 18:02 - 2013-12-05 20:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-14 18:03 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-14 18:03 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-14 18:03 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-14 18:03 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-14 18:03 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-14 18:03 - 2013-12-04 03:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
2013-07-19 12:56 - 2013-07-19 12:56 - 01027240 _____ () C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/25/2013 11:14:41 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (12/25/2013 11:02:36 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 26.0.0.5087 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1674
Startzeit: 01cf017fc27c3cd9
Endzeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: 4258aa1e-6db0-11e3-8258-f4b7e2cf5017
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (12/25/2013 06:06:56 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: PhotosApp.exe, Version: 6.3.9600.16384, Zeitstempel: 0x5215d75e
Name des fehlerhaften Moduls: Windows.UI.Xaml.dll, Version: 6.3.9600.16456, Zeitstempel: 0x52791760
Ausnahmecode: 0xc000027b
Fehleroffset: 0x0000000000a4f17a
ID des fehlerhaften Prozesses: 0x21e4
Startzeit der fehlerhaften Anwendung: 0xPhotosApp.exe0
Pfad der fehlerhaften Anwendung: PhotosApp.exe1
Pfad des fehlerhaften Moduls: PhotosApp.exe2
Berichtskennung: PhotosApp.exe3
Vollständiger Name des fehlerhaften Pakets: PhotosApp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PhotosApp.exe5
Error: (12/25/2013 04:14:54 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: PhotosApp.exe, Version: 6.3.9600.16384, Zeitstempel: 0x5215d75e
Name des fehlerhaften Moduls: Windows.UI.Xaml.dll, Version: 6.3.9600.16456, Zeitstempel: 0x52791760
Ausnahmecode: 0xc000027b
Fehleroffset: 0x0000000000a4f17a
ID des fehlerhaften Prozesses: 0x788
Startzeit der fehlerhaften Anwendung: 0xPhotosApp.exe0
Pfad der fehlerhaften Anwendung: PhotosApp.exe1
Pfad des fehlerhaften Moduls: PhotosApp.exe2
Berichtskennung: PhotosApp.exe3
Vollständiger Name des fehlerhaften Pakets: PhotosApp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PhotosApp.exe5
Error: (12/25/2013 03:43:38 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Das Volume "\\?\Volume{3d905b95-64d7-11e3-824b-806e6f6e6963}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (12/22/2013 02:49:39 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (12/22/2013 02:48:21 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Das Volume "\\?\Volume{3d905b95-64d7-11e3-824b-806e6f6e6963}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (12/20/2013 09:19:04 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: glcnd.exe, Version: 6.3.9600.16384, Zeitstempel: 0x5215eaad
Name des fehlerhaften Moduls: glcnd.exe, Version: 6.3.9600.16384, Zeitstempel: 0x5215eaad
Ausnahmecode: 0xc0000602
Fehleroffset: 0x000000000024ebd9
ID des fehlerhaften Prozesses: 0x56c
Startzeit der fehlerhaften Anwendung: 0xglcnd.exe0
Pfad der fehlerhaften Anwendung: glcnd.exe1
Pfad des fehlerhaften Moduls: glcnd.exe2
Berichtskennung: glcnd.exe3
Vollständiger Name des fehlerhaften Pakets: glcnd.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: glcnd.exe5
Error: (12/18/2013 08:25:56 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (12/18/2013 08:15:14 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (12/25/2013 03:44:34 PM) (Source: DCOM) (User: ThinkPadT430)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (12/25/2013 03:44:04 PM) (Source: DCOM) (User: ThinkPadT430)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (12/24/2013 06:20:39 PM) (Source: DCOM) (User: ThinkPadT430)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (12/24/2013 06:20:09 PM) (Source: DCOM) (User: ThinkPadT430)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (12/23/2013 04:58:36 PM) (Source: DCOM) (User: ThinkPadT430)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
Error: (12/21/2013 02:13:13 PM) (Source: DCOM) (User: ThinkPadT430)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (12/21/2013 02:12:43 PM) (Source: DCOM) (User: ThinkPadT430)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (12/21/2013 09:48:21 AM) (Source: DCOM) (User: ThinkPadT430)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (12/21/2013 09:47:51 AM) (Source: DCOM) (User: ThinkPadT430)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (12/18/2013 08:14:08 PM) (Source: DCOM) (User: ThinkPadT430)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Microsoft Office Sessions:
=========================
Error: (12/25/2013 11:14:41 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
Error: (12/25/2013 11:02:36 PM) (Source: Application Hang)(User: )
Description: firefox.exe26.0.0.5087167401cf017fc27c3cd94294967295C:\Program Files (x86)\Mozilla Firefox\firefox.exe4258aa1e-6db0-11e3-8258-f4b7e2cf5017
Error: (12/25/2013 06:06:56 PM) (Source: Application Error)(User: )
Description: PhotosApp.exe6.3.9600.163845215d75eWindows.UI.Xaml.dll6.3.9600.1645652791760c000027b0000000000a4f17a21e401cf0184131898d7C:\Windows\FileManager\PhotosApp.exeC:\Windows\System32\Windows.UI.Xaml.dllf4f53717-6d86-11e3-8258-f4b7e2cf5017FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewyMicrosoft.Windows.PhotoManager
Error: (12/25/2013 04:14:54 PM) (Source: Application Error)(User: )
Description: PhotosApp.exe6.3.9600.163845215d75eWindows.UI.Xaml.dll6.3.9600.1645652791760c000027b0000000000a4f17a78801cefaa50d43e05dC:\Windows\FileManager\PhotosApp.exeC:\Windows\System32\Windows.UI.Xaml.dll4e71116c-6d77-11e3-8258-f4b7e2cf5017FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewyMicrosoft.Windows.PhotoManager
Error: (12/25/2013 03:43:38 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: \\?\Volume{3d905b95-64d7-11e3-824b-806e6f6e6963}\Falscher Parameter. (0x80070057)
Error: (12/22/2013 02:49:39 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\MATLAB\R2013b\toolbox\rtw\targets\xpc\xpc\bin\RecordISO.exe
Error: (12/22/2013 02:48:21 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: \\?\Volume{3d905b95-64d7-11e3-824b-806e6f6e6963}\Falscher Parameter. (0x80070057)
Error: (12/20/2013 09:19:04 AM) (Source: Application Error)(User: )
Description: glcnd.exe6.3.9600.163845215eaadglcnd.exe6.3.9600.163845215eaadc0000602000000000024ebd956c01cefd137282f22cC:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16384_x64__8wekyb3d8bbwe\glcnd.exeC:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16384_x64__8wekyb3d8bbwe\glcnd.exe62d40164-694f-11e3-8258-f4b7e2cf5017Microsoft.Reader_6.3.9600.16384_x64__8wekyb3d8bbweMicrosoft.Reader
Error: (12/18/2013 08:25:56 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\MATLAB\R2013b\toolbox\rtw\targets\xpc\xpc\bin\RecordISO.exe
Error: (12/18/2013 08:15:14 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\MATLAB\R2013b\toolbox\rtw\targets\xpc\xpc\bin\RecordISO.exe
==================== Memory info ===========================
Percentage of memory in use: 60%
Total physical RAM: 7871.3 MB
Available physical RAM: 3102.56 MB
Total Pagefile: 9791.3 MB
Available Pagefile: 5367.98 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:118.9 GB) (Free:47.96 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:35.96 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: A8C0B986)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 181E10EF)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
 Könnte vielleicht ein Erfahrener kurz drüberschaun? Daanke! |
|
30.12.2013, 17:44
| #3 | |
| /// the machine /// TB-Ausbilder    | Again: Bundespolizei Trojaner HI,
__________________Zitat:
__________________ |
|
02.01.2014, 16:06
| #4 |
| | Again: Bundespolizei Trojaner Na klar, hab nur die Chrome Einträge entfernt, da der Fehler nur im Firefox war und der Code sonst so lange ist. Aber gerne hier nochmals OTL.exe, aufgesplittet in zwei Teileb: OTL Logfiles: #1 Code:
ATTFilter OTL logfile created on: 02.01.2014 15:45:47 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Anwenderdaten\A. M. \Downloads 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16476) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,69 Gb Total Physical Memory | 3,63 Gb Available Physical Memory | 47,26% Memory free 9,21 Gb Paging File | 3,90 Gb Available in Paging File | 42,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 118,90 Gb Total Space | 53,19 Gb Free Space | 44,73% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 29,78 Gb Free Space | 6,39% Space Free | Partition Type: NTFS Computer Name: THINKPADT430 | User Name: Andreas M. | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Java\jre7\bin\javaw.exe (Oracle Corporation) PRC - D:\Anwenderdaten\A. M. \Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Andreas M. \AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Lenovo\SettingsDependency\SettingsService.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe () PRC - C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe () PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\Lenovo\Communications Utility\AVControlCenter32.exe (Lenovo Corporation) PRC - C:\Programme\Lenovo\Communications Utility\vcamsvchlpr.exe (Lenovo Corporation) PRC - C:\Programme\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Corporation) PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Corporation) PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Corporation) PRC - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe (Microsoft Corporation.) ========== Modules (No Company Name) ========== MOD - C:\Users\Andreas M. \AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll () MOD - C:\Users\Andreas M. \AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll () ========== Services (SafeList) ========== SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.) SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation) SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation) SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (BcmBtRSupport) -- C:\Windows\SysNative\BtwRSupportService.exe (Broadcom Corporation.) SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (MsKeyboardFilter) -- C:\Windows\SysNative\KeyboardFilterSvc.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Lenovo Settings Service) -- C:\Programme\Lenovo\SettingsDependency\SettingsService.exe (Lenovo Group Limited) SRV - (LocationTaskManager) -- C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe () SRV - (AVControlCenter) -- C:\Programme\Lenovo\Communications Utility\AVControlCenter32.exe (Lenovo Corporation) SRV - (LENOVO.TVTVCAM) -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Corporation) SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Corporation) SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe () SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation) SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (PelService) -- C:\Programme\Lenovo\Lenovo Mouse Suite\PelService.exe () SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe (Microsoft Corporation.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avnetflt) -- C:\Windows\SysNative\drivers\avnetflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited) DRV:64bit: - (BrSerIb) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.) DRV:64bit: - (BrUsbSIb) -- C:\Windows\SysNative\drivers\BrUsbSib.sys (Brother Industries Ltd.) DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.) DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC) DRV:64bit: - (NETwNe64) -- C:\Windows\SysNative\drivers\NETwew00.sys (Intel Corporation) DRV:64bit: - (kbldfltr) -- C:\Windows\SysNative\drivers\kbldfltr.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (Vid) -- C:\Windows\SysNative\drivers\Vid.sys (Microsoft Corporation) DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\drivers\vmbusr.sys (Microsoft Corporation) DRV:64bit: - (storvsp) -- C:\Windows\SysNative\drivers\storvsp.sys (Microsoft Corporation) DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\drivers\vpcivsp.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation) DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (ReFS) -- C:\Windows\SysNative\drivers\refs.sys (Microsoft Corporation) DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation) DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\drivers\BthLEEnum.sys (Microsoft Corporation) DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation) DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.) DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.) DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation) DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation) DRV:64bit: - (e1iexpress) -- C:\Windows\SysNative\drivers\e1i63x64.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (BTWPANFL) -- C:\Windows\SysNative\drivers\btwpanfl.sys (Broadcom Corporation.) DRV:64bit: - (LenovoRd) -- C:\Windows\SysNative\drivers\LenovoRd.sys (Gemalto) DRV:64bit: - (LnvHIDHW) -- C:\Windows\SysNative\drivers\LnvHIDHW.sys (Lenovo) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (pelmoubt) -- C:\Windows\SysNative\drivers\PELMOUBT.SYS (Primax Electronics Ltd.) DRV:64bit: - (pelbtm) -- C:\Windows\SysNative\drivers\PELBTM.SYS (Primax Electronics Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2132384609-1576062560-950552869-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ IE - HKU\S-1-5-21-2132384609-1576062560-950552869-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2132384609-1576062560-950552869-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 65 52 A0 ED F8 CE 01 [binary data] IE - HKU\S-1-5-21-2132384609-1576062560-950552869-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2132384609-1576062560-950552869-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKU\S-1-5-21-2132384609-1576062560-950552869-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7Bdf4e4df5-5cb7-46b0-9aef-6c784c3249f8%7D:1.2.3 FF - prefs.js..extensions.enabledAddons: copy-urls-expert%40kashiif-gmail.com:2.2.1 FF - prefs.js..extensions.enabledAddons: %7B7f57cf46-4467-4c2d-adfa-0cba7c507e54%7D:3.0.0 FF - prefs.js..extensions.enabledAddons: %7Bf36c6cd1-da73-491d-b290-8fc9115bfa55%7D:3.0.8 FF - prefs.js..extensions.enabledAddons: info%40vitzo.com:2.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.12.15 16:36:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.12.14 19:29:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.12.14 18:03:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas M. \AppData\Roaming\mozilla\Extensions [2014.01.02 13:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas M. \AppData\Roaming\mozilla\Firefox\Profiles\gw14tk9t.default\extensions [2013.12.31 14:49:53 | 000,053,991 | ---- | M] () (No name found) -- C:\Users\Andreas M. \AppData\Roaming\mozilla\firefox\profiles\gw14tk9t.default\extensions\copy-urls-expert@kashiif-gmail.com.xpi [2014.01.02 13:55:06 | 000,017,065 | ---- | M] () (No name found) -- C:\Users\Andreas M. \AppData\Roaming\mozilla\firefox\profiles\gw14tk9t.default\extensions\info@vitzo.com.xpi [2013.12.31 19:24:18 | 000,536,875 | ---- | M] () (No name found) -- C:\Users\Andreas M. \AppData\Roaming\mozilla\firefox\profiles\gw14tk9t.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi [2013.12.20 18:32:37 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Andreas M. \AppData\Roaming\mozilla\firefox\profiles\gw14tk9t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.12.20 18:31:47 | 000,026,290 | ---- | M] () (No name found) -- C:\Users\Andreas M. \AppData\Roaming\mozilla\firefox\profiles\gw14tk9t.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2014.01.02 12:56:01 | 000,799,362 | ---- | M] () (No name found) -- C:\Users\Andreas M. \AppData\Roaming\mozilla\firefox\profiles\gw14tk9t.default\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}.xpi [2013.12.31 19:24:53 | 000,490,887 | ---- | M] () (No name found) -- C:\Users\Andreas M. \AppData\Roaming\mozilla\firefox\profiles\gw14tk9t.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2014.01.02 14:27:41 | 000,001,685 | ---- | M] () -- C:\Users\Andreas M. \AppData\Roaming\mozilla\firefox\profiles\gw14tk9t.default\searchplugins\heise-netze-whois.xml [2013.12.14 18:02:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.12.14 18:02:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.11.15 03:30:36 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - Extension: Google Docs = C:\Users\Andreas M. \AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Andreas M. \AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Andreas M. \AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Users\Andreas M. \AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Linkclump = C:\Users\Andreas M. \AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj\2.7.2_0\ CHR - Extension: Google Wallet = C:\Users\Andreas M. \AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ CHR - Extension: Get opened tabs URLs = C:\Users\Andreas M. \AppData\Local\Google\Chrome\User Data\Default\Extensions\npmcbpbplngfameipiobaemkcpnaiiic\0.2_0\ CHR - Extension: Gmail = C:\Users\Andreas M. \AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: No name found = C:\Users\Andreas M. \AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcbbjpbbmmjfiiadgklhocpdiildmca\2.21_0\ O1 HOSTS File: ([2013.08.22 14:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.) O4:64bit: - HKLM..\Run: [Daemon for Mouse Suite] C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE (Primax Electronics Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll (Lenovo Corporation) O4:64bit: - HKLM..\Run: [LenovoOptMouseUpdate] C:\Programme\Lenovo\HOTKEY\extapsup.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Mouse Suite 98 Daemon] ICO.EXE File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited) O4 - HKU\S-1-5-21-2132384609-1576062560-950552869-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - Startup: C:\Users\Andreas M. \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andreas M. \AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office15\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office15\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office15\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office15\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{186B4881-07D2-40E8-B6A0-CFB052CB208F}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E87F011D-D576-4FBB-9759-419F17450309}: DhcpNameServer = 192.168.100.32 192.168.100.31 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\osf - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2ddc015a-659f-11e3-8258-f4b7e2cf5017}\Shell - "" = AutoRun O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) Code:
ATTFilter
========== Files/Folders - Created Within 30 Days ==========
[2014.01.02 10:51:40 | 000,211,552 | ---- | C] (NirSoft) -- C:\Users\Andreas M. \Desktop\smsniff.exe
[2014.01.02 10:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\smsniff-x64_2.07
[2013.12.31 18:47:51 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.12.31 18:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.12.31 18:47:50 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\Notepad++
[2013.12.31 18:47:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2013.12.31 13:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
[2013.12.31 13:23:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.12.31 13:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013.12.31 13:22:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.12.30 16:17:01 | 000,000,000 | R--D | C] -- C:\Users\Andreas M. \AppData\Roaming\Brother
[2013.12.30 11:59:54 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2013.12.30 11:59:54 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Local\Apps
[2013.12.28 15:17:19 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.12.27 21:29:58 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\ControlCenter4
[2013.12.27 21:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2013.12.27 21:27:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx
[2013.12.27 21:27:20 | 000,000,000 | ---D | C] -- C:\Brother
[2013.12.27 21:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ControlCenter4
[2013.12.27 21:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ControlCenter4
[2013.12.27 21:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browny02
[2013.12.27 21:27:17 | 000,290,304 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrfxDA5c.dll
[2013.12.27 21:27:16 | 001,439,744 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWi209d.dll
[2013.12.27 21:27:16 | 000,278,528 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrJDec.dll
[2013.12.27 21:27:16 | 000,050,688 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrUsi09d.dll
[2013.12.27 21:27:15 | 000,245,760 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll
[2013.12.27 21:27:15 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll
[2013.12.27 21:27:15 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll
[2013.12.27 21:27:15 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll
[2013.12.27 21:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2013.12.27 21:26:50 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\InstallShield
[2013.12.27 21:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2013.12.26 18:21:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.12.26 00:23:26 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\Avira
[2013.12.26 00:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.12.26 00:21:33 | 000,131,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.12.26 00:21:33 | 000,108,440 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.12.26 00:21:33 | 000,084,720 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.12.26 00:21:33 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.12.26 00:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.12.26 00:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.12.25 23:53:09 | 000,000,000 | ---D | C] -- C:\FRST
[2013.12.25 15:56:01 | 000,000,000 | ---D | C] -- D:\Anwenderdaten\A. M. \Documents\Benutzerdefinierte Office-Vorlagen
[2013.12.24 23:11:23 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Local\ElevatedDiagnostics
[2013.12.21 09:58:26 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\FastCopy
[2013.12.21 09:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\FastCopy
[2013.12.20 19:06:29 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\vlc
[2013.12.20 19:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.12.20 19:06:11 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.12.18 20:45:48 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\TeamViewer
[2013.12.18 19:57:21 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\Subversion
[2013.12.18 19:57:11 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\MathWorks
[2013.12.18 19:12:40 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\SumatraPDF
[2013.12.18 19:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SumatraPDF
[2013.12.15 16:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.12.15 15:25:27 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Local\gtk-2.0
[2013.12.15 15:22:58 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \.thumbnails
[2013.12.15 15:14:46 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Local\fontconfig
[2013.12.15 15:14:44 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Local\gegl-0.2
[2013.12.15 15:14:44 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \.gimp-2.8
[2013.12.15 14:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013.12.15 12:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
[2013.12.15 12:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\MATLAB
[2013.12.15 12:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013.12.15 12:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.12.15 12:02:07 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.12.15 12:02:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2013.12.15 12:01:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013.12.15 12:01:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013.12.15 12:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.12.15 12:00:54 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013.12.15 11:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013.12.15 11:55:08 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\HpUpdate
[2013.12.15 11:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2013.12.15 11:54:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2013.12.15 11:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2013.12.15 11:54:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2013.12.15 11:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013.12.15 11:54:03 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2013.12.15 11:53:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013.12.15 11:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013.12.15 11:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.12.15 11:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.12.15 11:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013.12.15 10:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Mouse Suite
[2013.12.15 10:44:05 | 000,034,816 | ---- | C] (TPMX Electronics Ltd.) -- C:\Windows\SysNative\drivers\phidmice.SYS
[2013.12.15 10:44:05 | 000,034,816 | ---- | C] (TPMX Electronics Ltd.) -- C:\Windows\SysNative\drivers\PELUSBLF.SYS
[2013.12.15 10:44:05 | 000,023,040 | ---- | C] (TPMX Electronics Ltd.) -- C:\Windows\SysNative\drivers\pmouself.SYS
[2013.12.15 10:44:05 | 000,023,040 | ---- | C] (TPMX Electronics Ltd.) -- C:\Windows\SysNative\drivers\PELMOUSE.SYS
[2013.12.15 10:44:05 | 000,022,528 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\SysNative\drivers\PELMOUBT.SYS
[2013.12.15 10:44:05 | 000,016,384 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\SysNative\drivers\PELBTM.SYS
[2013.12.15 10:44:05 | 000,014,336 | ---- | C] (Primax Electronics Ltd.) -- C:\Windows\SysNative\drivers\PELPS2M.SYS
[2013.12.15 10:44:05 | 000,012,288 | ---- | C] (TPMX Electronics Ltd.) -- C:\Windows\SysNative\drivers\pvendrlf.SYS
[2013.12.15 10:44:05 | 000,011,776 | ---- | C] (TPMX Electronics Ltd.) -- C:\Windows\SysNative\drivers\PELVENDR.SYS
[2013.12.15 10:43:19 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Local\Broadcom
[2013.12.15 10:25:48 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.12.15 10:13:40 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Local\Lenovo
[2013.12.15 10:13:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThinkPad
[2013.12.15 10:09:12 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013.12.15 00:27:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Local\Macromedia
[2013.12.15 00:26:06 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Local\Adobe
[2013.12.15 00:21:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.12.15 00:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PDF Architect
[2013.12.15 00:21:51 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\PDF Architect
[2013.12.15 00:19:30 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.12.15 00:19:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.12.15 00:14:01 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\KeePass
[2013.12.14 21:12:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2
[2013.12.14 19:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013.12.14 19:32:17 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\pdfforge
[2013.12.14 19:32:15 | 000,110,264 | ---- | C] (pdfforge GmbH) -- C:\Windows\SysNative\pdfcmon.dll
[2013.12.14 19:32:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2013.12.14 19:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2013.12.14 19:29:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2013.12.14 19:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013.12.14 19:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013.12.14 19:29:30 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\Thunderbird
[2013.12.14 19:29:30 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Local\Thunderbird
[2013.12.14 19:29:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.12.14 19:24:45 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\Dropbox
[2013.12.14 19:23:00 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\Identities
[2013.12.14 19:19:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2013.12.14 19:19:02 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Local\Microsoft Help
[2013.12.14 19:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.12.14 19:09:32 | 000,000,000 | ---D | C] -- C:\drivers
[2013.12.14 19:00:42 | 000,000,000 | ---D | C] -- C:\SWTOOLS
[2013.12.14 19:00:27 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Local\Programs
[2013.12.14 18:32:29 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Local\Tvsukernel
[2013.12.14 18:31:25 | 000,000,000 | ---D | C] -- C:\Program Files\ThinkPad
[2013.12.14 18:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lenovo
[2013.12.14 18:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Lenovo
[2013.12.14 18:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\Lenovo
[2013.12.14 18:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
[2013.12.14 18:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
[2013.12.14 18:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Lenovo
[2013.12.14 18:28:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lenovo
[2013.12.14 18:13:29 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice
[2013.12.14 18:06:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013.12.14 18:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.12.14 18:03:44 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\Mozilla
[2013.12.14 18:03:44 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Local\Mozilla
[2013.12.14 18:03:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.12.14 18:03:31 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Local\Google
[2013.12.14 18:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.12.14 18:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.12.14 18:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.12.14 17:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ClassicShell
[2013.12.14 17:59:28 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\ClassicShell
[2013.12.14 17:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
[2013.12.14 17:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Classic Shell
[2013.12.14 17:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013.12.14 17:58:22 | 000,064,000 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.DLL
[2013.12.14 17:58:22 | 000,060,416 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.DLL
[2013.12.14 17:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.12.14 17:58:22 | 000,000,000 | ---D | C] -- C:\Intel
[2013.12.14 17:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013.12.14 17:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013.12.14 17:57:53 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\Macromedia
[2013.12.14 17:56:09 | 000,000,000 | R--D | C] -- C:\Users\Andreas M. \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.12.14 17:56:09 | 000,000,000 | R--D | C] -- C:\Users\Andreas M. \Searches
[2013.12.14 17:56:09 | 000,000,000 | R--D | C] -- C:\Users\Andreas M. \Contacts
[2013.12.14 17:56:09 | 000,000,000 | R--D | C] -- C:\Users\Andreas M. \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.12.14 17:56:08 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Local\VirtualStore
[2013.12.14 17:56:08 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Local\Packages
[2013.12.14 17:56:08 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\Adobe
[2013.12.14 17:56:06 | 000,000,000 | --SD | C] -- C:\Users\Andreas M. \AppData\Roaming\Microsoft
[2013.12.14 17:56:06 | 000,000,000 | R--D | C] -- C:\Users\Andreas M. \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013.12.14 17:56:06 | 000,000,000 | R--D | C] -- C:\Users\Andreas M. \Saved Games
[2013.12.14 17:56:06 | 000,000,000 | R--D | C] -- C:\Users\Andreas M. \Links
[2013.12.14 17:56:06 | 000,000,000 | R--D | C] -- C:\Users\Andreas M. \Favorites
[2013.12.14 17:56:06 | 000,000,000 | R--D | C] -- C:\Users\Andreas M. \Documents
[2013.12.14 17:56:06 | 000,000,000 | R--D | C] -- C:\Users\Andreas M. \Desktop
[2013.12.14 17:56:06 | 000,000,000 | R--D | C] -- C:\Users\Andreas M. \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.12.14 17:56:06 | 000,000,000 | R--D | C] -- C:\Users\Andreas M. \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013.12.14 17:56:06 | 000,000,000 | -HSD | C] -- C:\Users\Andreas M. \Vorlagen
[2013.12.14 17:56:06 | 000,000,000 | -HSD | C] -- C:\Users\Andreas M. \AppData\Local\Verlauf
[2013.12.14 17:56:06 | 000,000,000 | -HSD | C] -- C:\Users\Andreas M. \AppData\Local\Temporary Internet Files
[2013.12.14 17:56:06 | 000,000,000 | -HSD | C] -- C:\Users\Andreas M. \Startmenü
[2013.12.14 17:56:06 | 000,000,000 | -HSD | C] -- C:\Users\Andreas M. \SendTo
[2013.12.14 17:56:06 | 000,000,000 | -HSD | C] -- C:\Users\Andreas M. \Recent
[2013.12.14 17:56:06 | 000,000,000 | -HSD | C] -- C:\Users\Andreas M. \Netzwerkumgebung
[2013.12.14 17:56:06 | 000,000,000 | -HSD | C] -- C:\Users\Andreas M. \Lokale Einstellungen
[2013.12.14 17:56:06 | 000,000,000 | -HSD | C] -- C:\Users\Andreas M. \Eigene Dateien
[2013.12.14 17:56:06 | 000,000,000 | -HSD | C] -- C:\Users\Andreas M. \Druckumgebung
[2013.12.14 17:56:06 | 000,000,000 | -HSD | C] -- C:\Users\Andreas M. \Cookies
[2013.12.14 17:56:06 | 000,000,000 | -HSD | C] -- C:\Users\Andreas M. \AppData\Local\Anwendungsdaten
[2013.12.14 17:56:06 | 000,000,000 | -HSD | C] -- C:\Users\Andreas M. \Anwendungsdaten
[2013.12.14 17:56:06 | 000,000,000 | -H-D | C] -- C:\Users\Andreas M. \AppData
[2013.12.14 17:56:06 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Local\Temp
[2013.12.14 17:56:06 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \Music
[2013.12.14 17:56:06 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Local\Microsoft
[2013.12.14 17:56:06 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.12.14 17:53:52 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.12.14 16:52:52 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2013.12.14 16:49:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.12.14 16:49:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.12.14 16:49:48 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.12.14 16:49:48 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.12.14 16:49:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.12.14 16:49:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.12.14 16:49:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.12.14 16:49:48 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.12.14 16:49:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.12.14 16:49:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.12.14 16:49:11 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.12.14 16:48:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.12.14 16:48:05 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014.01.02 15:13:00 | 000,001,162 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.01.02 13:19:31 | 001,864,990 | ---- | M] () -- C:\Users\Andreas M. \Desktop\Linkgrabber Webportal - ReportBulk.mht
[2014.01.02 13:18:27 | 000,000,230 | ---- | M] () -- C:\Users\Andreas M. \Desktop\20140102_123745_KikeRiki-pute.part01.rar.csv
[2014.01.02 13:06:09 | 000,000,600 | ---- | M] () -- C:\Windows\tasks\MATLAB R2013b Startup Accelerator.job
[2014.01.02 10:48:39 | 000,008,798 | ---- | M] () -- C:\Users\Andreas M. \Desktop\KPassDatabase.kdbx
[2014.01.02 08:30:58 | 001,776,918 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.01.02 08:30:58 | 000,765,582 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.01.02 08:30:58 | 000,722,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.01.02 08:30:58 | 000,159,366 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.01.02 08:30:58 | 000,135,592 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.01.02 08:27:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.01.01 20:16:30 | 000,044,641 | ---- | M] () -- C:\Users\Andreas M. \Desktop\test.ssp
[2014.01.01 20:14:35 | 000,211,552 | ---- | M] (NirSoft) -- C:\Users\Andreas M. \Desktop\smsniff.exe
[2014.01.01 18:55:05 | 000,050,636 | ---- | M] () -- C:\Users\Andreas M. \Desktop\DMCA - Your client vidxden.com is hosting illegal material.html
[2014.01.01 18:33:05 | 000,051,234 | ---- | M] () -- C:\Users\Andreas M. \Desktop\DMCA - Your clients divxstage.eu _ movshare.net _ nowvideo.eu _ nowvideo.ch _ novamov.com are hosting copyright infringing material.html
[2014.01.01 18:13:01 | 000,002,195 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014.01.01 18:13:00 | 000,001,158 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.12.31 14:21:49 | 000,000,681 | ---- | M] () -- C:\Users\Andreas M. \Desktop\JD.lnk
[2013.12.31 13:26:14 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys
[2013.12.27 21:51:14 | 013,707,278 | ---- | M] () -- C:\Users\Andreas M. \Desktop\BA_Hommrichhausen_Teil227122013.pdf
[2013.12.27 21:43:03 | 015,882,416 | ---- | M] () -- C:\Users\Andreas M. \Desktop\BA_Hommrichhausen27122013.pdf
[2013.12.27 21:29:11 | 2307,960,831 | -HS- | M] () -- C:\hiberfil.sys
[2013.12.27 21:28:20 | 000,002,071 | ---- | M] () -- C:\Users\Public\Desktop\Brother Utilities.lnk
[2013.12.27 21:28:17 | 000,000,245 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2013.12.27 21:28:17 | 000,000,064 | ---- | M] () -- C:\Windows\brpcfx.ini
[2013.12.27 21:27:28 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini
[2013.12.25 15:52:47 | 000,001,065 | ---- | M] () -- C:\Users\Andreas M. \Desktop\Dropbox.lnk
[2013.12.21 09:58:26 | 000,000,977 | ---- | M] () -- C:\Users\Andreas M. \Desktop\FastCopy.lnk
[2013.12.20 13:41:05 | 000,001,075 | ---- | M] () -- C:\Users\Andreas M. \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.12.15 16:40:15 | 000,482,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.12.15 15:42:38 | 000,005,713 | ---- | M] () -- C:\Users\Andreas M. \AppData\Local\recently-used.xbel
[2013.12.15 11:56:31 | 000,196,755 | ---- | M] () -- C:\Windows\hpwins27.dat
[2013.12.15 11:54:36 | 000,002,119 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013.12.15 11:53:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013.12.15 10:42:58 | 000,000,906 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2013.12.14 19:17:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013.12.14 18:02:49 | 000,001,159 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.12.14 17:58:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.12.14 16:49:27 | 000,055,502 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.12.14 16:49:27 | 000,055,502 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.12.14 16:49:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf
[2013.12.09 11:37:19 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.12.09 11:37:19 | 000,084,720 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.12.09 11:37:19 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.12.09 11:37:18 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014.01.02 13:19:31 | 001,864,990 | ---- | C] () -- C:\Users\Andreas M. \Desktop\Linkgrabber Webportal - ReportBulk.mht
[2014.01.02 13:18:26 | 000,000,230 | ---- | C] () -- C:\Users\Andreas M. \Desktop\20140102_123745_KikeRiki-pute.part01.rar.csv
[2014.01.01 20:17:38 | 000,044,641 | ---- | C] () -- C:\Users\Andreas M. \Desktop\test.ssp
[2014.01.01 18:55:04 | 000,050,636 | ---- | C] () -- C:\Users\Andreas M. \Desktop\DMCA - Your client vidxden.com is hosting illegal material.html
[2014.01.01 18:33:05 | 000,051,234 | ---- | C] () -- C:\Users\Andreas M. \Desktop\DMCA - Your clients divxstage.eu _ movshare.net _ nowvideo.eu _ nowvideo.ch _ novamov.com are hosting copyright infringing material.html
[2013.12.31 14:16:48 | 000,000,681 | ---- | C] () -- C:\Users\Andreas M. \Desktop\JD.lnk
[2013.12.27 21:51:12 | 013,707,278 | ---- | C] () -- C:\Users\Andreas M. \Desktop\BA_Hommrichhausen_Teil227122013.pdf
[2013.12.27 21:43:01 | 015,882,416 | ---- | C] () -- C:\Users\Andreas M. \Desktop\BA_Hommrichhausen27122013.pdf
[2013.12.27 21:28:20 | 000,002,071 | ---- | C] () -- C:\Users\Public\Desktop\Brother Utilities.lnk
[2013.12.27 21:28:17 | 000,000,245 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013.12.27 21:28:17 | 000,000,064 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013.12.27 21:27:17 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013.12.27 21:27:17 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2013.12.25 15:52:47 | 000,001,065 | ---- | C] () -- C:\Users\Andreas M. \Desktop\Dropbox.lnk
[2013.12.21 09:58:26 | 000,001,007 | ---- | C] () -- C:\Users\Andreas M. \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FastCopy.lnk
[2013.12.21 09:58:26 | 000,000,977 | ---- | C] () -- C:\Users\Andreas M. \Desktop\FastCopy.lnk
[2013.12.18 19:12:40 | 000,001,941 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
[2013.12.15 15:42:38 | 000,005,713 | ---- | C] () -- C:\Users\Andreas M. \AppData\Local\recently-used.xbel
[2013.12.15 14:30:18 | 000,000,910 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013.12.15 12:29:26 | 000,001,315 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2013b.lnk
[2013.12.15 12:29:07 | 000,000,600 | ---- | C] () -- C:\Windows\tasks\MATLAB R2013b Startup Accelerator.job
[2013.12.15 11:55:11 | 000,001,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2013.12.15 11:54:36 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013.12.15 11:53:45 | 000,196,755 | ---- | C] () -- C:\Windows\hpwins27.dat
[2013.12.15 11:53:45 | 000,000,513 | ---- | C] () -- C:\Windows\hpwmdl27.dat
[2013.12.15 11:53:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013.12.15 10:42:37 | 000,000,906 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2013.12.15 10:25:59 | 000,001,075 | ---- | C] () -- C:\Users\Andreas M. \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.12.14 21:13:33 | 000,008,798 | ---- | C] () -- C:\Users\Andreas M. \Desktop\KPassDatabase.kdbx
[2013.12.14 21:12:41 | 000,001,129 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
[2013.12.14 19:29:22 | 000,002,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2013.12.14 19:17:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013.12.14 18:28:55 | 000,002,149 | ---- | C] () -- C:\Users\Andreas M. \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DesktopToastsForCriticalUpdates.lnk
[2013.12.14 18:03:55 | 000,002,195 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.12.14 18:03:36 | 000,001,162 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.12.14 18:03:36 | 000,001,158 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.12.14 18:03:30 | 000,385,528 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013.12.14 18:02:49 | 000,001,171 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.12.14 18:02:49 | 000,001,159 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.12.14 17:58:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.12.14 17:56:08 | 000,001,450 | ---- | C] () -- C:\Users\Andreas M. \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.12.14 17:55:21 | 001,776,918 | ---- | C] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.12.14 16:49:37 | 2307,960,831 | -HS- | C] () -- C:\hiberfil.sys
[2013.12.14 16:49:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf
[2013.12.14 16:49:00 | 016,777,216 | -HS- | C] () -- C:\swapfile.sys
[2013.11.21 01:32:12 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013.11.21 01:32:08 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013.10.03 23:42:46 | 000,343,040 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2013.10.03 23:42:40 | 000,180,736 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013.10.03 23:42:38 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013.08.22 16:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013.08.22 16:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013.08.22 15:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013.08.22 08:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013.08.22 04:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2013.08.22 04:17:46 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013.08.22 00:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013.08.22 00:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== ZeroAccess Check ==========
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.11.05 21:21:27 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.11.05 19:51:37 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013.08.22 10:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013.08.22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013.08.22 10:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014.01.02 15:45:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas M. \AppData\Roaming\ClassicShell
[2013.12.27 21:29:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas M. \AppData\Roaming\ControlCenter4
[2014.01.02 15:43:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas M. \AppData\Roaming\Dropbox
[2013.12.21 10:04:06 | 000,000,000 | ---D | M] -- C:\Users\Andreas M. \AppData\Roaming\FastCopy
[2013.12.31 13:26:13 | 000,000,000 | ---D | M] -- C:\Users\Andreas M. \AppData\Roaming\KeePass
[2013.12.31 18:47:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas M. \AppData\Roaming\Notepad++
[2013.12.15 00:21:51 | 000,000,000 | ---D | M] -- C:\Users\Andreas M. \AppData\Roaming\PDF Architect
[2013.12.14 19:32:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas M. \AppData\Roaming\pdfforge
[2013.12.18 19:57:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas M. \AppData\Roaming\Subversion
[2013.12.18 19:12:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas M. \AppData\Roaming\SumatraPDF
[2013.12.18 21:03:16 | 000,000,000 | ---D | M] -- C:\Users\Andreas M. \AppData\Roaming\TeamViewer
[2013.12.14 19:29:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas M. \AppData\Roaming\Thunderbird
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 60 bytes -> D:\Anwenderdaten\A. M. \Documents\GlobalDriveMexico:AFP_AfpInfo
< End of report >
Der Fehler ist nun auch nicht mehr aufgetreten. Bin aber unsicher, ob der Trojaner noch drauf ist. Daher bin ich für Deine/Eure Hilfe sehr dankbar! Viele Grüße Tambo |
|
03.01.2014, 12:17
| #5 | |
| /// the machine /// TB-Ausbilder | Again: Bundespolizei TrojanerCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Again: Bundespolizei Trojaner |
| 7-zip, adblock, adobe, bingbar, combofix, defender, desktop, einstellungen, error, excel, fehler, festplatte, firefox, flash player, format, google, install.exe, internet, internet explorer, mozilla, officejet, plug-in, pwmtr64v.dll, registry, rundll, services.exe, software, system error, taskmanager, temp, trojaner, windows, windowsapps |
Linear-Darstellung
