| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Again: Bundespolizei TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.12.2013, 00:11
| #1 |
| |  Again: Bundespolizei Trojaner Liebe Foren-Mitglieder, mich hat es nun auch mit dem ominösen Bundespolizei Trojaner im Firefox erwischt. Haben schon mehrere Anleitungen als Antworten auf frühere Threads gefunden. Allerdings weiß ich nicht, ob die Tipps bzgl. Tools auf den zuvor geposteten Logfiles basierten. Daher würde es mich sehr freuen, wenn ihr nochmals kurz eine Anleitung bzgl. Vorgehen geben könntet. Zuerst OTL-Scan? Oder Farbar's Recovery Scan Tool oder ComboFix? OTL hab ich schon laufen lassen. Die benutzerdefinierten Scans habe ich mit folgenden empfohlenen Einstellungen laufen lassen: Code:
ATTFilter /md5start
explorer.exe
lsass.exe
svchost.exe
wininit.exe
winlogon.exe
userinit.exe
/md5stop
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.exe /s
%APPDATA%\Adobe\Update\*.*
%APPDATA%\Update\*.*
%APPDATA%\Microsoft\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%ALLUSERSPROFILE%\*.*
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.*
%PROGRAMFILES%\Internet Explorer\*.*
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
%systemroot%\*. /mp /s
%systemroot%\*.exe /90
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.dll /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\*.exe /90
%systemroot%\system32\config\*.sav
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%systemroot%\assembly\GAC_64\*.* /S /MD5
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Hier OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.12.2013 23:13:55 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andreas M. \Downloads 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16476) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,69 Gb Total Physical Memory | 4,41 Gb Available Physical Memory | 57,33% Memory free 9,56 Gb Paging File | 6,09 Gb Available in Paging File | 63,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 118,90 Gb Total Space | 48,65 Gb Free Space | 40,92% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 35,96 Gb Free Space | 7,72% Space Free | Partition Type: NTFS Computer Name: THINKPADT430 | User Name: Andreas M. | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Andreas M. \Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Lenovo\SettingsDependency\SettingsService.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe () PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\Lenovo\Communications Utility\AVControlCenter32.exe (Lenovo Corporation) PRC - C:\Programme\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Corporation) PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Corporation) PRC - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe (Microsoft Corporation.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll () ========== Services (SafeList) ========== SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.) SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation) SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation) SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (BcmBtRSupport) -- C:\Windows\SysNative\BtwRSupportService.exe (Broadcom Corporation.) SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (MsKeyboardFilter) -- C:\Windows\SysNative\KeyboardFilterSvc.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Lenovo Settings Service) -- C:\Programme\Lenovo\SettingsDependency\SettingsService.exe (Lenovo Group Limited) SRV - (LocationTaskManager) -- C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe () SRV - (AVControlCenter) -- C:\Programme\Lenovo\Communications Utility\AVControlCenter32.exe (Lenovo Corporation) SRV - (LENOVO.TVTVCAM) -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Corporation) SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Corporation) SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe () SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation) SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (PelService) -- C:\Programme\Lenovo\Lenovo Mouse Suite\PelService.exe () SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe (Microsoft Corporation.) ========== Driver Services (SafeList) ========== DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited) DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.) DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC) DRV:64bit: - (NETwNe64) -- C:\Windows\SysNative\drivers\NETwew00.sys (Intel Corporation) DRV:64bit: - (kbldfltr) -- C:\Windows\SysNative\drivers\kbldfltr.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (Vid) -- C:\Windows\SysNative\drivers\Vid.sys (Microsoft Corporation) DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\drivers\vmbusr.sys (Microsoft Corporation) DRV:64bit: - (storvsp) -- C:\Windows\SysNative\drivers\storvsp.sys (Microsoft Corporation) DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\drivers\vpcivsp.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation) DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (ReFS) -- C:\Windows\SysNative\drivers\refs.sys (Microsoft Corporation) DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation) DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\drivers\BthLEEnum.sys (Microsoft Corporation) DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation) DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.) DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.) DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation) DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation) DRV:64bit: - (e1iexpress) -- C:\Windows\SysNative\drivers\e1i63x64.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (BTWPANFL) -- C:\Windows\SysNative\drivers\btwpanfl.sys (Broadcom Corporation.) DRV:64bit: - (LenovoRd) -- C:\Windows\SysNative\drivers\LenovoRd.sys (Gemalto) DRV:64bit: - (LnvHIDHW) -- C:\Windows\SysNative\drivers\LnvHIDHW.sys (Lenovo) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (pelmoubt) -- C:\Windows\SysNative\drivers\PELMOUBT.SYS (Primax Electronics Ltd.) DRV:64bit: - (pelbtm) -- C:\Windows\SysNative\drivers\PELBTM.SYS (Primax Electronics Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2132384609-1576062560-950552869-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ IE - HKU\S-1-5-21-2132384609-1576062560-950552869-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2132384609-1576062560-950552869-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 65 52 A0 ED F8 CE 01 [binary data] IE - HKU\S-1-5-21-2132384609-1576062560-950552869-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2132384609-1576062560-950552869-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKU\S-1-5-21-2132384609-1576062560-950552869-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7Bdf4e4df5-5cb7-46b0-9aef-6c784c3249f8%7D:1.2.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.12.15 16:36:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.12.14 19:29:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.12.14 18:03:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas M. \AppData\Roaming\mozilla\Extensions [2013.12.20 18:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas M. \AppData\Roaming\mozilla\Firefox\Profiles\gw14tk9t.default\extensions [2013.12.20 18:32:37 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Andreas M. \AppData\Roaming\mozilla\firefox\profiles\gw14tk9t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.12.20 18:31:47 | 000,026,290 | ---- | M] () (No name found) -- C:\Users\Andreas M. \AppData\Roaming\mozilla\firefox\profiles\gw14tk9t.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2013.12.14 18:02:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.12.14 18:02:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.11.15 03:30:36 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ========== Chrome ========== %%deleted by me - wenn notwendig, bitte melden! Danke! CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.12.25 15:56:01 | 000,000,000 | ---D | C] -- D:\Anwenderdaten\A. M. \Documents\Benutzerdefinierte Office-Vorlagen [2013.12.24 23:11:23 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Local\ElevatedDiagnostics [2013.12.21 09:58:26 | 000,000,000 | ---D | C] -- C:\Users\Andreas M. \AppData\Roaming\FastCopy %%deleted by me - wenn notwendig, bitte melden! Danke! [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.12.25 23:13:00 | 000,001,162 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.12.25 20:47:04 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.12.25 20:46:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat %%deleted by me - wenn notwendig, bitte melden! Danke! [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.12.25 15:52:47 | 000,001,065 | ---- | C] () -- C:\Users\Andreas M. \Desktop\Dropbox.lnk [2013.12.21 09:58:26 | 000,001,007 | ---- | C] () -- C:\Users\Andreas M. \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FastCopy.lnk [2013.12.21 09:58:26 | 000,000,977 | ---- | C] () -- C:\Users\Andreas M. \Desktop\FastCopy.lnk %%deleted by me - wenn notwendig, bitte melden! Danke! ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.11.05 21:21:27 | 021,196,664 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.11.05 19:51:37 | 018,642,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013.08.22 10:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2013.08.22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013.08.22 10:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== < MD5 for: EXPLORER.EXE > [2013.10.22 07:03:47 | 002,065,448 | ---- | M] (Microsoft Corporation) MD5=1A0BC9598E4A58FC84570FFF5A108E58 -- C:\Windows\SysWOW64\explorer.exe [2013.10.22 07:03:47 | 002,065,448 | ---- | M] (Microsoft Corporation) MD5=1A0BC9598E4A58FC84570FFF5A108E58 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_4ceff22781f6788c\explorer.exe [2013.08.22 06:25:34 | 002,063,408 | ---- | M] (Microsoft Corporation) MD5=2CA8E3C9335C3C8BAEB335345E48364D -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16384_none_4cc7b16f8214372e\explorer.exe [2013.10.22 08:55:27 | 002,328,872 | ---- | M] (Microsoft Corporation) MD5=63DC38C3E4564B2405D562855643ABA2 -- C:\Windows\explorer.exe [2013.10.22 08:55:27 | 002,328,872 | ---- | M] (Microsoft Corporation) MD5=63DC38C3E4564B2405D562855643ABA2 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_429b47d54d95b691\explorer.exe [2013.09.21 10:37:39 | 002,065,960 | ---- | M] (Microsoft Corporation) MD5=712B0D2ADE5297563168C997DDC2DD13 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_4d2233dd81cfba29\explorer.exe [2013.08.22 13:39:51 | 002,328,880 | ---- | M] (Microsoft Corporation) MD5=8479DC46E9A09015C0777A16BC22A15D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16384_none_4273071d4db37533\explorer.exe [2013.09.21 11:54:20 | 002,328,328 | ---- | M] (Microsoft Corporation) MD5=C1400519D76A364E974E47BBA62B95B0 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_42cd898b4d6ef82e\explorer.exe < MD5 for: LSASS.EXE > [2013.08.22 14:25:35 | 000,045,008 | ---- | M] (Microsoft Corporation) MD5=F6F209DDB94959BA104FC8FC87C53759 -- C:\Windows\SysNative\lsass.exe [2013.08.22 14:25:35 | 000,045,008 | ---- | M] (Microsoft Corporation) MD5=F6F209DDB94959BA104FC8FC87C53759 -- C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.3.9600.16384_none_2e2a01a866456d93\lsass.exe [2013.08.22 14:25:35 | 000,045,008 | ---- | M] (Microsoft Corporation) MD5=F6F209DDB94959BA104FC8FC87C53759 -- C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.3.9600.16408_none_2e8484166600f08e\lsass.exe < MD5 for: SVCHOST.EXE > [2013.08.22 06:30:58 | 000,031,552 | ---- | M] (Microsoft Corporation) MD5=425E22D9F5C01616AFC92987791B19E9 -- C:\Windows\SysWOW64\svchost.exe [2013.08.22 06:30:58 | 000,031,552 | ---- | M] (Microsoft Corporation) MD5=425E22D9F5C01616AFC92987791B19E9 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_4a5b1e2820e75323\svchost.exe [2013.08.22 13:45:17 | 000,037,768 | ---- | M] (Microsoft Corporation) MD5=E4CA434F251681590D0538BC21C32D2F -- C:\Windows\SysNative\svchost.exe [2013.08.22 13:45:17 | 000,037,768 | ---- | M] (Microsoft Corporation) MD5=E4CA434F251681590D0538BC21C32D2F -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_a679b9abd944c459\svchost.exe < MD5 for: USERINIT.EXE > [2013.08.22 11:03:12 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=08C191B2917862BE90C33E31CB6B6D79 -- C:\Windows\SysNative\userinit.exe [2013.08.22 11:03:12 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=08C191B2917862BE90C33E31CB6B6D79 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_cce71a20a5a6fe7f\userinit.exe [2013.08.22 03:54:12 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=41636F77AD6D9A396EA34E4786B96F2B -- C:\Windows\SysWOW64\userinit.exe [2013.08.22 03:54:12 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=41636F77AD6D9A396EA34E4786B96F2B -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_70c87e9ced498d49\userinit.exe < MD5 for: WININIT.EXE > [2013.08.22 10:58:29 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=48CFA7BE561A7BE144C29BB912055016 -- C:\Windows\SysNative\wininit.exe [2013.08.22 10:58:29 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=48CFA7BE561A7BE144C29BB912055016 -- C:\Windows\WinSxS\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.3.9600.16384_none_21b118d9d847ad16\wininit.exe < MD5 for: WINLOGON.EXE > [2013.08.22 10:55:08 | 000,564,736 | ---- | M] (Microsoft Corporation) MD5=7C94FDA3809015B8F2208D2E1C221F17 -- C:\Windows\SysNative\winlogon.exe [2013.08.22 10:55:08 | 000,564,736 | ---- | M] (Microsoft Corporation) MD5=7C94FDA3809015B8F2208D2E1C221F17 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.16384_none_60816121a8e88269\winlogon.exe < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*.exe /s > [2013.12.18 02:02:36 | 030,714,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andreas M. \AppData\Roaming\Dropbox\bin\Dropbox.exe [2013.12.18 02:04:14 | 000,229,288 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andreas M. \AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe [2013.11.25 21:26:02 | 000,919,096 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andreas M. \AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2013.12.14 18:31:16 | 000,059,816 | R--- | M] (Acresso Software Inc.) -- C:\Users\Andreas M. \AppData\Roaming\Microsoft\Installer\{053ACA98-6B07-4DD0-9DB3-F51E3EB1780C}\ARPPRODUCTICON.exe [2013.12.14 18:31:15 | 000,059,816 | R--- | M] (Acresso Software Inc.) -- C:\Users\Andreas M. \AppData\Roaming\Microsoft\Installer\{C6FB6B4A-1378-4CD3-9CD3-42BA69FCBD43}\ARPPRODUCTICON.exe < %APPDATA%\Adobe\Update\*.* > < %APPDATA%\Update\*.* > < %APPDATA%\Microsoft\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %ALLUSERSPROFILE%\*.* > [2013.12.15 11:56:32 | 000,000,364 | ---- | M] () -- C:\ProgramData\hpzinstall.log < %SYSTEMDRIVE%\*.* > [2013.08.22 06:31:45 | 000,427,680 | RHS- | M] () -- C:\bootmgr [2013.06.18 13:18:29 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT [2013.12.15 16:40:10 | 2307,960,831 | -HS- | M] () -- C:\hiberfil.sys [2013.12.15 16:40:12 | 2013,265,920 | -HS- | M] () -- C:\pagefile.sys [2013.12.25 20:47:04 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys < %PROGRAMFILES%\*.* > [2013.08.22 16:34:52 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %PROGRAMFILES%\Internet Explorer\*.* > [2013.08.22 04:26:00 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\DiagnosticsTap.dll [2013.08.22 04:51:00 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ExtExport.exe [2013.09.26 09:08:47 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\F12Tools.dll [2013.08.22 04:48:01 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\hmmapi.dll [2013.06.18 13:22:11 | 000,002,843 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\ie9props.propdesc [2013.08.22 05:46:11 | 000,696,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iedvtool.dll [2013.11.26 08:55:03 | 000,469,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieinstal.exe [2013.08.22 04:44:25 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe [2013.09.26 07:34:13 | 000,270,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll [2013.11.26 07:41:48 | 000,251,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEShims.dll [2013.08.22 06:20:05 | 000,805,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013.08.22 04:16:23 | 000,438,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll [2013.08.22 04:17:13 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll [2013.08.22 04:28:46 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll [2013.08.22 04:16:40 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll [2013.07.26 18:02:22 | 000,312,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\msdbg2.dll [2013.08.22 04:08:05 | 000,999,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\networkinspection.dll [2013.07.26 18:02:22 | 000,410,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdm.dll [2013.07.26 18:02:22 | 000,097,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdmproxy100.dll [2013.08.22 04:43:57 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\sqmapi.dll < %USERPROFILE%\*.* > [2013.12.15 16:40:01 | 001,835,008 | -HS- | M] () -- C:\Users\Andreas M. \NTUSER.DAT [2013.12.14 17:56:06 | 005,185,536 | -HS- | M] () -- C:\Users\Andreas M. \ntuser.dat.LOG1 [2013.12.14 17:56:06 | 004,505,600 | -HS- | M] () -- C:\Users\Andreas M. \ntuser.dat.LOG2 [2013.12.14 18:10:57 | 000,065,536 | -HS- | M] () -- C:\Users\Andreas M. \NTUSER.DAT{2a7ba31a-0b81-11e3-93fd-90b11c2535ca}.TM.blf [2013.12.14 18:10:57 | 000,524,288 | -HS- | M] () -- C:\Users\Andreas M. \NTUSER.DAT{2a7ba31a-0b81-11e3-93fd-90b11c2535ca}.TMContainer00000000000000000001.regtrans-ms [2013.12.14 18:10:57 | 000,524,288 | -HS- | M] () -- C:\Users\Andreas M. \NTUSER.DAT{2a7ba31a-0b81-11e3-93fd-90b11c2535ca}.TMContainer00000000000000000002.regtrans-ms [2013.12.14 17:56:06 | 000,000,020 | -HS- | M] () -- C:\Users\Andreas M. \ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\*.exe /90 > [2013.10.22 08:55:27 | 002,328,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\system32\*.dll /90 > [2013.10.10 12:05:42 | 001,019,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\actxprxy.dll [2013.10.22 05:04:03 | 000,618,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\apphelp.dll [2013.11.08 05:42:52 | 000,366,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\appmgr.dll [2013.10.10 12:21:32 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\AppxAllUserStore.dll [2013.11.08 05:15:35 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\AppXDeploymentClient.dll [2013.10.22 02:47:12 | 002,295,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\authui.dll [2013.10.19 05:03:41 | 000,531,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\comdlg32.dll [2013.10.24 10:12:58 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\CredentialMigrationHandler.dll [2013.10.16 14:54:17 | 001,581,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll [2013.10.05 13:05:35 | 000,578,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll [2013.10.05 13:05:35 | 001,765,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d11.dll [2013.11.08 05:16:46 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dcomp.dll [2013.11.04 03:28:40 | 001,816,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Display.dll [2013.10.08 06:15:16 | 000,492,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dnsapi.dll [2013.11.04 02:30:33 | 001,765,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dwmcore.dll [2013.10.05 13:05:35 | 000,406,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxgi.dll [2013.10.05 09:39:55 | 001,067,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gdi32.dll [2013.11.26 07:34:55 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dll [2013.11.26 08:26:42 | 011,221,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll [2013.11.26 09:38:54 | 002,166,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll [2013.10.03 23:42:34 | 006,155,264 | ---- | M] (Intel Corporation) -- C:\Windows\system32\ig7icd32.dll [2013.10.03 23:42:36 | 013,272,576 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igd10iumd32.dll [2013.10.03 23:42:38 | 000,142,848 | ---- | M] () -- C:\Windows\system32\igdail32.dll [2013.10.03 23:42:38 | 000,290,816 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igdbcl32.dll [2013.10.03 23:42:40 | 000,180,736 | ---- | M] () -- C:\Windows\system32\igdde32.dll [2013.10.03 23:42:40 | 020,946,944 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igdfcl32.dll [2013.10.03 23:42:46 | 000,343,040 | ---- | M] () -- C:\Windows\system32\igdmd32.dll [2013.10.03 23:42:46 | 002,974,208 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igdrcl32.dll [2013.10.03 23:42:46 | 011,417,600 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igdumdim32.dll [2013.10.03 23:42:50 | 003,524,608 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igdusc32.dll [2013.10.03 23:42:50 | 000,128,000 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfx11cmrt32.dll [2013.10.03 23:42:50 | 001,814,016 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfxcmjit32.dll [2013.10.03 23:42:50 | 000,133,120 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfxcmrt32.dll [2013.10.03 23:42:52 | 000,492,032 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfxdv32.dll [2013.10.03 23:42:52 | 000,025,088 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfxexps32.dll [2013.10.03 23:43:00 | 000,179,712 | ---- | M] (Intel Corporation) -- C:\Windows\system32\iglhcp32.dll [2013.10.03 23:43:00 | 001,123,328 | ---- | M] (Intel Corporation) -- C:\Windows\system32\iglhsip32.dll [2013.10.19 08:14:14 | 000,070,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll [2013.10.03 23:43:02 | 000,253,440 | ---- | M] (Intel Corporation) -- C:\Windows\system32\IntelOpenCL32.dll [2013.10.03 23:43:06 | 000,060,416 | ---- | M] (Khronos Group) -- C:\Windows\system32\Intel_OpenCL_ICD32.dll [2013.11.26 09:16:12 | 004,243,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll [2013.10.22 05:02:40 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll [2013.11.25 14:12:02 | 016,820,784 | ---- | M] (Lenovo Corporation) -- C:\Windows\system32\LibDriverMft.dll [2013.11.25 14:12:14 | 000,067,120 | ---- | M] (Lenovo Corporation) -- C:\Windows\system32\LibDriverMftStart.dll [2013.11.09 06:52:04 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mdmregistration.dll [2013.10.23 09:59:16 | 000,698,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfplat.dll [2013.10.19 08:12:06 | 000,380,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfsvr.dll [2013.10.05 09:24:36 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\miutils.dll [2013.10.11 14:03:50 | 000,621,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MrmCoreR.dll [2013.10.02 10:47:07 | 001,018,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msctf.dll [2013.10.17 11:36:58 | 002,266,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msftedit.dll [2013.11.26 11:11:50 | 017,112,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll [2013.10.05 08:32:48 | 005,769,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll [2013.10.10 15:53:55 | 000,088,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncryptsslp.dll [2013.10.03 23:43:06 | 000,060,416 | ---- | M] (Khronos Group) -- C:\Windows\system32\OpenCL.DLL [2013.10.15 09:03:28 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scrrun.dll [2013.11.05 14:33:44 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\SettingSyncCore.dll [2013.11.05 19:51:37 | 018,642,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll [2013.10.08 06:58:55 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shsetup.dll [2013.10.20 17:46:56 | 000,268,288 | ---- | M] (IvoSoft) -- C:\Windows\system32\StartMenuHelper32.dll [2013.10.05 09:40:54 | 000,795,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\TSWorkspace.dll [2013.10.10 11:27:01 | 000,869,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\twinui.appcore.dll [2013.11.08 05:26:19 | 011,674,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\twinui.dll [2013.10.05 09:21:38 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\UIAutomationCore.dll [2013.11.26 07:27:32 | 001,157,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll [2013.10.22 03:38:12 | 001,362,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\user32.dll [2013.11.12 00:41:31 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll [2013.10.03 10:02:48 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Windows.Devices.Sensors.dll [2013.10.19 04:14:29 | 000,888,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Windows.Media.dll [2013.10.01 04:36:12 | 000,977,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Windows.Media.Streaming.dll [2013.10.05 08:35:00 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll [2013.11.05 17:20:05 | 013,925,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Windows.UI.Xaml.dll [2013.10.08 05:50:39 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Windows.Web.Http.dll [2013.12.15 16:44:53 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\WindowsAccessBridge-32.dll [2013.11.26 07:33:33 | 001,820,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll [2013.10.17 15:04:13 | 001,204,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winmde.dll [2013.10.10 15:53:54 | 000,235,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll [2013.11.01 06:57:11 | 000,544,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wlidcli.dll [2013.11.23 05:13:51 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMPhoto.dll [2013.11.12 00:27:10 | 000,701,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WSShared.dll < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\drivers\*.sys /90 > < %systemroot%\system32\*.exe /90 > [2013.10.22 07:03:47 | 002,065,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\explorer.exe [2013.12.04 01:05:48 | 000,693,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe [2013.10.03 23:43:02 | 000,279,000 | ---- | M] (Intel Corporation) -- C:\Windows\system32\IntelCpHeciSvc.exe [2013.12.15 16:44:52 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\java.exe [2013.12.15 16:44:53 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\javaw.exe [2013.12.15 16:44:53 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\javaws.exe [2013.11.05 14:57:39 | 000,479,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\SettingSyncHost.exe [2013.11.09 06:56:15 | 001,391,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMPDMC.exe [2013.10.16 10:34:26 | 000,518,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WWAHost.exe < %systemroot%\system32\config\*.sav > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\assembly\tmp\*.* /S /MD5 > < %systemroot%\assembly\GAC_32\*.* /S /MD5 > [2013.08.17 01:06:23 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=5BDCD6385333D6F29C71D660CC39FFF2 -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll [2013.08.17 01:06:26 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=9F7C0A8E593B838D22396E77FE2C5846 -- C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll [2013.08.22 06:24:11 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=E11F20E431CC0153115B3CF3AC4788FC -- C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll [2013.08.22 06:22:40 | 000,077,824 | ---- | M] ( ) MD5=53FD84596F2D6BA76F530DC3D3FB7E6F -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll [2013.08.03 05:41:46 | 000,163,840 | ---- | M] (Microsoft Corporation) MD5=ED2670D6E123303D443822E137D72855 -- C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll [2013.08.03 05:40:17 | 000,088,720 | ---- | M] (Microsoft Corporation) MD5=0653B51FE3E822CB95619D9E6388E37F -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe [2013.06.18 13:24:39 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config [2013.06.18 13:23:31 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp [2013.06.18 13:23:31 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp [2013.06.18 13:23:50 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp [2013.08.17 01:06:27 | 004,554,752 | ---- | M] (Microsoft Corporation) MD5=4FE4C5CE2DB661027D34D5F80A047DEB -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll [2013.06.18 13:24:09 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp [2013.06.18 13:24:09 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp [2013.06.18 13:24:09 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp [2013.06.18 13:24:09 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp [2013.06.18 13:24:09 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp [2013.06.18 13:24:09 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp [2013.06.18 13:24:09 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp [2013.06.18 13:24:12 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp [2013.06.18 13:24:12 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp [2013.06.18 13:24:36 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp [2013.08.03 05:41:50 | 004,218,880 | ---- | M] (Microsoft Corporation) MD5=C332EE073C2DEC348F255D62E20F8BF1 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll [2013.06.18 13:33:25 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config [2013.08.03 05:41:51 | 001,737,888 | ---- | M] (Microsoft Corporation) MD5=B4A43FCFDF2D2B29BBDE0BFDFD6A4E86 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll [2013.08.23 00:26:32 | 000,090,112 | ---- | M] (Microsoft Corporation) MD5=08E6D190D8A30D895214087913247289 -- C:\Windows\assembly\GAC_32\srmlib\1.0.0.0__31bf3856ad364e35\srmlib.dll [2013.08.17 01:06:29 | 000,487,424 | ---- | M] (Microsoft Corporation) MD5=4C120A51A3E20BFAF5F660C58E210B95 -- C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll [2013.08.17 01:06:29 | 002,972,672 | ---- | M] (Microsoft Corporation) MD5=CBFD32555AFE935CCB4BC37865A0195A -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll [2013.08.17 01:06:30 | 000,258,048 | ---- | M] (Microsoft Corporation) MD5=F044F73E92E8FD1E1A9022394FA6E7A7 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll [2013.08.17 01:06:31 | 000,113,664 | ---- | M] (Microsoft Corporation) MD5=FEB8E846293CAF114639EE1FBE3BDA48 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll [2013.08.03 05:41:51 | 000,372,736 | ---- | M] (Microsoft Corporation) MD5=A7DC1CAC8DFB194FDE57031B7FE69E6B -- C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll [2013.08.17 01:06:31 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=2E3B066C65AC3620B15F6A6ED7777169 -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll [2013.08.17 01:06:31 | 005,283,840 | ---- | M] (Microsoft Corporation) MD5=1828CC36F4C32E6E9107442C18BAB4D4 -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll < %systemroot%\assembly\GAC_64\*.* /S /MD5 > [2013.08.17 01:06:19 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=48AE30ED57CF6FEA8660AC51F6FB2566 -- C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll [2013.08.17 01:06:20 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=98549CA59E197BD23CC040566EFA96D9 -- C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll [2013.08.22 13:38:04 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=43FC43987838263E73BA5D9AE7DBA1BA -- C:\Windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll [2013.08.22 13:36:08 | 000,077,824 | ---- | M] ( ) MD5=7A4083F8BD141E2EC7528ECA41EA16EF -- C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll [2013.12.14 19:29:45 | 000,163,840 | ---- | M] (Microsoft Corporation) MD5=6FB8D5C4BF7120D120147FDBF794D39D -- C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll [2013.08.03 05:42:43 | 000,084,624 | ---- | M] (Microsoft Corporation) MD5=044CB423EEF5F1C1EE746DB33A8AE8E4 -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe [2013.06.18 15:46:10 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config [2013.06.18 15:46:58 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp [2013.06.18 15:46:58 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp [2013.06.18 15:47:06 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp [2013.08.17 01:06:21 | 004,571,136 | ---- | M] (Microsoft Corporation) MD5=549B3242868C2B69540B9DD53D1D7B20 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll [2013.06.18 15:47:22 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp [2013.06.18 15:47:22 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp [2013.06.18 15:47:22 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp [2013.06.18 15:47:22 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp [2013.06.18 15:47:22 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp [2013.06.18 15:47:22 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp [2013.06.18 15:47:22 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp [2013.06.18 15:47:25 | 000,262,148 | ---- | M] () Unable to obtain MD5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp [2013.06.18 15:47:25 | 000,020,320 | ---- | M] () Unable to obtain MD5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp [2013.06.18 15:47:38 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp [2013.08.03 05:47:53 | 003,999,232 | ---- | M] (Microsoft Corporation) MD5=2F667CF9056D0E64909519A2D5BC583B -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll [2013.06.18 15:53:54 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config [2013.08.03 05:48:02 | 002,256,032 | ---- | M] (Microsoft Corporation) MD5=1BC0B1E8043B335BE250AFC6648420B9 -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll [2013.08.23 00:26:36 | 000,090,112 | ---- | M] (Microsoft Corporation) MD5=B72F441896EA7E902CFFB1C5EA5EFBAF -- C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\srmlib.dll [2013.08.17 01:06:25 | 000,503,296 | ---- | M] (Microsoft Corporation) MD5=DBF9C310B1404E1DC4093DF153AA31F1 -- C:\Windows\assembly\GAC_64\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll [2013.08.17 01:06:25 | 003,145,728 | ---- | M] (Microsoft Corporation) MD5=21106999BC5C6B56B65506012EFDD112 -- C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll [2013.08.17 01:06:26 | 000,245,760 | ---- | M] (Microsoft Corporation) MD5=D819F329C782377AEE79560A10FF8E25 -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll [2013.08.17 01:06:26 | 000,133,120 | ---- | M] (Microsoft Corporation) MD5=161B8BE162757287648F15FC62658A52 -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll [2013.08.03 05:47:56 | 000,358,400 | ---- | M] (Microsoft Corporation) MD5=47FF2F27FA2C8B7BADE4B142091F0DD7 -- C:\Windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll [2013.08.17 01:06:27 | 000,283,136 | ---- | M] (Microsoft Corporation) MD5=161F8492416495C3C5962FD7BCF230E5 -- C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll [2013.08.17 01:06:27 | 005,292,032 | ---- | M] (Microsoft Corporation) MD5=02AE2CC1B00DAE66B08F1A1AE22F3407 -- C:\Windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections > "DefaultConnectionSettings" = 46 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data] "SavedLegacySettings" = 46 00 00 00 55 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data] < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 60 bytes -> D:\Anwenderdaten\A. M. \Documents\GlobalDriveMexico:AFP_AfpInfo < End of report > Und hier Extras.exe. OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.12.2013 23:13:55 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andreas M. \Downloads
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,69 Gb Total Physical Memory | 4,41 Gb Available Physical Memory | 57,33% Memory free
9,56 Gb Paging File | 6,09 Gb Available in Paging File | 63,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118,90 Gb Total Space | 48,65 Gb Free Space | 40,92% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 35,96 Gb Free Space | 7,72% Space Free | Partition Type: NTFS
Computer Name: THINKPADT430 | User Name: Andreas M. | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2132384609-1576062560-950552869-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{306C378C-8D83-42DC-84A5-695517837691}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C711CD-D865-4671-BDDA-A8DD45B09583}" = dir=out | name=@{microsoft.xboxlivegames_2.0.20.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{1157A581-173F-4F80-A2DC-3A4D20A85E52}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{20CAAA5E-E4DB-4C5E-867B-0F8A64A89F3C}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.176_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{21016335-F1CF-420B-BDEC-FE1047107539}" = dir=out | name=@{microsoft.bingnews_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{22927675-989C-4C45-A84A-419CF4DA911A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{2E698911-D35A-4DA9-B4AD-E961E0D18313}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{30E37877-CED1-4684-94AB-6199CC046C89}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{377B7A3E-7384-4EC6-B08E-39882649497D}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{39196211-9076-48E0-8DB0-A29AC600B6A3}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{3EA87278-1ACF-4880-B2CB-59D1CE5FA5F6}" = dir=in | name=skype |
"{3F499DA9-C2D1-42CA-B6AB-EF75073CCCAA}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{41E2C6E4-18BD-45EC-BB0E-F0A291824207}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{4D46C6F0-C497-4430-BD24-69B4BE341E70}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{4E34E4A9-D507-4A3B-B339-7B63105988F9}" = protocol=6 | dir=in | app=c:\users\andreas m. \appdata\roaming\dropbox\bin\dropbox.exe |
"{5312671D-5960-437C-850A-67BE763A97CF}" = dir=out | name=skype |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{5A2FAB04-AAA6-4FA1-A5E2-9C7245C2E93C}" = dir=out | name=@{microsoft.bingsports_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{5C82B2E1-0379-409F-BB95-B38584279DDB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{610FBE08-2D8C-4364-A198-C7B0DBB9FB8D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{6970939C-17C7-47AF-A8FF-22BE93B985BF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{6BC6249A-6A78-401D-B3AF-0A39A9CC9C53}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{7171D2CC-7AF8-4729-8A67-701F57FB3CD8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{73B6A715-AC25-4498-B1FD-6DDFF2558FA8}" = dir=out | name=@{microsoft.zunevideo_2.2.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{7CBB3A7D-9743-426D-9EAE-1E742EF6FB7C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |
"{7F510913-8486-4440-A38A-A42B6048CBB8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"{803A38F9-ACCB-4829-9A2B-E6DC6B76B004}" = dir=out | name=@{microsoft.zunemusic_2.2.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{88AA6008-F0F0-4AB4-81BF-AE166DE32937}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{8968F6B7-E3F3-4803-AD80-B74A79EC8246}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.177_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{9629B8C5-DBB2-4405-9097-B7A6932CF371}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{99A7D77A-7CB8-419F-BE7D-CCB889A8BFC8}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{9ECC950E-5736-4299-9F3C-DACC8F1957D5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{9F7125B5-D103-4260-8E7B-410165D9B2AD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{A238C08C-339D-48E4-B967-494E8284FD0F}" = dir=out | name=@{microsoft.bingtravel_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{A6102430-D85B-4653-8823-3CA55D7A4638}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{A8C233B1-0B24-415F-A070-31974681C9F2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{AB7A900C-6A04-4B7A-8EA3-DFB7CE356BFD}" = dir=out | name=@{microsoft.bingweather_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{B39AA74E-C8C7-450F-BDB4-6AEDF1C4C62D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{BB9C1657-C434-4BEB-AE3D-B93E9F1D2E3E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{D654DE6C-E68A-4146-A679-177ED8ED07A3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{DB0F2AA3-CB5D-4D33-B6FF-B918A94A06EE}" = dir=out | name=@{microsoft.bingfinance_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DED503CC-7011-4C3B-AB50-8CED5C326A01}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{E0549F9E-A90C-4D52-A6D1-D8727D8C66B1}" = protocol=17 | dir=in | app=c:\users\andreas m. \appdata\roaming\dropbox\bin\dropbox.exe |
"{E1A397B8-9CD6-4BA1-8B91-D1CC40D59350}" = dir=out | name=@{microsoft.bingmaps_2.0.2009.2356_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{E3CBD954-33FE-4FEB-9F26-7C28B45CAD38}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{F33B39CD-6269-4B1F-A127-CB5391311278}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{053ACA98-6B07-4DD0-9DB3-F51E3EB1780C}" = Lenovo Patch Utility 64 bit
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1" = Lenovo Settings UMDF driver
"{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1" = Lenovo Settings Dependency Package
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = Lenovo Settings - Camera Audio
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2013
"{98BB5224-BC5D-4028-9D20-536C1C263AA9}" = Classic Shell
"{A49C5804-8F24-433C-99B2-9F9F541090C7}" = HP Officejet 4500 G510a-f 14.0 Rel. 6
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"GIMP-2_is1" = GIMP 2.8.10
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"jdownloader2" = JDownloader 2
"Matlab R2013b" = MATLAB R2013b
"MouseSuite98" = Lenovo Mouse Suite
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = Lenovo Power Management Driver
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"VLC media player" = VLC media player 2.1.1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{3611CA6C-5FCA-4900-A329-6A118123CCFC}" = Bing Bar
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0407-0000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-0000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-0000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-0000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-0000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-0000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-0000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-0000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-0000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00E1-0407-0000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-0000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help
"{C6FB6B4A-1378-4CD3-9CD3-42BA69FCBD43}" = Lenovo Patch Utility
"{C79D4402-E622-4922-9C02-89F9080BF081}_is1" = Lenovo Settings - Location Awareness
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Google Chrome" = Google Chrome
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.24
"Mozilla Firefox 26.0 (x86 de)" = Mozilla Firefox 26.0 (x86 de)
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"SumatraPDF" = SumatraPDF
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2132384609-1576062560-950552869-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.12.2013 15:15:14 | Computer Name = ThinkPadT430 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\MATLAB\R2013b\toolbox\rtw\targets\xpc\xpc\bin\RecordISO.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.12.2013 15:25:56 | Computer Name = ThinkPadT430 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\MATLAB\R2013b\toolbox\rtw\targets\xpc\xpc\bin\RecordISO.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 20.12.2013 04:19:04 | Computer Name = ThinkPadT430 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: glcnd.exe, Version: 6.3.9600.16384,
Zeitstempel: 0x5215eaad Name des fehlerhaften Moduls: glcnd.exe, Version: 6.3.9600.16384,
Zeitstempel: 0x5215eaad Ausnahmecode: 0xc0000602 Fehleroffset: 0x000000000024ebd9
ID
des fehlerhaften Prozesses: 0x56c Startzeit der fehlerhaften Anwendung: 0x01cefd137282f22c
Pfad
der fehlerhaften Anwendung: C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16384_x64__8wekyb3d8bbwe\glcnd.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16384_x64__8wekyb3d8bbwe\glcnd.exe
Berichtskennung:
62d40164-694f-11e3-8258-f4b7e2cf5017 Vollständiger Name des fehlerhaften Pakets:
Microsoft.Reader_6.3.9600.16384_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum
fehlerhaften Paket ist: Microsoft.Reader
Error - 22.12.2013 09:48:21 | Computer Name = ThinkPadT430 | Source = Microsoft-Windows-Defrag | ID = 257
Description =
Error - 22.12.2013 09:49:39 | Computer Name = ThinkPadT430 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\MATLAB\R2013b\toolbox\rtw\targets\xpc\xpc\bin\RecordISO.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.12.2013 10:43:38 | Computer Name = ThinkPadT430 | Source = Microsoft-Windows-Defrag | ID = 257
Description =
Error - 25.12.2013 11:14:54 | Computer Name = ThinkPadT430 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PhotosApp.exe, Version: 6.3.9600.16384,
Zeitstempel: 0x5215d75e Name des fehlerhaften Moduls: Windows.UI.Xaml.dll, Version:
6.3.9600.16456, Zeitstempel: 0x52791760 Ausnahmecode: 0xc000027b Fehleroffset: 0x0000000000a4f17a
ID
des fehlerhaften Prozesses: 0x788 Startzeit der fehlerhaften Anwendung: 0x01cefaa50d43e05d
Pfad
der fehlerhaften Anwendung: C:\Windows\FileManager\PhotosApp.exe Pfad des fehlerhaften
Moduls: C:\Windows\System32\Windows.UI.Xaml.dll Berichtskennung: 4e71116c-6d77-11e3-8258-f4b7e2cf5017
Vollständiger
Name des fehlerhaften Pakets: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: Microsoft.Windows.PhotoManager
Error - 25.12.2013 13:06:56 | Computer Name = ThinkPadT430 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PhotosApp.exe, Version: 6.3.9600.16384,
Zeitstempel: 0x5215d75e Name des fehlerhaften Moduls: Windows.UI.Xaml.dll, Version:
6.3.9600.16456, Zeitstempel: 0x52791760 Ausnahmecode: 0xc000027b Fehleroffset: 0x0000000000a4f17a
ID
des fehlerhaften Prozesses: 0x21e4 Startzeit der fehlerhaften Anwendung: 0x01cf0184131898d7
Pfad
der fehlerhaften Anwendung: C:\Windows\FileManager\PhotosApp.exe Pfad des fehlerhaften
Moduls: C:\Windows\System32\Windows.UI.Xaml.dll Berichtskennung: f4f53717-6d86-11e3-8258-f4b7e2cf5017
Vollständiger
Name des fehlerhaften Pakets: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: Microsoft.Windows.PhotoManager
Error - 25.12.2013 18:02:36 | Computer Name = ThinkPadT430 | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 26.0.0.5087 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1674 Startzeit:
01cf017fc27c3cd9 Endzeit: 4294967295 Anwendungspfad: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Berichts-ID: 4258aa1e-6db0-11e3-8258-f4b7e2cf5017 Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 25.12.2013 18:14:41 | Computer Name = ThinkPadT430 | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert
.
[ System Events ]
Error - 18.12.2013 15:14:08 | Computer Name = ThinkPadT430 | Source = DCOM | ID = 10010
Description =
Error - 21.12.2013 04:47:51 | Computer Name = ThinkPadT430 | Source = DCOM | ID = 10010
Description =
Error - 21.12.2013 04:48:21 | Computer Name = ThinkPadT430 | Source = DCOM | ID = 10010
Description =
Error - 21.12.2013 09:12:43 | Computer Name = ThinkPadT430 | Source = DCOM | ID = 10010
Description =
Error - 21.12.2013 09:13:13 | Computer Name = ThinkPadT430 | Source = DCOM | ID = 10010
Description =
Error - 23.12.2013 11:58:36 | Computer Name = ThinkPadT430 | Source = DCOM | ID = 10010
Description =
Error - 24.12.2013 13:20:09 | Computer Name = ThinkPadT430 | Source = DCOM | ID = 10010
Description =
Error - 24.12.2013 13:20:39 | Computer Name = ThinkPadT430 | Source = DCOM | ID = 10010
Description =
Error - 25.12.2013 10:44:04 | Computer Name = ThinkPadT430 | Source = DCOM | ID = 10010
Description =
Error - 25.12.2013 10:44:34 | Computer Name = ThinkPadT430 | Source = DCOM | ID = 10010
Description =
< End of report >
Hab auch mit FRST schon einen Scan laufen lassen, hier FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2013 Ran by Andreas M. (administrator) on THINKPADT430 on 25-12-2013 23:53:15 Running from C:\Users\Andreas M. \Downloads Windows 8.1 Pro (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe () C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16384_x64__8wekyb3d8bbwe\glcnd.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (OldTimer Tools) C:\Users\Andreas M. \Downloads\OTL.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Andreas M. \Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - "C:\Windows\system32\hkcmd.exe" HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated) HKLM\...\Run: [LenovoOptMouseUpdate] - C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-20] (Lenovo Group Limited) HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [384296 2013-10-28] (Lenovo.) HKLM\...\Run: [Daemon for Mouse Suite] - C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe [87040 2013-03-26] (Primax Electronics Ltd.) HKLM\...\Run: [LENOVO.TPKNRRES] - rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub HKLM\...\Run: [Mouse Suite 98 Daemon] - ICO.EXE HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2065408 2013-11-03] (Dominik Reichl) HKLM-x32\...\Run: [PWMTRV] - C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [6623528 2013-11-21] (Lenovo Group Limited) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [457728 2013-08-23] (Microsoft Corporation) Startup: C:\Users\Andreas M. \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Andreas M. \AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC56552A0EDF8CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\Andreas M. \AppData\Roaming\Mozilla\Firefox\Profiles\gw14tk9t.default FF Homepage: www.google.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\Andreas M. \AppData\Roaming\Mozilla\Firefox\Profiles\gw14tk9t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: Fox!Box - C:\Users\Andreas M. \AppData\Roaming\Mozilla\Firefox\Profiles\gw14tk9t.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Andreas M. \AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Andreas M. \AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Andreas M. \AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Andreas M. \AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Google Wallet) - C:\Users\Andreas M. \AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Gmail) - C:\Users\Andreas M. \AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573488 2013-11-25] (Lenovo Corporation) S2 BcmBtRSupport; C:\Windows\system32\btwrsupportservice.exe [2252504 2013-09-04] (Broadcom Corporation.) R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2084160 2013-12-04] (Lenovo Group Limited) R3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [702512 2013-11-25] (Lenovo Corporation) R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [468288 2013-12-04] () R2 PelService; C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe [178688 2012-03-13] () S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-10-31] () R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [172760 2013-04-24] (Broadcom Corporation.) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation) R3 BTWPANFL; C:\Windows\system32\drivers\btwpanfl.sys [44912 2013-01-20] (Broadcom Corporation.) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation) S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-08-23] (Microsoft Corporation) R3 LenovoRd; C:\Windows\system32\DRIVERS\LenovoRd.sys [126848 2012-12-06] (Gemalto) R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [27496 2012-07-30] (Lenovo) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation) R3 pelbtm; C:\Windows\system32\DRIVERS\pelbtm.sys [16384 2012-06-19] (Primax Electronics Ltd.) R1 pelmoubt; C:\Windows\system32\DRIVERS\pelmoubt.sys [22528 2012-06-19] (Primax Electronics Ltd.) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== %%deleted by me - wenn notwendig, bitte melden! Danke! ==================== One Month Modified Files and Folders ======= %%deleted by me - wenn notwendig, bitte melden! Danke! Some content of TEMP: ==================== C:\Users\Andreas M. \AppData\Local\Temp\ose00000.exe C:\Users\Andreas M. \AppData\Local\Temp\proxy_vole1314064770830138225.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-14 16:49 ==================== End Of Log ============================ --- --- --- [/CODE] Ich hoffe, ihr könnt damit was anfangen. Vielen Dank schon einmal Euch für Eure Hilfe! Grüße Andi |
| Themen zu Again: Bundespolizei Trojaner |
| 7-zip, adblock, adobe, bingbar, combofix, defender, desktop, einstellungen, error, excel, fehler, festplatte, firefox, flash player, format, google, install.exe, internet, internet explorer, mozilla, officejet, plug-in, pwmtr64v.dll, registry, rundll, services.exe, software, system error, taskmanager, temp, trojaner, windows, windowsapps |
Baum-Darstellung