| |
| |||||||
Log-Analyse und Auswertung: Träges System, Veränderungen, mehrere unbekannte ProzesseWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.02.2015, 22:58
| #1 |
 |  Träges System, Veränderungen, mehrere unbekannte Prozesse Hallo alle miteinander! Ich bin neu hier, daher hoffe ich das ich den Thread richtig erstellt habe... Seit einiger Zeit läuft mein System merkwürdig und wesentlich langsamer als zuvor. Habe zuerst mal die Festplatte bereinigt und einen Virenscan gemacht (ohne Funde), das brachte allerdings auch nicht sehr viel. Konkrete Veränderungen: Wenn ich mich anmelde wird das Design geändert (obwohl ich jedes Mal ein anderes aktiviere) Der Laptop schaltet ohne erkennbaren Grund den Lüfter voll ein und scheint immer wieder voll ausgelastet zu sein (ohne das ich den Grund dafür nachvollziehen kann). Obwohl ich ein installiertes AdBlockPlus habe, öffnet sich seit kurzem Werbung im Firefox. Es werden ohne mein Zutun Webseiteninhalte auf den PC gespeichert (Facebook Chat). Firefox und andere Programme stürzen ohne erkennbaren Grund ab und ich hatte einen au_.exe Prozess im Task Manager, den ich nicht kenne (und der angeblich Spyware ist). MBAM Logfile: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 28.02.2015 Suchlauf-Zeit: 18:28:40 Logdatei: mbam funde.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.28.04 Rootkit Datenbank: v2015.02.25.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: ********* Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 514595 Verstrichene Zeit: 1 Std, 19 Min, 4 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 4 PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [973df23113773303b3326357877c6c94], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [4e8659ca1d6d88aea440e5d5f40ff40c], PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, In Quarantäne, [13c11b08ff8b1125e4cc8c20679c837d], PUP.Optional.ReMarkit.A, HKU\S-1-5-21-3005992195-605650759-3539824770-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re_markit, In Quarantäne, [be16061d39512c0a2da5199bc53e29d7], Registrierungswerte: 1 PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, amt, In Quarantäne, [4e8659ca1d6d88aea440e5d5f40ff40c] Registrierungsdaten: 4 PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.awesomehp.com/web/?type=ds&ts=1391198468&from=amt&uid=HitachiXHTS727575A9E364_J3740084HR7RMEHR7RMEX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.awesomehp.com/web/?type=ds&ts=1391198468&from=amt&uid=HitachiXHTS727575A9E364_J3740084HR7RMEHR7RMEX&q={searchTerms}),Ersetzt,[c70da77cf496fc3a6bd0587222e3d927] PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.awesomehp.com/?type=hp&ts=1391198468&from=amt&uid=HitachiXHTS727575A9E364_J3740084HR7RMEHR7RMEX, Gut: (www.google.com), Schlecht: (hxxp://www.awesomehp.com/?type=hp&ts=1391198468&from=amt&uid=HitachiXHTS727575A9E364_J3740084HR7RMEHR7RMEX),Ersetzt,[4a8aee35fc8eba7c2b0b3e8ce322758b] PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.awesomehp.com/?type=hp&ts=1391198468&from=amt&uid=HitachiXHTS727575A9E364_J3740084HR7RMEHR7RMEX, Gut: (www.google.com), Schlecht: (hxxp://www.awesomehp.com/?type=hp&ts=1391198468&from=amt&uid=HitachiXHTS727575A9E364_J3740084HR7RMEHR7RMEX),Ersetzt,[b51f83a0ddadbd79f34a1dad41c4f010] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[40949d865b2f241267829142d62ffe02] Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 2 PUP.PSWTool.ProductKey, C:\Users\*********\Downloads\produkey_setup_1.67_win32.zip, In Quarantäne, [10c451d20a803402090cadd234cc3ac6], PUP.Optional.OpenCandy, C:\Users\*********\Downloads\SetupImgBurn_2.5.8.0.exe, In Quarantäne, [dcf8be65dcae0b2b89e605f5e71e7888], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter OTL logfile created on: 28.02.2015 21:19:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*********\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17633) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,94 Gb Total Physical Memory | 14,44 Gb Available Physical Memory | 90,64% Memory free 31,87 Gb Paging File | 30,44 Gb Available in Paging File | 95,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 675,26 Gb Total Space | 93,43 Gb Free Space | 13,84% Space Free | Partition Type: NTFS Drive E: | 1,99 Gb Total Space | 1,96 Gb Free Space | 98,61% Space Free | Partition Type: FAT32 Drive G: | 21,08 Gb Total Space | 3,25 Gb Free Space | 15,41% Space Free | Partition Type: NTFS Drive H: | 963,96 Mb Total Space | 287,65 Mb Free Space | 29,84% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: ********* | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2015.02.28 20:35:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*********\Desktop\OTL.exe PRC - [2014.11.21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe ========== Modules (No Company Name) ========== MOD - [2013.09.05 00:14:10 | 004,300,456 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ========== Services (SafeList) ========== SRV:64bit: - [2015.01.12 03:34:30 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2014.10.13 06:57:46 | 000,743,688 | ---- | M] (DEVGURU Co., LTD.) [On_Demand | Stopped] -- C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe -- (ss_conn_service) SRV:64bit: - [2014.03.06 15:06:20 | 001,008,344 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2014.01.31 18:52:35 | 000,239,616 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2013.10.11 13:42:42 | 003,671,792 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:64bit: - [2013.10.11 13:42:20 | 000,284,912 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2013.10.11 13:41:56 | 000,631,024 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2013.10.11 13:41:28 | 000,154,864 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2013.07.29 04:01:08 | 000,772,064 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2013.05.27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2013.03.27 10:28:38 | 001,327,104 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent) SRV:64bit: - [2013.02.28 23:41:37 | 000,327,680 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV) SRV:64bit: - [2012.12.10 14:31:44 | 000,803,872 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R) SRV:64bit: - [2012.12.10 14:31:28 | 000,732,160 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:64bit: - [2012.09.12 18:07:06 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2012.09.07 20:10:00 | 000,033,600 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2012.07.20 16:09:08 | 000,494,456 | R--- | M] (DigitalPersona, Inc.) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost) SRV:64bit: - [2012.07.19 07:47:50 | 002,714,232 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2012.03.14 22:23:06 | 000,152,992 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2015.02.25 17:37:50 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2015.02.17 15:54:34 | 001,074,480 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe -- (FlexNet Licensing Service) SRV - [2015.02.09 18:46:07 | 005,436,176 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer) SRV - [2015.02.05 17:26:09 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014.12.19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2014.12.11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2014.11.21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe -- (MBAMService) SRV - [2014.11.21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe -- (MBAMScheduler) SRV - [2014.04.20 15:15:58 | 000,233,552 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe -- (AVP15.0.0) SRV - [2014.04.11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2014.04.09 14:16:34 | 001,448,248 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2014.03.20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2014.02.10 13:56:28 | 000,683,296 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2014.02.09 20:12:16 | 001,128,312 | ---- | M] (Infineon Technologies AG) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe -- (IFXSpMgtSrv) SRV - [2014.02.09 20:12:16 | 000,984,440 | ---- | M] (Infineon Technologies AG) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe -- (IFXTCS) SRV - [2014.02.09 20:12:16 | 000,212,344 | ---- | M] (Infineon Technologies AG) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService) SRV - [2014.01.31 15:22:31 | 000,366,040 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2014.01.31 15:22:30 | 000,279,000 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2014.01.31 15:22:30 | 000,165,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2014.01.31 15:22:30 | 000,131,032 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2013.11.04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2013.08.21 12:32:28 | 000,210,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2013.08.21 12:32:24 | 000,524,456 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2013.07.18 10:38:16 | 001,143,432 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2013.03.01 02:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2012.10.18 20:01:07 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2012.09.04 15:45:00 | 000,477,088 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK) SRV - [2012.08.07 13:15:50 | 000,378,488 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService) SRV - [2012.07.25 17:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service) SRV - [2012.07.25 17:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc) SRV - [2012.07.19 07:29:58 | 002,342,008 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2012.07.13 12:07:22 | 000,270,336 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2012.03.09 19:22:42 | 000,117,552 | ---- | M] (Portrait Displays, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2010.10.20 07:06:04 | 001,250,592 | ---- | M] (SafeNet, Inc) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2010.10.20 01:03:02 | 000,374,048 | ---- | M] (SafeNet, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer) SRV - [2010.10.20 01:00:02 | 000,292,128 | ---- | M] (SafeNet, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe -- (SentinelSecurityRuntime) ========== Driver Services (SafeList) ========== DRV:64bit: - [2015.02.28 20:51:26 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV:64bit: - [2015.02.12 16:53:24 | 000,141,440 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2014.11.21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl) DRV:64bit: - [2014.11.21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2014.10.13 06:57:48 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2014.10.13 06:57:48 | 000,110,336 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2014.10.08 13:47:23 | 000,793,800 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2014.10.08 13:47:23 | 000,141,320 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt) DRV:64bit: - [2014.08.21 18:38:00 | 000,795,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2014.08.21 18:38:00 | 000,358,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2014.08.21 18:38:00 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2014.07.02 10:03:45 | 000,555,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2014.07.02 09:39:56 | 000,598,808 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2014.07.02 09:39:56 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2014.07.02 09:39:56 | 000,184,144 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2014.07.02 09:39:56 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2014.07.02 09:39:56 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2014.07.02 09:39:40 | 000,172,760 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums) DRV:64bit: - [2014.05.02 12:02:50 | 000,495,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2014.04.10 16:25:34 | 000,243,808 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\klhk.sys -- (klhk) DRV:64bit: - [2014.03.28 16:51:04 | 000,028,768 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:64bit: - [2014.03.26 16:05:28 | 000,179,296 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:64bit: - [2014.03.25 15:26:04 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:64bit: - [2014.02.25 12:09:02 | 000,030,304 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2014.02.20 11:59:04 | 000,457,824 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2014.02.12 15:59:18 | 000,386,680 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2014.02.09 20:12:19 | 000,044,576 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\psd.sys -- (PersonalSecureDrive) DRV:64bit: - [2014.01.31 18:52:56 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2014.01.31 18:52:35 | 012,760,576 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2014.01.31 18:52:35 | 000,619,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2014.01.31 15:39:19 | 000,176,880 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2014.01.31 15:22:30 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2013.11.04 08:20:48 | 000,026,936 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2013.08.21 15:32:28 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvolwin7.sys -- (Sftvol) DRV:64bit: - [2013.08.21 15:32:26 | 000,029,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirwin7.sys -- (Sftredir) DRV:64bit: - [2013.08.21 15:32:24 | 000,768,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfswin7.sys -- (Sftfs) DRV:64bit: - [2013.08.21 15:32:24 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaywin7.sys -- (Sftplay) DRV:64bit: - [2013.08.08 16:11:00 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2013.07.29 04:01:24 | 000,164,832 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2013.07.29 04:01:24 | 000,164,832 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2013.07.01 09:25:12 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:64bit: - [2013.07.01 09:25:10 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:64bit: - [2013.05.20 01:04:36 | 000,020,048 | ---- | M] (Iomega Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vNICdrv.sys -- (vNICdrv) DRV:64bit: - [2013.04.24 07:12:06 | 000,129,792 | ---- | M] (Gemalto) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GemCCID.sys -- (GemCCID) DRV:64bit: - [2013.04.12 14:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd) DRV:64bit: - [2013.03.27 11:05:38 | 000,091,432 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpeOpal.sys -- (MfeEpeOpal) DRV:64bit: - [2013.03.27 11:03:08 | 000,158,760 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc) DRV:64bit: - [2013.03.23 22:37:30 | 000,026,208 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci) DRV:64bit: - [2013.03.01 02:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2013.02.28 23:41:37 | 000,543,744 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2013.02.12 05:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2012.11.20 13:14:40 | 001,866,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2012.10.18 20:01:07 | 000,568,640 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.09.30 10:24:08 | 011,523,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2012.09.07 20:11:00 | 000,043,328 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2012.09.07 20:11:00 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2012.09.04 15:25:14 | 000,064,832 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.02 04:07:18 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN) DRV:64bit: - [2011.12.26 21:37:42 | 000,090,608 | ---- | M] (CyberLink) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive) DRV:64bit: - [2011.07.25 17:44:58 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.07.25 17:44:58 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.05.13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.05.13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:64bit: - [2011.05.13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2011.05.13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2011.05.13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.11 00:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010.11.11 00:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:64bit: - [2010.11.11 00:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2009.09.17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.02.17 11:18:48 | 000,069,192 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2009.02.17 11:17:16 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV - [2012.07.26 13:38:00 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391198468&from=amt&uid=HitachiXHTS727575A9E364_J3740084HR7RMEHR7RMEX&q={searchTerms} IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391198468&from=amt&uid=HitachiXHTS727575A9E364_J3740084HR7RMEHR7RMEX&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3005992195-605650759-3539824770-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-3005992195-605650759-3539824770-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-3005992195-605650759-3539824770-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3005992195-605650759-3539824770-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3005992195-605650759-3539824770-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "AT" FF - prefs.js..browser.search.highlightCount: 0 FF - prefs.js..browser.search.isUS: false FF - prefs.js..browser.search.region: "AT" FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.16.0 FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.1.8 FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2014.2.7 FF - prefs.js..extensions.enabledAddons: virtual_keyboard%40kaspersky.com:4.0.10.15 FF - prefs.js..extensions.enabledAddons: content_blocker%40kaspersky.com:4.0.10.15 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:4.0.10.15 FF - prefs.js..extensions.enabledAddons: online_banking%40kaspersky.com:4.0.10.15 FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:2.0 FF - prefs.js..extensions.enabledAddons: fireforce%40scrt.ch:2.2 FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.6.10 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@kaspersky.com/content_blocker: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014.10.08 13:47:29 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@kaspersky.com/online_banking: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014.10.08 13:47:29 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@kaspersky.com/virtual_keyboard: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014.10.08 13:47:29 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2013.01.19 15:34:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014.01.07 22:23:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014.12.14 13:07:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014.10.08 13:47:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014.10.08 13:47:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014.10.08 13:47:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014.10.08 13:47:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014.10.08 13:47:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.17 18:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\Extensions [2015.02.28 18:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\gi23ph1m.default\extensions [2012.10.27 17:56:21 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\gi23ph1m.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2014.01.22 15:30:17 | 000,000,000 | ---D | M] (Block site) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\gi23ph1m.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015.01.06 21:49:00 | 000,052,316 | ---- | M] () (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\firefox\profiles\gi23ph1m.default\extensions\fireforce@scrt.ch.xpi [2015.01.31 01:23:29 | 000,393,078 | ---- | M] () (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\firefox\profiles\gi23ph1m.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015.01.15 19:04:16 | 000,985,112 | ---- | M] () (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\firefox\profiles\gi23ph1m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015.02.25 17:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2015.02.25 17:37:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2014.12.14 13:07:48 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 11.0\ACROBAT\BROWSER\WCFIREFOXEXTN [2014.10.08 13:47:29 | 000,000,000 | ---D | M] (Chặn quảng cáo) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\ANTI_BANNER@KASPERSKY.COM [2014.10.08 13:47:29 | 000,000,000 | ---D | M] (Ngăn chặn trang web nguy hiểm) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM [2014.10.08 13:47:29 | 000,000,000 | ---D | M] (An toàn giao dịch tài chính) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\ONLINE_BANKING@KASPERSKY.COM [2014.10.08 13:47:29 | 000,000,000 | ---D | M] (Công cụ kiểm tra liên kết của Kaspersky) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\URL_ADVISOR@KASPERSKY.COM [2014.10.08 13:47:29 | 000,000,000 | ---D | M] (Bàn phím ảo) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM [2014.01.07 22:23:30 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX O1 HOSTS File: ([2014.03.28 19:07:25 | 000,000,850 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 10.0.0.42 BRN30055C09D9CB O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) O2:64bit: - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKU\S-1-5-21-3005992195-605650759-3539824770-1001\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-3005992195-605650759-3539824770-1001\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\*********\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 16 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\Program Files (x86)\Internet Explorer\Citavi Picker\ShowContextMenu.html () O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Zu Anti-Banner hinzufügen - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm () O8 - Extra context menu item: &Citavi Picker... - C:\Program Files (x86)\Internet Explorer\Citavi Picker\ShowContextMenu.html () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Zu Anti-Banner hinzufügen - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm () O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9:64bit: - Extra Button: Link-Untersuchung - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: Link-Untersuchung - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3005992195-605650759-3539824770-1001\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3005992195-605650759-3539824770-1001\..Trusted Domains: security_Capture.exe ([]about in Vertrauenswürdige Sites) O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1362838867134 (MUCatalogWebControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{148EEE73-5FAC-4283-88E4-9605D77F02E1}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15AFA637-BDF3-43BE-B870-2968A81E7FB7}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A919D833-78FF-4579-888F-D25A828CA3CF}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C23788C9-0567-48BF-9233-5274FCBB25D1}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF80E091-7F4B-4833-819F-88405D224247}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - ("C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe") - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{caed7ac8-004d-11e4-8713-e006e6afdb49}\Shell - "" = AutoRun O33 - MountPoints2\{caed7ac8-004d-11e4-8713-e006e6afdb49}\Shell\AutoRun\command - "" = D:\MMMTest.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015.02.28 20:51:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*********\Desktop\OTL.exe [2015.02.28 20:44:34 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\Spyware Tools [2015.02.28 20:39:32 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\USB3 Sicherung [2015.02.28 19:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID [2015.02.28 19:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID [2015.02.28 19:31:22 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\MyPhoneExplorer [2015.02.28 19:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer [2015.02.28 19:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPhoneExplorer [2015.02.28 19:07:08 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\Kaspersky Rescue [2015.02.28 18:44:15 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\Gelber Kingston [2015.02.28 18:28:14 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys [2015.02.28 18:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2015.02.28 18:27:59 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys [2015.02.28 18:27:59 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys [2015.02.28 18:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2015.02.28 18:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BIPA FotoShop [2015.02.28 18:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\BIPA [2015.02.28 18:03:39 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\hps-install [2015.02.28 17:31:04 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\Pwd forgot kaspersky [2015.02.25 17:37:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2015.02.25 17:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2015.02.25 10:58:21 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\restoration [2015.02.25 10:57:26 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\autopsy [2015.02.25 10:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\Autopsy-3.1.1 [2015.02.25 10:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autopsy [2015.02.21 20:32:21 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\USB Stick Post [2015.02.21 11:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB [2015.02.21 11:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ISO to USB [2015.02.19 11:19:46 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\********* AustroControl [2015.02.17 16:22:28 | 000,000,000 | ---D | C] -- C:\Users\*********\Documents\ArcGIS [2015.02.17 16:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ESRI [2015.02.17 15:54:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared [2015.02.17 15:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS [2015.02.17 15:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 4.0 [2015.02.17 15:49:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Data Dynamics [2015.02.17 15:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tom Sawyer Software [2015.02.17 15:49:24 | 000,000,000 | ---D | C] -- C:\Python27 [2015.02.17 15:49:24 | 000,000,000 | ---D | C] -- \Python27 [2015.02.17 15:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcGIS [2015.02.17 15:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcGIS [2015.02.17 15:47:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcGIS 10.2.2 [2015.02.14 19:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox [2015.02.14 19:21:49 | 000,000,000 | RH-D | C] -- C:\ESD [2015.02.14 19:21:49 | 000,000,000 | RH-D | C] -- \ESD [2015.02.14 12:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL [2015.02.14 12:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL [2015.02.13 23:35:57 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\********* FHTW IWIW [2015.02.13 22:35:54 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\Ayudarum Job I u II [2015.02.13 20:23:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PHP [2015.02.13 19:52:21 | 000,000,000 | ---D | C] -- C:\inetpub [2015.02.13 19:52:21 | 000,000,000 | ---D | C] -- \inetpub [2015.02.12 16:53:24 | 000,204,264 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\VBoxNetFltNobj.dll [2015.02.12 16:53:24 | 000,141,440 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\drivers\VBoxNetAdp.sys [2015.02.12 13:27:44 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\10.9 Heiratsproblem-Dateien [2015.02.12 10:35:48 | 006,041,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2015.02.12 10:35:48 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll [2015.02.12 10:35:47 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll [2015.02.11 09:38:29 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\perftrack.dll [2015.02.11 09:38:29 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\powertracker.dll [2015.02.11 08:18:29 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll [2015.02.11 08:18:29 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2015.02.11 08:18:28 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2015.02.11 08:18:28 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe [2015.02.11 08:18:28 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll [2015.02.11 08:18:28 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2015.02.11 08:18:28 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll [2015.02.11 08:18:28 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll [2015.02.11 08:18:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll [2015.02.11 08:18:28 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2015.02.11 08:18:27 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2015.02.11 08:18:27 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll [2015.02.11 08:18:27 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2015.02.11 08:18:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll [2015.02.11 08:18:26 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe [2015.02.11 08:18:26 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2015.02.11 08:18:26 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll [2015.02.11 08:18:26 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2015.02.11 08:18:26 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll [2015.02.11 08:18:26 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2015.02.11 08:18:26 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2015.02.11 08:18:25 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2015.02.11 08:18:25 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll [2015.02.11 08:18:25 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll [2015.02.11 08:18:25 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll [2015.02.11 08:18:25 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2015.02.11 08:18:24 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2015.02.11 08:18:24 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2015.02.11 08:18:23 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll [2015.02.11 08:18:22 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2015.02.11 08:18:22 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll [2015.02.11 08:18:22 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll [2015.02.11 08:17:57 | 000,894,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\appraiser.dll [2015.02.11 08:17:57 | 000,609,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\generaltel.dll [2015.02.11 08:17:56 | 001,098,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll [2015.02.11 08:17:56 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\invagent.dll [2015.02.11 08:17:55 | 001,239,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aitstatic.exe [2015.02.11 08:17:55 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\devinv.dll [2015.02.11 08:17:55 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll [2015.02.11 08:17:55 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepic.dll [2015.02.11 08:17:46 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2015.02.11 08:17:32 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll [2015.02.11 08:17:11 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll [2015.02.11 08:17:11 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\adtschema.dll [2015.02.11 08:17:11 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adtschema.dll [2015.02.11 08:17:10 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll [2015.02.11 08:17:10 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\auditpol.exe [2015.02.11 08:17:10 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\auditpol.exe [2015.02.11 08:17:10 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll [2015.02.11 08:17:10 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll [2015.02.11 08:17:09 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msaudite.dll [2015.02.11 08:17:09 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msaudite.dll [2015.02.11 08:17:09 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msobjs.dll [2015.02.11 08:17:09 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msobjs.dll [2015.02.11 08:17:02 | 001,480,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll [2015.02.11 08:16:58 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll [2015.02.11 08:16:43 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\scesrv.dll [2015.02.11 08:16:43 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\scesrv.dll [2015.02.11 08:16:39 | 005,554,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2015.02.11 08:16:38 | 003,972,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2015.02.11 08:16:38 | 003,917,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2015.02.11 08:16:37 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll [2015.02.11 08:16:37 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rstrui.exe [2015.02.11 08:16:37 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srclient.dll [2015.02.03 23:20:28 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2015.02.03 23:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2015.02.03 23:20:26 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Notepad++ [2015.02.03 23:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++ [2015.02.03 15:50:09 | 000,000,000 | ---D | C] -- C:\Users\*********\.jmc [2015.02.03 15:49:57 | 000,000,000 | ---D | C] -- C:\Users\*********\.eclipse [2015.02.03 15:35:21 | 000,111,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll [2015.02.03 15:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit [2015.02.03 15:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java [1 C:\Users\*********\Desktop\*.tmp files -> C:\Users\*********\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2015.02.28 20:51:26 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys [2015.02.28 20:49:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2015.02.28 20:49:02 | 4225,265,661 | -HS- | M] () -- C:\hiberfil.sys [2015.02.28 20:42:26 | 001,703,554 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2015.02.28 20:42:26 | 000,736,966 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2015.02.28 20:42:26 | 000,683,928 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2015.02.28 20:42:26 | 000,159,896 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2015.02.28 20:42:26 | 000,130,708 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2015.02.28 20:35:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*********\Desktop\OTL.exe [2015.02.28 20:29:00 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2015.02.28 20:26:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2015.02.28 20:23:16 | 000,004,340 | ---- | M] () -- C:\Users\*********\AppData\Roaming\LTspiceIV.ini [2015.02.28 20:18:08 | 000,018,490 | ---- | M] () -- C:\Users\*********\Desktop\cc_20150228_201805.reg [2015.02.28 20:01:57 | 000,031,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2015.02.28 20:01:57 | 000,031,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2015.02.28 19:58:12 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2015.02.28 17:55:07 | 000,000,656 | ---- | M] () -- C:\Users\*********\Desktop\cc_20150228_175504.reg [2015.02.28 17:53:52 | 000,440,218 | ---- | M] () -- C:\Users\*********\Desktop\cc_20150228_175347.reg [2015.02.28 14:40:09 | 000,089,009 | ---- | M] () -- C:\Users\*********\Desktop\Google plant Riesenglashaus - news.ORF.pdf [2015.02.28 14:36:42 | 000,017,887 | ---- | M] () -- C:\Users\*********\Desktop\Probleme wegen falscher Bonitätsauskünfte - help.ORF.pdf [2015.02.28 14:34:54 | 000,027,320 | ---- | M] () -- C:\Users\*********\Desktop\Die Tücken des Kreditscorings - help.ORF.pdf [2015.02.27 20:35:49 | 000,000,682 | ---- | M] () -- C:\windows\BRRBCOM.INI [2015.02.27 18:54:32 | 020,163,714 | ---- | M] () -- C:\Users\*********\Desktop\House_of_Cards_Vienna_vs_Washington_DC_Side_by_Side_hd720.mp4 [2015.02.27 08:00:07 | 000,000,336 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleFor*********.job [2015.02.26 18:11:47 | 000,066,950 | ---- | M] () -- C:\Users\*********\Desktop\google meldung 2.JPG [2015.02.26 13:59:54 | 000,026,962 | ---- | M] () -- C:\Users\*********\Desktop\newsletter abbestellung springer bauwesen 26_02_2015_2.JPG [2015.02.26 13:58:33 | 000,139,042 | ---- | M] () -- C:\Users\*********\Desktop\newsletter abbestellung springer bauwesen 26_02_2015.JPG [2015.02.25 21:52:18 | 000,700,226 | ---- | M] () -- C:\Users\*********\Desktop\ba1_*********.pdf [2015.02.25 21:46:29 | 000,078,876 | ---- | M] () -- C:\Users\*********\Desktop\google meldung.JPG [2015.02.25 21:10:26 | 000,000,475 | ---- | M] () -- C:\- [2015.02.25 20:58:13 | 000,009,152 | ---- | M] () -- C:\Users\*********\Desktop\perlc.m [2015.02.25 10:57:44 | 000,000,036 | ---- | M] () -- C:\.superId [2015.02.25 10:56:28 | 000,001,887 | ---- | M] () -- C:\Users\*********\Desktop\Autopsy 3.1.1.lnk [2015.02.25 10:32:28 | 000,105,574 | ---- | M] () -- C:\Users\*********\Desktop\Personen am Institut für Information Engineering & Security - Fachhochschule Technikum Wien_Lehrende MIT_BIT.pdf [2015.02.23 16:10:00 | 000,202,766 | ---- | M] () -- C:\Users\*********\Desktop\Stellenmarkt Start _ LinkedIn.pdf [2015.02.22 09:25:26 | 003,175,734 | ---- | M] () -- C:\Users\*********\Desktop\20150222_092526.jpg [2015.02.21 16:10:34 | 000,221,611 | ---- | M] () -- C:\Users\*********\Desktop\E-Ladestation_Uebersicht_Gesamt.pdf [2015.02.21 12:43:36 | 000,121,302 | ---- | M] () -- C:\Users\*********\Desktop\guterBundeslandFilter.JPG [2015.02.19 19:48:28 | 000,317,678 | ---- | M] () -- C:\Users\*********\Desktop\Raspberry Pi_ Webserver Nginx installieren » Jan Karres.pdf [2015.02.19 18:41:31 | 000,184,218 | ---- | M] () -- C:\Users\*********\Desktop\sguat@job.JPG [2015.02.18 12:09:45 | 000,764,996 | ---- | M] () -- C:\Users\*********\Desktop\Raspberry Pi_ Owncloud-Alternative Seafile Server installieren » Jan Karres.pdf [2015.02.18 11:53:39 | 000,267,494 | ---- | M] () -- C:\Users\*********\Desktop\E3.pdf [2015.02.18 10:30:12 | 000,101,629 | ---- | M] () -- C:\Users\*********\Desktop\Stromtankstellen Februar 2014_bearbeitet_*********.pdf [2015.02.18 10:20:27 | 000,486,288 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2015.02.18 10:14:36 | 003,129,148 | ---- | M] () -- C:\Users\*********\Desktop\20150218_101435.jpg [2015.02.18 04:48:35 | 002,797,455 | ---- | M] () -- C:\Users\*********\Desktop\20150218_044835.jpg [2015.02.17 17:40:22 | 002,330,405 | ---- | M] () -- C:\Users\*********\Desktop\20150217_174022.jpg [2015.02.17 17:36:34 | 002,917,757 | ---- | M] () -- C:\Users\*********\Desktop\20150217_173634.jpg [2015.02.17 17:21:54 | 004,910,216 | ---- | M] () -- C:\Users\*********\Desktop\20150217_172154.jpg [2015.02.17 17:18:36 | 020,956,479 | ---- | M] () -- C:\Users\*********\Desktop\20150217_171825.mp4 [2015.02.17 10:10:38 | 003,217,659 | ---- | M] () -- C:\Users\*********\Desktop\20150217_101038.jpg [2015.02.16 16:02:28 | 000,083,599 | ---- | M] () -- C:\Users\*********\Desktop\Stromtankstellen Februar 2014.pdf [2015.02.16 14:11:00 | 007,601,042 | ---- | M] () -- C:\Users\*********\Desktop\de_Buch 30 Jahre ASFINAG.pdf [2015.02.15 14:22:26 | 000,425,203 | ---- | M] () -- C:\Users\*********\Desktop\IMG-20150215-WA0000.jpg [2015.02.14 19:34:55 | 006,428,671 | ---- | M] () -- C:\Users\*********\Desktop\20150214_193455.jpg [2015.02.14 19:29:24 | 000,301,066 | ---- | M] () -- C:\Users\*********\Desktop\IMG-20150214-WA0001.jpg [2015.02.14 17:23:30 | 000,074,555 | ---- | M] () -- C:\Users\*********\Desktop\stromtankstellen standorte stand august 2012_63554.pdf [2015.02.14 16:54:09 | 000,285,813 | ---- | M] () -- C:\Users\*********\Desktop\20140203_Ladestationen_SMATRICS.pdf [2015.02.14 12:43:54 | 001,343,488 | ---- | M] () -- C:\Users\*********\Documents\Erevolution.accdb [2015.02.14 12:20:35 | 000,348,160 | ---- | M] () -- C:\Users\*********\Documents\Database3.accdb [2015.02.14 12:20:01 | 000,352,256 | ---- | M] () -- C:\Users\*********\Documents\Database2.accdb [2015.02.14 10:23:06 | 000,318,703 | ---- | M] () -- C:\Users\*********\Desktop\IMG-20150214-WA0000.jpg [2015.02.13 22:00:43 | 000,000,023 | ---- | M] () -- C:\windows\ODBCINST.INI [2015.02.13 20:36:13 | 001,736,652 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2015.02.13 19:15:02 | 002,829,909 | ---- | M] () -- C:\Users\*********\Desktop\20150213_191503.jpg [2015.02.13 10:35:15 | 000,001,136 | ---- | M] () -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015.02.12 16:53:24 | 000,204,264 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\VBoxNetFltNobj.dll [2015.02.12 16:53:24 | 000,141,440 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\drivers\VBoxNetAdp.sys [2015.02.12 13:27:44 | 000,005,261 | ---- | M] () -- C:\Users\*********\Desktop\10.9 Heiratsproblem.html [2015.02.11 10:48:10 | 000,008,878 | ---- | M] () -- C:\windows\SysWow64\SystemData.xml [2015.02.11 10:35:53 | 004,684,472 | ---- | M] () -- C:\Users\*********\Desktop\13agelenkbus_144346.jpg [2015.02.11 10:35:13 | 000,325,934 | ---- | M] () -- C:\Users\*********\Desktop\modalsplit_144345.jpg [2015.02.11 10:34:48 | 000,621,349 | ---- | M] () -- C:\Users\*********\Desktop\jahreskarte-verkaufszahlen_144344.jpg [2015.02.11 10:07:41 | 001,680,212 | ---- | M] () -- C:\Users\*********\Desktop\jahreskarten anzahl wr linien.pdf [2015.02.11 10:07:16 | 000,539,155 | ---- | M] () -- C:\Users\*********\Desktop\falschparker wr linien.pdf [2015.02.11 10:06:59 | 000,633,643 | ---- | M] () -- C:\Users\*********\Desktop\multisensueller infopoint wr linien.pdf [2015.02.06 16:17:16 | 005,069,971 | ---- | M] () -- C:\Users\*********\Desktop\20150206_161716.jpg [2015.02.05 17:26:09 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2015.02.05 17:26:09 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2015.02.04 04:16:29 | 000,609,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\generaltel.dll [2015.02.04 04:16:20 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\invagent.dll [2015.02.04 04:16:16 | 000,414,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\devinv.dll [2015.02.04 04:16:14 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\appraiser.dll [2015.02.04 04:16:13 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll [2015.02.04 04:16:13 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepic.dll [2015.02.04 04:13:28 | 001,098,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll [2015.02.03 15:34:39 | 000,111,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll [2015.02.02 19:50:30 | 000,396,735 | ---- | M] () -- C:\Users\*********\Desktop\IMG-20150202-WA0001.jpg [2015.02.02 19:50:30 | 000,296,853 | ---- | M] () -- C:\Users\*********\Desktop\IMG-20150202-WA0000.jpg [2015.01.29 22:31:20 | 003,415,388 | ---- | M] () -- C:\Users\*********\Desktop\20150129_223120.jpg [1 C:\Users\*********\Desktop\*.tmp files -> C:\Users\*********\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2015.02.28 20:18:06 | 000,018,490 | ---- | C] () -- C:\Users\*********\Desktop\cc_20150228_201805.reg [2015.02.28 17:55:05 | 000,000,656 | ---- | C] () -- C:\Users\*********\Desktop\cc_20150228_175504.reg [2015.02.28 17:53:49 | 000,440,218 | ---- | C] () -- C:\Users\*********\Desktop\cc_20150228_175347.reg [2015.02.28 14:40:09 | 000,089,009 | ---- | C] () -- C:\Users\*********\Desktop\Google plant Riesenglashaus - news.ORF.pdf [2015.02.28 14:36:42 | 000,017,887 | ---- | C] () -- C:\Users\*********\Desktop\Probleme wegen falscher Bonitätsauskünfte - help.ORF.pdf [2015.02.28 14:34:54 | 000,027,320 | ---- | C] () -- C:\Users\*********\Desktop\Die Tücken des Kreditscorings - help.ORF.pdf [2015.02.27 18:53:11 | 020,163,714 | ---- | C] () -- C:\Users\*********\Desktop\House_of_Cards_Vienna_vs_Washington_DC_Side_by_Side_hd720.mp4 [2015.02.26 18:11:47 | 000,066,950 | ---- | C] () -- C:\Users\*********\Desktop\google meldung 2.JPG [2015.02.26 13:59:54 | 000,026,962 | ---- | C] () -- C:\Users\*********\Desktop\newsletter abbestellung springer bauwesen 26_02_2015_2.JPG [2015.02.26 13:55:53 | 000,139,042 | ---- | C] () -- C:\Users\*********\Desktop\newsletter abbestellung springer bauwesen 26_02_2015.JPG [2015.02.26 11:44:03 | 000,700,226 | ---- | C] () -- C:\Users\*********\Desktop\ba1_*********.pdf [2015.02.25 21:46:29 | 000,078,876 | ---- | C] () -- C:\Users\*********\Desktop\google meldung.JPG [2015.02.25 21:10:03 | 000,000,475 | ---- | C] () -- C:\- [2015.02.25 21:10:03 | 000,000,475 | ---- | C] () -- \- [2015.02.25 20:58:12 | 000,009,152 | ---- | C] () -- C:\Users\*********\Desktop\perlc.m [2015.02.25 10:57:44 | 000,000,036 | ---- | C] () -- C:\.superId [2015.02.25 10:57:44 | 000,000,036 | ---- | C] () -- \.superId [2015.02.25 10:56:28 | 000,001,887 | ---- | C] () -- C:\Users\*********\Desktop\Autopsy 3.1.1.lnk [2015.02.25 10:32:28 | 000,105,574 | ---- | C] () -- C:\Users\*********\Desktop\Personen am Institut für Information Engineering & Security - Fachhochschule Technikum Wien_Lehrende MIT_BIT.pdf [2015.02.23 16:10:00 | 000,202,766 | ---- | C] () -- C:\Users\*********\Desktop\Stellenmarkt Start _ LinkedIn.pdf [2015.02.22 09:25:26 | 003,175,734 | ---- | C] () -- C:\Users\*********\Desktop\20150222_092526.jpg [2015.02.21 12:43:35 | 000,121,302 | ---- | C] () -- C:\Users\*********\Desktop\guterBundeslandFilter.JPG [2015.02.19 19:48:28 | 000,317,678 | ---- | C] () -- C:\Users\*********\Desktop\Raspberry Pi_ Webserver Nginx installieren » Jan Karres.pdf [2015.02.19 18:41:13 | 000,184,218 | ---- | C] () -- C:\Users\*********\Desktop\sguat@job.JPG [2015.02.18 12:09:45 | 000,764,996 | ---- | C] () -- C:\Users\*********\Desktop\Raspberry Pi_ Owncloud-Alternative Seafile Server installieren » Jan Karres.pdf [2015.02.18 11:48:26 | 000,267,494 | ---- | C] () -- C:\Users\*********\Desktop\E3.pdf [2015.02.18 10:14:36 | 003,129,148 | ---- | C] () -- C:\Users\*********\Desktop\20150218_101435.jpg [2015.02.18 04:48:35 | 002,797,455 | ---- | C] () -- C:\Users\*********\Desktop\20150218_044835.jpg [2015.02.17 17:40:22 | 002,330,405 | ---- | C] () -- C:\Users\*********\Desktop\20150217_174022.jpg [2015.02.17 17:36:34 | 002,917,757 | ---- | C] () -- C:\Users\*********\Desktop\20150217_173634.jpg [2015.02.17 17:21:54 | 004,910,216 | ---- | C] () -- C:\Users\*********\Desktop\20150217_172154.jpg [2015.02.17 17:18:36 | 020,956,479 | ---- | C] () -- C:\Users\*********\Desktop\20150217_171825.mp4 [2015.02.17 10:10:38 | 003,217,659 | ---- | C] () -- C:\Users\*********\Desktop\20150217_101038.jpg [2015.02.16 18:53:18 | 000,221,611 | ---- | C] () -- C:\Users\*********\Desktop\E-Ladestation_Uebersicht_Gesamt.pdf [2015.02.16 18:14:25 | 000,101,629 | ---- | C] () -- C:\Users\*********\Desktop\Stromtankstellen Februar 2014_bearbeitet_*********.pdf [2015.02.16 14:10:58 | 007,601,042 | ---- | C] () -- C:\Users\*********\Desktop\de_Buch 30 Jahre ASFINAG.pdf [2015.02.15 14:22:26 | 000,425,203 | ---- | C] () -- C:\Users\*********\Desktop\IMG-20150215-WA0000.jpg [2015.02.15 12:55:34 | 000,083,599 | ---- | C] () -- C:\Users\*********\Desktop\Stromtankstellen Februar 2014.pdf [2015.02.14 19:34:55 | 006,428,671 | ---- | C] () -- C:\Users\*********\Desktop\20150214_193455.jpg [2015.02.14 19:29:24 | 000,301,066 | ---- | C] () -- C:\Users\*********\Desktop\IMG-20150214-WA0001.jpg [2015.02.14 17:23:29 | 000,074,555 | ---- | C] () -- C:\Users\*********\Desktop\stromtankstellen standorte stand august 2012_63554.pdf [2015.02.14 16:54:08 | 000,285,813 | ---- | C] () -- C:\Users\*********\Desktop\20140203_Ladestationen_SMATRICS.pdf [2015.02.14 12:20:35 | 001,343,488 | ---- | C] () -- C:\Users\*********\Documents\Erevolution.accdb [2015.02.14 12:20:01 | 000,348,160 | ---- | C] () -- C:\Users\*********\Documents\Database3.accdb [2015.02.14 12:16:00 | 000,352,256 | ---- | C] () -- C:\Users\*********\Documents\Database2.accdb [2015.02.14 10:23:06 | 000,318,703 | ---- | C] () -- C:\Users\*********\Desktop\IMG-20150214-WA0000.jpg [2015.02.13 20:40:56 | 000,000,023 | ---- | C] () -- C:\windows\ODBCINST.INI [2015.02.13 19:15:02 | 002,829,909 | ---- | C] () -- C:\Users\*********\Desktop\20150213_191503.jpg [2015.02.13 10:43:51 | 000,000,336 | ---- | C] () -- C:\windows\tasks\HPCeeScheduleFor*********.job [2015.02.12 13:27:44 | 000,005,261 | ---- | C] () -- C:\Users\*********\Desktop\10.9 Heiratsproblem.html [2015.02.11 10:35:53 | 004,684,472 | ---- | C] () -- C:\Users\*********\Desktop\13agelenkbus_144346.jpg [2015.02.11 10:35:12 | 000,325,934 | ---- | C] () -- C:\Users\*********\Desktop\modalsplit_144345.jpg [2015.02.11 10:34:47 | 000,621,349 | ---- | C] () -- C:\Users\*********\Desktop\jahreskarte-verkaufszahlen_144344.jpg [2015.02.11 10:07:41 | 001,680,212 | ---- | C] () -- C:\Users\*********\Desktop\jahreskarten anzahl wr linien.pdf [2015.02.11 10:07:16 | 000,539,155 | ---- | C] () -- C:\Users\*********\Desktop\falschparker wr linien.pdf [2015.02.11 10:06:59 | 000,633,643 | ---- | C] () -- C:\Users\*********\Desktop\multisensueller infopoint wr linien.pdf [2015.02.06 16:17:16 | 005,069,971 | ---- | C] () -- C:\Users\*********\Desktop\20150206_161716.jpg [2015.02.05 16:38:51 | 000,000,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk [2015.02.03 11:34:02 | 000,237,568 | ---- | C] () -- C:\windows\SysWow64\glut32.dll [2015.02.02 19:50:30 | 000,396,735 | ---- | C] () -- C:\Users\*********\Desktop\IMG-20150202-WA0001.jpg [2015.02.02 19:50:30 | 000,296,853 | ---- | C] () -- C:\Users\*********\Desktop\IMG-20150202-WA0000.jpg [2015.01.29 22:31:20 | 003,415,388 | ---- | C] () -- C:\Users\*********\Desktop\20150129_223120.jpg [2015.01.06 18:50:50 | 000,000,030 | ---- | C] () -- C:\windows\Gnucleus.INI [2014.12.14 11:53:45 | 000,000,076 | ---- | C] () -- C:\Users\*********\AppData\Roaming\mbam.context.scan [2014.12.09 17:40:40 | 000,000,781 | ---- | C] () -- C:\Users\*********\Draft1.op.raw [2014.12.09 17:40:00 | 000,001,210 | ---- | C] () -- C:\Users\*********\Draft1.raw [2014.12.09 17:37:31 | 000,001,664 | ---- | C] () -- C:\Users\*********\Draft1.asc [2014.12.09 17:04:02 | 000,004,340 | ---- | C] () -- C:\Users\*********\AppData\Roaming\LTspiceIV.ini [2014.10.21 13:05:45 | 000,000,446 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2014.04.16 17:00:51 | 000,000,719 | ---- | C] () -- C:\Users\*********\AppData\Local\recently-used.xbel [2014.02.18 15:35:17 | 000,000,682 | ---- | C] () -- C:\windows\BRRBCOM.INI [2014.02.18 15:34:08 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL [2014.02.18 15:34:06 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI [2014.02.12 15:32:47 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2014.01.31 21:03:18 | 000,032,256 | ---- | C] () -- C:\windows\SysWow64\AVSredirect.dll [2013.12.30 10:52:44 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2013.10.12 17:00:56 | 000,000,248 | ---- | C] () -- C:\windows\hbcikrnl.ini [2013.09.11 22:32:06 | 000,038,912 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll [2013.07.25 20:41:24 | 000,995,342 | ---- | C] () -- C:\windows\SysWow64\amdocl_as32.exe [2013.07.25 20:41:24 | 000,798,734 | ---- | C] () -- C:\windows\SysWow64\amdocl_ld32.exe [2013.06.04 23:16:27 | 000,000,000 | ---- | C] () -- C:\Users\*********\dlmgr_.pro [2013.06.02 19:01:44 | 000,000,021 | ---- | C] () -- C:\windows\progman.ini [2013.04.18 18:06:46 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2013.04.18 18:06:46 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2013.04.18 18:06:46 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2013.04.18 18:06:46 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2013.03.01 02:47:36 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll [2012.11.07 21:04:25 | 000,001,096 | ---- | C] () -- C:\Users\*********\Dokumente - Verknüpfung.lnk [2012.11.04 14:22:28 | 000,007,168 | ---- | C] () -- C:\Users\*********\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.20 15:04:45 | 000,007,618 | ---- | C] () -- C:\Users\*********\AppData\Local\Resmon.ResmonCfg [2012.10.17 17:35:04 | 4225,265,661 | -HS- | C] () -- \hiberfil.sys [2011.02.11 06:13:49 | 000,383,786 | RHS- | C] () -- \bootmgr [2007.11.07 08:12:28 | 000,232,960 | ---- | C] () -- \VC_RED.MSI [2007.11.07 08:09:22 | 001,442,522 | ---- | C] () -- \VC_RED.cab [2007.11.07 08:03:18 | 000,562,688 | ---- | C] () -- \install.exe [2007.11.07 08:03:18 | 000,097,296 | ---- | C] () -- \install.res.1036.dll [2007.11.07 08:03:18 | 000,096,272 | ---- | C] () -- \install.res.3082.dll [2007.11.07 08:03:18 | 000,096,272 | ---- | C] () -- \install.res.1031.dll [2007.11.07 08:03:18 | 000,095,248 | ---- | C] () -- \install.res.1040.dll [2007.11.07 08:03:18 | 000,091,152 | ---- | C] () -- \install.res.1033.dll [2007.11.07 08:03:18 | 000,081,424 | ---- | C] () -- \install.res.1041.dll [2007.11.07 08:03:18 | 000,079,888 | ---- | C] () -- \install.res.1042.dll [2007.11.07 08:03:18 | 000,076,304 | ---- | C] () -- \install.res.1028.dll [2007.11.07 08:03:18 | 000,075,792 | ---- | C] () -- \install.res.2052.dll [2007.11.07 08:00:40 | 000,005,686 | ---- | C] () -- \vcredist.bmp [2007.11.07 08:00:40 | 000,001,110 | ---- | C] () -- \globdata.ini [2007.11.07 08:00:40 | 000,000,843 | ---- | C] () -- \install.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014.06.25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014.12.14 12:43:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ControlCenter4 [2013.05.11 16:14:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DigitalPersona [2014.02.12 17:42:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Infineon [2014.12.14 12:44:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SoftGrid Client [2013.05.11 16:14:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Synaptics [2014.01.31 22:34:05 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\.marble [2015.02.11 16:32:07 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Ahnenblatt [2014.01.21 20:38:57 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Audacity [2015.02.25 10:58:56 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\autopsy [2014.05.21 13:53:44 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2014.03.16 21:46:10 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\ControlCenter4 [2014.10.08 20:13:56 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\DeepBurner [2012.10.17 17:35:25 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\DigitalPersona [2015.02.28 17:28:51 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Dropbox [2012.10.30 21:23:08 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\e-academy Inc [2014.10.20 19:57:41 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\emIDE [2015.02.17 16:22:28 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\ESRI [2015.01.12 10:47:12 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\fltk.org [2015.01.23 19:08:11 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\gramps [2015.01.07 15:12:46 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\ImgBurn [2012.10.17 17:35:43 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Infineon [2015.02.28 19:43:09 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\MyPhoneExplorer [2014.04.24 20:44:50 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\MySQL [2015.02.03 23:20:38 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Notepad++ [2014.03.16 21:16:57 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Nuance [2014.11.27 17:06:50 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\NuGet [2014.10.17 16:07:48 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Oracle [2013.05.04 10:05:09 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\PDAppFlex [2014.06.10 15:32:23 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Python [2015.02.11 09:45:17 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Samsung [2015.01.06 18:39:51 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Shareaza [2015.02.28 20:47:58 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\SoftGrid Client [2015.02.03 13:40:11 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\SPB_16.6 [2014.12.18 11:19:11 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Subversion [2014.08.21 09:09:42 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Swiss Academic Software [2012.10.17 17:38:36 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Synaptics [2014.01.15 19:59:45 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\TeamViewer [2012.10.18 12:27:10 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Thunderbird [2015.01.29 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\uTorrent [2015.01.08 22:51:40 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Wireshark [2013.01.05 10:57:09 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\XnView [2014.03.16 21:17:01 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Zeon ========== Purity Check ========== < End of report > |
| Themen zu Träges System, Veränderungen, mehrere unbekannte Prozesse |
| ausgelastet, awesomehp, awesomehp entfernen, ebanking, fehlercode "at", fehlercode 0x5, fehlercode 0x80000003, fehlercode 22, fehlercode windows, festplatte, geändertes design, langsamer, merkwürdig, nginx, popup werbung, programme, pup.optional.awesomehp.a, pup.optional.iepluginservices.a, pup.optional.opencandy, pup.optional.qone8, pup.optional.remarkit.a, pup.optional.suptab.a, pup.pswtool.productkey, task manager, this device is disabled. (code 22), webseite |
Baum-Darstellung