Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes (https://www.trojaner-board.de/130741-gvu-virus-trojan-ransom-sugen-gefunden-malwarebytes.html)

smarks 07.02.2013 14:17
GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes
 
Hallo liebes Trojaner Bord-Team,

leider hat es in dieser Woche meinen Rechner auch erwischt. Plötzlich hatte ich den bekannten Bildschirm-Lock mit der Aufforderung zu zahlen und nichts ging mehr.

Meine PC-Kenntnisse sind bescheiden, gebe mir aber alle Mühe. Über dieses Forum und botfrei.de schlauer gelesen, habe ich im abgesichterten Modus Malwarebytes laufen lassen und gefunden:

Trojan.Ransom.SUGen ...\...\AX_RU.dll
Malware.Packer.GenX ...\...\runctf.Ink
Trojan.Ransom ...\...\RbhXVz9.exe

Bitdefender Total Security 2013 fand: Trojan.Script.480412

Alles wurde in Quarantäne genommen.

Alle wichtigen Dateien konnte ich extern sichern, diese sind nicht verschlüsselt. Seitdem kann ich wieder mit dem Rechner im Normal-Modus arbeiten.

Anschließend (05. + 06.02.2013) durchgeführte Updates:
- Win 7
- Internet Explorer
- Mozilla
- Google Chrome
- Java
- Bitdefender Total Security 2013


Heute habe ich in eurer vorgebenen Reihenfolge Defogger, OTL, Gmer laufen lassen.
Ich freue mich riesig, wenn mir jemand bei diesen Problemen weiterhelfen kann, da es sich bei dem Rechner um mein wichtigstes Arbeitswerkzeug handelt.
Mit größtem Dank im Voraus und besten Grüßen.

cosinus 07.02.2013 14:27
Hallo und :hallo:

Zitat:
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?


Zitat:
Meine PC-Kenntnisse sind bescheiden, gebe mir aber alle Mühe. Über dieses Forum und botfrei.de schlauer gelesen, habe ich im abgesichterten Modus Malwarebytes laufen lassen und gefunden:

Trojan.Ransom.SUGen ...\...\AX_RU.dll
Malware.Packer.GenX ...\...\runctf.Ink
Trojan.Ransom ...\...\RbhXVz9.exe
Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

smarks 07.02.2013 14:54
Hallo Cosinus,

vielen Dank für die schnelle Antwort :-)

@Frage 1:
Win 7 Professional, ich bin Freiberufler, es ist mein Arbeits-PC.
War die Empfehlung des Verkäufers, weil angeblich stabiler.

@Frage 2:
mit Malwarebytes gefunden:
Malware.Packer.GenX C:\Program Files (x86)\Alcohol 120\Langs\AX_RU.dll
Trojan.Ransom.SUGen C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.Ink
Trojan.Ransom C:\Users\***\AppData\Local\Temp\RbhXVz9.exe

mit Bitdefender Total Security 2013 gefunden:
Trojan.Script 480412 C:\ProgramData\9zVXhbR.js

Sorry für den ersten Versuch, bin ja lernwillig und hoffentlich auch noch lernfähig.

Die Logdatein in Code-Tags, wie in der Anleitung beschrieben bekomme ich nicht hochgeladen. Bekomme die Meldung:

Zitat:
"Der Text, den Sie eingegeben haben, besteht aus 1516487 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 120000 Zeichen.
Logs bitte als Archiv an den Beitrag anhängen!"


Was mache ich falsch?

cosinus 07.02.2013 15:11
Zitat:
War die Empfehlung des Verkäufers, weil angeblich stabiler
Stabiler? :lach:
Die Verkäufer lügen auch was das Zeug hält. Natürlich ist diese Version teurer, hat man Features als zB Home Premium, aber von Kernel her ist das alles das gleiche.

Warum bitte postest du Ausschnitte von Malwarebytes? :wtf:
War es nicht eindeutig in der Anleitung beschrieben, dass die Logs vollständig gepostet werden sollen?

smarks 07.02.2013 15:19
@Verkäufer: wenn man etwas nicht im Detail kennt, ist man halt ausgeliefert...

@Malwarebytes: weil ich es nicht wusste und erst mal finden musste ;-)
Versuch ich aber doch jetzt glatt nachzuholen.

Code:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.14.11

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
*** :: *** [Administrator]

Schutz: Deaktiviert

05.02.2013 20:08:38
mbam-log-2013-02-05 (20-08-38).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207371
Laufzeit: 2 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus 07.02.2013 15:33
Bitte alle Logs von MBAM nachreichen.

Anschließend MBAR ausführen:

Malwarebytes Anti-Rootkit http://img.trojaner-board.de/malware...otkit/logo.png

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

smarks 07.02.2013 15:53
Hallo cosinus,

ich bin begeistert über deine schnellen Reaktionen, vielen lieben Dank dafür.
Nun versuche ich alles nachzureichen, dann MBAR durchzuführen.

mbam-log-2013-02-05 (20-08-38):

Code:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.14.11

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
*** :: *** [Administrator]

Schutz: Deaktiviert

05.02.2013 20:08:38
mbam-log-2013-02-05 (20-08-38).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207371
Laufzeit: 2 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


mbam-log-2013-02-05 (20-29-40):

Code:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.04.06

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
*** :: ***[Administrator]

Schutz: Deaktiviert

05.02.2013 20:29:40
mbam-log-2013-02-05 (20-29-40).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212705
Laufzeit: 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

mbam-log-2013-02-05 (20-39-16):

Code:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.04.06

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.1
*** :: ***[Administrator]

Schutz: Deaktiviert

05.02.2013 20:39:16
mbam-log-2013-02-05 (20-39-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|H:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 509068
Laufzeit: 58 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

protection-log-2013-02-05:

Code:
2013/02/05 21:55:14 +0100        ***        ***        MESSAGE        Starting protection
2013/02/05 21:55:14 +0100        ***        ***        MESSAGE        Protection started successfully
2013/02/05 21:55:14 +0100        ***        ***        MESSAGE        Starting IP protection
2013/02/05 21:55:19 +0100        ***        ***        MESSAGE        IP Protection started successfully
2013/02/05 22:05:51 +0100        ***        ***        MESSAGE        Executing scheduled update:  Daily
2013/02/05 22:06:05 +0100        ***        ***        MESSAGE        Starting database refresh
2013/02/05 22:06:05 +0100        ***        ***        MESSAGE        Stopping IP protection
2013/02/05 22:06:05 +0100        ***        ***        MESSAGE        IP Protection stopped successfully
2013/02/05 22:06:05 +0100        ***        ***        MESSAGE        Scheduled update executed successfully:  database updated from version v2013.02.04.06 to version v2013.02.05.09
2013/02/05 22:06:08 +0100        ***        ***        MESSAGE        Database refreshed successfully
2013/02/05 22:06:08 +0100        ***        ***        MESSAGE        Starting IP protection
2013/02/05 22:06:11 +0100        ***        ***        MESSAGE        IP Protection started successfully
2013/02/05 22:36:11 +0100        ***        (null)        MESSAGE        Starting protection
2013/02/05 22:36:11 +0100        ***        (null)        MESSAGE        Protection started successfully
2013/02/05 22:36:11 +0100        ***        (null)        MESSAGE        Starting IP protection
2013/02/05 22:36:15 +0100        ***        (null)        MESSAGE        IP Protection started successfully
2013/02/05 22:37:45 +0100        ***        (null)        DETECTION        C:\Users\***\AppData\Local\Temp\RbhXVz9.exe        Trojan.Ransom        QUARANTINE
2013/02/05 23:10:24 +0100        ***        (null)        MESSAGE        Starting protection
2013/02/05 23:10:24 +0100        ***        (null)        MESSAGE        Protection started successfully
2013/02/05 23:10:24 +0100        ***        (null)        MESSAGE        Starting IP protection
2013/02/05 23:10:28 +0100        ***        (null)        MESSAGE        IP Protection started successfully
protection-log-2013-02-06

Code:
2013/02/06 08:47:24 +0100        ***        (null)        MESSAGE        Starting protection
2013/02/06 08:47:24 +0100        ***        (null)        MESSAGE        Protection started successfully
2013/02/06 08:47:24 +0100        ***        (null)        MESSAGE        Starting IP protection
2013/02/06 08:47:29 +0100        ***        (null)        MESSAGE        IP Protection started successfully
2013/02/06 11:56:08 +0100        ***        (null)        MESSAGE        Starting protection
2013/02/06 11:56:08 +0100        ***        (null)        MESSAGE        Protection started successfully
2013/02/06 11:56:08 +0100        ***        (null)        MESSAGE        Starting IP protection
2013/02/06 11:56:12 +0100        ***        (null)        MESSAGE        IP Protection started successfully
2013/02/06 18:25:52 +0100        ***        ***        MESSAGE        Executing scheduled update:  Daily
2013/02/06 18:26:08 +0100        ***        ***        MESSAGE        Scheduled update executed successfully:  database updated from version v2013.02.05.09 to version v2013.02.06.08
2013/02/06 18:26:08 +0100        ***        ***        MESSAGE        Starting database refresh
2013/02/06 18:26:09 +0100        ***        ***        MESSAGE        Stopping IP protection
2013/02/06 18:26:10 +0100        ***        ***        MESSAGE        IP Protection stopped successfully
2013/02/06 18:26:11 +0100        ***        ***        ERROR        Database refresh failed:  Integrity verification failed failed with error code 2

protection-log-2013-02-07

Code:
2013/02/07 10:35:49 +0100        ***        (null)        ERROR        Integrity verification failed failed with error code 2
2013/02/07 10:35:49 +0100        ***        (null)        MESSAGE        Protection stopped
2013/02/07 11:51:28 +0100        ***        (null)        MESSAGE        Starting protection
2013/02/07 11:51:28 +0100        ***        (null)        MESSAGE        Protection started successfully
2013/02/07 11:51:28 +0100        ***        (null)        MESSAGE        Starting IP protection
2013/02/07 11:51:33 +0100        ***        (null)        MESSAGE        IP Protection started successfully
2013/02/07 11:51:33 +0100        ***        (null)        MESSAGE        Starting database refresh
2013/02/07 11:51:33 +0100        ***        (null)        MESSAGE        Stopping IP protection
2013/02/07 11:51:33 +0100        ***        (null)        MESSAGE        IP Protection stopped successfully
2013/02/07 11:51:35 +0100        ***        (null)        MESSAGE        Database refreshed successfully
2013/02/07 11:51:35 +0100        ***        (null)        MESSAGE        Starting IP protection
2013/02/07 11:51:39 +0100        ***        (null)        MESSAGE        IP Protection started successfully
So,
habe mbar.exe 2x durchlaufen lassen, beide Male keine Malware gefunden.
Heisst das, alles gut oder sitzt das Problem tiefer?


Code:
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.02.07.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [administrator]

07.02.2013 16:49:35
mbar-log-2013-02-07 (16-49-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31514
Time elapsed: 10 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Code:
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.02.07.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [administrator]

07.02.2013 17:10:23
mbar-log-2013-02-07 (17-10-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31512
Time elapsed: 9 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus 08.02.2013 10:14
1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

smarks 09.02.2013 17:40
Hallo cosinus,

vielen Dank für deine weiteren Aufgaben!

1)
aswMBR.exe habe ich versucht auszuführen nach der Beschreibung, also mit deaktiviertem Bitdefender.
Download, update, Programmstart, alles ok. Ich kam bis "aswMBR.exe funktioniert nicht mehr".
Versuch des Neustarts misslang.
Bitdefender hatte sich doch irgendwie dazwischen gehängt und hat aswMBR.exe nach irgendwohin verschoben.

Erneuter Download von aswMBR.exe war notwendig, Speicherung auf Desktop misslang.
"... Adminrechte notwendig..." - wobei es aber neben dem Gast nur ein Konto mit Adminrechten gibt.

Ablage in einem neuen Ordner auf Desktop war möglich, Programmstart ebenfalls, jedoch keine erneute Aufforderung des avast!-updates.
Scan lief durch, im Modus "AV scan" (none)
Logfiles aswMBR.txt

Code:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-09 15:28:05
-----------------------------
15:28:05.769    OS Version: Windows x64 6.1.7601 Service Pack 1
15:28:05.769    Number of processors: 4 586 0x2505
15:28:05.769    ComputerName: ***  UserName: ***
15:28:07.236    Initialize success
15:28:13.351    AVAST engine defs: 13020900
15:28:45.255    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:28:45.255    Disk 0 Vendor: TOSHIBA_ MH00 Size: 476940MB BusType: 3
15:28:45.270    Disk 0 MBR read successfully
15:28:45.270    Disk 0 MBR scan
15:28:45.286    Disk 0 Windows 7 default MBR code
15:28:45.302    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          300 MB offset 2048
15:28:45.317    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      459228 MB offset 616448
15:28:45.348    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        15360 MB offset 941115392
15:28:45.364    Disk 0 Partition 4 00    0C    FAT32 LBA MSDOS5.0    2043 MB offset 972572672
15:28:45.411    Disk 0 scanning C:\windows\system32\drivers
15:29:04.053    Service scanning
15:29:07.220    Service BdfNdisf c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys **LOCKED** 5
15:29:07.282    Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5
15:29:34.551    Modules scanning
15:29:34.551    Disk 0 trace - called modules:
15:29:34.582    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
15:29:34.582    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80089b1060]
15:29:34.598    3 CLASSPNP.SYS[fffff8800113b43f] -> nt!IofCallDriver -> [0xfffffa8008093930]
15:29:34.598    5 hpdskflt.sys[fffff88002554189] -> nt!IofCallDriver -> [0xfffffa8007b035e0]
15:29:34.613    7 ACPI.sys[fffff88000d5b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b08050]
15:29:34.613    Scan finished successfully
15:37:55.690    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"4
15:37:55.690    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"


2)
TDSS-Killer download und scan wie in der Beschreibung problemlos
Logfiles

Code:
15:43:02.0132 7392  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:43:04.0144 7392  ============================================================
15:43:04.0144 7392  Current date / time: 2013/02/09 15:43:04.0144
15:43:04.0144 7392  SystemInfo:
15:43:04.0144 7392 
15:43:04.0144 7392  OS Version: 6.1.7601 ServicePack: 1.0
15:43:04.0144 7392  Product type: Workstation
15:43:04.0144 7392  ComputerName: ***
15:43:04.0144 7392  UserName: ***
15:43:04.0144 7392  Windows directory: C:\windows
15:43:04.0144 7392  System windows directory: C:\windows
15:43:04.0144 7392  Running under WOW64
15:43:04.0144 7392  Processor architecture: Intel x64
15:43:04.0144 7392  Number of processors: 4
15:43:04.0144 7392  Page size: 0x1000
15:43:04.0144 7392  Boot type: Normal boot
15:43:04.0144 7392  ============================================================
15:43:04.0456 7392  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:43:04.0488 7392  ============================================================
15:43:04.0488 7392  \Device\Harddisk0\DR0:
15:43:04.0488 7392  MBR partitions:
15:43:04.0488 7392  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
15:43:04.0488 7392  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x380EE000
15:43:04.0488 7392  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38184800, BlocksNum 0x1E00000
15:43:04.0488 7392  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x39F84800, BlocksNum 0x3FD800
15:43:04.0488 7392  ============================================================
15:43:04.0503 7392  C: <-> \Device\Harddisk0\DR0\Partition2
15:43:04.0519 7392  F: <-> \Device\Harddisk0\DR0\Partition4
15:43:04.0519 7392  ============================================================
15:43:04.0519 7392  Initialize success
15:43:04.0519 7392  ============================================================
15:44:00.0351 4148  ============================================================
15:44:00.0351 4148  Scan started
15:44:00.0351 4148  Mode: Manual; SigCheck; TDLFS;
15:44:00.0351 4148  ============================================================
15:44:00.0726 4148  ================ Scan system memory ========================
15:44:00.0726 4148  System memory - ok
15:44:00.0726 4148  ================ Scan services =============================
15:44:00.0882 4148  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
15:44:00.0960 4148  1394ohci - ok
15:44:01.0007 4148  [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer  C:\windows\system32\DRIVERS\Accelerometer.sys
15:44:01.0022 4148  Accelerometer - ok
15:44:01.0038 4148  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
15:44:01.0053 4148  ACPI - ok
15:44:01.0069 4148  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\windows\system32\drivers\acpipmi.sys
15:44:01.0116 4148  AcpiPmi - ok
15:44:01.0209 4148  AddonsHelper - ok
15:44:01.0241 4148  [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs            C:\windows\system32\drivers\adfs.sys
15:44:01.0256 4148  adfs - ok
15:44:01.0365 4148  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:44:01.0381 4148  AdobeARMservice - ok
15:44:01.0490 4148  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:44:01.0506 4148  AdobeFlashPlayerUpdateSvc - ok
15:44:01.0537 4148  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\windows\system32\DRIVERS\adp94xx.sys
15:44:01.0553 4148  adp94xx - ok
15:44:01.0568 4148  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\windows\system32\DRIVERS\adpahci.sys
15:44:01.0584 4148  adpahci - ok
15:44:01.0599 4148  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\windows\system32\DRIVERS\adpu320.sys
15:44:01.0615 4148  adpu320 - ok
15:44:01.0631 4148  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\windows\System32\aelupsvc.dll
15:44:01.0677 4148  AeLookupSvc - ok
15:44:01.0802 4148  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters    C:\Program Files\IDT\WDM\AESTSr64.exe
15:44:01.0833 4148  AESTFilters - ok
15:44:01.0880 4148  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\windows\system32\drivers\afd.sys
15:44:01.0927 4148  AFD - ok
15:44:01.0958 4148  [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
15:44:02.0005 4148  AgereModemAudio - ok
15:44:02.0036 4148  [ C98356D813B581E9C425B42A5D146CE0 ] AgereSoftModem  C:\windows\system32\DRIVERS\agrsm64.sys
15:44:02.0099 4148  AgereSoftModem - ok
15:44:02.0130 4148  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
15:44:02.0130 4148  agp440 - ok
15:44:02.0161 4148  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\windows\System32\alg.exe
15:44:02.0177 4148  ALG - ok
15:44:02.0192 4148  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
15:44:02.0192 4148  aliide - ok
15:44:02.0208 4148  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
15:44:02.0208 4148  amdide - ok
15:44:02.0239 4148  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\windows\system32\DRIVERS\amdk8.sys
15:44:02.0286 4148  AmdK8 - ok
15:44:02.0317 4148  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
15:44:02.0364 4148  AmdPPM - ok
15:44:02.0395 4148  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\windows\system32\drivers\amdsata.sys
15:44:02.0411 4148  amdsata - ok
15:44:02.0426 4148  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
15:44:02.0442 4148  amdsbs - ok
15:44:02.0457 4148  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\windows\system32\drivers\amdxata.sys
15:44:02.0473 4148  amdxata - ok
15:44:02.0520 4148  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\windows\system32\drivers\appid.sys
15:44:02.0567 4148  AppID - ok
15:44:02.0598 4148  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
15:44:02.0645 4148  AppIDSvc - ok
15:44:02.0676 4148  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\windows\System32\appinfo.dll
15:44:02.0707 4148  Appinfo - ok
15:44:02.0801 4148  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:44:02.0816 4148  Apple Mobile Device - ok
15:44:02.0847 4148  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt        C:\windows\System32\appmgmts.dll
15:44:02.0879 4148  AppMgmt - ok
15:44:02.0910 4148  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\windows\system32\DRIVERS\arc.sys
15:44:02.0925 4148  arc - ok
15:44:02.0925 4148  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
15:44:02.0941 4148  arcsas - ok
15:44:03.0066 4148  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:44:03.0097 4148  aspnet_state - ok
15:44:03.0113 4148  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
15:44:03.0175 4148  AsyncMac - ok
15:44:03.0206 4148  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\windows\system32\drivers\atapi.sys
15:44:03.0206 4148  atapi - ok
15:44:03.0253 4148  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
15:44:03.0331 4148  AudioEndpointBuilder - ok
15:44:03.0331 4148  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
15:44:03.0378 4148  AudioSrv - ok
15:44:03.0409 4148  [ 84E8D636FAD30B14F279523DDFCD83BE ] avc3            C:\windows\system32\DRIVERS\avc3.sys
15:44:03.0425 4148  avc3 - ok
15:44:03.0471 4148  [ B725A236D9206A308BCA0943F6506B8E ] avckf          C:\windows\system32\DRIVERS\avckf.sys
15:44:03.0487 4148  avckf - ok
15:44:03.0518 4148  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
15:44:03.0565 4148  AxInstSV - ok
15:44:03.0596 4148  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\windows\system32\DRIVERS\bxvbda.sys
15:44:03.0627 4148  b06bdrv - ok
15:44:03.0643 4148  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
15:44:03.0674 4148  b57nd60a - ok
15:44:03.0752 4148  [ B649EB2E95543CF1FE2FF48E9D534C69 ] BdDesktopParental C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe
15:44:03.0752 4148  BdDesktopParental - ok
15:44:03.0783 4148  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
15:44:03.0815 4148  BDESVC - ok
15:44:03.0908 4148  [ 9920B815BC3B3F2D69071842DD18D422 ] BdfNdisf        c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
15:44:03.0924 4148  BdfNdisf - ok
15:44:03.0955 4148  [ 4CE4B0098FC315C237FA8867F07886C4 ] bdfwfpf        C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
15:44:03.0971 4148  bdfwfpf - ok
15:44:03.0986 4148  [ E311541A584A29C0D91DD73730B1DCBE ] BDSandBox      C:\windows\system32\drivers\bdsandbox.sys
15:44:04.0002 4148  BDSandBox - ok
15:44:04.0033 4148  [ 50F796CB1E8C80F3D19435CB50C3DAB5 ] BDVEDISK        C:\windows\system32\DRIVERS\bdvedisk.sys
15:44:04.0049 4148  BDVEDISK - ok
15:44:04.0064 4148  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
15:44:04.0127 4148  Beep - ok
15:44:04.0173 4148  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\windows\System32\bfe.dll
15:44:04.0205 4148  BFE - ok
15:44:04.0236 4148  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
15:44:04.0298 4148  BITS - ok
15:44:04.0345 4148  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
15:44:04.0376 4148  blbdrive - ok
15:44:04.0407 4148  [ 8B1E76B5F86DF4396D77AB09787F6D37 ] BMLoad          C:\windows\system32\drivers\BMLoad.sys
15:44:04.0439 4148  BMLoad ( UnsignedFile.Multi.Generic ) - warning
15:44:04.0439 4148  BMLoad - detected UnsignedFile.Multi.Generic (1)
15:44:04.0485 4148  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:44:04.0501 4148  Bonjour Service - ok
15:44:04.0548 4148  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
15:44:04.0548 4148  bowser - ok
15:44:04.0595 4148  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
15:44:04.0626 4148  BrFiltLo - ok
15:44:04.0641 4148  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
15:44:04.0657 4148  BrFiltUp - ok
15:44:04.0704 4148  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\windows\System32\browser.dll
15:44:04.0735 4148  Browser - ok
15:44:04.0751 4148  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\windows\System32\Drivers\Brserid.sys
15:44:04.0797 4148  Brserid - ok
15:44:04.0813 4148  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
15:44:04.0860 4148  BrSerWdm - ok
15:44:04.0875 4148  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
15:44:04.0907 4148  BrUsbMdm - ok
15:44:04.0938 4148  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
15:44:04.0953 4148  BrUsbSer - ok
15:44:04.0969 4148  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum        C:\windows\system32\drivers\BthEnum.sys
15:44:05.0016 4148  BthEnum - ok
15:44:05.0031 4148  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
15:44:05.0047 4148  BTHMODEM - ok
15:44:05.0094 4148  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
15:44:05.0109 4148  BthPan - ok
15:44:05.0141 4148  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT        C:\windows\System32\Drivers\BTHport.sys
15:44:05.0187 4148  BTHPORT - ok
15:44:05.0219 4148  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\windows\system32\bthserv.dll
15:44:05.0265 4148  bthserv - ok
15:44:05.0297 4148  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
15:44:05.0328 4148  BTHUSB - ok
15:44:05.0343 4148  [ 4BDBDB86ABBA924E029FB2683BE7C505 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
15:44:05.0359 4148  btwaudio - ok
15:44:05.0390 4148  [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt        C:\windows\system32\DRIVERS\btwavdt.sys
15:44:05.0406 4148  btwavdt - ok
15:44:05.0437 4148  [ 31DA517946FFE416442E864592548F8A ] btwdins        C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:44:05.0468 4148  btwdins - ok
15:44:05.0484 4148  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
15:44:05.0484 4148  btwl2cap - ok
15:44:05.0499 4148  [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
15:44:05.0515 4148  btwrchid - ok
15:44:05.0531 4148  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
15:44:05.0577 4148  cdfs - ok
15:44:05.0624 4148  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\windows\system32\DRIVERS\cdrom.sys
15:44:05.0655 4148  cdrom - ok
15:44:05.0702 4148  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\windows\System32\certprop.dll
15:44:05.0749 4148  CertPropSvc - ok
15:44:05.0780 4148  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\DRIVERS\circlass.sys
15:44:05.0827 4148  circlass - ok
15:44:05.0858 4148  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
15:44:05.0874 4148  CLFS - ok
15:44:05.0936 4148  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:44:05.0952 4148  clr_optimization_v2.0.50727_32 - ok
15:44:05.0983 4148  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:44:05.0999 4148  clr_optimization_v2.0.50727_64 - ok
15:44:06.0045 4148  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:44:06.0061 4148  clr_optimization_v4.0.30319_32 - ok
15:44:06.0092 4148  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:44:06.0092 4148  clr_optimization_v4.0.30319_64 - ok
15:44:06.0123 4148  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
15:44:06.0155 4148  CmBatt - ok
15:44:06.0170 4148  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
15:44:06.0186 4148  cmdide - ok
15:44:06.0233 4148  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG            C:\windows\system32\Drivers\cng.sys
15:44:06.0264 4148  CNG - ok
15:44:06.0326 4148  [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx      C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
15:44:06.0342 4148  Com4QLBEx - ok
15:44:06.0342 4148  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
15:44:06.0357 4148  Compbatt - ok
15:44:06.0373 4148  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
15:44:06.0389 4148  CompositeBus - ok
15:44:06.0389 4148  COMSysApp - ok
15:44:06.0420 4148  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\windows\system32\DRIVERS\crcdisk.sys
15:44:06.0435 4148  crcdisk - ok
15:44:06.0467 4148  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
15:44:06.0498 4148  CryptSvc - ok
15:44:06.0545 4148  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC            C:\windows\system32\drivers\csc.sys
15:44:06.0576 4148  CSC - ok
15:44:06.0623 4148  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\windows\System32\cscsvc.dll
15:44:06.0638 4148  CscService - ok
15:44:06.0654 4148  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
15:44:06.0701 4148  DcomLaunch - ok
15:44:06.0779 4148  [ E6E9610D76418357A7EC725989687CB4 ] DEBridge        C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
15:44:06.0810 4148  DEBridge ( UnsignedFile.Multi.Generic ) - warning
15:44:06.0810 4148  DEBridge - detected UnsignedFile.Multi.Generic (1)
15:44:06.0841 4148  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\windows\System32\defragsvc.dll
15:44:06.0872 4148  defragsvc - ok
15:44:06.0919 4148  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
15:44:06.0966 4148  DfsC - ok
15:44:07.0013 4148  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
15:44:07.0044 4148  Dhcp - ok
15:44:07.0075 4148  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
15:44:07.0106 4148  discache - ok
15:44:07.0137 4148  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\DRIVERS\disk.sys
15:44:07.0137 4148  Disk - ok
15:44:07.0231 4148  [ 6955872BED7981571D4BCBE31CA4E3F8 ] dleeCATSCustConnectService C:\windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe
15:44:07.0231 4148  dleeCATSCustConnectService - ok
15:44:07.0231 4148  dlee_device - ok
15:44:07.0278 4148  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
15:44:07.0309 4148  Dnscache - ok
15:44:07.0356 4148  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\windows\System32\dot3svc.dll
15:44:07.0403 4148  dot3svc - ok
15:44:07.0465 4148  [ EF8004B4A9552C77FD0E99AB08841D13 ] DpHost          c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
15:44:07.0481 4148  DpHost - ok
15:44:07.0496 4148  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\windows\system32\dps.dll
15:44:07.0559 4148  DPS - ok
15:44:07.0590 4148  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\windows\system32\drivers\drmkaud.sys
15:44:07.0621 4148  drmkaud - ok
15:44:07.0668 4148  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\windows\System32\drivers\dxgkrnl.sys
15:44:07.0683 4148  DXGKrnl - ok
15:44:07.0746 4148  [ 324FCD2DD8A4229DDEF3CC954FF12FA5 ] e1kexpress      C:\windows\system32\DRIVERS\e1k62x64.sys
15:44:07.0761 4148  e1kexpress - ok
15:44:07.0777 4148  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\windows\System32\eapsvc.dll
15:44:07.0839 4148  EapHost - ok
15:44:07.0902 4148  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\windows\system32\DRIVERS\evbda.sys
15:44:07.0980 4148  ebdrv - ok
15:44:08.0011 4148  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\windows\System32\lsass.exe
15:44:08.0042 4148  EFS - ok
15:44:08.0089 4148  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\windows\ehome\ehRecvr.exe
15:44:08.0136 4148  ehRecvr - ok
15:44:08.0167 4148  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\windows\ehome\ehsched.exe
15:44:08.0198 4148  ehSched - ok
15:44:08.0229 4148  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\windows\system32\DRIVERS\elxstor.sys
15:44:08.0245 4148  elxstor - ok
15:44:08.0261 4148  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
15:44:08.0307 4148  ErrDev - ok
15:44:08.0354 4148  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\windows\system32\es.dll
15:44:08.0401 4148  EventSystem - ok
15:44:08.0448 4148  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\windows\system32\drivers\exfat.sys
15:44:08.0479 4148  exfat - ok
15:44:08.0495 4148  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\windows\system32\drivers\fastfat.sys
15:44:08.0541 4148  fastfat - ok
15:44:08.0588 4148  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\windows\system32\fxssvc.exe
15:44:08.0635 4148  Fax - ok
15:44:08.0666 4148  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\windows\system32\DRIVERS\fdc.sys
15:44:08.0682 4148  fdc - ok
15:44:08.0713 4148  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\windows\system32\fdPHost.dll
15:44:08.0760 4148  fdPHost - ok
15:44:08.0775 4148  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
15:44:08.0822 4148  FDResPub - ok
15:44:08.0853 4148  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
15:44:08.0869 4148  FileInfo - ok
15:44:08.0885 4148  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\windows\system32\drivers\filetrace.sys
15:44:08.0931 4148  Filetrace - ok
15:44:08.0963 4148  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
15:44:08.0994 4148  flpydisk - ok
15:44:09.0041 4148  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
15:44:09.0041 4148  FltMgr - ok
15:44:09.0103 4148  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\windows\system32\FntCache.dll
15:44:09.0150 4148  FontCache - ok
15:44:09.0228 4148  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:44:09.0243 4148  FontCache3.0.0.0 - ok
15:44:09.0259 4148  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\windows\system32\drivers\FsDepends.sys
15:44:09.0275 4148  FsDepends - ok
15:44:09.0306 4148  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
15:44:09.0321 4148  Fs_Rec - ok
15:44:09.0368 4148  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
15:44:09.0384 4148  fvevol - ok
15:44:09.0399 4148  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
15:44:09.0415 4148  gagp30kx - ok
15:44:09.0462 4148  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM    C:\windows\system32\DRIVERS\GEARAspiWDM.sys
15:44:09.0462 4148  GEARAspiWDM - ok
15:44:09.0524 4148  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\windows\System32\gpsvc.dll
15:44:09.0587 4148  gpsvc - ok
15:44:09.0633 4148  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:44:09.0649 4148  gupdate - ok
15:44:09.0649 4148  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:44:09.0665 4148  gupdatem - ok
15:44:09.0680 4148  [ BF2763FEA9704B1D9AA2C7719423251A ] gzflt          C:\windows\system32\DRIVERS\gzflt.sys
15:44:09.0696 4148  gzflt - ok
15:44:09.0711 4148  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
15:44:09.0743 4148  hcw85cir - ok
15:44:09.0774 4148  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
15:44:09.0805 4148  HdAudAddService - ok
15:44:09.0821 4148  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
15:44:09.0836 4148  HDAudBus - ok
15:44:09.0867 4148  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64        C:\windows\system32\DRIVERS\HECIx64.sys
15:44:09.0883 4148  HECIx64 - ok
15:44:09.0899 4148  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\windows\system32\DRIVERS\HidBatt.sys
15:44:09.0930 4148  HidBatt - ok
15:44:09.0961 4148  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
15:44:09.0992 4148  HidBth - ok
15:44:10.0039 4148  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\windows\system32\DRIVERS\hidir.sys
15:44:10.0039 4148  HidIr - ok
15:44:10.0055 4148  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\windows\system32\hidserv.dll
15:44:10.0101 4148  hidserv - ok
15:44:10.0117 4148  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
15:44:10.0133 4148  HidUsb - ok
15:44:10.0179 4148  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
15:44:10.0226 4148  hkmsvc - ok
15:44:10.0273 4148  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
15:44:10.0289 4148  HomeGroupListener - ok
15:44:10.0335 4148  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
15:44:10.0398 4148  HomeGroupProvider - ok
15:44:10.0460 4148  [ 44AD1D87919994161131D5FB16C5B551 ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
15:44:10.0460 4148  HP Power Assistant Service - ok
15:44:10.0491 4148  [ AE2A8C80205F06BE5EDC63BE0AE9A756 ] HP ProtectTools Service c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
15:44:10.0523 4148  HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - warning
15:44:10.0523 4148  HP ProtectTools Service - detected UnsignedFile.Multi.Generic (1)
15:44:10.0601 4148  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
15:44:10.0601 4148  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
15:44:10.0601 4148  HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
15:44:10.0647 4148  [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
15:44:10.0663 4148  HP Wireless Assistant Service - ok
15:44:10.0725 4148  [ A4A0E006A1826EA2629E59DE2008BB9D ] HPDayStarterService c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
15:44:10.0757 4148  HPDayStarterService ( UnsignedFile.Multi.Generic ) - warning
15:44:10.0757 4148  HPDayStarterService - detected UnsignedFile.Multi.Generic (1)
15:44:10.0788 4148  [ B7382BEC806B7B00FC84B3E2061FF48E ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:44:10.0803 4148  HPDrvMntSvc.exe - ok
15:44:10.0850 4148  [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt        C:\windows\system32\DRIVERS\hpdskflt.sys
15:44:10.0850 4148  hpdskflt - ok
15:44:10.0881 4148  [ 5AFB3F9B74553BD933555E1C800D2CE1 ] HpFkCryptService C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
15:44:10.0897 4148  HpFkCryptService - ok
15:44:10.0913 4148  [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr      C:\windows\system32\DRIVERS\HpqKbFiltr.sys
15:44:10.0944 4148  HpqKbFiltr - ok
15:44:10.0991 4148  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
15:44:11.0022 4148  hpqwmiex - ok
15:44:11.0037 4148  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
15:44:11.0053 4148  HpSAMD - ok
15:44:11.0100 4148  [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv          C:\windows\system32\Hpservice.exe
15:44:11.0100 4148  hpsrv - ok
15:44:11.0162 4148  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
15:44:11.0225 4148  HTTP - ok
15:44:11.0256 4148  [ 2342E7FECCA0D4E31BEA5FF6A4E20885 ] huawei_enumerator C:\windows\system32\DRIVERS\ew_jubusenum.sys
15:44:11.0287 4148  huawei_enumerator - ok
15:44:11.0318 4148  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
15:44:11.0334 4148  hwpolicy - ok
15:44:11.0349 4148  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
15:44:11.0349 4148  i8042prt - ok
15:44:11.0427 4148  [ 593EF9F904C8497F6D794DC6FCC59DCA ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:44:11.0443 4148  IAANTMON - ok
15:44:11.0459 4148  [ C50107C730C9A955F6FD7376733F2D68 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
15:44:11.0474 4148  iaStor - ok
15:44:11.0505 4148  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\windows\system32\drivers\iaStorV.sys
15:44:11.0521 4148  iaStorV - ok
15:44:11.0583 4148  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:44:11.0599 4148  idsvc - ok
15:44:11.0615 4148  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\windows\system32\DRIVERS\iirsp.sys
15:44:11.0630 4148  iirsp - ok
15:44:11.0677 4148  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
15:44:11.0739 4148  IKEEXT - ok
15:44:11.0771 4148  [ 36FDF367A1DABFF903E2214023D71368 ] Impcd          C:\windows\system32\DRIVERS\Impcd.sys
15:44:11.0802 4148  Impcd - ok
15:44:11.0833 4148  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
15:44:11.0833 4148  intelide - ok
15:44:11.0864 4148  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
15:44:11.0895 4148  intelppm - ok
15:44:11.0927 4148  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\windows\system32\ipbusenum.dll
15:44:11.0973 4148  IPBusEnum - ok
15:44:12.0036 4148  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
15:44:12.0083 4148  IpFilterDriver - ok
15:44:12.0114 4148  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
15:44:12.0161 4148  iphlpsvc - ok
15:44:12.0192 4148  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\windows\system32\drivers\IPMIDrv.sys
15:44:12.0192 4148  IPMIDRV - ok
15:44:12.0223 4148  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\windows\system32\drivers\ipnat.sys
15:44:12.0270 4148  IPNAT - ok
15:44:12.0317 4148  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:44:12.0332 4148  iPod Service - ok
15:44:12.0348 4148  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
15:44:12.0363 4148  IRENUM - ok
15:44:12.0379 4148  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
15:44:12.0395 4148  isapnp - ok
15:44:12.0410 4148  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
15:44:12.0426 4148  iScsiPrt - ok
15:44:12.0441 4148  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
15:44:12.0457 4148  kbdclass - ok
15:44:12.0473 4148  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
15:44:12.0504 4148  kbdhid - ok
15:44:12.0535 4148  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
15:44:12.0551 4148  KeyIso - ok
15:44:12.0582 4148  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
15:44:12.0597 4148  KSecDD - ok
15:44:12.0644 4148  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg        C:\windows\system32\Drivers\ksecpkg.sys
15:44:12.0660 4148  KSecPkg - ok
15:44:12.0675 4148  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\windows\system32\drivers\ksthunk.sys
15:44:12.0722 4148  ksthunk - ok
15:44:12.0769 4148  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\windows\system32\msdtckrm.dll
15:44:12.0816 4148  KtmRm - ok
15:44:12.0863 4148  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
15:44:12.0894 4148  LanmanServer - ok
15:44:12.0941 4148  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
15:44:12.0987 4148  LanmanWorkstation - ok
15:44:13.0019 4148  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
15:44:13.0065 4148  lltdio - ok
15:44:13.0112 4148  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\windows\System32\lltdsvc.dll
15:44:13.0159 4148  lltdsvc - ok
15:44:13.0175 4148  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\windows\System32\lmhsvc.dll
15:44:13.0221 4148  lmhosts - ok
15:44:13.0284 4148  [ 17A9C5FFA241AAAB275EE5CACEF77686 ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:44:13.0299 4148  LMS - ok
15:44:13.0331 4148  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
15:44:13.0346 4148  LSI_FC - ok
15:44:13.0362 4148  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\windows\system32\DRIVERS\lsi_sas.sys
15:44:13.0377 4148  LSI_SAS - ok
15:44:13.0393 4148  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
15:44:13.0393 4148  LSI_SAS2 - ok
15:44:13.0409 4148  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
15:44:13.0424 4148  LSI_SCSI - ok
15:44:13.0455 4148  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\windows\system32\drivers\luafv.sys
15:44:13.0487 4148  luafv - ok
15:44:13.0533 4148  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector  C:\windows\system32\drivers\mbam.sys
15:44:13.0533 4148  MBAMProtector - ok
15:44:13.0611 4148  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:44:13.0627 4148  MBAMScheduler - ok
15:44:13.0674 4148  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:44:13.0689 4148  MBAMService - ok
15:44:13.0721 4148  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\windows\system32\Mcx2Svc.dll
15:44:13.0752 4148  Mcx2Svc - ok
15:44:13.0783 4148  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\windows\system32\DRIVERS\megasas.sys
15:44:13.0783 4148  megasas - ok
15:44:13.0814 4148  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
15:44:13.0830 4148  MegaSR - ok
15:44:13.0861 4148  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\windows\system32\mmcss.dll
15:44:13.0908 4148  MMCSS - ok
15:44:13.0939 4148  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\windows\system32\drivers\modem.sys
15:44:13.0986 4148  Modem - ok
15:44:14.0017 4148  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\windows\system32\DRIVERS\monitor.sys
15:44:14.0033 4148  monitor - ok
15:44:14.0064 4148  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
15:44:14.0079 4148  mouclass - ok
15:44:14.0079 4148  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
15:44:14.0111 4148  mouhid - ok
15:44:14.0157 4148  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
15:44:14.0157 4148  mountmgr - ok
15:44:14.0204 4148  [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:44:14.0220 4148  MozillaMaintenance - ok
15:44:14.0251 4148  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
15:44:14.0251 4148  mpio - ok
15:44:14.0282 4148  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
15:44:14.0313 4148  mpsdrv - ok
15:44:14.0376 4148  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
15:44:14.0438 4148  MpsSvc - ok
15:44:14.0485 4148  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
15:44:14.0516 4148  MRxDAV - ok
15:44:14.0563 4148  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
15:44:14.0579 4148  mrxsmb - ok
15:44:14.0625 4148  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
15:44:14.0657 4148  mrxsmb10 - ok
15:44:14.0672 4148  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
15:44:14.0703 4148  mrxsmb20 - ok
15:44:14.0719 4148  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
15:44:14.0735 4148  msahci - ok
15:44:14.0750 4148  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\windows\system32\drivers\msdsm.sys
15:44:14.0766 4148  msdsm - ok
15:44:14.0781 4148  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\windows\System32\msdtc.exe
15:44:14.0813 4148  MSDTC - ok
15:44:14.0859 4148  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
15:44:14.0906 4148  Msfs - ok
15:44:14.0937 4148  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\windows\System32\drivers\mshidkmdf.sys
15:44:15.0000 4148  mshidkmdf - ok
15:44:15.0015 4148  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
15:44:15.0031 4148  msisadrv - ok
15:44:15.0047 4148  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\windows\system32\iscsiexe.dll
15:44:15.0093 4148  MSiSCSI - ok
15:44:15.0093 4148  msiserver - ok
15:44:15.0109 4148  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\windows\system32\drivers\MSKSSRV.sys
15:44:15.0156 4148  MSKSSRV - ok
15:44:15.0171 4148  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
15:44:15.0218 4148  MSPCLOCK - ok
15:44:15.0234 4148  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\windows\system32\drivers\MSPQM.sys
15:44:15.0281 4148  MSPQM - ok
15:44:15.0327 4148  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\windows\system32\drivers\MsRPC.sys
15:44:15.0343 4148  MsRPC - ok
15:44:15.0359 4148  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
15:44:15.0359 4148  mssmbios - ok
15:44:15.0390 4148  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\windows\system32\drivers\MSTEE.sys
15:44:15.0437 4148  MSTEE - ok
15:44:15.0468 4148  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
15:44:15.0499 4148  MTConfig - ok
15:44:15.0530 4148  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\windows\system32\Drivers\mup.sys
15:44:15.0546 4148  Mup - ok
15:44:15.0561 4148  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
15:44:15.0593 4148  napagent - ok
15:44:15.0608 4148  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\windows\system32\DRIVERS\nwifi.sys
15:44:15.0655 4148  NativeWifiP - ok
15:44:15.0686 4148  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
15:44:15.0717 4148  NDIS - ok
15:44:15.0749 4148  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\windows\system32\DRIVERS\ndiscap.sys
15:44:15.0795 4148  NdisCap - ok
15:44:15.0827 4148  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
15:44:15.0873 4148  NdisTapi - ok
15:44:15.0920 4148  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\windows\system32\DRIVERS\ndisuio.sys
15:44:15.0967 4148  Ndisuio - ok
15:44:15.0998 4148  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\windows\system32\DRIVERS\ndiswan.sys
15:44:16.0045 4148  NdisWan - ok
15:44:16.0076 4148  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\windows\system32\drivers\NDProxy.sys
15:44:16.0123 4148  NDProxy - ok
15:44:16.0154 4148  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\windows\system32\DRIVERS\netbios.sys
15:44:16.0185 4148  NetBIOS - ok
15:44:16.0232 4148  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\windows\system32\DRIVERS\netbt.sys
15:44:16.0279 4148  NetBT - ok
15:44:16.0295 4148  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
15:44:16.0310 4148  Netlogon - ok
15:44:16.0326 4148  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
15:44:16.0388 4148  Netman - ok
15:44:16.0419 4148  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:16.0435 4148  NetMsmqActivator - ok
15:44:16.0435 4148  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:16.0451 4148  NetPipeActivator - ok
15:44:16.0466 4148  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
15:44:16.0529 4148  netprofm - ok
15:44:16.0575 4148  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:16.0575 4148  NetTcpActivator - ok
15:44:16.0591 4148  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:16.0591 4148  NetTcpPortSharing - ok
15:44:16.0731 4148  [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64        C:\windows\system32\DRIVERS\NETw5s64.sys
15:44:16.0856 4148  NETw5s64 - ok
15:44:16.0903 4148  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\windows\system32\DRIVERS\nfrd960.sys
15:44:16.0903 4148  nfrd960 - ok
15:44:16.0965 4148  [ D8ADFBEB3F7F4AE4C32E7EEDE4E59E15 ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
15:44:16.0981 4148  NitroReaderDriverReadSpool2 - ok
15:44:17.0043 4148  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
15:44:17.0075 4148  NlaSvc - ok
15:44:17.0106 4148  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
15:44:17.0137 4148  Npfs - ok
15:44:17.0153 4148  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\windows\system32\nsisvc.dll
15:44:17.0215 4148  nsi - ok
15:44:17.0231 4148  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
15:44:17.0277 4148  nsiproxy - ok
15:44:17.0340 4148  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
15:44:17.0371 4148  Ntfs - ok
15:44:17.0387 4148  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
15:44:17.0418 4148  Null - ok
15:44:17.0433 4148  [ 785298579B5F9B4032152DFBB992FDB6 ] nusb3hub        C:\windows\system32\DRIVERS\nusb3hub.sys
15:44:17.0465 4148  nusb3hub - ok
15:44:17.0496 4148  [ DF2750481B4964814467C974F2B0EEF1 ] nusb3xhc        C:\windows\system32\DRIVERS\nusb3xhc.sys
15:44:17.0511 4148  nusb3xhc - ok
15:44:17.0543 4148  [ CDDD4478757288DF4BB1494BFD084259 ] NVHDA          C:\windows\system32\drivers\nvhda64v.sys
15:44:17.0543 4148  NVHDA - ok
15:44:17.0761 4148  [ CA10F931C7C91A111E6D27762400AAD8 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
15:44:18.0057 4148  nvlddmkm - ok
15:44:18.0089 4148  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
15:44:18.0104 4148  nvraid - ok
15:44:18.0120 4148  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
15:44:18.0135 4148  nvstor - ok
15:44:18.0151 4148  [ 19883C9E84AAE9C9F0591B683D46CD9F ] nvsvc          C:\windows\system32\nvvsvc.exe
15:44:18.0167 4148  nvsvc - ok
15:44:18.0182 4148  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
15:44:18.0198 4148  nv_agp - ok
15:44:18.0229 4148  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
15:44:18.0245 4148  ohci1394 - ok
15:44:18.0276 4148  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:44:18.0291 4148  ose - ok
15:44:18.0447 4148  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:44:18.0541 4148  osppsvc - ok
15:44:18.0588 4148  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
15:44:18.0619 4148  p2pimsvc - ok
15:44:18.0650 4148  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
15:44:18.0697 4148  p2psvc - ok
15:44:18.0728 4148  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\windows\system32\DRIVERS\parport.sys
15:44:18.0744 4148  Parport - ok
15:44:18.0791 4148  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\windows\system32\drivers\partmgr.sys
15:44:18.0791 4148  partmgr - ok
15:44:18.0806 4148  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
15:44:18.0837 4148  PcaSvc - ok
15:44:18.0884 4148  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\windows\system32\drivers\pci.sys
15:44:18.0884 4148  pci - ok
15:44:18.0900 4148  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
15:44:18.0915 4148  pciide - ok
15:44:18.0931 4148  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
15:44:18.0947 4148  pcmcia - ok
15:44:18.0978 4148  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\windows\system32\drivers\pcw.sys
15:44:18.0978 4148  pcw - ok
15:44:19.0040 4148  [ BAF3216DDAA12E66EBBB31760E02BC14 ] PdiService      C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
15:44:19.0056 4148  PdiService - ok
15:44:19.0071 4148  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
15:44:19.0134 4148  PEAUTH - ok
15:44:19.0181 4148  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc    C:\windows\system32\peerdistsvc.dll
15:44:19.0227 4148  PeerDistSvc - ok
15:44:19.0305 4148  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
15:44:19.0321 4148  PerfHost - ok
15:44:19.0383 4148  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\windows\system32\pla.dll
15:44:19.0446 4148  pla - ok
15:44:19.0493 4148  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
15:44:19.0524 4148  PlugPlay - ok
15:44:19.0571 4148  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\windows\system32\pnrpauto.dll
15:44:19.0602 4148  PNRPAutoReg - ok
15:44:19.0617 4148  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\windows\system32\pnrpsvc.dll
15:44:19.0633 4148  PNRPsvc - ok
15:44:19.0680 4148  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\windows\System32\ipsecsvc.dll
15:44:19.0742 4148  PolicyAgent - ok
15:44:19.0789 4148  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\windows\system32\umpo.dll
15:44:19.0836 4148  Power - ok
15:44:19.0883 4148  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
15:44:19.0914 4148  PptpMiniport - ok
15:44:19.0945 4148  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\windows\system32\DRIVERS\processr.sys
15:44:19.0976 4148  Processor - ok
15:44:20.0007 4148  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\windows\system32\profsvc.dll
15:44:20.0039 4148  ProfSvc - ok
15:44:20.0054 4148  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
15:44:20.0070 4148  ProtectedStorage - ok
15:44:20.0101 4148  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
15:44:20.0132 4148  Psched - ok
15:44:20.0179 4148  [ 901DBA98359966A62A6548596988E931 ] PxHlpa64        C:\windows\system32\Drivers\PxHlpa64.sys
15:44:20.0195 4148  PxHlpa64 - ok
15:44:20.0241 4148  [ 052031A92809B438683FDCF5B574234D ] qcfilterhp2k    C:\windows\system32\DRIVERS\qcfilterhp2k.sys
15:44:20.0241 4148  qcfilterhp2k - ok
15:44:20.0257 4148  [ 9D8D8077A1B849AFEC221FDD33E9DADD ] qcombushp      C:\windows\system32\DRIVERS\qcombushp.sys
15:44:20.0273 4148  qcombushp - ok
15:44:20.0304 4148  [ B7FB4EAE56062A732EC962BF980512FA ] qcusbnethp2k    C:\windows\system32\DRIVERS\qcusbnethp2k.sys
15:44:20.0335 4148  qcusbnethp2k - ok
15:44:20.0351 4148  [ 4AD8CB1E096872EE7A7F6FBEAC91B54A ] qcusbserhp2k    C:\windows\system32\DRIVERS\qcusbserhp2k.sys
15:44:20.0382 4148  qcusbserhp2k - ok
15:44:20.0444 4148  [ 6E780837D7A737E3AB258465158ECAFB ] QDLService2kHP  C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe
15:44:20.0475 4148  QDLService2kHP - ok
15:44:20.0522 4148  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
15:44:20.0553 4148  ql2300 - ok
15:44:20.0569 4148  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
15:44:20.0585 4148  ql40xx - ok
15:44:20.0616 4148  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\windows\system32\qwave.dll
15:44:20.0631 4148  QWAVE - ok
15:44:20.0647 4148  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
15:44:20.0678 4148  QWAVEdrv - ok
15:44:20.0694 4148  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
15:44:20.0725 4148  RasAcd - ok
15:44:20.0756 4148  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\windows\system32\DRIVERS\AgileVpn.sys
15:44:20.0787 4148  RasAgileVpn - ok
15:44:20.0803 4148  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\windows\System32\rasauto.dll
15:44:20.0850 4148  RasAuto - ok
15:44:20.0881 4148  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\windows\system32\DRIVERS\rasl2tp.sys
15:44:20.0912 4148  Rasl2tp - ok
15:44:20.0959 4148  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
15:44:21.0006 4148  RasMan - ok
15:44:21.0021 4148  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
15:44:21.0068 4148  RasPppoe - ok
15:44:21.0115 4148  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\windows\system32\DRIVERS\rassstp.sys
15:44:21.0162 4148  RasSstp - ok
15:44:21.0193 4148  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\windows\system32\DRIVERS\rdbss.sys
15:44:21.0224 4148  rdbss - ok
15:44:21.0240 4148  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
15:44:21.0255 4148  rdpbus - ok
15:44:21.0287 4148  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
15:44:21.0318 4148  RDPCDD - ok
15:44:21.0365 4148  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR          C:\windows\system32\drivers\rdpdr.sys
15:44:21.0380 4148  RDPDR - ok
15:44:21.0396 4148  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
15:44:21.0443 4148  RDPENCDD - ok
15:44:21.0474 4148  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
15:44:21.0521 4148  RDPREFMP - ok
15:44:21.0567 4148  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
15:44:21.0599 4148  RdpVideoMiniport - ok
15:44:21.0630 4148  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\windows\system32\drivers\RDPWD.sys
15:44:21.0661 4148  RDPWD - ok
15:44:21.0692 4148  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
15:44:21.0708 4148  rdyboost - ok
15:44:21.0739 4148  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
15:44:21.0786 4148  RemoteAccess - ok
15:44:21.0833 4148  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
15:44:21.0864 4148  RemoteRegistry - ok
15:44:21.0879 4148  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
15:44:21.0926 4148  RFCOMM - ok
15:44:21.0942 4148  [ 6FAF5B04BEDC66D300D9D233B2D222F0 ] rimmptsk        C:\windows\system32\DRIVERS\rimmpx64.sys
15:44:21.0973 4148  rimmptsk - ok
15:44:22.0020 4148  [ 3DCA561AAF776AA2E356FB5B142AA5F8 ] rimspci        C:\windows\system32\DRIVERS\rimspe64.sys
15:44:22.0035 4148  rimspci - ok
15:44:22.0051 4148  [ 67F50C31713106FD1B0F286F86AA2B2E ] rimsptsk        C:\windows\system32\DRIVERS\rimspx64.sys
15:44:22.0051 4148  rimsptsk - ok
15:44:22.0067 4148  [ C4581F04AA130892555B821F1FBAA151 ] risdpcie        C:\windows\system32\DRIVERS\risdpe64.sys
15:44:22.0082 4148  risdpcie - ok
15:44:22.0129 4148  [ D018844DC53D8428410A2FEEEEE9373E ] rismcx64        C:\windows\system32\DRIVERS\rismcx64.sys
15:44:22.0129 4148  rismcx64 - ok
15:44:22.0145 4148  [ 4D7EF3D46346EC4C58784DB964B365DE ] rismxdp        C:\windows\system32\DRIVERS\rixdpx64.sys
15:44:22.0160 4148  rismxdp - ok
15:44:22.0160 4148  [ BE42F817597D3049960A54CE280C2493 ] rixdpcie        C:\windows\system32\DRIVERS\rixdpe64.sys
15:44:22.0176 4148  rixdpcie - ok
15:44:22.0191 4148  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
15:44:22.0254 4148  RpcEptMapper - ok
15:44:22.0285 4148  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
15:44:22.0285 4148  RpcLocator - ok
15:44:22.0347 4148  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\windows\system32\rpcss.dll
15:44:22.0379 4148  RpcSs - ok
15:44:22.0410 4148  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
15:44:22.0457 4148  rspndr - ok
15:44:22.0488 4148  [ 26E0D15FB1835F7ED638F157CCD2E04D ] RsvLock        C:\windows\system32\drivers\RsvLock.sys
15:44:22.0503 4148  RsvLock - ok
15:44:22.0519 4148  [ E60C0A09F997826C7627B244195AB581 ] s3cap          C:\windows\system32\drivers\vms3cap.sys
15:44:22.0550 4148  s3cap - ok
15:44:22.0581 4148  [ 6EF8E5E3A079C97C70915CF740E89977 ] SafeBoot        C:\windows\system32\drivers\SafeBoot.sys
15:44:22.0581 4148  Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 6EF8E5E3A079C97C70915CF740E89977
15:44:22.0581 4148  SafeBoot ( LockedFile.Multi.Generic ) - warning
15:44:22.0581 4148  SafeBoot - detected LockedFile.Multi.Generic (1)
15:44:22.0659 4148  [ 6A28F5BB0F3CD035D12D8C105EA6ED3E ] SafeBox        C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
15:44:22.0675 4148  SafeBox - ok
15:44:22.0675 4148  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\windows\system32\lsass.exe
15:44:22.0691 4148  SamSs - ok
15:44:22.0706 4148  [ FD8714A36C4646DE22DDC7E36F6D09EF ] SbAlg          C:\windows\system32\drivers\SbAlg.sys
15:44:22.0706 4148  SbAlg - ok
15:44:22.0737 4148  [ 43027F1996F3AC6BD54B8A871996B7B3 ] SbFsLock        C:\windows\system32\drivers\SbFsLock.sys
15:44:22.0737 4148  SbFsLock - ok
15:44:22.0753 4148  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
15:44:22.0769 4148  sbp2port - ok
15:44:22.0784 4148  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
15:44:22.0847 4148  SCardSvr - ok
15:44:22.0878 4148  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
15:44:22.0925 4148  scfilter - ok
15:44:22.0971 4148  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
15:44:23.0034 4148  Schedule - ok
15:44:23.0065 4148  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\windows\System32\certprop.dll
15:44:23.0096 4148  SCPolicySvc - ok
15:44:23.0112 4148  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus          C:\windows\system32\drivers\sdbus.sys
15:44:23.0143 4148  sdbus - ok
15:44:23.0174 4148  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
15:44:23.0205 4148  SDRSVC - ok
15:44:23.0330 4148  [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
15:44:23.0346 4148  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
15:44:23.0346 4148  SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
15:44:23.0377 4148  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
15:44:23.0439 4148  secdrv - ok
15:44:23.0471 4148  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
15:44:23.0517 4148  seclogon - ok
15:44:23.0549 4148  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
15:44:23.0580 4148  SENS - ok
15:44:23.0611 4148  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
15:44:23.0642 4148  SensrSvc - ok
15:44:23.0658 4148  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\windows\system32\DRIVERS\serenum.sys
15:44:23.0689 4148  Serenum - ok
15:44:23.0705 4148  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\DRIVERS\serial.sys
15:44:23.0705 4148  Serial - ok
15:44:23.0751 4148  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
15:44:23.0751 4148  sermouse - ok
15:44:23.0814 4148  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
15:44:23.0861 4148  SessionEnv - ok
15:44:23.0892 4148  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\windows\system32\drivers\sffdisk.sys
15:44:23.0907 4148  sffdisk - ok
15:44:23.0923 4148  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
15:44:23.0923 4148  sffp_mmc - ok
15:44:23.0939 4148  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\windows\system32\drivers\sffp_sd.sys
15:44:23.0985 4148  sffp_sd - ok
15:44:24.0001 4148  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\windows\system32\DRIVERS\sfloppy.sys
15:44:24.0017 4148  sfloppy - ok
15:44:24.0048 4148  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
15:44:24.0095 4148  SharedAccess - ok
15:44:24.0141 4148  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:44:24.0188 4148  ShellHWDetection - ok
15:44:24.0219 4148  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
15:44:24.0235 4148  SiSRaid2 - ok
15:44:24.0251 4148  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
15:44:24.0251 4148  SiSRaid4 - ok
15:44:24.0313 4148  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
15:44:24.0313 4148  SkypeUpdate - ok
15:44:24.0344 4148  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\windows\system32\DRIVERS\smb.sys
15:44:24.0407 4148  Smb - ok
15:44:24.0469 4148  [ 735F96DF0B7ECC04E947E78B2D5CFC07 ] SMManager      C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe
15:44:24.0485 4148  SMManager - ok
15:44:24.0516 4148  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
15:44:24.0547 4148  SNMPTRAP - ok
15:44:24.0594 4148  [ 84E347359A28E9E544FF169FBDEA5F59 ] SNP2UVC        C:\windows\system32\DRIVERS\snp2uvc.sys
15:44:24.0641 4148  SNP2UVC - ok
15:44:24.0641 4148  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\windows\system32\drivers\spldr.sys
15:44:24.0656 4148  spldr - ok
15:44:24.0703 4148  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\windows\System32\spoolsv.exe
15:44:24.0719 4148  Spooler - ok
15:44:24.0828 4148  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
15:44:24.0890 4148  sppsvc - ok
15:44:24.0921 4148  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\windows\system32\sppuinotify.dll
15:44:24.0968 4148  sppuinotify - ok
15:44:25.0015 4148  [ 4C33F139236FD9BD14A920F60C1CB072 ] sptd            C:\windows\System32\Drivers\sptd.sys
15:44:25.0046 4148  sptd - ok
15:44:25.0077 4148  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\windows\system32\DRIVERS\srv.sys
15:44:25.0124 4148  srv - ok
15:44:25.0155 4148  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
15:44:25.0171 4148  srv2 - ok
15:44:25.0187 4148  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
15:44:25.0187 4148  srvnet - ok
15:44:25.0218 4148  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\windows\System32\ssdpsrv.dll
15:44:25.0265 4148  SSDPSRV - ok
15:44:25.0296 4148  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\windows\system32\sstpsvc.dll
15:44:25.0327 4148  SstpSvc - ok
15:44:25.0405 4148  [ F8807AAF697E1D20C9D7716A4941E574 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
15:44:25.0421 4148  STacSV - ok
15:44:25.0483 4148  [ E8606BF6BE3B7481D95F1DD2E4F3FCBA ] StarMoney 7.0 OnlineUpdate C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
15:44:25.0499 4148  StarMoney 7.0 OnlineUpdate - ok
15:44:25.0545 4148  [ B1691AF4A072CB674D600DB16DD7308E ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
15:44:25.0577 4148  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
15:44:25.0577 4148  StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
15:44:25.0608 4148  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
15:44:25.0608 4148  stexstor - ok
15:44:25.0655 4148  [ 96DF19A03D37F8568141612D31F0D035 ] STHDA          C:\windows\system32\DRIVERS\stwrt64.sys
15:44:25.0701 4148  STHDA - ok
15:44:25.0733 4148  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
15:44:25.0764 4148  stisvc - ok
15:44:25.0795 4148  [ 7785DC213270D2FC066538DAF94087E7 ] storflt        C:\windows\system32\drivers\vmstorfl.sys
15:44:25.0811 4148  storflt - ok
15:44:25.0826 4148  [ C40841817EF57D491F22EB103DA587CC ] StorSvc        C:\windows\system32\storsvc.dll
15:44:25.0857 4148  StorSvc - ok
15:44:25.0857 4148  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc        C:\windows\system32\drivers\storvsc.sys
15:44:25.0873 4148  storvsc - ok
15:44:25.0904 4148  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\drivers\swenum.sys
15:44:25.0920 4148  swenum - ok
15:44:25.0951 4148  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\windows\System32\swprv.dll
15:44:26.0013 4148  swprv - ok
15:44:26.0091 4148  [ D268D2A0DB2A2BBE963E688D0B039267 ] SynTP          C:\windows\system32\DRIVERS\SynTP.sys
15:44:26.0123 4148  SynTP - ok
15:44:26.0185 4148  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\windows\system32\sysmain.dll
15:44:26.0232 4148  SysMain - ok
15:44:26.0263 4148  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
15:44:26.0294 4148  TabletInputService - ok
15:44:26.0341 4148  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\windows\System32\tapisrv.dll
15:44:26.0403 4148  TapiSrv - ok
15:44:26.0450 4148  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\windows\System32\tbssvc.dll
15:44:26.0513 4148  TBS - ok
15:44:26.0575 4148  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip          C:\windows\system32\drivers\tcpip.sys
15:44:26.0622 4148  Tcpip - ok
15:44:26.0653 4148  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
15:44:26.0684 4148  TCPIP6 - ok
15:44:26.0715 4148  [ FBA939B917976B2C37F1B235DFCD4876 ] tcpipBM        C:\windows\system32\drivers\tcpipBM.sys
15:44:26.0731 4148  tcpipBM ( UnsignedFile.Multi.Generic ) - warning
15:44:26.0731 4148  tcpipBM - detected UnsignedFile.Multi.Generic (1)
15:44:26.0778 4148  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
15:44:26.0809 4148  tcpipreg - ok
15:44:26.0840 4148  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
15:44:26.0871 4148  TDPIPE - ok
15:44:26.0903 4148  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\windows\system32\drivers\tdtcp.sys
15:44:26.0934 4148  TDTCP - ok
15:44:26.0965 4148  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\windows\system32\DRIVERS\tdx.sys
15:44:27.0012 4148  tdx - ok
15:44:27.0293 4148  [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
15:44:27.0355 4148  TeamViewer8 - ok
15:44:27.0386 4148  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\drivers\termdd.sys
15:44:27.0402 4148  TermDD - ok
15:44:27.0433 4148  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\windows\System32\termsrv.dll
15:44:27.0480 4148  TermService - ok
15:44:27.0495 4148  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
15:44:27.0542 4148  Themes - ok
15:44:27.0573 4148  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\windows\system32\mmcss.dll
15:44:27.0605 4148  THREADORDER - ok
15:44:27.0620 4148  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM            C:\windows\system32\drivers\tpm.sys
15:44:27.0651 4148  TPM - ok
15:44:27.0683 4148  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
15:44:27.0745 4148  TrkWks - ok
15:44:27.0776 4148  [ B66EE1D68197DFB9AA24F961E68ACDCC ] trufos          C:\windows\system32\DRIVERS\trufos.sys
15:44:27.0792 4148  trufos - ok
15:44:27.0854 4148  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
15:44:27.0901 4148  TrustedInstaller - ok
15:44:27.0948 4148  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
15:44:27.0963 4148  tssecsrv - ok
15:44:28.0010 4148  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
15:44:28.0057 4148  TsUsbFlt - ok
15:44:28.0088 4148  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
15:44:28.0135 4148  tunnel - ok
15:44:28.0182 4148  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
15:44:28.0197 4148  uagp35 - ok
15:44:28.0244 4148  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
15:44:28.0275 4148  udfs - ok
15:44:28.0307 4148  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\windows\system32\UI0Detect.exe
15:44:28.0338 4148  UI0Detect - ok
15:44:28.0353 4148  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
15:44:28.0369 4148  uliagpkx - ok
15:44:28.0385 4148  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\windows\system32\DRIVERS\umbus.sys
15:44:28.0400 4148  umbus - ok
15:44:28.0416 4148  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
15:44:28.0463 4148  UmPass - ok
15:44:28.0494 4148  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\windows\System32\umrdp.dll
15:44:28.0525 4148  UmRdpService - ok
15:44:28.0650 4148  [ 7953D636309B7F505C70667A7A2437CF ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:44:28.0697 4148  UNS - ok
15:44:28.0775 4148  [ 75A488DA3EA48BE97695A727185515CF ] UPDATESRV      C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
15:44:28.0790 4148  UPDATESRV - ok
15:44:28.0837 4148  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
15:44:28.0884 4148  upnphost - ok
15:44:28.0915 4148  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64      C:\windows\system32\Drivers\usbaapl64.sys
15:44:28.0931 4148  USBAAPL64 - ok
15:44:28.0962 4148  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
15:44:28.0993 4148  usbaudio - ok
15:44:29.0040 4148  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\windows\system32\DRIVERS\usbccgp.sys
15:44:29.0071 4148  usbccgp - ok
15:44:29.0102 4148  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
15:44:29.0118 4148  usbcir - ok
15:44:29.0149 4148  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\windows\system32\drivers\usbehci.sys
15:44:29.0196 4148  usbehci - ok
15:44:29.0227 4148  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
15:44:29.0243 4148  usbhub - ok
15:44:29.0258 4148  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\windows\system32\drivers\usbohci.sys
15:44:29.0289 4148  usbohci - ok
15:44:29.0321 4148  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
15:44:29.0352 4148  usbprint - ok
15:44:29.0399 4148  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\windows\system32\DRIVERS\usbscan.sys
15:44:29.0430 4148  usbscan - ok
15:44:29.0461 4148  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\windows\system32\DRIVERS\USBSTOR.SYS
15:44:29.0492 4148  USBSTOR - ok
15:44:29.0523 4148  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\windows\system32\drivers\usbuhci.sys
15:44:29.0555 4148  usbuhci - ok
15:44:29.0586 4148  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
15:44:29.0601 4148  usbvideo - ok
15:44:29.0633 4148  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\windows\System32\uxsms.dll
15:44:29.0664 4148  UxSms - ok
15:44:29.0679 4148  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
15:44:29.0695 4148  VaultSvc - ok
15:44:29.0742 4148  [ BBE2B5036D2FF45458C747FB2513591D ] vcsFPService    C:\windows\system32\vcsFPService.exe
15:44:29.0789 4148  vcsFPService - ok
15:44:29.0804 4148  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
15:44:29.0820 4148  vdrvroot - ok
15:44:29.0867 4148  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\windows\System32\vds.exe
15:44:29.0913 4148  vds - ok
15:44:29.0945 4148  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\windows\system32\DRIVERS\vgapnp.sys
15:44:29.0960 4148  vga - ok
15:44:29.0960 4148  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\windows\System32\drivers\vga.sys
15:44:30.0007 4148  VgaSave - ok
15:44:30.0038 4148  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\windows\system32\drivers\vhdmp.sys
15:44:30.0054 4148  vhdmp - ok
15:44:30.0069 4148  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
15:44:30.0085 4148  viaide - ok
15:44:30.0147 4148  [ 7E4769483D416AA04B916AAB7EF0DBAF ] VmbService      C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
15:44:30.0179 4148  VmbService ( UnsignedFile.Multi.Generic ) - warning
15:44:30.0179 4148  VmbService - detected UnsignedFile.Multi.Generic (1)
15:44:30.0210 4148  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus          C:\windows\system32\drivers\vmbus.sys
15:44:30.0225 4148  vmbus - ok
15:44:30.0241 4148  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\windows\system32\drivers\VMBusHID.sys
15:44:30.0272 4148  VMBusHID - ok
15:44:30.0303 4148  [ 1E4D31FEC921300C5F262C52F5FCC666 ] vodafone_K3805-z_dc_enum C:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
15:44:30.0335 4148  vodafone_K3805-z_dc_enum - ok
15:44:30.0366 4148  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
15:44:30.0381 4148  volmgr - ok
15:44:30.0428 4148  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\windows\system32\drivers\volmgrx.sys
15:44:30.0444 4148  volmgrx - ok
15:44:30.0491 4148  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap        C:\windows\system32\drivers\volsnap.sys
15:44:30.0491 4148  volsnap - ok
15:44:30.0506 4148  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\windows\system32\DRIVERS\vsmraid.sys
15:44:30.0522 4148  vsmraid - ok
15:44:30.0600 4148  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\windows\system32\vssvc.exe
15:44:30.0678 4148  VSS - ok
15:44:30.0725 4148  [ 3AF5136088BDB56B9889EE8A3D98FBF1 ] VSSERV          C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
15:44:30.0756 4148  VSSERV - ok
15:44:30.0787 4148  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
15:44:30.0787 4148  vwifibus - ok
15:44:30.0818 4148  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
15:44:30.0818 4148  vwififlt - ok
15:44:30.0834 4148  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp        C:\windows\system32\DRIVERS\vwifimp.sys
15:44:30.0849 4148  vwifimp - ok
15:44:30.0896 4148  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\windows\system32\w32time.dll
15:44:30.0959 4148  W32Time - ok
15:44:30.0990 4148  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
15:44:31.0021 4148  WacomPen - ok
15:44:31.0052 4148  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
15:44:31.0099 4148  WANARP - ok
15:44:31.0115 4148  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
15:44:31.0146 4148  Wanarpv6 - ok
15:44:31.0193 4148  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc    C:\windows\system32\Wat\WatAdminSvc.exe
15:44:31.0224 4148  WatAdminSvc - ok
15:44:31.0317 4148  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
15:44:31.0364 4148  wbengine - ok
15:44:31.0411 4148  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
15:44:31.0442 4148  WbioSrvc - ok
15:44:31.0489 4148  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\windows\System32\wcncsvc.dll
15:44:31.0536 4148  wcncsvc - ok
15:44:31.0551 4148  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
15:44:31.0583 4148  WcsPlugInService - ok
15:44:31.0614 4148  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\DRIVERS\wd.sys
15:44:31.0629 4148  Wd - ok
15:44:31.0676 4148  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
15:44:31.0707 4148  Wdf01000 - ok
15:44:31.0723 4148  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
15:44:31.0739 4148  WdiServiceHost - ok
15:44:31.0739 4148  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\windows\system32\wdi.dll
15:44:31.0770 4148  WdiSystemHost - ok
15:44:31.0785 4148  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\windows\System32\webclnt.dll
15:44:31.0817 4148  WebClient - ok
15:44:31.0863 4148  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
15:44:31.0910 4148  Wecsvc - ok
15:44:31.0941 4148  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\windows\System32\wercplsupport.dll
15:44:31.0988 4148  wercplsupport - ok
15:44:32.0004 4148  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
15:44:32.0051 4148  WerSvc - ok
15:44:32.0082 4148  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
15:44:32.0113 4148  WfpLwf - ok
15:44:32.0129 4148  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
15:44:32.0129 4148  WIMMount - ok
15:44:32.0160 4148  WinDefend - ok
15:44:32.0175 4148  WinHttpAutoProxySvc - ok
15:44:32.0222 4148  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\windows\system32\wbem\WMIsvc.dll
15:44:32.0253 4148  Winmgmt - ok
15:44:32.0331 4148  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\windows\system32\WsmSvc.dll
15:44:32.0394 4148  WinRM - ok
15:44:32.0441 4148  [ FE88B288356E7B47B74B13372ADD906D ] WinUSB          C:\windows\system32\DRIVERS\WinUSB.sys
15:44:32.0472 4148  WinUSB - ok
15:44:32.0565 4148  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\windows\System32\wlansvc.dll
15:44:32.0597 4148  Wlansvc - ok
15:44:32.0721 4148  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:44:32.0768 4148  wlidsvc - ok
15:44:32.0799 4148  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\windows\system32\drivers\wmiacpi.sys
15:44:32.0815 4148  WmiAcpi - ok
15:44:32.0831 4148  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
15:44:32.0877 4148  wmiApSrv - ok
15:44:32.0893 4148  WMPNetworkSvc - ok
15:44:32.0909 4148  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
15:44:32.0940 4148  WPCSvc - ok
15:44:32.0971 4148  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
15:44:32.0987 4148  WPDBusEnum - ok
15:44:33.0018 4148  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\windows\system32\drivers\ws2ifsl.sys
15:44:33.0065 4148  ws2ifsl - ok
15:44:33.0096 4148  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
15:44:33.0127 4148  wscsvc - ok
15:44:33.0127 4148  WSearch - ok
15:44:33.0205 4148  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
15:44:33.0267 4148  wuauserv - ok
15:44:33.0299 4148  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
15:44:33.0330 4148  WudfPf - ok
15:44:33.0361 4148  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
15:44:33.0392 4148  WUDFRd - ok
15:44:33.0439 4148  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\windows\System32\WUDFSvc.dll
15:44:33.0470 4148  wudfsvc - ok
15:44:33.0501 4148  [ CE8CF9DE9CBFDAA318BD04D8BE3FCADA ] WwanSvc        C:\windows\System32\wwansvc.dll
15:44:33.0548 4148  WwanSvc - ok
15:44:33.0548 4148  ================ Scan global ===============================
15:44:33.0595 4148  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
15:44:33.0626 4148  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
15:44:33.0642 4148  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
15:44:33.0673 4148  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
15:44:33.0704 4148  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
15:44:33.0704 4148  [Global] - ok
15:44:33.0704 4148  ================ Scan MBR ==================================
15:44:33.0720 4148  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:44:34.0359 4148  \Device\Harddisk0\DR0 - ok
15:44:34.0359 4148  ================ Scan VBR ==================================
15:44:34.0359 4148  [ 6E95FBFB59D29677C6876305A6D1CDF6 ] \Device\Harddisk0\DR0\Partition1
15:44:34.0359 4148  \Device\Harddisk0\DR0\Partition1 - ok
15:44:34.0375 4148  [ 2AE8AC2E7E0E3F6246D52865DCB26CC4 ] \Device\Harddisk0\DR0\Partition2
15:44:34.0375 4148  \Device\Harddisk0\DR0\Partition2 - ok
15:44:34.0422 4148  [ B208B2A283A3B8009FAF3407BCE4AE9E ] \Device\Harddisk0\DR0\Partition3
15:44:34.0422 4148  \Device\Harddisk0\DR0\Partition3 - ok
15:44:34.0422 4148  [ 3B485F3327BC9F29D337FB13937C816A ] \Device\Harddisk0\DR0\Partition4
15:44:34.0422 4148  \Device\Harddisk0\DR0\Partition4 - ok
15:44:34.0437 4148  ============================================================
15:44:34.0437 4148  Scan finished
15:44:34.0437 4148  ============================================================
15:44:34.0437 7888  Detected object count: 10
15:44:34.0437 7888  Actual detected object count: 10
15:45:30.0301 7888  BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
15:45:30.0301 7888  BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:45:30.0301 7888  DEBridge ( UnsignedFile.Multi.Generic ) - skipped by user
15:45:30.0301 7888  DEBridge ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:45:30.0301 7888  HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:45:30.0301 7888  HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:45:30.0317 7888  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:45:30.0317 7888  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:45:30.0317 7888  HPDayStarterService ( UnsignedFile.Multi.Generic ) - skipped by user
15:45:30.0317 7888  HPDayStarterService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:45:30.0317 7888  SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
15:45:30.0317 7888  SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
15:45:30.0317 7888  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
15:45:30.0317 7888  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:45:30.0317 7888  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
15:45:30.0317 7888  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:45:30.0317 7888  tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
15:45:30.0317 7888  tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:45:30.0317 7888  VmbService ( UnsignedFile.Multi.Generic ) - skipped by user
15:45:30.0317 7888  VmbService ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 11.02.2013 08:55
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

smarks 11.02.2013 10:54
Hallo cosinus,

habe ComboFix nach Anleitung installiert und durchlaufen lassen.

Logfiles ComboFix:

Combofix Logfile:
Code:
ComboFix 13-02-07.02 - *** 11.02.2013  10:22:55.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.8047.5498 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Bitdefender Virenschutz *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
SP: Bitdefender Spyware-Schutz *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1321692119.bdinstall.bin
c:\programdata\1353484169.bdinstall.bin
c:\programdata\1353486335.bdinstall.bin
c:\programdata\9zVXhbR.bat
c:\programdata\9zVXhbR.pad
c:\programdata\l_u0_0.pad
C:\Thumbs.db
c:\users\***\AppData\Roaming\Microsoft\Windows\Recent\Vodafone Videothek.url
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\DPCrProv.dll.mui
c:\windows\SysWow64\pt\DPFPApiUI.dll.mui
c:\windows\SysWow64\pt\DPPassFilter.dll.mui
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-01-11 bis 2013-02-11  ))))))))))))))))))))))))))))))
.
.
2013-02-11 09:30 . 2013-02-11 09:30        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-02-09 16:37 . 2013-02-09 16:37        --------        d-----w-        c:\users\***\AppData\Local\***.***
2013-02-07 20:11 . 2011-05-13 12:16        493056        ----a-w-        c:\windows\SysWow64\dhRichClient3.dll
2013-02-07 20:11 . 2011-03-25 20:42        338432        ----a-w-        c:\windows\SysWow64\sqlite36_engine.dll
2013-02-07 20:11 . 2013-02-07 20:11        --------        d-----w-        c:\users\***\AppData\Roaming\DesktopIconForAmazon
2013-02-07 20:11 . 2013-02-07 20:11        --------        d-----w-        c:\programdata\DNSErrorHelper
2013-02-07 20:11 . 2013-02-07 20:11        --------        d-----w-        c:\users\***\AppData\Roaming\OCS
2013-02-07 09:42 . 2013-02-07 09:42        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2013-02-05 22:21 . 2013-02-05 22:21        --------        d-----w-        c:\program files (x86)\Common Files\Java
2013-02-05 22:21 . 2013-02-05 22:20        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-05 19:07 . 2013-02-05 19:07        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2013-02-05 19:07 . 2013-02-05 19:07        --------        d-----w-        c:\programdata\Malwarebytes
2013-02-05 19:06 . 2013-02-05 19:35        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-05 19:06 . 2012-12-14 15:49        24176        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-02-05 19:05 . 2013-02-05 19:05        --------        d-----w-        c:\users\***\AppData\Local\Programs
2013-02-05 09:16 . 2013-02-05 09:16        153        ----a-w-        c:\programdata\9zVXhbR.reg
2013-01-22 13:05 . 2013-01-22 13:06        --------        d-----w-        c:\users\***\AppData\Roaming\webex
2013-01-13 09:57 . 2012-08-21 12:01        33240        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-13 09:56 . 2013-01-13 09:56        --------        d-----w-        c:\program files\iPod
2013-01-13 09:56 . 2013-01-13 09:57        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-13 09:56 . 2013-01-13 09:57        --------        d-----w-        c:\program files\iTunes
2013-01-13 09:56 . 2013-01-13 09:57        --------        d-----w-        c:\program files (x86)\iTunes
2013-01-13 09:48 . 2013-01-13 09:48        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-13 09:48 . 2013-01-13 09:48        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-13 09:48 . 2013-01-13 09:48        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-13 09:48 . 2013-01-13 09:48        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-13 09:48 . 2013-01-13 09:48        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-13 09:48 . 2013-01-13 09:48        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-13 09:48 . 2013-01-13 09:48        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 01:05 . 2012-05-20 10:06        74096        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-10 01:05 . 2012-05-20 10:06        697712        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-05 22:20 . 2012-07-07 16:54        861088        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2013-02-05 22:20 . 2011-03-22 18:21        782240        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-01-30 16:11 . 2012-11-21 08:39        82384        ----a-w-        c:\windows\system32\drivers\bdsandbox.sys
2013-01-30 16:11 . 2012-11-21 08:39        707528        ----a-w-        c:\windows\system32\drivers\avc3.sys
2013-01-30 16:10 . 2012-11-21 08:39        589000        ----a-w-        c:\windows\system32\drivers\avckf.sys
2013-01-10 05:36 . 2011-03-23 07:46        67599240        ----a-w-        c:\windows\system32\MRT.exe
2012-12-19 12:52 . 2012-12-19 12:52        261056        ----a-w-        c:\windows\system32\drivers\avchv.sys
2012-12-16 17:11 . 2012-12-22 08:38        46080        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 08:38        367616        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 08:38        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 08:38        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 18:45        441856        ----a-w-        c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 18:45        2746368        ----a-w-        c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 18:45        308736        ----a-w-        c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 18:45        2576384        ----a-w-        c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 18:45        30720        ----a-w-        c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 18:45        43520        ----a-w-        c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 18:45        23552        ----a-w-        c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 18:45        45568        ----a-w-        c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 18:45        44544        ----a-w-        c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 18:45        20480        ----a-w-        c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 18:45        20480        ----a-w-        c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 18:45        20480        ----a-w-        c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 18:45        46592        ----a-w-        c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 18:45        40960        ----a-w-        c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 18:45        21504        ----a-w-        c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 18:45        15360        ----a-w-        c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 18:45        55296        ----a-w-        c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 18:45        51712        ----a-w-        c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 18:45        43520        ----a-w-        c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 18:45        30720        ----a-w-        c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 18:45        45568        ----a-w-        c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 18:45        44544        ----a-w-        c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 18:45        20480        ----a-w-        c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 18:45        23552        ----a-w-        c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 18:45        20480        ----a-w-        c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 18:45        46592        ----a-w-        c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 18:45        20480        ----a-w-        c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 18:45        21504        ----a-w-        c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 18:45        40960        ----a-w-        c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 18:45        15360        ----a-w-        c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 18:45        55296        ----a-w-        c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 18:45        51712        ----a-w-        c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 18:44        362496        ----a-w-        c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 18:44        243200        ----a-w-        c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 18:44        13312        ----a-w-        c:\windows\system32\wow64cpu.dll
2012-11-30 05:45 . 2013-01-09 18:44        215040        ----a-w-        c:\windows\system32\winsrv.dll
2012-11-30 05:43 . 2013-01-09 18:44        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 18:44        424448        ----a-w-        c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 18:44        1161216        ----a-w-        c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:54 . 2013-01-09 18:44        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2012-11-30 04:53 . 2013-01-09 18:44        274944        ----a-w-        c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 18:44        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        5120        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9B6B03F1-16CF-4491-BBBB-E872802DD717}]
2013-02-07 20:11        138752        ----a-w-        c:\programdata\DNSErrorHelper\bho.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"HP Connection Manager.exe"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe" [2010-06-08 1120072]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-12-31 398848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{90140000-003D-0000-0000-0000000FF1CE}"="del" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AddonsHelper;AddonsHelper;c:\users\***\AppData\Local\Temp\OCS\Downloads\d340164aef134ca45f5d3a3a8b8d1b79\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe [2010-05-21 45224]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-10-29 79360]
R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-09-28 55808]
R2 SearchAnonymizer;SearchAnonymizer;c:\users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2013-02-07 40960]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2013-01-30 589000]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-01-30 82384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 35104]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-13 1255736]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2013-01-30 68880]
R4 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-10-25 341288]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-06-11 868848]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2013-01-30 707528]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2011-03-10 16512]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2012-08-29 145696]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-02-06 54480]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-07-06 93160]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2012-04-17 76944]
S1 RsvLock;RsvLock; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-11-23 89600]
S2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe [2010-05-21 1052328]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2012-03-14 152992]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-06-14 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-01 281192]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-03-09 117552]
S2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [2011-04-29 1687360]
S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-11-29 95184]
S2 SMManager;HP Connection Manager Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe [2010-06-08 84808]
S2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2011-11-08 554160]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-12-19 68416]
S2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-12-31 9216]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-01 704512]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2012-02-02 509104]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-12-30 85504]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-21 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-21 177152]
S3 qcfilterhp2k;HP un2420 Mobile Broadband Module USB Device Filter;c:\windows\system32\DRIVERS\qcfilterhp2k.sys [2011-04-29 6400]
S3 qcombushp;Gobi 2000 USB Composite Device Driver(03F0-251D);c:\windows\system32\DRIVERS\qcombushp.sys [2011-04-29 160328]
S3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\DRIVERS\qcusbnethp2k.sys [2011-04-29 444416]
S3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\DRIVERS\qcusbserhp2k.sys [2011-04-29 230784]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2009-07-20 59008]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 75776]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 01:05]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-21 07:50]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-21 07:50]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3442603491-3579072867-3194603140-1001Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-02 19:12]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3442603491-3579072867-3194603140-1001UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-02 19:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-11-29 17:08        268760        ----a-w-        c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-11-29 17:08        268760        ----a-w-        c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-11-29 17:08        268760        ----a-w-        c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-11-29 17:08        268760        ----a-w-        c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]
"dleemon.exe"="c:\program files (x86)\Dell V715w\dleemon.exe" [2010-08-18 770728]
"EzPrint"="c:\program files (x86)\Dell V715w\ezprint.exe" [2010-08-18 139944]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-11-23 489472]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-01-30 1573632]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1875048]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2012-03-14 15232]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EE1CE425-7F04-4A53-A7D6-9321D8185387}: NameServer = 139.7.30.126 139.7.30.125
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\x5odo20k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: 2013-02-05 23:35; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\x5odo20k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-02-07 21:15; twitter.address.bar.search@firefox.twitter; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\x5odo20k.default\extensions\twitter.address.bar.search@firefox.twitter.xpi
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-11  10:32:43
ComboFix-quarantined-files.txt  2013-02-11 09:32
.
Vor Suchlauf: 12 Verzeichnis(se), 204.864.692.224 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 204.708.753.408 Bytes frei
.
- - End Of File - - 5AFF7AC5FF6292D00548D03CDD8DE49A
--- --- ---


Hallo cosinus,

habe ComboFix problemlos nach der Anleitung durchlaufen lassen.

Hier die Logfiles

[CODE]
Combofix Logfile:
Code:
ComboFix 13-02-07.02 - *** 11.02.2013  10:22:55.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.8047.5498 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Bitdefender Virenschutz *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
SP: Bitdefender Spyware-Schutz *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1321692119.bdinstall.bin
c:\programdata\1353484169.bdinstall.bin
c:\programdata\1353486335.bdinstall.bin
c:\programdata\9zVXhbR.bat
c:\programdata\9zVXhbR.pad
c:\programdata\l_u0_0.pad
C:\Thumbs.db
c:\users\***\AppData\Roaming\Microsoft\Windows\Recent\Vodafone Videothek.url
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\DPCrProv.dll.mui
c:\windows\SysWow64\pt\DPFPApiUI.dll.mui
c:\windows\SysWow64\pt\DPPassFilter.dll.mui
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-01-11 bis 2013-02-11  ))))))))))))))))))))))))))))))
.
.
2013-02-11 09:30 . 2013-02-11 09:30        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-02-09 16:37 . 2013-02-09 16:37        --------        d-----w-        c:\users\***\AppData\Local\***.***
2013-02-07 20:11 . 2011-05-13 12:16        493056        ----a-w-        c:\windows\SysWow64\dhRichClient3.dll
2013-02-07 20:11 . 2011-03-25 20:42        338432        ----a-w-        c:\windows\SysWow64\sqlite36_engine.dll
2013-02-07 20:11 . 2013-02-07 20:11        --------        d-----w-        c:\users\***\AppData\Roaming\DesktopIconForAmazon
2013-02-07 20:11 . 2013-02-07 20:11        --------        d-----w-        c:\programdata\DNSErrorHelper
2013-02-07 20:11 . 2013-02-07 20:11        --------        d-----w-        c:\users\***\AppData\Roaming\OCS
2013-02-07 09:42 . 2013-02-07 09:42        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2013-02-05 22:21 . 2013-02-05 22:21        --------        d-----w-        c:\program files (x86)\Common Files\Java
2013-02-05 22:21 . 2013-02-05 22:20        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-05 19:07 . 2013-02-05 19:07        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2013-02-05 19:07 . 2013-02-05 19:07        --------        d-----w-        c:\programdata\Malwarebytes
2013-02-05 19:06 . 2013-02-05 19:35        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-05 19:06 . 2012-12-14 15:49        24176        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-02-05 19:05 . 2013-02-05 19:05        --------        d-----w-        c:\users\***\AppData\Local\Programs
2013-02-05 09:16 . 2013-02-05 09:16        153        ----a-w-        c:\programdata\9zVXhbR.reg
2013-01-22 13:05 . 2013-01-22 13:06        --------        d-----w-        c:\users\***\AppData\Roaming\webex
2013-01-13 09:57 . 2012-08-21 12:01        33240        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-13 09:56 . 2013-01-13 09:56        --------        d-----w-        c:\program files\iPod
2013-01-13 09:56 . 2013-01-13 09:57        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-13 09:56 . 2013-01-13 09:57        --------        d-----w-        c:\program files\iTunes
2013-01-13 09:56 . 2013-01-13 09:57        --------        d-----w-        c:\program files (x86)\iTunes
2013-01-13 09:48 . 2013-01-13 09:48        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-13 09:48 . 2013-01-13 09:48        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-13 09:48 . 2013-01-13 09:48        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-13 09:48 . 2013-01-13 09:48        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-13 09:48 . 2013-01-13 09:48        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-13 09:48 . 2013-01-13 09:48        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-13 09:48 . 2013-01-13 09:48        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 01:05 . 2012-05-20 10:06        74096        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-10 01:05 . 2012-05-20 10:06        697712        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-05 22:20 . 2012-07-07 16:54        861088        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2013-02-05 22:20 . 2011-03-22 18:21        782240        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-01-30 16:11 . 2012-11-21 08:39        82384        ----a-w-        c:\windows\system32\drivers\bdsandbox.sys
2013-01-30 16:11 . 2012-11-21 08:39        707528        ----a-w-        c:\windows\system32\drivers\avc3.sys
2013-01-30 16:10 . 2012-11-21 08:39        589000        ----a-w-        c:\windows\system32\drivers\avckf.sys
2013-01-10 05:36 . 2011-03-23 07:46        67599240        ----a-w-        c:\windows\system32\MRT.exe
2012-12-19 12:52 . 2012-12-19 12:52        261056        ----a-w-        c:\windows\system32\drivers\avchv.sys
2012-12-16 17:11 . 2012-12-22 08:38        46080        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 08:38        367616        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 08:38        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 08:38        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 18:45        441856        ----a-w-        c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 18:45        2746368        ----a-w-        c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 18:45        308736        ----a-w-        c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 18:45        2576384        ----a-w-        c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 18:45        30720        ----a-w-        c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 18:45        43520        ----a-w-        c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 18:45        23552        ----a-w-        c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 18:45        45568        ----a-w-        c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 18:45        44544        ----a-w-        c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 18:45        20480        ----a-w-        c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 18:45        20480        ----a-w-        c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 18:45        20480        ----a-w-        c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 18:45        46592        ----a-w-        c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 18:45        40960        ----a-w-        c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 18:45        21504        ----a-w-        c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 18:45        15360        ----a-w-        c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 18:45        55296        ----a-w-        c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 18:45        51712        ----a-w-        c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 18:45        43520        ----a-w-        c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 18:45        30720        ----a-w-        c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 18:45        45568        ----a-w-        c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 18:45        44544        ----a-w-        c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 18:45        20480        ----a-w-        c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 18:45        23552        ----a-w-        c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 18:45        20480        ----a-w-        c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 18:45        46592        ----a-w-        c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 18:45        20480        ----a-w-        c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 18:45        21504        ----a-w-        c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 18:45        40960        ----a-w-        c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 18:45        15360        ----a-w-        c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 18:45        55296        ----a-w-        c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 18:45        51712        ----a-w-        c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 18:44        362496        ----a-w-        c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 18:44        243200        ----a-w-        c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 18:44        13312        ----a-w-        c:\windows\system32\wow64cpu.dll
2012-11-30 05:45 . 2013-01-09 18:44        215040        ----a-w-        c:\windows\system32\winsrv.dll
2012-11-30 05:43 . 2013-01-09 18:44        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 18:44        424448        ----a-w-        c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 18:44        1161216        ----a-w-        c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:54 . 2013-01-09 18:44        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2012-11-30 04:53 . 2013-01-09 18:44        274944        ----a-w-        c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 18:44        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        5120        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9B6B03F1-16CF-4491-BBBB-E872802DD717}]
2013-02-07 20:11        138752        ----a-w-        c:\programdata\DNSErrorHelper\bho.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"HP Connection Manager.exe"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe" [2010-06-08 1120072]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-12-31 398848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{90140000-003D-0000-0000-0000000FF1CE}"="del" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AddonsHelper;AddonsHelper;c:\users\***\AppData\Local\Temp\OCS\Downloads\d340164aef134ca45f5d3a3a8b8d1b79\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe [2010-05-21 45224]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-10-29 79360]
R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-09-28 55808]
R2 SearchAnonymizer;SearchAnonymizer;c:\users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2013-02-07 40960]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2013-01-30 589000]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-01-30 82384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 35104]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-13 1255736]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2013-01-30 68880]
R4 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-10-25 341288]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-06-11 868848]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2013-01-30 707528]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2011-03-10 16512]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2012-08-29 145696]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-02-06 54480]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-07-06 93160]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2012-04-17 76944]
S1 RsvLock;RsvLock; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-11-23 89600]
S2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe [2010-05-21 1052328]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2012-03-14 152992]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-06-14 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-01 281192]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-03-09 117552]
S2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [2011-04-29 1687360]
S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-11-29 95184]
S2 SMManager;HP Connection Manager Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe [2010-06-08 84808]
S2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2011-11-08 554160]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-12-19 68416]
S2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-12-31 9216]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-01 704512]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2012-02-02 509104]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-12-30 85504]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-21 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-21 177152]
S3 qcfilterhp2k;HP un2420 Mobile Broadband Module USB Device Filter;c:\windows\system32\DRIVERS\qcfilterhp2k.sys [2011-04-29 6400]
S3 qcombushp;Gobi 2000 USB Composite Device Driver(03F0-251D);c:\windows\system32\DRIVERS\qcombushp.sys [2011-04-29 160328]
S3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\DRIVERS\qcusbnethp2k.sys [2011-04-29 444416]
S3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\DRIVERS\qcusbserhp2k.sys [2011-04-29 230784]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2009-07-20 59008]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 75776]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 01:05]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-21 07:50]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-21 07:50]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3442603491-3579072867-3194603140-1001Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-02 19:12]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3442603491-3579072867-3194603140-1001UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-02 19:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-11-29 17:08        268760        ----a-w-        c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-11-29 17:08        268760        ----a-w-        c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-11-29 17:08        268760        ----a-w-        c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-11-29 17:08        268760        ----a-w-        c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]
"dleemon.exe"="c:\program files (x86)\Dell V715w\dleemon.exe" [2010-08-18 770728]
"EzPrint"="c:\program files (x86)\Dell V715w\ezprint.exe" [2010-08-18 139944]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-11-23 489472]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-01-30 1573632]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1875048]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2012-03-14 15232]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EE1CE425-7F04-4A53-A7D6-9321D8185387}: NameServer = 139.7.30.126 139.7.30.125
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\x5odo20k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: 2013-02-05 23:35; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\x5odo20k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-02-07 21:15; twitter.address.bar.search@firefox.twitter; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\x5odo20k.default\extensions\twitter.address.bar.search@firefox.twitter.xpi
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-11  10:32:43
ComboFix-quarantined-files.txt  2013-02-11 09:32
.
Vor Suchlauf: 12 Verzeichnis(se), 204.864.692.224 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 204.708.753.408 Bytes frei
.
- - End Of File - - 5AFF7AC5FF6292D00548D03CDD8DE49A
--- --- ---

ich habe hier Probleme mit dem Login, der betroffene Rechner spinnt etwas.
Ich werde als offline angezeigt, obwohl ich drin bin, oder ich komme garnicht erst rein.
Daher habe ich ein + dasselbe Log versehentlich zweimal gepostet

cosinus 11.02.2013 12:13
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

smarks 11.02.2013 13:13
Hallo cosinus,

vielen Dank für deine weitere Hilfe und deine Zeit :-)
Hat alles geklappt.


Logfiles adwcleaner.exe:

AdwCleaner Logfile:
Code:
# AdwCleaner v2.112 - Datei am 11/02/2013 um 12:42:00 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : *** - ***
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\***\AppData\Local\APN
Ordner Gelöscht : C:\Users\***\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\***\Documents\Software

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\x5odo20k.default\prefs.js

Gelöscht : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1435 octets] - [11/02/2013 12:42:00]

########## EOF - C:\AdwCleaner[S1].txt - [1495 octets] ##########
--- --- ---



OTL Logfiles:

OTL Logfile:
Code:
OTL logfile created on: 11.02.2013 12:53:36 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,86 Gb Total Physical Memory | 5,26 Gb Available Physical Memory | 66,93% Memory free
15,72 Gb Paging File | 12,64 Gb Available in Paging File | 80,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,46 Gb Total Space | 200,58 Gb Free Space | 44,73% Space Free | Partition Type: NTFS
Drive F: | 1,99 Gb Total Space | 0,00 Gb Free Space | 0,07% Space Free | Partition Type: FAT32
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (Portrait Displays, Inc)
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe (QUALCOMM, Inc.)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
PRC - C:\Program Files (x86)\Dell V715w\ezprint.exe ()
PRC - C:\Program Files (x86)\Dell V715w\dleemon.exe ()
PRC - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe (Smith Micro Software, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe (Smith Micro Software, Inc)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\bmctl.exe (Bytemobile, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Model.Conn#\380408b02e889be39353124954ab0bae\Vodafone.Model.Connection.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Model.Shor#\7f69986f2f266961c51cae510014b002\Vodafone.Model.Shortcut.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Shared\7aa6820dc1a68487dd8d4b075072a355\Vodafone.View.Shared.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Manag#\b558758b4ac0f6bfd750e00a387075b8\Vodafone.View.ManagedToolTip.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.BusinessLo#\7bc90a3c13d858a2abcdc0dc5dd1b22b\Vodafone.BusinessLogic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Secon#\87af5a01e0050812a7038eb4e2ead71d\Vodafone.View.SecondaryWindows.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LanWlanMan#\c5bec04e3e8b3134fd01258474dd376e\Vodafone.LanWlanManager.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Vpn\d692d5918d525d2146f52b0f95bc8b99\Vodafone.Vpn.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Inter#\730e7c376c8448fc9fb71e7a5c8e055b\Vodafone.Core.Interfaces.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.CoreI#\277c57b9cb05317a94784d26087a0576\Vodafone.Core.CoreInstanceProvider.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Connection#\e73ed9369fac62759c280521fa0f283b\Vodafone.ConnectionServices.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.WwanWrapper\f111962f92abb2b8ed12406e83ca2c1b\Vodafone.WwanWrapper.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Interop.Shell32\d65e3892ff3bfd90b6b37f7ef0c8761c\Interop.Shell32.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.TrafficOpt#\f5089eb477babd58830ba3ae3f6b5aeb\Vodafone.TrafficOptimiser.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.MbbManagem#\3c3423dc197a02a048917025e41017e9\Vodafone.MbbManagement.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\9bea9aa03e6e7263e475004f6c94d824\Vodafone.DeviceAccess.Interfaces.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\5ec9197d2e5de6168cfdbfa64f01b569\Vodafone.DeviceAccess.Internals.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Remot#\17a00561f3a80914f35ff822fe6af7f5\Vodafone.Core.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Common.Logging\0c5008375abad2d7074f91953acd7158\Common.Logging.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\eb89fdd84e558ea153acfe524632a624\Vodafone.DeviceAccess.Factory.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Spring.Core\4a69d3bfa1111bcd9328e15165ee78ad\Spring.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\1f888ef7735ac0b26850e263154532d6\Vodafone.Contracts.Adapter.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.InstancePr#\9eeda4ddf4e53101f9c07780e799ad3a\Vodafone.InstanceProvider.Impl.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\57e626e2ed44f317d68df1078ddf61a9\Infragistics2.Win.UltraWinEditors.v9.2.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.M#\f477bb16d7dc2ee37b259d96cb4a88b5\Infragistics2.Win.Misc.v9.2.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.v#\fc8d018577f1972f52b63e503a1e84df\Infragistics2.Win.v9.2.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Share#\754a5294a4b2eaab04ab9cf0d9516192\Infragistics2.Shared.v9.2.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\30cf850ed078c5d9a4f6493b5e013c73\Infragistics2.Win.UltraWinToolbars.v9.2.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\44e1d1c29d6868d549fe0b8dc7e7befe\Vodafone.Contracts.View.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\39d101b56e00b3ea846a8c258ddbe73c\Vodafone.DeviceAccess.Contracts.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\399ce794b60b7caa4b764cf24d398a9b\Interop.FNCClient11Lib.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\6666e786dbce9c7923f2a5633fca5ec2\Vodafone.Contracts.Model.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Contr#\8c2160cad92cb1a69cd491ec27ef673a\Vodafone.Core.Contracts.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Inter#\f618a85001aa57f9cc00cc5861ba363d\Vodafone.Base.Internals.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.UpdateMana#\d6a8b0d952547a4c99ce35307f813a42\Vodafone.UpdateManager.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Facto#\2ecca2e40a375a33ff457ed593c56f74\Vodafone.Base.Factory.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.ReportingM#\c43f4656da8cba686a04b53ae2573e5d\Vodafone.ReportingManager.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Connection#\01a3c693f3f72d9e1f8171ae3efdfb6c\Vodafone.ConnectionManagement.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\7ce5215b875cebe9312bd00fe3e47abb\Vodafone.Contracts.Common.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\a65222e97275088409988fe1ca9aea06\Vodafone.Contracts.Presenter.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.OutlookCon#\2f0ac749fee4889623b8e4c8b8664a9f\Vodafone.OutlookConnector.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Applicatio#\63cdeb2cff87f04f9abb933bc59e7b21\Vodafone.ApplicationHost.Impl.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.CommonDial#\8b0b3fa8e9090315931caac97a92e719\Vodafone.CommonDialogs.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsContact#\db28109a51536e65198d1cd80c91f2ff\Vodafone.SmsContactManager.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DataAccess#\84b67f4032ef33762164f25e6d2850f7\Vodafone.DataAccessor.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsProfile#\2180a360c28430ede7b36d03c03ecb3d\Vodafone.SmsProfileManager.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SettingsMa#\b3351b69b51a6618151db261c6d09078\Vodafone.SettingsManager.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\MobileBroadbandReso#\123bdd64be6f60112378097b5db9f688\MobileBroadbandResources.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Win32\6f94a9468db9f5da960d05a6883c1010\Vodafone.Base.Win32.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.NtServiceM#\3721c93dab8e3e51f6c9aaf02df2b25d\Vodafone.NtServiceMessaging.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.MobileBroa#\40637db240e1d276f9aeb9df4d442cb9\Vodafone.MobileBroadband.CallbackHandler.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Common\a93ae1f47d2f6d7cea0097dbc1bfed63\Vodafone.Common.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Data\6f72df05f24272c124c3cbf67b2c8a14\Vodafone.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Contr#\e2c656e12b5a46e4741d2762f6404351\Vodafone.Base.Contracts.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Platform\ae32fc26bf78d00513a39543126e1635\Vodafone.Platform.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\MobileBroadband\996ad37cab5870103648322a1d2f27f6\MobileBroadband.ni.exe ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LogEngine\5b23dd5e04bf1b515d9f0299d6c5d323\Vodafone.LogEngine.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\68f617caf670fefc0be769a294dc4ffd\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll ()
MOD - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_de_31bf3856ad364e35\WindowsBase.resources.dll ()
MOD - C:\Program Files (x86)\Dell V715w\ezprint.exe ()
MOD - C:\Program Files (x86)\Dell V715w\dleemon.exe ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.SharedUI.WPF.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.SharedUI.WPF.resources.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.WwanDiagnostics.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.UI.ViewModel.resources.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.UI.ViewModel.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.UI.Models.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Application.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Application.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.Application.resources.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.Resources.WPF.resources.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\en-US\SmithMicro.Resources.WPF.resources.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Resources.WPF.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\en-US\HP.ShinyNoire.UI.resources.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP.ShinyNoire.UI.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Message.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Dell V715w\dleeDRS.dll ()
MOD - C:\Program Files (x86)\Dell V715w\dleescw.dll ()
MOD - C:\Program Files (x86)\Dell V715w\dleecfg.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Program Files (x86)\Dell V715w\EPOEMDll.dll ()
MOD - C:\Program Files (x86)\Dell V715w\epstring.dll ()
MOD - C:\Program Files (x86)\Dell V715w\EPWizRes.dll ()
MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files (x86)\Dell V715w\dleedatr.dll ()
MOD - C:\Windows\SysWOW64\DLEEsmr.dll ()
MOD - C:\Program Files (x86)\Dell V715w\iptk.dll ()
MOD - C:\Program Files (x86)\Dell V715w\Epwizard.DLL ()
MOD - C:\Program Files (x86)\Dell V715w\customui.dll ()
MOD - C:\Program Files (x86)\Dell V715w\Epfunct.DLL ()
MOD - C:\Program Files (x86)\Dell V715w\Eputil.DLL ()
MOD - C:\Program Files (x86)\Dell V715w\Imagutil.DLL ()
MOD - C:\Program Files (x86)\Dell V715w\dleecaps.dll ()
MOD - C:\Program Files (x86)\Dell V715w\dleecnv4.dll ()
MOD - C:\Program Files (x86)\Dell V715w\dleeptp.dll ()
MOD - C:\Windows\SysWOW64\DLEEsm.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
SRV:64bit: - (BdDesktopParental) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe (Bitdefender)
SRV:64bit: - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
SRV:64bit: - (SafeBox) -- C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe (Bitdefender)
SRV:64bit: - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (HPDayStarterService) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe (Hewlett-Packard Company)
SRV:64bit: - (dlee_device) -- C:\Windows\SysNative\dleecoms.exe ( )
SRV:64bit: - (dleeCATSCustConnectService) -- C:\windows\SysNative\spool\DRIVERS\x64\3\\dleeserv.exe ()
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (HpFkCryptService) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
SRV:64bit: - (DEBridge) -- C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (McAfee, Inc.)
SRV:64bit: - (DpHost) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SearchAnonymizer) -- C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (PdiService) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (QDLService2kHP) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe (QUALCOMM, Inc.)
SRV - (VmbService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)
SRV - (SMManager) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe (Smith Micro Software, Inc.)
SRV - (dleeCATSCustConnectService) -- C:\windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe ()
SRV - (dlee_device) -- C:\Windows\SysWOW64\dleecoms.exe ( )
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (HP ProtectTools Service) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (BDSandBox) -- C:\Windows\SysNative\drivers\bdsandbox.sys (BitDefender SRL)
DRV:64bit: - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender)
DRV:64bit: - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (trufos) -- C:\Windows\SysNative\drivers\trufos.sys (BitDefender S.R.L.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (gzflt) -- C:\Windows\SysNative\drivers\gzflt.sys (BitDefender LLC)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (BdfNdisf) -- c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys (BitDefender LLC)
DRV:64bit: - (BDVEDISK) -- C:\Windows\SysNative\drivers\bdvedisk.sys (BitDefender)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (bdfwfpf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (qcusbnethp2k) -- C:\Windows\SysNative\drivers\qcusbnethp2k.sys (QUALCOMM Incorporated)
DRV:64bit: - (qcusbserhp2k) -- C:\Windows\SysNative\drivers\qcusbserhp2k.sys (QUALCOMM Incorporated)
DRV:64bit: - (qcombushp) -- C:\Windows\SysNative\drivers\qcombushp.sys (MCCI)
DRV:64bit: - (qcfilterhp2k) -- C:\Windows\SysNative\drivers\qcfilterhp2k.sys (QUALCOMM Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (tcpipBM) -- C:\Windows\SysNative\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV:64bit: - (BMLoad) -- C:\Windows\SysNative\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (vodafone_K3805-z_dc_enum) -- C:\Windows\SysNative\drivers\vodafone_K3805-z_dc_enum.sys (Vodafone)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SbFsLock) -- C:\windows\SysNative\drivers\SbFsLock.sys (McAfee, Inc.)
DRV:64bit: - (RsvLock) -- C:\windows\SysNative\drivers\RsvLock.sys (McAfee, Inc.)
DRV:64bit: - (SafeBoot) -- C:\windows\SysNative\drivers\SafeBoot.sys ()
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (rismcx64) -- C:\Windows\SysNative\drivers\rismcx64.sys (RICOH Company, Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SbAlg) -- C:\windows\SysNative\drivers\SbAlg.sys (McAfee, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (adfs) -- C:\windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (SbAlg) -- C:\windows\SysWow64\drivers\SbAlg.sys (McAfee, Inc.)
DRV - (SbFsLock) -- C:\windows\SysWow64\drivers\SbFsLock.sys (McAfee, Inc.)
DRV - (RsvLock) -- C:\windows\SysWow64\drivers\rsvlock.sys (McAfee, Inc.)
DRV - (SafeBoot) -- C:\windows\SysWow64\drivers\SafeBoot.sys (McAfee, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{E8E96765-A1D3-44EA-9102-639084622E71}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=dsse
IE - HKLM\..\SearchScopes\{E8E96765-A1D3-44EA-9102-639084622E71}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\..\SearchScopes\{0186DDB1-69EE-4B2E-A1BB-53C7D17AEB6B}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=a0a1cfd1-f3a9-4b10-a64a-24589addf085&pid=ccleanerde&mode=bounce&k=0
IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\..\SearchScopes\{1D2BC020-E7D9-4E39-9E23-F533A778DCF5}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=a0a1cfd1-f3a9-4b10-a64a-24589addf085&pid=ccleanerde&mode=bounce&k=0
IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\..\SearchScopes\{3BA9E3D7-6190-4454-8C3A-B640449E90D2}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=a0a1cfd1-f3a9-4b10-a64a-24589addf085&pid=ccleanerde&mode=bounce&k=0
IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\..\SearchScopes\{3D6E8087-AC2F-4293-B6CE-9D5F06D1058B}: "URL" = [String data over 1000 bytes]
IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=dsse
IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\..\SearchScopes\{D509D060-9149-4588-BD37-8904865FD017}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=a0a1cfd1-f3a9-4b10-a64a-24589addf085&pid=ccleanerde&mode=bounce&k=0
IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\..\SearchScopes\{D6711850-1F2B-46BF-94C2-37035561D6FF}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=a0a1cfd1-f3a9-4b10-a64a-24589addf085&pid=ccleanerde&mode=bounce&k=0
IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\..\SearchScopes\{E8E96765-A1D3-44EA-9102-639084622E71}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D434D4E5444462670633D434D4E544446267372633D49452D536561726368426F78&st={searchTerms}&clid=a0a1cfd1-f3a9-4b10-a64a-24589addf085&pid=ccleanerde&k=0
IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\..\SearchScopes\{F9BA701B-BBB5-4BA8-9C34-88FC6D65BCEC}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=a0a1cfd1-f3a9-4b10-a64a-24589addf085&pid=ccleanerde&mode=bounce&k=0
IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: plugin%40seitwert.de:1.0.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.2
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4189
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2012.11.21 09:39:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010.09.10 23:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ [2011.03.10 12:59:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 10:42:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.06 10:42:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012.11.21 09:39:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 10:42:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.06 10:42:16 | 000,000,000 | ---D | M]
 
[2011.03.02 20:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.02.07 21:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\x5odo20k.default\extensions
[2013.01.11 07:17:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\x5odo20k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.01.15 19:08:22 | 000,077,310 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\x5odo20k.default\extensions\plugin@seitwert.de.xpi
[2013.02.07 21:15:40 | 000,014,949 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\x5odo20k.default\extensions\twitter.address.bar.search@firefox.twitter.xpi
[2013.02.05 23:35:29 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\x5odo20k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.07 21:16:07 | 000,002,101 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\x5odo20k.default\searchplugins\googlede.xml
[2013.02.07 21:11:06 | 000,001,555 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\x5odo20k.default\searchplugins\ixquick-https---deutsch.xml
[2013.02.07 21:11:06 | 000,005,431 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\x5odo20k.default\searchplugins\startpage-https---deutsch.xml
[2013.02.07 21:15:40 | 000,002,973 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\x5odo20k.default\searchplugins\twitter-.xml
[2013.02.06 10:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.06 10:42:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.02.06 10:42:19 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.02.07 21:11:06 | 000,001,684 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.07 21:11:06 | 000,001,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.07 21:11:06 | 000,001,271 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.07 21:11:06 | 000,007,051 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.07 21:11:06 | 000,001,278 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.07 21:11:06 | 000,001,170 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Mixesoft Click&Clean Plug-In (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npccch32.dll
CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npqscan.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Pr\u00E4sentationen = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.6_0\
CHR - Extension: SEOprofiler = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\anflggobmhfgfdfjfgnihbnfohehopcc\0.2.0.1_0\
CHR - Extension: Google Docs = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Lucidchart \u2013 Gemeinsam visualisieren = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn\16_0\
CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: SocialBro = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bagknoiagpifjfbempgignagkejmkljm\0.4.0.14_0\
CHR - Extension: Sexy Undo Close Tab = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg\7.2.8_0\
CHR - Extension: MindMeister = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm\2.1.1_0\
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: SEO SERP Workbench = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehbgolklgacemnfnmkkpgekngaaggjjl\1.0_0\
CHR - Extension: MailChimp = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\einnfnfpkbbebamphappjlmbedgjbnoe\1.1_0\
CHR - Extension: Gmail offline = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0\
CHR - Extension: Box - 5 GB freier Speicher = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl\1.1.6_0\
CHR - Extension: Seitwert.de SEO Plugin = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcafcehljeapcbpemommidnpcimhhhoe\1.0_0\
CHR - Extension: Google Tabellen = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\0.6_0\
CHR - Extension: Wunderlist = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc\2.0_0\
CHR - Extension: Click&Clean = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.0.1_0\
CHR - Extension: SEOzio = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghlinldjknincdnifcelhiemjahifcjb\3.0_0\
CHR - Extension: Gantter = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\himomacamcpodhkahelbnmaddladgjgo\3.5.7_0\
CHR - Extension: 1concept = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf\0.2.9.3_0\
CHR - Extension: mysms - SMS anywhere = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkkehjnlfplmdnallbjjdnokolhblgb\2.6.2_0\
CHR - Extension: Google Share Button = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\idaeealfhcijmeigljaopafdapgijdcb\1.1.0.12_0\
CHR - Extension: Dropbox = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.3_0\
CHR - Extension: Kostenloser Online-PDF Tools = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfpnmfhodaljeelokfceepbeapgbdn\1.0.1.2_0\
CHR - Extension: Disconnect = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\4.2.0_0\
CHR - Extension: Google Formulare = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg\0.5_0\
CHR - Extension: Yoono - Twitter, Facebook, LinkedIn, YouTube\u2122 = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\0.2.7.22_0\
CHR - Extension: HootSuite = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.244_0\
CHR - Extension: Evernote Web = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: MODevel SEO Ranking (Backend) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhlfjfpdmdcaeplloceibdadoclbkbm\3.1.9_0\
CHR - Extension: Google Zeichnungen = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme\0.6_0\
CHR - Extension: Crowdbooster = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocmfheajhbmicdlmoggadcehdgibfdfc\0.0.1_0\
CHR - Extension: Cacoo - Diagramming & Real-Time Collaboration = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcflmbddgcmomcfngehfhlajjapabojh\1.2.0_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.02.11 10:30:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Dell Symbolleiste) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DNS Error Helper) - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Dell Symbolleiste) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [dleemon.exe] C:\Program Files (x86)\Dell V715w\dleemon.exe ()
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Dell V715w\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Connection Manager.exe] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe (Smith Micro Software, Inc)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] C:\windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] C:\windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{870925AB-8270-4C20-9A66-331B278C7CC5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE1CE425-7F04-4A53-A7D6-9321D8185387}: NameServer = 139.7.30.126 139.7.30.125
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.11 12:47:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.11 10:21:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013.02.11 10:21:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013.02.11 10:21:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013.02.11 10:18:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.11 10:18:21 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013.02.11 10:17:55 | 005,030,592 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.02.09 17:37:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\markus.schulte
[2013.02.09 15:42:44 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2013.02.09 15:27:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner
[2013.02.07 21:11:24 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\windows\SysWow64\dhRichClient3.dll
[2013.02.07 21:11:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon
[2013.02.07 21:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\DNSErrorHelper
[2013.02.07 21:11:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OCS
[2013.02.07 16:36:47 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar
[2013.02.07 10:44:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.02.07 10:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.07 10:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.06 10:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.05 23:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.05 23:21:17 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013.02.05 23:21:09 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013.02.05 23:21:09 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013.02.05 23:21:09 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.05 20:07:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.02.05 20:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.05 20:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.05 20:06:59 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.02.05 20:06:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.05 20:05:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2013.02.04 20:44:42 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\_Recherche
[2013.02.04 20:44:33 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\_System
[2013.02.04 20:15:01 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\_Seminare
[2013.02.04 18:37:46 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Keksbox
[2013.02.04 18:03:17 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\_PR
[2013.02.04 15:11:45 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\_SM
[2013.01.29 12:26:35 | 000,000,000 | ---D | C] -- C:\Users\***\Application Data
[2013.01.22 14:06:05 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\cache
[2013.01.22 14:05:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\webex
[2013.01.18 11:33:27 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Aufräumen
[2013.01.13 10:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013.01.13 10:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.13 10:57:18 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2013.01.13 10:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.13 10:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.13 10:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.01.13 10:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.01.13 10:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.11 12:52:45 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.11 12:52:45 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.11 12:51:20 | 001,622,172 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.02.11 12:51:20 | 000,700,646 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.02.11 12:51:20 | 000,655,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.02.11 12:51:20 | 000,149,410 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.02.11 12:51:20 | 000,122,190 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.02.11 12:48:01 | 000,001,122 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.11 12:47:57 | 000,000,204 | ---- | M] () -- C:\Users\***\Desktop\Vodafone Videothek.url
[2013.02.11 12:44:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.02.11 12:44:26 | 2033,745,919 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.11 12:41:04 | 000,587,659 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.02.11 12:20:01 | 000,001,126 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.11 12:20:00 | 000,001,156 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3442603491-3579072867-3194603140-1001UA.job
[2013.02.11 12:04:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.02.11 10:30:35 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013.02.11 09:35:58 | 005,030,592 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.02.10 18:20:02 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3442603491-3579072867-3194603140-1001Core.job
[2013.02.10 02:05:47 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.02.10 02:05:47 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.09 15:42:25 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2013.02.09 15:37:55 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat
[2013.02.07 16:27:38 | 013,562,257 | ---- | M] () -- C:\Users\***\Desktop\mbar-1.01.0.1017(1).zip
[2013.02.07 14:12:59 | 000,120,794 | ---- | M] () -- C:\Users\***\Desktop\Logfiles.zip
[2013.02.07 11:41:23 | 000,365,568 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.0.18454.exe
[2013.02.07 10:44:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.02.07 10:33:36 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.02.06 17:26:14 | 000,000,575 | ---- | M] () -- C:\windows\SysNative\checkdnsid.xml
[2013.02.06 12:38:07 | 003,100,167 | ---- | M] () -- C:\Users\***\Desktop\Manuel_Software2.png
[2013.02.06 12:37:35 | 003,471,942 | ---- | M] () -- C:\Users\***\Desktop\Manuel_Software.png
[2013.02.06 12:02:53 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013.02.06 11:55:11 | 003,020,368 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.02.05 23:20:33 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.05 23:20:32 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2013.02.05 23:20:32 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2013.02.05 23:20:32 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013.02.05 23:20:32 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013.02.05 23:20:32 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013.02.05 22:24:57 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.02.05 21:57:11 | 000,019,767 | ---- | M] () -- C:\Users\***\Desktop\gvu-trojaner-1212_k.png
[2013.02.05 20:35:35 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.05 19:00:52 | 000,262,641 | ---- | M] () -- C:\Users\***\Desktop\Bitdefnder_Scan_01.xml
[2013.02.05 13:24:09 | 001,641,646 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013.02.05 10:16:22 | 000,000,153 | ---- | M] () -- C:\ProgramData\9zVXhbR.reg
[2013.02.04 20:55:10 | 000,037,272 | ---- | M] () -- C:\Users\***\Documents\cc_20130204_205459.reg
[2013.01.30 17:11:22 | 000,082,384 | ---- | M] (BitDefender SRL) -- C:\windows\SysNative\drivers\bdsandbox.sys
[2013.01.30 17:11:04 | 000,707,528 | ---- | M] (BitDefender) -- C:\windows\SysNative\drivers\avc3.sys
[2013.01.30 17:10:40 | 000,589,000 | ---- | M] (BitDefender) -- C:\windows\SysNative\drivers\avckf.sys
[2013.01.13 10:57:29 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.13 10:48:16 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.11 12:41:04 | 000,587,659 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.02.11 10:21:20 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013.02.11 10:21:20 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013.02.11 10:21:20 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013.02.11 10:21:20 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013.02.11 10:21:20 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013.02.09 15:37:55 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat
[2013.02.07 21:11:24 | 000,338,432 | ---- | C] () -- C:\windows\SysWow64\sqlite36_engine.dll
[2013.02.07 16:27:03 | 013,562,257 | ---- | C] () -- C:\Users\***\Desktop\mbar-1.01.0.1017(1).zip
[2013.02.07 14:12:59 | 000,120,794 | ---- | C] () -- C:\Users\***\Desktop\Logfiles.zip
[2013.02.07 11:41:23 | 000,365,568 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.0.18454.exe
[2013.02.07 10:33:36 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.02.06 12:38:06 | 003,100,167 | ---- | C] () -- C:\Users\***\Desktop\Manuel_Software2.png
[2013.02.06 12:37:34 | 003,471,942 | ---- | C] () -- C:\Users\***\Desktop\Manuel_Software.png
[2013.02.06 11:36:34 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.02.06 11:36:34 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013.02.05 22:24:57 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.02.05 21:57:10 | 000,019,767 | ---- | C] () -- C:\Users\***\Desktop\gvu-trojaner-1212_k.png
[2013.02.05 20:07:00 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.05 19:02:44 | 000,262,641 | ---- | C] () -- C:\Users\***\Desktop\Bitdefnder_Scan_01.xml
[2013.02.05 10:16:22 | 000,000,153 | ---- | C] () -- C:\ProgramData\9zVXhbR.reg
[2013.02.04 20:55:05 | 000,037,272 | ---- | C] () -- C:\Users\***\Documents\cc_20130204_205459.reg
[2013.01.13 10:57:29 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.13 10:48:16 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.07.06 10:55:42 | 001,641,646 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.07.05 17:15:00 | 000,000,218 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.04.11 17:09:24 | 000,007,168 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.22 19:21:34 | 005,981,484 | ---- | C] () -- C:\Users\***\seniorenwegweiser2011_2012.pdf
[2011.07.15 12:51:19 | 000,847,872 | ---- | C] ( ) -- C:\windows\SysWow64\dleeusb1.dll
[2011.07.15 12:51:19 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\dleepmui.dll
[2011.07.15 12:51:19 | 000,364,544 | ---- | C] ( ) -- C:\windows\SysWow64\dleeinpa.dll
[2011.07.15 12:51:19 | 000,344,064 | ---- | C] () -- C:\windows\SysWow64\dleecomx.dll
[2011.07.15 12:51:19 | 000,344,064 | ---- | C] ( ) -- C:\windows\SysWow64\dleeiesc.dll
[2011.07.15 12:51:19 | 000,331,776 | ---- | C] () -- C:\windows\SysWow64\DLEEinst.dll
[2011.07.15 12:51:19 | 000,323,584 | ---- | C] () -- C:\windows\SysWow64\dleeins.dll
[2011.07.15 12:51:19 | 000,262,144 | ---- | C] () -- C:\windows\SysWow64\dleeinsb.dll
[2011.07.15 12:51:19 | 000,253,952 | ---- | C] () -- C:\windows\SysWow64\dleecu.dll
[2011.07.15 12:51:19 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\dleeinsr.dll
[2011.07.15 12:51:19 | 000,090,112 | ---- | C] () -- C:\windows\SysWow64\dleecub.dll
[2011.07.15 12:51:19 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\dleejswr.dll
[2011.07.15 12:51:19 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\dleecur.dll
[2011.07.15 12:51:18 | 001,048,576 | ---- | C] ( ) -- C:\windows\SysWow64\dleeserv.dll
[2011.07.15 12:51:18 | 000,802,816 | ---- | C] ( ) -- C:\windows\SysWow64\dleecomc.dll
[2011.07.15 12:51:18 | 000,688,128 | ---- | C] ( ) -- C:\windows\SysWow64\dleehbn3.dll
[2011.07.15 12:51:18 | 000,598,696 | ---- | C] ( ) -- C:\windows\SysWow64\dleecoms.exe
[2011.07.15 12:51:18 | 000,577,536 | ---- | C] ( ) -- C:\windows\SysWow64\dleelmpm.dll
[2011.07.15 12:51:18 | 000,373,416 | ---- | C] ( ) -- C:\windows\SysWow64\dleecfg.exe
[2011.07.15 12:51:18 | 000,372,736 | ---- | C] ( ) -- C:\windows\SysWow64\dleecomm.dll
[2011.07.15 12:51:18 | 000,324,264 | ---- | C] ( ) -- C:\windows\SysWow64\dleeih.exe
[2011.07.15 12:51:18 | 000,086,183 | ---- | C] () -- C:\windows\SysWow64\DLEEcfg.dll
[2011.07.15 12:51:09 | 000,299,008 | ---- | C] () -- C:\windows\SysWow64\DLEEsm.dll
[2011.07.15 12:51:09 | 000,032,768 | ---- | C] () -- C:\windows\SysWow64\DLEEsmr.dll
[2011.06.20 14:06:15 | 000,000,000 | ---- | C] () -- C:\Users\***\iphone.sqlite
[2011.06.06 09:37:11 | 000,001,854 | ---- | C] () -- C:\Users\***\AppData\Roaming\GhostObjGAFix.xml
[2011.05.30 15:27:47 | 000,003,464 | ---- | C] () -- C:\Users\***\.ganttproject
[2011.05.10 15:24:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.06 14:19:34 | 000,000,199 | ---- | C] () -- C:\windows\hbcikrnl.ini
[2011.03.05 21:00:04 | 000,772,572 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.03.03 01:47:29 | 000,033,134 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2011.02.20 00:11:28 | 000,255,360 | ---- | C] ( ) -- C:\windows\SysWow64\rsnp2uvc.dll
[2011.02.20 00:11:28 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011.02.20 00:11:28 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010.12.31 12:48:56 | 000,208,552 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2011.03.05 21:16:50 | 000,000,000 | ---- | M] ()(C:\windows\SysNative\?????) -- C:\windows\SysNative\獷楬汢捯污
[2011.03.05 21:16:50 | 000,000,000 | ---- | C] ()(C:\windows\SysNative\?????) -- C:\windows\SysNative\獷楬汢捯污

< End of report >
--- --- ---

smarks 11.02.2013 13:16
Sorry, hier die zweiten Logfiles,

OTL-Extra:

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 11.02.2013 12:53:36 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,86 Gb Total Physical Memory | 5,26 Gb Available Physical Memory | 66,93% Memory free
15,72 Gb Paging File | 12,64 Gb Available in Paging File | 80,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,46 Gb Total Space | 200,58 Gb Free Space | 44,73% Space Free | Partition Type: NTFS
Drive F: | 1,99 Gb Total Space | 0,00 Gb Free Space | 0,07% Space Free | Partition Type: FAT32
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-3442603491-3579072867-3194603140-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CBEFE10-52E4-4E2D-9700-96A800D46DAA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{158E2188-CCCA-44D8-AD0A-CC2FA277DBCB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18C4BB15-F557-4999-B51D-2D0F0000A096}" = rport=138 | protocol=17 | dir=out | app=system |
"{1D58810D-E570-44CB-9F84-D7C362D8AC98}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2164CE1B-8446-4684-BCFD-505888C2CC0C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27087606-CEEE-4E54-9946-33658C3F43FA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2C8C9BF6-11B5-437C-9ECF-10969B6C389F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{310EFAAC-DBD2-44E5-B34D-BE58D8058546}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3AA3B4AF-A93E-4CC5-8E15-3F6012F8F700}" = rport=445 | protocol=6 | dir=out | app=system |
"{3ABFCE8B-A597-4C40-81D2-053A3BC6CB48}" = rport=137 | protocol=17 | dir=out | app=system |
"{4C671B3F-84B9-4331-828A-90316FAA8881}" = lport=138 | protocol=17 | dir=in | app=system |
"{5148437F-7266-46E5-8C44-9F13CAF20667}" = lport=2869 | protocol=6 | dir=in | app=system |
"{53CE32C4-0491-4690-99F3-916CCE811995}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{7340CD4E-61AD-41E6-85BB-E983529EA03E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74ED2982-8F18-4357-B126-B6258FF01DA7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8EAE05DC-6B84-4A1C-8745-CAACF4BAA6D2}" = lport=445 | protocol=6 | dir=in | app=system |
"{A6471AC0-B134-464E-B8F6-B64BB8498E67}" = rport=139 | protocol=6 | dir=out | app=system |
"{B1C96D5B-3766-4289-BC70-214F8F99BC99}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CC3612BB-B3FD-49C9-B893-279F4733BD94}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CE93DD49-4F22-4434-8E86-30890666C538}" = lport=139 | protocol=6 | dir=in | app=system |
"{D1ED2DBA-2509-4C32-BA59-5DA61AC3A6E3}" = lport=137 | protocol=17 | dir=in | app=system |
"{D9FF0FCB-90C6-4A1E-BBFE-AA2770842086}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E91ED1DC-9DBA-4F4C-B0A4-354179100929}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ECC1B01F-A0F1-4578-A8A8-2AC09A83DAE2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EDE4EC94-7CD4-40B2-9F04-3EFFCBA3DC74}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F5DE75E1-8498-49B7-A91D-B07DD51A4B41}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04D8A32A-624A-47A3-AE04-F572CD763FF8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{05F686D6-0EB1-4706-B141-41BDD188792A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{0EF74CF5-5ECA-41E2-ABD4-8A2D6F4AA4BB}" = protocol=6 | dir=out | app=system |
"{1082F02E-6181-4029-A3D5-BA9DF2FF1633}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1425F41D-17FE-420D-B665-F0D2C2AE2459}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{19CD990E-66B7-43B6-A066-86D916B9BAC8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{201CECBF-888C-4056-B442-3BBE746F6813}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2115F257-C904-4A59-A7D9-3ABDDBAD166F}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe |
"{228AB016-CED5-41A2-ADFF-19D0F7279AFD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{232E9E74-CD9F-4D23-A9E2-78916B39BD72}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{24374955-28DB-48B0-BECD-2571B41554D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2CF14AE0-B6AC-40E6-A2F9-7F2928A449F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2DF698CD-9C98-486D-A5C8-DE4C6B599876}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{466A0515-BBD0-4856-B8B9-F2C0F11DAADE}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{4C698689-98F7-4FE6-8D61-E775747A3CC4}" = dir=in | app=c:\windows\system32\dleecoms.exe |
"{503897ED-448E-4580-9F8C-FBE0D53FE66F}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |
"{576AD9D2-F83D-4065-990B-C3C0B9A46592}" = dir=in | app=c:\windows\system32\dleecoms.exe |
"{59057659-08C9-4117-BAAD-DF81BDCB3230}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{61D3F4CA-FBCF-4063-AB08-BDCFC2AE4AE8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{62B486F7-3AD7-4846-B4C4-59B410ABC4C3}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{62C0B310-2B06-4F92-A290-24B57B96368D}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v715w\dleefax.exe |
"{6760C2DB-BCE6-46D7-8A95-E3359921C1CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{69485B82-B8F8-4C9F-B39F-BFD1896DBC63}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{6C0970C0-35E6-425D-AFE0-ED1439E3150D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6F5CE975-307E-487E-897A-FBDD335246B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{782F59FF-A9D2-4C27-8F41-FF4BEB58BE9B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{78B53672-F087-472D-A98A-A53EFABA531A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7CB847B7-3FCE-439C-9250-8701E86AC149}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |
"{8F15E6D2-8C00-42E5-AFD4-CEACFFB5FC1B}" = dir=in | app=c:\windows\system32\dleecoms.exe |
"{96191A60-8A69-4605-A29B-CED6733EA735}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B348065-5DEA-4FC6-AF5F-9912066CF5E3}" = protocol=6 | dir=in | app=c:\program files (x86)\software4u\iphone explorer\software4u.iphoneexplorer.exe |
"{9C7A2F4D-4D4A-4C03-867E-1AE412C5655C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9D96D764-5E43-4ECF-9887-20E91FC32343}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{A08B2770-1F93-4B71-8D8C-C615003F5D9A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A0E98F0B-2DD4-4960-B369-8ED1C25B12F1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A88208D9-2D70-4243-A635-B801C4070AE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AAB8C518-63DD-4FEF-97B9-981461FFECB7}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe |
"{AD7A5DD8-C6C5-451C-9F50-C9BF47FC70F0}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{B1AFA860-7876-44BA-BCCD-CAE48ACDE1FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B45963C7-1104-4466-9AA2-68A3FB8D2A9D}" = dir=in | app=c:\windows\system32\dleecoms.exe |
"{BCBBAD8A-5909-4E9D-A14A-4CCE034A5F67}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C411CC64-A257-4FA0-BE14-073DD1A67A85}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D694D0F0-9967-4ACF-8F9D-01C139B3A7C7}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v715w\dleefax.exe |
"{DD2EBF82-C962-46CF-8EEA-9E9A58A598F9}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{E1D5136D-FC18-45D3-B100-271AA9F93473}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{E1F10FB6-091F-4959-AE3C-C5A2EF2B0A7C}" = protocol=17 | dir=in | app=c:\program files (x86)\software4u\iphone explorer\software4u.iphoneexplorer.exe |
"{E82CE48D-2E82-43D5-BB17-A056BAE7054D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EAEC3EE4-0371-4A16-B4EC-1B4763B528CE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F4F9D7B8-B466-4DAA-A49A-557474458456}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F7150ED8-9734-4DC4-8A3A-13EEEC6427DA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FF715D12-DB17-48A4-9031-147376D8724D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{8F5E441C-73EF-410D-B1B2-0D7FCDF262C5}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{98D60260-1227-4F32-9F29-597B6FA03D53}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2917FD4B-9D6C-4012-BB45-DC9722CA78E2}" = HP ProtectTools Security Manager
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{369ABA06-0536-4E6A-A1FC-40983E268F47}" = Nitro PDF Reader 2
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5CEE98FB-1963-4662-A780-410DA4533D53}" = HP Power Data
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{682FBA83-2CCA-4CFA-A08A-6767DAB2FC9C}" = HP Power Assistant
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F258628-2E18-4C2E-8127-EF4EFAF5F75C}" = HP 3D DriveGuard
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ABCB696E-2494-48FC-826D-0666CEE460DB}" = Drive Encryption for HP ProtectTools
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C1AC1FED-9E75-42A5-B3EA-CCEC92E75D61}" = Raw Therapee V4.0.9.50 x64
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}" = Validity Fingerprint Driver
"{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}" = HP QuickLook
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
"Bitdefender" = Bitdefender Total Security 2013
"CCleaner" = CCleaner
"Dell V715w" = Dell V715w
"DesktopIconAmazon" = Desktop Icon für Amazon
"HPProtectTools" = HP ProtectTools Security Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PhotomatixPro4.0x64_is1" = Photomatix Pro version 4.0.2
"PROSet" = Intel(R) Network Connections Drivers
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{05570795-9449-4B25-9F1F-80E7970889F4}" = StarMoney 7.0
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{18F4179A-385F-40EE-AE2D-FA0E1BE62753}" = HP Software Framework
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5A771AE0-513F-4EC5-AB09-A7D3D22A2E20}" = Qualcomm Gobi 2000 Package for HP
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}" = HP Documentation
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7861911B-4270-498A-8F7A-FCF0570F484B}" = HP QuickWeb
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6365256-0FBA-4DCD-88CE-D92A4DC9328E}" = HP ESU for Microsoft Windows 7
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EBF2741D-5A35-4509-AD94-F07C18D0CE19}" = HP Connection Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD8234FF-A70D-4632-B146-F41AB37C0B24}" = HP Business Card Reader
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Artisteer 3" = Artisteer 3
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Drive Encryption" = Drive Encryption for HP ProtectTools
"FileZilla Client" = FileZilla Client 3.5.0
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"GanttProject" = GanttProject
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"XnView_is1" = XnView 1.98.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3442603491-3579072867-3194603140-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.02.2013 10:09:18 | Computer Name = *** | Source = VmbService | ID = 0
Description = GetLoggedOnUser
 
Error - 10.02.2013 14:06:08 | Computer Name = *** | Source = Windows Backup | ID = 4104
Description =
 
Error - 10.02.2013 14:36:07 | Computer Name = *** | Source = VmbService | ID = 0
Description = GetClient
 
Error - 10.02.2013 19:31:29 | Computer Name = *** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe".
 Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Hewlett-Packard\2009
 Password Filter for HP ProtectTools\PTChangeFilterService.exe.Config" in Zeile
0.  Ungültige XML-Syntax.
 
Error - 10.02.2013 19:31:56 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 11.02.2013 03:42:05 | Computer Name = *** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe".
 Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Hewlett-Packard\2009
 Password Filter for HP ProtectTools\PTChangeFilterService.exe.Config" in Zeile
0.  Ungültige XML-Syntax.
 
Error - 11.02.2013 03:42:21 | Computer Name = *** | Source = VmbService | ID = 0
Description = GetLoggedOnUser
 
Error - 11.02.2013 03:42:29 | Computer Name = *** | Source = VmbService | ID = 0
Description = GetLoggedOnUser
 
Error - 11.02.2013 07:45:05 | Computer Name = *** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe".
 Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Hewlett-Packard\2009
 Password Filter for HP ProtectTools\PTChangeFilterService.exe.Config" in Zeile
0.  Ungültige XML-Syntax.
 
Error - 11.02.2013 07:45:35 | Computer Name = *** | Source = VmbService | ID = 0
Description = GetLoggedOnUser
 
[ Hewlett-Packard Events ]
Error - 24.11.2012 06:40:58 | Computer Name = *** | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe  bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
  bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 8047  Ram Utilization: 40  TargetSite: Void loadActiveCheckResult(Boolean) 
 
Error - 24.11.2012 08:41:41 | Computer Name = *** | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261  bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
  bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 8047  Ram Utilization: 50  TargetSite: Void loadActiveCheckResult(Boolean) 
 
Error - 24.11.2012 08:41:53 | Computer Name = *** | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261  bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
  bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 8047  Ram Utilization: 50  TargetSite: Void loadActiveCheckResult(Boolean) 
 
Error - 25.11.2012 06:41:50 | Computer Name = *** | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261  bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
  bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 8047  Ram Utilization: 40  TargetSite: Void loadActiveCheckResult(Boolean) 
 
Error - 25.11.2012 07:25:01 | Computer Name = *** | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261  bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
  bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 8047  Ram Utilization: 40  TargetSite: Void loadActiveCheckResult(Boolean) 
 
Error - 26.11.2012 04:05:15 | Computer Name = *** | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261  bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
  bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 8047  Ram Utilization: 30  TargetSite: Void loadActiveCheckResult(Boolean) 
 
Error - 26.11.2012 04:05:16 | Computer Name = *** | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe  bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()

  bei HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
 guidRestarted)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
  bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()

  bei HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
 guidRestarted)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 8047  Ram Utilization: 30  TargetSite: System.Collections.Generic.List`1[HP.SupportFramework.Utilities.HPSAIssues.ActionItem]
 GetAppliedUpdates() 
 
Error - 03.12.2012 04:29:04 | Computer Name = *** | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261  bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
  bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 8047  Ram Utilization: 40  TargetSite: Void loadActiveCheckResult(Boolean) 
 
Error - 03.12.2012 04:39:21 | Computer Name = *** | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe  bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
  bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 8047  Ram Utilization: 40  TargetSite: Void loadActiveCheckResult(Boolean) 
 
Error - 03.12.2012 04:39:21 | Computer Name = *** | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe  bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
  bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 8047  Ram Utilization: 40  TargetSite: Void loadActiveCheckResult(Boolean) 
 
[ HP Power Assistant Events ]
Error - 29.09.2011 04:54:41 | Computer Name = *** | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Aero consumption missing from
the power usage node (planName=HP powerSource=AC).    bei HPPA_Main.DatFileAccess.LogError(Nullable`1
 throwException, String formatString, Object[] args)    bei HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
 pu)    bei HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)

  bei HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
 
Error - 30.09.2011 11:37:49 | Computer Name = *** | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
 found in the dat file.
 
Error - 30.09.2011 11:37:50 | Computer Name = *** | Source = HP PA Application | ID = 0
Description = Aero consumption missing from the power usage node (planName=HP powerSource=AC).
 
Error - 30.09.2011 11:37:50 | Computer Name = *** | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Aero consumption missing from
the power usage node (planName=HP powerSource=AC).    bei HPPA_Main.DatFileAccess.LogError(Nullable`1
 throwException, String formatString, Object[] args)    bei HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
 pu)    bei HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)

  bei HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
 
Error - 02.10.2011 03:07:46 | Computer Name = *** | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
 found in the dat file.
 
Error - 02.10.2011 03:07:48 | Computer Name = *** | Source = HP PA Application | ID = 0
Description = Aero consumption missing from the power usage node (planName=HP powerSource=AC).
 
Error - 02.10.2011 03:07:48 | Computer Name = *** | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Aero consumption missing from
the power usage node (planName=HP powerSource=AC).    bei HPPA_Main.DatFileAccess.LogError(Nullable`1
 throwException, String formatString, Object[] args)    bei HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
 pu)    bei HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)

  bei HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
 
Error - 02.10.2011 13:05:55 | Computer Name = *** | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
 found in the dat file.
 
Error - 02.10.2011 13:05:58 | Computer Name = *** | Source = HP PA Application | ID = 0
Description = Aero consumption missing from the power usage node (planName=HP powerSource=AC).
 
Error - 02.10.2011 13:05:58 | Computer Name = *** | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Aero consumption missing from
the power usage node (planName=HP powerSource=AC).    bei HPPA_Main.DatFileAccess.LogError(Nullable`1
 throwException, String formatString, Object[] args)    bei HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
 pu)    bei HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)

  bei HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
 
[ HP Software Framework Events ]
Error - 21.01.2013 19:06:12 | Computer Name = *** | Source = CaslSmBios | ID = 5
Description = 2013.01.22 00:06:12.441|00000634|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the Wireless.GlobalChanged.2.0 event. Exception: Der Objektverweis
 wurde nicht auf eine Objektinstanz festgelegt.
 
Error - 26.01.2013 10:04:39 | Computer Name = *** | Source = CaslSmBios | ID = 5
Description = 2013.01.26 15:04:39.538|000019D0|Error      |[CaslWmi]A::A{bool(object,hpCasl.CaslEventArgs&)}|Error
 e_INVALID_XML converting PMC bytes to XML.
 
Error - 30.01.2013 05:07:03 | Computer Name = *** | Source = CaslSmBios | ID = 5
Description = 2013.01.30 10:07:03.894|000020FC|Error      |[CaslWmi]A::A{bool(object,hpCasl.CaslEventArgs&)}|Error
 e_INVALID_XML converting PMC bytes to XML.
 
Error - 07.02.2013 04:58:22 | Computer Name = *** | Source = CaslSmBios | ID = 5
Description = 2013.02.07 09:58:21.974|00000890|Error      |[CaslWmi]A::A{bool(object,hpCasl.CaslEventArgs&)}|Error
 e_INVALID_XML converting PMC bytes to XML.
 
Error - 07.02.2013 05:34:20 | Computer Name = *** | Source = CaslSmBios | ID = 5
Description = 2013.02.07 10:34:20.521|00000FC4|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf
eine Objektinstanz festgelegt.
 
Error - 07.02.2013 05:34:20 | Computer Name = *** | Source = CaslSmBios | ID = 5
Description = 2013.02.07 10:34:20.584|00000FC4|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the Wireless.GlobalChanged.2.0 event. Exception: Der Objektverweis
 wurde nicht auf eine Objektinstanz festgelegt.
 
Error - 08.02.2013 04:37:13 | Computer Name = *** | Source = CaslSmBios | ID = 5
Description = 2013.02.08 09:37:13.837|00001C28|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf
eine Objektinstanz festgelegt.
 
Error - 08.02.2013 21:31:54 | Computer Name = *** | Source = CaslSmBios | ID = 5
Description = 2013.02.09 02:31:54.359|00001AFC|Error      |[CaslWmi]A::A{bool(object,hpCasl.CaslEventArgs&)}|Error
 e_INVALID_XML converting PMC bytes to XML.
 
Error - 11.02.2013 07:43:49 | Computer Name = *** | Source = CaslSmBios | ID = 5
Description = 2013.02.11 12:43:49.187|000018D4|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf
eine Objektinstanz festgelegt.
 
Error - 11.02.2013 07:43:49 | Computer Name = *** | Source = CaslSmBios | ID = 5
Description = 2013.02.11 12:43:49.218|000018D4|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the Wireless.GlobalChanged.2.0 event. Exception: Der Objektverweis
 wurde nicht auf eine Objektinstanz festgelegt.
 
[ HP Wireless Assistant Events ]
Error - 27.01.2012 18:36:35 | Computer Name = *** | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt    bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)    bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

  bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 08.02.2012 18:22:33 | Computer Name = *** | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt    bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)    bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

  bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 08.02.2012 18:22:33 | Computer Name = *** | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt    bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)    bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

  bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 08.03.2012 01:45:11 | Computer Name = *** | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly. 
  bei PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)
 
Error - 23.03.2012 09:44:04 | Computer Name = *** | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Fehler in der Anwendung.    bei HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)    bei HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)    bei HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 23.03.2012 09:44:05 | Computer Name = *** | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 06.06.2012 08:25:59 | Computer Name = *** | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly. 
  bei PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)
 
Error - 28.06.2012 18:08:43 | Computer Name = *** | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)    bei System.Management.ManagementScope.InitializeGuts(Object
 o)    bei System.Management.ManagementScope.Initialize()    bei System.Management.ManagementObject.Initialize(Boolean
 getObject)    bei System.Management.ManagementBaseObject.get_Properties()    bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)    bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 05.02.2013 18:18:19 | Computer Name = *** | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Fehler in der Anwendung.    bei HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)    bei HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)    bei HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 05.02.2013 18:18:20 | Computer Name = *** | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
[ System Events ]
Error - 11.02.2013 05:30:09 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 11.02.2013 05:30:37 | Computer Name = *** | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 11.02.2013 07:45:01 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AddonsHelper" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%193
 
Error - 11.02.2013 07:45:05 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 dleeCATSCustConnectService erreicht.
 
Error - 11.02.2013 07:45:05 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "dleeCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 11.02.2013 07:45:05 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%14001
 
Error - 11.02.2013 07:45:07 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimspci" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%1058
 
Error - 11.02.2013 07:45:07 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "risdpcie" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%1058
 
Error - 11.02.2013 07:45:07 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rixdpcie" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%1058
 
Error - 11.02.2013 07:45:27 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "SearchAnonymizer" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
 
< End of report >
--- --- ---

cosinus 11.02.2013 14:14

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
[2013.02.05 10:16:22 | 000,000,153 | ---- | M] () -- C:\ProgramData\9zVXhbR.reg
[2013.02.09 15:37:55 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:20 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131