H Schrauber. Ich wurde dazu aufgefordert die Files zu zippen. dann pste ich sie Dir einzeln. Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-12 10:01:54
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.18.0 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Rene\AppData\Local\Temp\pwldrpow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fa2000 19 bytes [41, 8B, D5, 49, 8B, CC, E8, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 548 fffff80002fa2014 51 bytes {MOV EDX, [RSP+0x28]; XOR R8D, R8D; MOV RCX, R14; CALL 0x4e0f8}
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077130038 5 bytes JMP 000000016ac91765
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2420] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000758e1465 2 bytes [8E, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2420] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000758e14bb 2 bytes [8E, 75]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4936] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000758e1465 2 bytes [8E, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4936] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000758e14bb 2 bytes [8E, 75]
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000758e1465 2 bytes [8E, 75]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758e14bb 2 bytes [8E, 75]
.text ... * 2
.text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000758e1465 2 bytes [8E, 75]
.text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758e14bb 2 bytes [8E, 75]
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe[1424] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000758e1465 2 bytes [8E, 75]
.text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe[1424] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000758e14bb 2 bytes [8E, 75]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [4068] entry point in ".rdata" section 00000000631071e6
.text C:\Users\Rene\Downloads\Defogger.exe[7936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000758e1465 2 bytes [8E, 75]
.text C:\Users\Rene\Downloads\Defogger.exe[7936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758e14bb 2 bytes [8E, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [2720:2756] 000007fef7649688
Thread C:\Windows\system32\svchost.exe [7736:5552] 000007fef904e8c4
---- EOF - GMER 2.1 ---- Das war der erste. Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2013 01
Ran by Rene at 2013-11-12 09:43:52
Running from C:\Users\Rene\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
AS: Kaspersky Internet Security (Enabled - Up to date) {95CBD341-38DB-14AC-AF6A-08054B41A339}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security (Enabled) {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 6.2.1)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 2.6.0.19120)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
Airport Mania (x32 Version: 2.2.0.95)
AuthenTec TrueAPI (Version: 1.3.0.116)
Azteca (x32 Version: 2.2.0.97)
Bejeweled 3 (x32 Version: 2.2.0.97)
Bluetooth Stack for Windows by Toshiba (Version: v7.00.05)
Bounce Symphony (x32 Version: 2.2.0.97)
Build-a-lot (x32 Version: 2.2.0.95)
Cake Mania (x32 Version: 2.2.0.95)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
devolo dLAN-Konfigurationsassistent (x32 Version: 17.0.0.0)
devolo Informer (x32 Version: 26.0.0.0)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904)
Dropbox (HKCU Version: 2.4.2)
DVD Menu Pack for HP TouchSmart Video (x32 Version: 4.1.4412)
Facebook for HP TouchSmart (x32 Version: 1.1.0004)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.97)
FreePDF (Remove only) (x32)
FRITZ!Box-Fernzugang einrichten (x32 Version: 1.0.3)
FRITZ!Fernzugang (Version: 1.2.6)
GMX MailCheck für Mozilla Firefox (x32 Version: 2.1.4.1300)
GMX Softwareaktualisierung (x32 Version: 2.0.1.9)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95)
GPL Ghostscript (x32 Version: 9.04)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HitmanPro 3.7 (Version: 3.7.8.208)
HP Auto (Version: 1.0.12935.3667)
HP Calendar (x32 Version: 5.1.4245.23508)
HP Client Services (Version: 1.1.12938.3539)
HP Clock (x32 Version: 5.1.4281.27332)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Games (x32 Version: 1.0.2.5)
HP LinkUp (x32 Version: 2.01.028)
HP Magic Canvas (x32 Version: 5.1.15.0)
HP My Display TouchSmart Edition (x32 Version: 1.04.022)
HP Notes (x32 Version: 5.1.4274.30382)
HP Odometer (x32 Version: 2.10.0000)
HP Photo Canvas (x32 Version: 5.1.4267.27011)
HP Photo Creations (x32 Version: 1.0.0.9452)
HP Photosmart 5510d series - Grundlegende Software für das Gerät (Version: 25.0.607.0)
HP Photosmart 5510d series Hilfe (x32 Version: 140.0.2.2)
HP RSS (x32 Version: 5.1.4301.21494)
HP Setup (x32 Version: 8.7.4747.3786)
HP Setup Manager (x32 Version: 1.1.13880.3792)
HP SimplePass PE 2011 (x32 Version: 5.3.0.194)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Support Information (x32 Version: 10.1.1000)
HP Touch Browser (x32 Version: 5.1.4227.17815)
HP TouchSmart eBay (x32 Version: 1.0.4098.28440)
HP TouchSmart Music (x32 Version: 4.2.5414)
HP TouchSmart Photo (x32 Version: 4.2.5414)
HP TouchSmart RecipeBox (x32 Version: 3.0.3830.27730)
HP TouchSmart Tutorials (x32 Version: 4.0.0.4)
HP TouchSmart Twitter (x32 Version: 3.0.4276.30236)
HP TouchSmart Video (x32 Version: 4.2.5414)
HP TouchSmart Webcam (x32 Version: 4.2.4214)
HP Update (x32 Version: 5.003.000.004)
HP Vision Hardware Diagnostics (Version: 2.9.0.0)
IDT Audio (x32 Version: 1.0.6370.0)
ImgBurn (x32 Version: 2.5.8.0)
InfraRecorder 0.53 (x64 edition) (Version: 0.53.00.00)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Identity Protection Technology 1.1.2.0 (x32 Version: 1.1.2.0)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2430)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kaspersky Internet Security 2012 (x32 Version: 12.0.0.374)
LabelPrint (x32 Version: 2.5.3925)
Magic Desktop (x32 Version: 3.0)
Mah Jong Medley (x32 Version: 2.2.0.95)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mathematics (x32 Version: 4.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP1 English (x32 Version: 3.5.5692.0)
Microsoft SQL Server Compact 3.5 SP1 x64 English (Version: 3.5.5692.0)
Microsoft Touch Pack for Windows 7 (x32 Version: 1.0.40517.00)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft XNA Framework Redistributable 3.0 (x32 Version: 3.0.11010.0)
Movie Theme Pack for HP TouchSmart Video (x32 Version: 4.1.4412)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MusicStation (x32 Version: 2.0.2.124)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97)
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95)
NAVIGON Fresh 3.4.1 (x32 Version: 3.4.1)
PDF Complete Special Edition (x32 Version: 4.0.54)
Penguins! (x32 Version: 2.2.0.95)
PhotoMania (x32 Version: 1)
Pivot Pro Plugin (x32 Version: 9.50.110)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Polar Bowler (x32 Version: 2.2.0.97)
Polar Golfer (x32 Version: 2.2.0.95)
Ralink 802.11n Wireless LAN Card (x32 Version: 4.0.3.0)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.82)
Recovery Manager (x32 Version: 5.5.0.4222)
RedMon - Redirection Port Monitor
Remote Graphics Receiver (x32 Version: 5.4.5)
SDK (x32 Version: 2.28.007)
Skype™ 5.10 (x32 Version: 5.10.116)
Slingo Deluxe (x32 Version: 2.2.0.95)
Spybot - Search & Destroy (x32 Version: 2.1.19)
Studie zur Verbesserung von HP Photosmart 5510d series Produkten (Version: 25.0.607.0)
TSHostedAppLauncher (x32 Version: 5.1.15.0)
TubeBox (x32 Version: 3.6.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
Update Installer for WildTangent Games App (x32)
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97)
VIP Access SDK (1.0.1.4) (x32 Version: 1.0.1.4)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Zinio Reader 4 (x32 Version: 4.2.4164)
Zuma Deluxe (x32 Version: 2.2.0.95)
==================== Restore Points =========================
15-10-2013 08:03:06 Windows Update
16-10-2013 01:00:33 Windows Update
16-10-2013 01:10:46 Windows-Sicherung
20-10-2013 16:04:28 Windows Update
26-10-2013 08:39:50 Windows Update
26-10-2013 08:44:12 Windows-Sicherung
03-11-2013 16:33:35 Windows Update
03-11-2013 18:00:13 Windows-Sicherung
11-11-2013 18:02:36 Windows Update
11-11-2013 18:06:28 HPSF Applying updates
11-11-2013 18:40:43 Installed Ralink Wireless LAN
11-11-2013 18:44:27 HPSF Applying updates
11-11-2013 18:51:25 Konfiguriert IDT Audio
12-11-2013 07:54:19 Windows-Sicherung
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-10-10 14:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {10B4D2E0-5F4F-453A-8486-804CF5E201E5} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-06-23] (CyberLink)
Task: {1F024B2B-5581-415F-8F6F-6C3089A080CB} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-06-10] ()
Task: {22079A34-9E60-4FD6-9C55-1D04B60C9A04} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-603513771-2939990097-2127156883-1001Core => C:\Users\Sophie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-22] (Google Inc.)
Task: {2B33896F-A016-4D3F-9B08-CD012BCE7146} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-603513771-2939990097-2127156883-1001UA => C:\Users\Sophie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-22] (Google Inc.)
Task: {2BB574A9-E30C-418D-AB29-F357A606292E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {37C3EDEB-9DB0-41F7-930C-ED121DD9CCF5} - System32\Tasks\HPCustParticipation HP Photosmart 5510d series => C:\Program Files\hp\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16] (Hewlett-Packard Co.)
Task: {451BDAC5-6ACE-4869-9CFA-449120D7C288} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {49F883F2-34B4-4702-98E0-DA5258899BED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {4DAC7D85-DB22-43C3-829D-5F0B0CCE92EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-31] (Google Inc.)
Task: {54820D26-727F-45FE-AB1C-B2D7AE8F935A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {5A8EB9A2-AD8E-4A92-85BA-4CF256395506} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-603513771-2939990097-2127156883-1001Core => C:\Users\Sophie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-15] (Facebook Inc.)
Task: {5C5C2FB7-A44D-4739-B2CA-C6C773348531} - System32\Tasks\HPCeeScheduleForRene => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {5D9D57F3-8E94-4329-ABCB-556321BA20E7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {66DAB245-F958-4761-BA2B-4A2AFFE588F9} - System32\Tasks\Google Updater and Installer => C:\Users\Rene\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {6C63A52C-8236-4108-B259-85931A034D2E} - System32\Tasks\HPCeeScheduleForRENE-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {6CCFBDBC-4ADB-4730-8DAA-EDF11FE3DE0C} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [2011-03-24] (Hewlett-Packard)
Task: {6DAB756F-E3B0-480D-8D89-9A019721F81F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {8556504B-7B4E-40DE-AC35-67F6DE5E11D1} - System32\Tasks\{7A35DF1D-FA05-4C47-A58B-350292D18D20} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?page=tsProgressBar
Task: {8FDE9DEE-23AA-403C-9A20-33EC0106B08A} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {90F8D157-5D3D-4188-B1A7-9E4553A6BA96} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {9188AE52-FF6A-4F0A-89FA-5706EEA8008B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {A2572266-45A0-492F-8D06-09FA8070D442} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {A50F3665-D53F-4458-9E91-FFFC2BBC2800} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {A8C2D101-037E-4E75-A173-11BAA0F718AF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-603513771-2939990097-2127156883-1001UA => C:\Users\Sophie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-15] (Facebook Inc.)
Task: {BE51C738-9C40-43EB-970E-53AA57384E56} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2011-05-30] (CyberLink)
Task: {C83D9BE4-31B0-40AD-B74F-D92DE2A7A8B3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C8456169-40BC-498F-A672-F2A5AA7DBD3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-31] (Google Inc.)
Task: {C845C7D0-C5A7-42CA-A10B-37F14C3D352E} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2011-07-28] (1&1 Mail & Media GmbH)
Task: {DDBBCBAF-D6EE-4EE7-9341-8527183BA189} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-15] ()
Task: {E2578095-2895-4F56-A0AB-19C94D28F689} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-603513771-2939990097-2127156883-1001Core.job => C:\Users\Sophie\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-603513771-2939990097-2127156883-1001UA.job => C:\Users\Sophie\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-603513771-2939990097-2127156883-1001Core.job => C:\Users\Sophie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-603513771-2939990097-2127156883-1001UA.job => C:\Users\Sophie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRENE-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRene.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2012-11-24 14:38 - 2012-08-16 17:12 - 00268880 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dthook.dll
2011-12-20 01:18 - 2011-06-27 03:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-09 19:24 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-10-09 19:24 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-10-09 19:24 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-10-09 19:24 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-10-09 19:24 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-04-24 22:13 - 2011-04-24 22:13 - 02118032 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
2011-04-24 22:13 - 2011-04-24 22:13 - 07008656 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
2011-04-24 22:13 - 2011-04-24 22:13 - 02089360 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
2011-04-24 22:13 - 2011-04-24 22:13 - 01270160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
2011-04-24 22:13 - 2011-04-24 22:13 - 00192912 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
2011-04-24 22:13 - 2011-04-24 22:13 - 00758160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
2011-04-20 18:56 - 2011-04-20 18:56 - 00025088 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
2011-12-20 01:42 - 2012-01-17 16:21 - 00068104 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\PEGAACPIDLL.dll
2011-12-20 01:42 - 2011-02-15 20:59 - 00015624 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\ACPIDll.dll
2011-12-20 01:42 - 2012-08-16 16:53 - 00180224 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll
2013-09-05 19:01 - 2013-09-11 03:26 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/12/2013 08:44:20 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290
Name des fehlerhaften Moduls: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0001280a
ID des fehlerhaften Prozesses: 0x1c0
Startzeit der fehlerhaften Anwendung: 0xTrueSuiteService.exe0
Pfad der fehlerhaften Anwendung: TrueSuiteService.exe1
Pfad des fehlerhaften Moduls: TrueSuiteService.exe2
Berichtskennung: TrueSuiteService.exe3
Error: (11/11/2013 08:53:58 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290
Name des fehlerhaften Moduls: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0001280a
ID des fehlerhaften Prozesses: 0x1f0
Startzeit der fehlerhaften Anwendung: 0xTrueSuiteService.exe0
Pfad der fehlerhaften Anwendung: TrueSuiteService.exe1
Pfad des fehlerhaften Moduls: TrueSuiteService.exe2
Berichtskennung: TrueSuiteService.exe3
Error: (11/11/2013 08:49:33 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SDUpdate.exe, Version: 2.1.18.91, Zeitstempel: 0x51949fc0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x3304
Startzeit der fehlerhaften Anwendung: 0xSDUpdate.exe0
Pfad der fehlerhaften Anwendung: SDUpdate.exe1
Pfad des fehlerhaften Moduls: SDUpdate.exe2
Berichtskennung: SDUpdate.exe3
Error: (11/11/2013 08:45:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SDUpdate.exe, Version: 2.1.18.91, Zeitstempel: 0x51949fc0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x2f24
Startzeit der fehlerhaften Anwendung: 0xSDUpdate.exe0
Pfad der fehlerhaften Anwendung: SDUpdate.exe1
Pfad des fehlerhaften Moduls: SDUpdate.exe2
Berichtskennung: SDUpdate.exe3
Error: (11/11/2013 08:41:08 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SDUpdate.exe, Version: 2.1.18.91, Zeitstempel: 0x51949fc0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x2c24
Startzeit der fehlerhaften Anwendung: 0xSDUpdate.exe0
Pfad der fehlerhaften Anwendung: SDUpdate.exe1
Pfad des fehlerhaften Moduls: SDUpdate.exe2
Berichtskennung: SDUpdate.exe3
Error: (11/11/2013 08:35:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SDUpdate.exe, Version: 2.1.18.91, Zeitstempel: 0x51949fc0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x2e58
Startzeit der fehlerhaften Anwendung: 0xSDUpdate.exe0
Pfad der fehlerhaften Anwendung: SDUpdate.exe1
Pfad des fehlerhaften Moduls: SDUpdate.exe2
Berichtskennung: SDUpdate.exe3
Error: (11/11/2013 08:30:59 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SDUpdate.exe, Version: 2.1.18.91, Zeitstempel: 0x51949fc0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x2d14
Startzeit der fehlerhaften Anwendung: 0xSDUpdate.exe0
Pfad der fehlerhaften Anwendung: SDUpdate.exe1
Pfad des fehlerhaften Moduls: SDUpdate.exe2
Berichtskennung: SDUpdate.exe3
Error: (11/11/2013 08:26:16 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SDUpdate.exe, Version: 2.1.18.91, Zeitstempel: 0x51949fc0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x2a68
Startzeit der fehlerhaften Anwendung: 0xSDUpdate.exe0
Pfad der fehlerhaften Anwendung: SDUpdate.exe1
Pfad des fehlerhaften Moduls: SDUpdate.exe2
Berichtskennung: SDUpdate.exe3
Error: (11/11/2013 06:54:26 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290
Name des fehlerhaften Moduls: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0001280a
ID des fehlerhaften Prozesses: 0x218
Startzeit der fehlerhaften Anwendung: 0xTrueSuiteService.exe0
Pfad der fehlerhaften Anwendung: TrueSuiteService.exe1
Pfad des fehlerhaften Moduls: TrueSuiteService.exe2
Berichtskennung: TrueSuiteService.exe3
Error: (11/04/2013 03:38:25 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290
Name des fehlerhaften Moduls: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0001280a
ID des fehlerhaften Prozesses: 0x74
Startzeit der fehlerhaften Anwendung: 0xTrueSuiteService.exe0
Pfad der fehlerhaften Anwendung: TrueSuiteService.exe1
Pfad des fehlerhaften Moduls: TrueSuiteService.exe2
Berichtskennung: TrueSuiteService.exe3
System errors:
=============
Error: (11/12/2013 08:44:25 AM) (Source: Service Control Manager) (User: )
Description: Dienst "TrueSuiteService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/11/2013 08:53:59 PM) (Source: Service Control Manager) (User: )
Description: Dienst "TrueSuiteService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/11/2013 08:53:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde mit folgendem dienstspezifischem Fehler beendet: %%0.
Error: (11/11/2013 08:53:49 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 11.11.2013 um 20:52:09 unerwartet heruntergefahren.
Error: (11/11/2013 08:51:52 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (11/11/2013 06:54:43 PM) (Source: Service Control Manager) (User: )
Description: Dienst "TrueSuiteService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/04/2013 03:38:37 PM) (Source: Service Control Manager) (User: )
Description: Dienst "TrueSuiteService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/03/2013 05:29:06 PM) (Source: Service Control Manager) (User: )
Description: Dienst "TrueSuiteService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/03/2013 05:28:44 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 26.10.2013 um 10:58:47 unerwartet heruntergefahren.
Error: (10/26/2013 09:34:24 AM) (Source: Service Control Manager) (User: )
Description: Dienst "TrueSuiteService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (11/12/2013 08:44:20 AM) (Source: Application Error)(User: )
Description: TrueSuiteService.exe5.3.0.1944df09290TrueSuiteService.exe5.3.0.1944df09290c00004170001280a1c001cedf7af7bd1998C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exeC:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe3cdd6421-4b6e-11e3-b0a0-3860776fda87
Error: (11/11/2013 08:53:58 PM) (Source: Application Error)(User: )
Description: TrueSuiteService.exe5.3.0.1944df09290TrueSuiteService.exe5.3.0.1944df09290c00004170001280a1f001cedf17bd573f31C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exeC:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe0091f102-4b0b-11e3-be6f-3860776fda87
Error: (11/11/2013 08:49:33 PM) (Source: Application Error)(User: )
Description: SDUpdate.exe2.1.18.9151949fc0KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41f330401cedf1723410932C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\Windows\syswow64\KERNELBASE.dll628f9a0a-4b0a-11e3-8e21-3860776fda87
Error: (11/11/2013 08:45:44 PM) (Source: Application Error)(User: )
Description: SDUpdate.exe2.1.18.9151949fc0KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41f2f2401cedf167070a4fbC:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\Windows\syswow64\KERNELBASE.dllda2b82f9-4b09-11e3-8e21-3860776fda87
Error: (11/11/2013 08:41:08 PM) (Source: Application Error)(User: )
Description: SDUpdate.exe2.1.18.9151949fc0KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41f2c2401cedf15bda019b5C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\Windows\syswow64\KERNELBASE.dll35819c7d-4b09-11e3-8e21-3860776fda87
Error: (11/11/2013 08:35:44 PM) (Source: Application Error)(User: )
Description: SDUpdate.exe2.1.18.9151949fc0KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41f2e5801cedf150ad02ab0C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\Windows\syswow64\KERNELBASE.dll749a9947-4b08-11e3-8e21-3860776fda87
Error: (11/11/2013 08:30:59 PM) (Source: Application Error)(User: )
Description: SDUpdate.exe2.1.18.9151949fc0KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41f2d1401cedf1457ff7859C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\Windows\syswow64\KERNELBASE.dllca3db8df-4b07-11e3-8e21-3860776fda87
Error: (11/11/2013 08:26:16 PM) (Source: Application Error)(User: )
Description: SDUpdate.exe2.1.18.9151949fc0KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41f2a6801cedf13a530e8e9C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\Windows\syswow64\KERNELBASE.dll21fe9045-4b07-11e3-8e21-3860776fda87
Error: (11/11/2013 06:54:26 PM) (Source: Application Error)(User: )
Description: TrueSuiteService.exe5.3.0.1944df09290TrueSuiteService.exe5.3.0.1944df09290c00004170001280a21801cedf0706c4e930C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exeC:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe4d725bc2-4afa-11e3-8e21-3860776fda87
Error: (11/04/2013 03:38:25 PM) (Source: Application Error)(User: )
Description: TrueSuiteService.exe5.3.0.1944df09290TrueSuiteService.exe5.3.0.1944df09290c00004170001280a7401ced96b7b8ab9dbC:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exeC:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exec2a313a5-455e-11e3-ae54-3860776fda87
CodeIntegrity Errors:
===================================
Date: 2013-10-10 15:44:09.823
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-10 15:44:09.792
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 55%
Total physical RAM: 4000.31 MB
Available physical RAM: 1799.38 MB
Total Pagefile: 7998.8 MB
Available Pagefile: 5350.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:450.28 GB) (Free:357.1 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:15.38 GB) (Free:1.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 41821A2E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01
Ran by Rene (administrator) on RENE-HP on 12-11-2013 09:43:06
Running from C:\Users\Rene\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\DTHtml.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
() C:\Users\Rene\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BeatsOSDApp] - C:\Program Files\IDT\WDM\beats64.exe [37888 2013-11-11] (Hewlett-Packard )
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1424896 2013-11-11] (IDT, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [HP Photosmart 5510d series (NET)] - C:\Program Files\hp\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe [2676584 2011-08-16] (Hewlett-Packard Co.)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-05-17] (EasyBits Software AS)
HKLM-x32\...\Run: [DT HPO] - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_Startup.exe [120400 2012-08-16] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PivotSoftware] - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\pivot_Startup.exe [110192 2010-05-13] ()
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKU\Sophie\...\Run: [Google Update] - C:\Users\Sophie\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-22] (Google Inc.)
HKU\Sophie\...\Run: [ICQ] - C:\Users\Sophie\AppData\Roaming\ICQ\Application\ICQ7M\ICQ.exe [127040 2012-05-22] (ICQ, LLC.)
HKU\Sophie\...\Run: [Facebook Update] - C:\Users\Sophie\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-15] (Facebook Inc.)
HKU\Sophie\...\Run: [Spotify] - C:\Users\Sophie\AppData\Roaming\Spotify\spotify.exe [4640768 2013-07-25] (Spotify Ltd)
HKU\Sophie\...\Policies\system: [DisableLockWorkstation] 0
HKU\Sophie\...\Policies\system: [DisableChangePassword] 0
Startup: C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510d series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart 5510d series (Netzwerk).lnk -> C:\Program Files\HP\HP Photosmart 5510d series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510d series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart 5510d series (Netzwerk).lnk -> C:\Program Files\HP\HP Photosmart 5510d series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://t-online.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {24FE3852-5D00-43EF-8C8B-FF32F43D11A7} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.50010003&st=12&q={searchTerms}&barid={815B18B5-5756-11E2-9130-3860776FDA87}
SearchScopes: HKLM-x32 - {24FE3852-5D00-43EF-8C8B-FF32F43D11A7} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.50010003&st=12&q={searchTerms}&barid={815B18B5-5756-11E2-9130-3860776FDA87}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKCU - {0A96340D-6C40-488D-95AE-9727C2FDAD83} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {23EAF3AA-0DF2-4142-BBF0-8BBC4D6ADE77} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {24FE3852-5D00-43EF-8C8B-FF32F43D11A7} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {C0B87CE2-AE1C-4207-A8FE-3DB227F9AE01} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.50010003&st=12&q={searchTerms}&barid={815B18B5-5756-11E2-9130-3860776FDA87}
SearchScopes: HKCU - {F453F4C8-F208-4B75-98C6-2F61B6F74158} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2011-12-20] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\sfkr8s1x.default
FF user.js: detected! => C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\sfkr8s1x.default\user.js
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Google
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SelectedSearchEngine: Google
FF Homepage: t-online.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - c:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\sfkr8s1x.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\sfkr8s1x.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\sfkr8s1x.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\sfkr8s1x.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\sfkr8s1x.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FRITZ!Box AddOn - C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\sfkr8s1x.default\Extensions\fb_add_on@avm.de
FF Extension: toolbar - C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\sfkr8s1x.default\Extensions\toolbar@gmx.net.xpi
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
Chrome:
=======
CHR Extension: (Docs) - C:\Users\Rene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Rene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Rene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Rene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Rene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0
CHR Extension: () - C:\Users\Rene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjajpkikblccgefaibcafkfbanllpefi\1.0.0.2
CHR Extension: (Virtual Keyboard) - C:\Users\Rene\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0
CHR Extension: (Website Logon) - C:\Users\Rene\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0
CHR Extension: () - C:\Users\Rene\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\6.0.2_0
CHR Extension: (Gmail) - C:\Users\Rene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (Anti-Banner) - C:\Users\Rene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [gjajpkikblccgefaibcafkfbanllpefi] - C:\Users\Rene\AppData\Roaming\7go\7go.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx
==================== Services (Whitelisted) =================
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [336248 2012-02-02] (AVM Berlin)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143736 2011-10-31] (AVM Berlin)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [136784 2012-08-16] (Portrait Displays, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-11-11] (SurfRight B.V.)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2011-10-31] (AVM Berlin)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-31] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2008-11-28] (CACE Technologies)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2011-07-05] (AVM Berlin)
R3 NWVoltron; C:\Windows\system32\drivers\NWVoltron.sys [28440 2011-06-23] ()
S3 NWWakeFilterV; C:\Windows\system32\drivers\NWWakeFilterV.sys [16152 2011-06-23] (n/a)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-20] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-12 09:42 - 2013-11-12 09:42 - 00000000 ____D C:\FRST
2013-11-12 09:41 - 2013-11-12 09:41 - 01957590 _____ (Farbar) C:\Users\Rene\Downloads\FRST64.exe
2013-11-12 09:39 - 2013-11-12 09:39 - 00000470 _____ C:\Users\Rene\Downloads\defogger_disable.log
2013-11-12 09:39 - 2013-11-12 09:39 - 00000000 _____ C:\Users\Rene\defogger_reenable
2013-11-12 09:38 - 2013-11-12 09:37 - 00050477 _____ C:\Users\Rene\Downloads\Defogger.exe
2013-11-11 20:23 - 2013-11-11 20:23 - 00005286 _____ C:\Windows\system32\.crusader
2013-11-11 20:06 - 2013-11-11 20:06 - 00001907 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-11-11 20:06 - 2013-11-11 20:06 - 00000000 ____D C:\Program Files\HitmanPro
2013-11-11 20:04 - 2013-11-12 08:47 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-11 20:04 - 2013-11-11 20:05 - 10264904 _____ (SurfRight B.V.) C:\Users\Rene\Downloads\HitmanPro_x64.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 09452704 _____ (SurfRight B.V.) C:\Users\Rene\Downloads\HitmanPro3.7.8.208.exe
2013-11-11 19:50 - 2013-11-11 19:49 - 06141440 _____ (IDT, Inc.) C:\Windows\system32\IDTNGUI.exe
2013-11-11 19:50 - 2013-11-11 19:49 - 05126144 _____ (IDT, Inc.) C:\Windows\system32\IDTNHP.dll
2013-11-11 19:50 - 2013-11-11 19:49 - 01819136 _____ (IDT, Inc.) C:\Windows\system32\IDTNC64.cpl
2013-11-11 19:50 - 2013-11-11 19:49 - 01059328 _____ (IDT, Inc.) C:\Windows\system32\IDTNX.dll
2013-11-11 19:50 - 2013-11-11 19:49 - 00249344 _____ (IDT, Inc.) C:\Windows\system32\IDTNJ.exe
2013-11-11 19:50 - 2013-11-11 19:49 - 00037888 _____ (Hewlett-Packard ) C:\Windows\system32\beats64.exe
2013-11-11 19:49 - 2013-11-11 19:51 - 00000000 ____D C:\Program Files\IDT
2013-11-11 19:49 - 2013-11-11 19:49 - 01986048 _____ (IDT, Inc.) C:\Windows\system32\stapo64.dll
2013-11-11 19:49 - 2013-11-11 19:49 - 00653824 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll
2013-11-11 19:49 - 2013-11-11 19:49 - 00535040 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys
2013-11-11 19:41 - 2013-11-11 19:41 - 00000000 ____D C:\Program Files (x86)\Ralink
2013-11-11 19:40 - 2013-11-11 19:40 - 00000000 ____D C:\Users\Rene\AppData\Roaming\InstallShield
2013-11-11 19:39 - 2013-11-11 19:39 - 00000000 ____D C:\Users\Rene\Desktop\Bilder Ebay Kleinanzeigen
2013-10-20 16:53 - 2013-10-20 16:56 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{03891525-6FDC-4836-BAB3-0D1EEB370C56}
2013-10-16 02:17 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-16 02:17 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-16 02:17 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-16 02:17 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-16 02:16 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-16 02:16 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-16 02:16 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-16 02:16 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-16 02:16 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-16 02:16 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-16 02:16 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-16 02:16 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-16 02:16 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-16 02:16 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-16 02:16 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-16 02:16 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-16 02:16 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-16 02:16 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-16 02:16 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-16 02:16 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-16 02:16 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-16 02:16 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-16 02:16 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-16 02:16 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-16 02:16 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-16 02:16 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-16 02:16 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-16 02:16 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-16 02:16 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-16 02:16 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-16 02:16 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-15 09:20 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-15 09:20 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-15 09:20 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-15 09:20 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-15 09:17 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-15 09:16 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-15 09:16 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-15 09:16 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-15 09:16 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-15 09:16 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-15 09:16 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-15 09:16 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-15 09:16 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-15 09:16 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-15 09:16 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-15 09:16 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-15 09:11 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-15 09:04 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-15 09:04 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-15 09:04 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-15 09:04 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-15 09:04 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-15 09:04 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-15 09:04 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-15 09:04 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-15 09:04 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-15 09:04 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-15 09:03 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-15 09:03 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-15 09:03 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-15 09:03 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-15 09:03 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-15 09:03 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-15 09:03 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-15 09:03 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-15 09:03 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-15 09:03 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-15 09:03 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-15 09:03 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-15 09:03 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-15 09:03 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-15 09:03 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-15 09:03 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-15 09:03 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-15 09:03 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-15 09:03 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
==================== One Month Modified Files and Folders =======
2013-11-12 09:42 - 2013-11-12 09:42 - 00000000 ____D C:\FRST
2013-11-12 09:41 - 2013-11-12 09:41 - 01957590 _____ (Farbar) C:\Users\Rene\Downloads\FRST64.exe
2013-11-12 09:39 - 2013-11-12 09:39 - 00000470 _____ C:\Users\Rene\Downloads\defogger_disable.log
2013-11-12 09:39 - 2013-11-12 09:39 - 00000000 _____ C:\Users\Rene\defogger_reenable
2013-11-12 09:39 - 2012-05-22 15:21 - 00000000 ____D C:\Users\Rene
2013-11-12 09:37 - 2013-11-12 09:38 - 00050477 _____ C:\Users\Rene\Downloads\Defogger.exe
2013-11-12 09:36 - 2012-06-10 22:35 - 00000336 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-11-12 09:17 - 2012-08-21 10:42 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-12 09:13 - 2012-05-22 18:03 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-603513771-2939990097-2127156883-1001UA.job
2013-11-12 09:02 - 2012-08-21 10:39 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-12 09:00 - 2012-11-18 12:46 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRene
2013-11-12 09:00 - 2012-11-18 12:46 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForRene.job
2013-11-12 09:00 - 2012-10-31 20:59 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-12 08:52 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-12 08:52 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-12 08:51 - 2011-12-20 01:10 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-11-12 08:51 - 2011-12-20 01:10 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-11-12 08:51 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-12 08:48 - 2012-05-22 15:19 - 01138671 _____ C:\Windows\WindowsUpdate.log
2013-11-12 08:47 - 2013-11-11 20:04 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-12 08:46 - 2013-09-05 19:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-12 08:44 - 2012-10-31 20:59 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-12 08:44 - 2011-12-20 01:50 - 00000000 ____D C:\ProgramData\truesuite
2013-11-12 08:44 - 2011-12-20 01:46 - 00000000 ____D C:\ProgramData\PDFC
2013-11-12 08:44 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-12 08:44 - 2009-07-14 05:51 - 00073499 _____ C:\Windows\setupact.log
2013-11-11 20:57 - 2013-10-09 18:50 - 00000000 ____D C:\Users\Rene\AppData\Roaming\Dropbox
2013-11-11 20:57 - 2012-05-22 15:30 - 00000000 ___RD C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-11 20:54 - 2013-10-09 18:52 - 00000000 ___RD C:\Users\Rene\Dropbox
2013-11-11 20:53 - 2010-11-21 04:47 - 00783712 _____ C:\Windows\PFRO.log
2013-11-11 20:50 - 2013-08-20 08:29 - 00000000 ____D C:\Users\Geli\AppData\Roaming\PerformerSoft
2013-11-11 20:43 - 2013-01-03 15:30 - 00000000 ____D C:\Users\Rene\Documents\Hausbau
2013-11-11 20:23 - 2013-11-11 20:23 - 00005286 _____ C:\Windows\system32\.crusader
2013-11-11 20:06 - 2013-11-11 20:06 - 00001907 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-11-11 20:06 - 2013-11-11 20:06 - 00000000 ____D C:\Program Files\HitmanPro
2013-11-11 20:05 - 2013-11-11 20:04 - 10264904 _____ (SurfRight B.V.) C:\Users\Rene\Downloads\HitmanPro_x64.exe
2013-11-11 20:03 - 2013-11-11 20:03 - 09452704 _____ (SurfRight B.V.) C:\Users\Rene\Downloads\HitmanPro3.7.8.208.exe
2013-11-11 19:57 - 2012-05-22 18:47 - 00001142 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-603513771-2939990097-2127156883-1001UA.job
2013-11-11 19:57 - 2012-05-22 18:47 - 00001120 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-603513771-2939990097-2127156883-1001Core.job
2013-11-11 19:52 - 2012-05-23 16:10 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-11-11 19:51 - 2013-11-11 19:49 - 00000000 ____D C:\Program Files\IDT
2013-11-11 19:50 - 2011-12-20 01:21 - 00000000 ____D C:\ProgramData\SonicFocus
2013-11-11 19:49 - 2013-11-11 19:50 - 06141440 _____ (IDT, Inc.) C:\Windows\system32\IDTNGUI.exe
2013-11-11 19:49 - 2013-11-11 19:50 - 05126144 _____ (IDT, Inc.) C:\Windows\system32\IDTNHP.dll
2013-11-11 19:49 - 2013-11-11 19:50 - 01819136 _____ (IDT, Inc.) C:\Windows\system32\IDTNC64.cpl
2013-11-11 19:49 - 2013-11-11 19:50 - 01059328 _____ (IDT, Inc.) C:\Windows\system32\IDTNX.dll
2013-11-11 19:49 - 2013-11-11 19:50 - 00249344 _____ (IDT, Inc.) C:\Windows\system32\IDTNJ.exe
2013-11-11 19:49 - 2013-11-11 19:50 - 00037888 _____ (Hewlett-Packard ) C:\Windows\system32\beats64.exe
2013-11-11 19:49 - 2013-11-11 19:49 - 01986048 _____ (IDT, Inc.) C:\Windows\system32\stapo64.dll
2013-11-11 19:49 - 2013-11-11 19:49 - 00653824 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll
2013-11-11 19:49 - 2013-11-11 19:49 - 00535040 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys
2013-11-11 19:49 - 2011-12-20 01:21 - 04241408 _____ (IDT, Inc.) C:\Windows\system32\stlang64.dll
2013-11-11 19:49 - 2011-12-20 01:21 - 01424896 _____ (IDT, Inc.) C:\Windows\sttray64.exe
2013-11-11 19:49 - 2011-12-20 01:21 - 00442368 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTEC64.dll
2013-11-11 19:49 - 2011-12-20 01:21 - 00223744 _____ (IDT, Inc.) C:\Windows\system32\HPToneCtrls64.dll
2013-11-11 19:49 - 2011-12-20 01:21 - 00162304 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAC64.dll
2013-11-11 19:49 - 2011-12-20 01:21 - 00090624 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTCo64.dll
2013-11-11 19:49 - 2011-12-20 01:21 - 00068608 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAR64.dll
2013-11-11 19:49 - 2011-12-20 01:18 - 00250880 _____ (IDT, Inc.) C:\Windows\system32\staco64.dll
2013-11-11 19:49 - 2011-02-11 17:32 - 00000000 ____D C:\SWSETUP
2013-11-11 19:48 - 2013-10-09 19:24 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-11 19:41 - 2013-11-11 19:41 - 00000000 ____D C:\Program Files (x86)\Ralink
2013-11-11 19:41 - 2011-12-20 01:29 - 00005496 _____ C:\Windows\system32\RaCoInst.log
2013-11-11 19:40 - 2013-11-11 19:40 - 00000000 ____D C:\Users\Rene\AppData\Roaming\InstallShield
2013-11-11 19:39 - 2013-11-11 19:39 - 00000000 ____D C:\Users\Rene\Desktop\Bilder Ebay Kleinanzeigen
2013-11-11 19:09 - 2012-05-22 15:30 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CF4CA5DA-2485-4C39-842E-3908496AFD16}
2013-11-04 15:44 - 2012-05-30 11:17 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-11-04 15:41 - 2013-03-30 10:25 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{673C6173-064B-48E4-8E60-310E0137200F}
2013-11-03 20:39 - 2012-11-28 21:16 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRENE-HP$
2013-11-03 20:39 - 2012-11-28 21:16 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForRENE-HP$.job
2013-11-03 18:42 - 2013-05-15 19:42 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-03 18:40 - 2012-05-23 16:06 - 00000000 ____D C:\Users\Rene\AppData\Roaming\HpUpdate
2013-11-03 18:40 - 2012-05-23 16:06 - 00000000 ____D C:\Users\Rene\AppData\Roaming\HP Support Assistant
2013-11-03 18:13 - 2012-05-22 18:03 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-603513771-2939990097-2127156883-1001Core.job
2013-11-03 17:56 - 2013-08-08 21:29 - 00013400 _____ C:\Users\Rene\Documents\Gesamtkosten Haus.xlsx
2013-10-26 09:52 - 2012-11-22 22:03 - 00269312 ___SH C:\Users\Rene\Documents\Thumbs.db
2013-10-20 17:03 - 2013-10-09 18:52 - 00001017 _____ C:\Users\Rene\Desktop\Dropbox.lnk
2013-10-20 17:03 - 2013-10-09 18:51 - 00000000 ____D C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-10-20 16:56 - 2013-10-20 16:53 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{03891525-6FDC-4836-BAB3-0D1EEB370C56}
2013-10-20 16:55 - 2012-10-31 20:59 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-20 16:55 - 2012-10-31 20:59 - 00003850 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-16 03:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-16 02:37 - 2013-03-14 22:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-16 02:37 - 2013-03-14 22:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-16 02:37 - 2009-07-14 05:45 - 00342240 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-16 02:19 - 2012-05-22 15:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-16 02:12 - 2011-02-11 18:15 - 01589442 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-16 02:08 - 2013-08-19 08:27 - 00000000 ____D C:\Windows\system32\MRT
2013-10-16 02:05 - 2012-06-01 10:16 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Rene\AppData\Local\Temp\Extract.exe
C:\Users\Rene\AppData\Local\Temp\SP57550.exe
C:\Users\Rene\AppData\Local\Temp\SP58084.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-03 20:48
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
--- --- --- Code:
ComboFix 13-10-09.01 - Rene 10.10.2013 15:38:22.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4000.1922 [GMT 2:00]
ausgeführt von:: c:\users\Rene\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rene\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
c:\users\Rene\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences
c:\users\Rene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\users\Rene\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1A0B9545-D418-4DAD-9229-502FE54719EC}.xps
c:\users\Rene\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1C48B433-885D-4B90-B46A-C3873C8493DA}.xps
c:\users\Rene\AppData\Local\Microsoft\Windows\Temporary Internet Files\{820ED722-7FA7-4FE6-ABC1-BC2BED50E69E}.xps
c:\users\Rene\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DEF6EB6D-F97A-4DBD-922F-FCCB19950C29}.xps
c:\users\Rene\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F1461741-D798-4622-96BF-7134B15DF6D2}.xps
c:\users\Rene\AppData\Roaming\7go
c:\users\Rene\AppData\Roaming\7go\7go.crx
c:\users\Rene\AppData\Roaming\7go\icon.ico
c:\users\Sophie\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
c:\users\Sophie\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences
c:\users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Sophie\AppData\Local\Microsoft\Windows\Temporary Internet Files\{22DCC5A5-D69E-44AC-BFA7-8B18DACE9BA0}.xps
c:\users\Sophie\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C25CF7B5-F7A2-4887-80DA-247051624241}.xps
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-09-10 bis 2013-10-10 ))))))))))))))))))))))))))))))
.
.
2013-10-10 13:49 . 2013-10-10 13:49 -------- d-----w- c:\users\Sophie\AppData\Local\temp
2013-10-10 13:49 . 2013-10-10 13:49 -------- d-----w- c:\users\Geli\AppData\Local\temp
2013-10-10 13:49 . 2013-10-10 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-10 12:34 . 2013-10-10 12:58 -------- d-----w- c:\users\Rene\AppData\Roaming\ImgBurn
2013-10-10 12:28 . 2013-10-10 12:28 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18D9F85D-78ED-41D0-9096-A7A73C28D198}\offreg.dll
2013-10-10 12:19 . 2013-10-10 12:19 -------- d-----w- c:\program files (x86)\ImgBurn
2013-10-10 11:56 . 2011-06-09 13:32 1658880 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM.dll
2013-10-09 18:24 . 2013-10-09 20:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-10-09 18:24 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-10-09 18:24 . 2013-10-09 18:24 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-10-09 17:52 . 2013-10-10 11:58 -------- d-----r- c:\users\Rene\Dropbox
2013-10-09 17:50 . 2013-10-10 11:58 -------- d-----w- c:\users\Rene\AppData\Roaming\Dropbox
2013-10-09 15:29 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18D9F85D-78ED-41D0-9096-A7A73C28D198}\mpengine.dll
2013-10-07 13:38 . 2013-10-07 13:39 -------- d-----w- c:\users\Rene\AppData\Roaming\InfraRecorder
2013-10-07 13:37 . 2013-10-07 13:37 -------- d-----w- c:\program files\InfraRecorder
2013-10-07 13:08 . 2013-10-07 13:08 -------- d-----w- c:\program files\Enigma Software Group
2013-10-07 13:07 . 2013-10-09 18:26 -------- d-----w- c:\windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-10-07 12:11 . 2013-10-07 12:11 -------- d-----w- c:\users\Rene\AppData\Roaming\Malwarebytes
2013-10-07 12:11 . 2013-10-07 12:11 -------- d-----w- c:\programdata\Malwarebytes
2013-10-07 12:11 . 2013-10-07 12:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-07 12:11 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-07 12:07 . 2013-10-07 12:07 -------- d-----w- c:\users\Rene\AppData\Roaming\IObit
2013-09-30 14:55 . 2013-09-30 14:55 -------- d-----w- c:\program files (x86)\devolo
2013-09-19 17:14 . 2013-09-11 02:28 271256 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-09-13 18:52 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-13 18:41 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-09-13 18:41 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-09-12 18:09 . 2013-09-12 20:07 -------- d-----w- c:\users\TEMP
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 17:19 . 2012-05-29 09:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 17:19 . 2012-05-29 09:42 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-01 15:08 . 2012-06-01 09:16 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-07 02:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 01:48 . 2013-09-13 18:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-19 06:43 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-19 06:43 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-19 06:42 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-19 06:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Rene\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Rene\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Rene\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"HP Photosmart 5510d series (NET)"="c:\program files\hp\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe" [2011-08-16 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-05-17 61112]
"DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2012-08-16 120400]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-31 206448]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
.
c:\users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Rene\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-10-4 29767928]
Tintenwarnungen überwachen - HP Photosmart 5510d series (Netzwerk).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 5510d series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN19U115VQ05RW;CONNECTION=NW;MONITOR=1; [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-7-31 2680160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys;c:\windows\SYSNATIVE\drivers\hidkmdf.sys [x]
R3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);c:\windows\system32\drivers\NWWakeFilterV.sys;c:\windows\SYSNATIVE\drivers\NWWakeFilterV.sys [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys;c:\windows\SYSNATIVE\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 avmike;AVM FRITZ!Fernzugang IKE Service;c:\program files\FRITZ!Fernzugang\avmike.exe;c:\program files\FRITZ!Fernzugang\avmike.exe [x]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x]
S2 certsrv;AVM FRITZ!Fernzugang Cert Service;c:\program files\FRITZ!Fernzugang\certsrv.exe;c:\program files\FRITZ!Fernzugang\certsrv.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys;c:\windows\sysWOW64\drivers\npf_devolo.sys [x]
S2 nwtsrv;AVM FRITZ!Fernzugang Client;c:\program files\FRITZ!Fernzugang\nwtsrv.exe;c:\program files\FRITZ!Fernzugang\nwtsrv.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 NWIM;AVM VPN Miniport;c:\windows\system32\DRIVERS\avmnwim.sys;c:\windows\SYSNATIVE\DRIVERS\avmnwim.sys [x]
S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\drivers\NWVoltron.sys;c:\windows\SYSNATIVE\drivers\NWVoltron.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys;c:\windows\SYSNATIVE\drivers\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys;c:\windows\SYSNATIVE\drivers\tixhci.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 17:19]
.
2013-10-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-603513771-2939990097-2127156883-1001Core.job
- c:\users\Sophie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-22 17:52]
.
2013-10-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-603513771-2939990097-2127156883-1001UA.job
- c:\users\Sophie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-22 17:52]
.
2013-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-31 19:59]
.
2013-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-31 19:59]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-603513771-2939990097-2127156883-1001Core.job
- c:\users\Sophie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-22 17:03]
.
2013-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-603513771-2939990097-2127156883-1001UA.job
- c:\users\Sophie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-22 17:03]
.
2013-10-10 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2012-06-10 14:49]
.
2013-09-30 c:\windows\Tasks\HPCeeScheduleForRENE-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-10-10 c:\windows\Tasks\HPCeeScheduleForRene.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Rene\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Rene\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Rene\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Rene\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2010-10-21 37888]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-24 1128448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-01 416024]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://t-online.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = localhost:21320
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\sfkr8s1x.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - t-online.de
FF - ExtSQL: 2013-10-01 19:44; fb_add_on@avm.de; c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\sfkr8s1x.default\extensions\fb_add_on@avm.de
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - a0cb8a0900000000000074de2b3fd784
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15937
FF - user.js: extensions.delta.vrsn - 1.8.24.5
FF - user.js: extensions.delta.vrsni - 1.8.24.5
FF - user.js: extensions.delta.vrsnTs - 1.8.24.59:25
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119649&tsp=4980
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-7go - c:\program files (x86)\7go\uninst.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-10-10 16:07:40
ComboFix-quarantined-files.txt 2013-10-10 14:07
.
Vor Suchlauf: 8 Verzeichnis(se), 383.993.741.312 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 385.352.617.984 Bytes frei
.
- - End Of File - - B7B7E2FE35FAE0D4E6040ACAD4D75ED4 Code:
Code:
HitmanPro 3.7.8.208
www.hitmanpro.com
Computer name . . . . : RENE-HP
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Rene-HP\Rene
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (29 days left)
Scan date . . . . . . : 2013-11-12 08:45:01
Scan mode . . . . . . : Quick
Scan duration . . . . : 2m 24s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 1
Objects scanned . . . : 3.767
Files scanned . . . . : 3.767
Remnants scanned . . : 0 files / 0 keys
Repairs _____________________________________________________________________
Proxyserver auf diesem Computer (Benutzer)
localhost:21320
|