| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Java/CVE-2012-0507.CG und Windows PerformanzWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.11.2012, 17:06
| #1 |
 |  Java/CVE-2012-0507.CG und Windows Performanz Hi, Meine Windows Performanz ist seit etwa 14 Tagen total im Keller. Das äussert sich so: wenn ich den Windows Explorer öffne, dauert es 30-40 sec um die Verzeichnisstruktur aufzubauen. Um von einem Ordner in den nächsten zu springen ebensolange. Ebenfalls: wenn ich zB an eine Mail einen Anhang anfügen möchte, dauert es ebenso lange bis ich mich durch die Verzeichnisse bewegt habe, um die Datei zu finden. Internet und Mail machen keine Probleme. Auch das Arbeiten mit Office ist ok. Habe Defragmentiert. Hat nicht geholfen. Habe einen Komplettcheck von Microsoft Security Essentials laufen lassen. Dabei wurde Java/CVE-2012-0507.CG gefunden (Pfade der Container Files siehe unten). Ich habe das von Microsoft Sec Ess entfernen lassen. An meiner Performanz hat sich aber nichts geändert. Aufgetaucht ist das Problem vor etwa 14 Tagen. Was habe ich in diesem Zeitraum getan (ausser Surfen): * neuen Drucker installiert * ACRONIS Backup installiert * CEWE Fotobuch installiert (Probleme bestanden bereits zuvor). * Ausserdem habe ich mich in drei öffentliche Netze eingewählt (meine Office, ein dt. Ministerium, ein Hotel mit neuem Wireless-System, das eigentlich nicht funktiniert hat). Nachdem die Veränderung am Rechner eher von heute auf morgen geschehen ist, habe ich keine Aktionen zu Windows XP Performanzsteigerung (wie in vielen Foren beschrieben) durchgeführt. Können meine Performanzeinbussen durch einen Virus verursacht sein, oder kann eine defekte Festplatte genauso Grund dafür sein? Hier mein 1) Info zu Containerfile des Java/CVE-2012-0507.CG 2) OTL.txt, 3) Extras.txt und 4) GMER.txt Herzlichen Dank schonmal! Gunnar Code:
ATTFilter C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temp\jar_cache7850807490239257618.tmp
file:C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temp\jar_cache7850807490239257618.tmp->h/nxpPHC.class
file:C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temp\jar_cache7850807490239257618.tmp->h/Xbrt.class
Code:
ATTFilter OTL logfile created on: 21.11.2012 00:39:11 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 75,62% Memory free 4,84 Gb Paging File | 4,22 Gb Available in Paging File | 87,15% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 80,00 Gb Total Space | 27,07 Gb Free Space | 33,84% Space Free | Partition Type: NTFS Drive D: | 142,88 Gb Total Space | 14,87 Gb Free Space | 10,41% Space Free | Partition Type: NTFS Computer Name: SAMSUNG-P560 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.21 00:35:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe PRC - [2012.11.11 14:18:29 | 003,729,400 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.09.24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.09.12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.08.23 03:50:28 | 000,813,576 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe PRC - [2012.08.23 03:50:22 | 000,403,888 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe PRC - [2012.08.23 03:49:48 | 006,049,096 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2012.08.18 21:22:02 | 007,027,752 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe PRC - [2012.07.24 15:13:58 | 000,943,856 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\TibMounterMonitor.exe PRC - [2012.07.03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.05.24 12:28:56 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2011.10.17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\HPBDSService\HPBDSService.exe PRC - [2011.10.14 13:27:46 | 000,304,696 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\StatusAlerts\bin\HPStatusAlerts.exe PRC - [2011.08.04 00:12:46 | 000,164,352 | ---- | M] (HP) -- C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe PRC - [2010.04.06 00:41:46 | 000,116,224 | ---- | M] (Brio) -- C:\Programme\FolderSize\FolderSizeSvc.exe PRC - [2009.01.09 19:14:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2009.01.09 19:14:42 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2008.10.07 16:13:44 | 002,772,992 | ---- | M] () -- C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe PRC - [2008.10.06 17:07:26 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2008.09.08 12:20:18 | 000,031,248 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkCSrv.exe PRC - [2008.08.13 12:57:52 | 002,670,592 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe PRC - [2008.08.13 12:54:16 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe PRC - [2008.08.13 12:49:18 | 000,018,944 | ---- | M] () -- C:\Programme\Softex\OmniPass\OPXPApp.exe PRC - [2008.05.21 15:44:30 | 000,299,008 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\MagicKBD\PerformanceManager.exe PRC - [2008.05.20 19:02:08 | 000,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Programme\Samsung\MagicKBD\MagicKBD.exe PRC - [2008.05.01 23:41:38 | 000,136,488 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe PRC - [2008.05.01 23:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.18 04:27:12 | 000,013,312 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe PRC - [2008.03.17 17:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe PRC - [2007.12.20 19:40:30 | 000,659,456 | ---- | M] (Samsung Electronics,.LTD) -- C:\Programme\Samsung\Samsung EDS\EDSAgent.exe PRC - [2007.07.23 23:59:22 | 000,660,760 | ---- | M] (Infineon Technologies AG) -- C:\Programme\Infineon\Security Platform Software\SpTNA.exe PRC - [2007.07.23 23:59:22 | 000,185,624 | ---- | M] (Infineon Technologies AG) -- C:\Programme\Infineon\Security Platform Software\PSDrt.exe PRC - [2007.07.23 23:59:12 | 000,140,568 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IfxPsdSv.exe PRC - [2006.10.30 13:29:28 | 000,036,864 | ---- | M] () -- C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe PRC - [2006.03.14 06:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe PRC - [2004.03.08 13:26:30 | 000,548,864 | ---- | M] () -- C:\Programme\ESRI\License\arcgis9x\ARCGIS.EXE PRC - [1999.12.01 12:38:28 | 000,467,968 | ---- | M] () -- C:\Programme\ESRI\License\arcgis9x\lmgrd.exe ========== Modules (No Company Name) ========== MOD - [2012.11.16 15:32:14 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\b75ca75b9c2eb103f98a457ec9256ce7\System.Xml.Linq.ni.dll MOD - [2012.11.16 15:31:44 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\b809681da85a58046cb39f268b6697ad\System.Web.ni.dll MOD - [2012.11.16 15:31:35 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll MOD - [2012.11.16 15:31:27 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\709bb78b419d5d5e30f2acfd722abb29\System.Runtime.Serialization.Formatters.Soap.ni.dll MOD - [2012.11.16 15:31:21 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\188d6391f7485a07e1218b5fc4ec2207\System.Deployment.ni.dll MOD - [2012.11.16 15:30:21 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll MOD - [2012.11.16 15:28:05 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll MOD - [2012.11.16 15:27:59 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll MOD - [2012.11.16 15:27:43 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll MOD - [2012.11.16 15:27:18 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\3710da7b61c2c4ed10903487dbde1c35\System.Core.ni.dll MOD - [2012.11.16 15:26:12 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll MOD - [2012.11.16 15:26:00 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll MOD - [2012.11.16 15:24:57 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012.08.23 03:35:38 | 013,873,200 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\ti_managers.dll MOD - [2012.08.23 03:31:22 | 001,590,656 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Acronis\Home\icudt38.dll MOD - [2012.08.23 01:12:16 | 000,019,840 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\ti_managers_proxy_stub.dll MOD - [2012.08.23 00:42:50 | 000,435,584 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Acronis\Home\ulxmlrpcpp.dll MOD - [2012.07.27 21:51:38 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2012.07.24 14:48:28 | 000,012,160 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\icudt38.dll MOD - [2011.10.14 13:25:02 | 000,111,160 | ---- | M] () -- C:\Programme\HP\StatusAlerts\bin\NativeUtils.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2009.09.21 13:10:41 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.09.21 13:10:37 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2009.09.21 13:10:35 | 000,413,696 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll MOD - [2008.10.07 16:13:44 | 002,772,992 | ---- | M] () -- C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe MOD - [2008.08.13 12:58:48 | 000,047,056 | ---- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll MOD - [2008.08.13 12:57:52 | 002,670,592 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe MOD - [2008.08.13 12:49:18 | 000,073,728 | ---- | M] () -- C:\Programme\Softex\OmniPass\OPXPGina.dll MOD - [2008.08.13 12:49:18 | 000,018,944 | ---- | M] () -- C:\Programme\Softex\OmniPass\OPXPApp.exe MOD - [2008.08.13 12:48:18 | 000,151,552 | ---- | M] () -- C:\Programme\Softex\OmniPass\ginastub.dll MOD - [2008.08.13 12:48:04 | 000,061,440 | ---- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll MOD - [2008.08.13 12:47:46 | 000,438,272 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll MOD - [2008.08.13 12:47:34 | 001,101,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll MOD - [2008.08.13 12:47:26 | 000,540,672 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll MOD - [2008.08.13 12:47:26 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll MOD - [2008.08.13 12:47:12 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll MOD - [2008.07.29 12:55:14 | 000,969,728 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2008.05.14 14:13:00 | 001,486,848 | ---- | M] () -- C:\WINDOWS\system32\nview.dll MOD - [2008.05.14 14:13:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll MOD - [2007.04.01 08:00:28 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll MOD - [2006.10.30 13:29:28 | 000,036,864 | ---- | M] () -- C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe MOD - [2006.08.12 11:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll MOD - [2005.07.12 15:34:22 | 000,045,056 | ---- | M] () -- C:\Programme\Samsung\MagicKBD\EasyBoxDll.dll MOD - [2004.03.08 13:26:30 | 000,548,864 | ---- | M] () -- C:\Programme\ESRI\License\arcgis9x\ARCGIS.EXE MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll MOD - [1999.12.01 12:38:28 | 000,467,968 | ---- | M] () -- C:\Programme\ESRI\License\arcgis9x\lmgrd.exe ========== Services (SafeList) ========== SRV - [2012.11.11 14:18:29 | 003,729,400 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2012.11.11 09:45:01 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.30 19:50:32 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.09.24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.08.23 03:50:28 | 000,813,576 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2012.08.18 21:22:02 | 007,027,752 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.24 12:28:56 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.10.17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\HP\HPBDSService\HPBDSService.exe -- (HP DS Service) SRV - [2011.08.04 00:12:46 | 000,164,352 | ---- | M] (HP) [Auto | Running] -- C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.03.07 22:50:03 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.09.01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) SRV - [2010.04.06 00:41:46 | 000,116,224 | ---- | M] (Brio) [Auto | Running] -- C:\Programme\FolderSize\FolderSizeSvc.exe -- (FolderSize) SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) SRV - [2009.04.30 21:43:01 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2008.09.08 12:20:18 | 000,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\system32\StkCSrv.exe -- (StkSSrv) SRV - [2008.08.13 12:54:16 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv) SRV - [2008.05.13 07:44:00 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus) SRV - [2008.05.01 23:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen) SRV - [2008.03.18 04:27:12 | 000,013,312 | R--- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008.03.17 17:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2007.07.23 23:59:12 | 000,140,568 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService) SRV - [2006.10.30 13:29:28 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe -- (SNM WLAN Service) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.03.27 16:45:52 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\RSI\IDL63\bin\bin.x86\idl_dicomexstorscp.exe -- (IDL DicomEx Storage SCP) SRV - [2006.03.14 06:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2005.11.14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [1999.12.01 12:41:52 | 000,592,896 | ---- | M] () [Auto | Stopped] -- C:\Programme\ESRI\License\arcgis9x\lmtools.exe -- (27000@samsung-p560) SRV - [1999.12.01 12:38:28 | 000,467,968 | ---- | M] () [Auto | Running] -- C:\Programme\ESRI\License\arcgis9x\lmgrd.exe -- (samsung-p560) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Boot | Stopped] -- system32\ZoneLabs\srescan.sys -- (srescan) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | Auto | Stopped] -- SYSTEM32\drivers\DS1410D.SYS -- (DS1410D) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.11.21 00:26:46 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{88EE135E-80A8-42C9-B822-239BF61F4495}\MpKslaa2966f6.sys -- (MpKslaa2966f6) DRV - [2012.11.11 14:18:33 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp) DRV - [2012.11.11 14:18:22 | 000,806,184 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman) DRV - [2012.11.11 14:18:15 | 000,689,672 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tib_mounter.sys -- (tib_mounter) DRV - [2012.11.11 14:18:08 | 000,139,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vididr.sys -- (vididr) DRV - [2012.11.11 14:18:07 | 000,099,720 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vidsflt.sys -- (vidsflt) DRV - [2012.11.11 14:18:04 | 000,192,904 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman) DRV - [2012.11.11 14:17:56 | 000,093,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fltsrv.sys -- (fltsrv) DRV - [2012.03.16 13:55:26 | 000,102,784 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2012.03.16 13:55:26 | 000,089,856 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV - [2012.03.16 13:55:26 | 000,073,984 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2012.03.16 13:55:26 | 000,066,688 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm) DRV - [2012.03.16 13:55:26 | 000,026,624 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV - [2012.03.16 13:55:26 | 000,011,136 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV - [2010.12.17 06:56:10 | 000,014,424 | ---- | M] (Ghisler Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\totalcmd\CGLPTNT.SYS -- (cglptnt) DRV - [2009.10.26 14:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) DRV - [2008.09.12 19:30:08 | 001,374,736 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\StkCMini.sys -- (StkCMini) DRV - [2008.09.05 20:20:22 | 000,041,376 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2008.05.30 12:44:42 | 000,146,944 | R--- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) DRV - [2008.05.20 09:53:00 | 004,800,000 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2008.04.15 09:16:44 | 000,244,368 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) DRV - [2008.03.21 04:13:00 | 001,203,776 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.03.17 21:14:52 | 000,015,144 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV - [2008.02.15 17:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008.01.15 21:11:46 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2008.01.14 18:01:02 | 000,030,208 | ---- | M] (Samsung Electronics,.LTD) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS -- (DNSeFilter) DRV - [2007.07.23 23:59:14 | 000,038,816 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\psd.sys -- (PersonalSecureDrive) DRV - [2007.07.23 23:59:12 | 000,041,216 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2007.03.31 05:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2007.03.23 02:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2007.03.23 02:50:36 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem) DRV - [2007.03.23 02:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2007.03.23 02:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2007.03.23 02:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2007.02.16 20:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2007.02.16 01:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid) DRV - [2006.03.14 06:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel) DRV - [2000.08.24 00:19:38 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {EBDE5A0F-6BBF-459D-9B97-4C256F56BC3C} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{EBDE5A0F-6BBF-459D-9B97-4C256F56BC3C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb}:1.5.3 FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1 FF - prefs.js..keyword.URL: "hxxp://go.gmx.net/tb/mff_keyurl_search/?su=" FF - prefs.js..network.proxy.http: "31.7.56.72" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, fritz.box, 192.168.178.254, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Programme\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.9: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.29 20:38:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.29 00:23:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.10.30 19:49:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.09.01 21:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2010.09.01 21:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.16 00:00:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions [2010.04.28 09:07:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.10.03 10:45:31 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.05.12 00:02:37 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2012.09.26 20:53:48 | 000,000,000 | ---D | M] (Ghostery) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\firefox@ghostery.com [2012.11.10 12:31:34 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\https-everywhere@eff.org [2012.09.16 09:20:29 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\ich@maltegoetz.de [2011.05.17 20:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\nostmp [2012.02.08 23:18:14 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\piclens@cooliris.com [2012.11.03 17:31:37 | 002,042,908 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\firebug@software.joehewitt.com.xpi [2012.10.23 15:58:46 | 000,183,174 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\stealthyextension@gmail.com.xpi [2012.11.16 00:00:18 | 000,530,679 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011.08.19 18:08:10 | 000,031,532 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}.xpi [2012.07.25 20:25:19 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.02.09 22:12:13 | 000,138,614 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.10.29 20:38:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.04 21:52:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.05.04 14:02:43 | 000,303,416 | ---- | M] (Cisco WebEx LLC) -- C:\Programme\mozilla firefox\plugins\ieatgpc.dll [2012.05.04 14:02:27 | 000,215,864 | ---- | M] (Cisco WebEx LLC) -- C:\Programme\mozilla firefox\plugins\npatgpc.dll [2009.11.18 15:49:42 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.06.27 19:57:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\TibMounterMonitor.exe (Acronis) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe () O4 - HKLM..\Run: [DMHotKey] C:\Programme\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics) O4 - HKLM..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD) O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\Samsung\MagicKBD\PreMKbd.exe () O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe () O4 - HKLM..\Run: [StatusAlerts] C:\Programme\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKCU..\Run: [Power2GoExpress] NA File not found O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.71.128.11 80.71.128.27 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{486B557B-F110-4BF1-88D5-1D07F221CC27}: DhcpNameServer = 80.71.128.11 80.71.128.27 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Programme\Softex\OmniPass\opxpgina.dll) - C:\Programme\Softex\OmniPass\OPXPGina.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.04.06 13:57:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.21 00:34:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2012.11.19 21:48:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\restore [2012.11.19 21:00:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\dm-Fotowelt [2012.11.19 20:44:28 | 000,000,000 | ---D | C] -- C:\Programme\dm [2012.11.14 10:40:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PCHealth [2012.11.11 14:20:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Acronis [2012.11.11 14:18:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy [2012.11.11 14:17:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2012.11.11 14:17:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Acronis [2012.11.11 14:17:20 | 000,000,000 | ---D | C] -- C:\Programme\Acronis [2012.11.11 14:17:18 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Acronis [2012.11.05 20:23:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\HP [2012.11.05 20:22:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Hewlett-Packard Company [2012.11.05 20:21:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\HpUpdate [2012.11.05 20:21:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HP_LaserJet_Fax_0_6 [2012.11.05 20:20:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HP [2012.11.05 20:20:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HP [2012.11.05 20:20:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hewlett-Packard [2012.11.05 20:20:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\HP [2012.11.05 20:19:27 | 000,187,960 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\hppscancoins32.dll [2012.11.05 20:16:29 | 000,000,000 | ---D | C] -- C:\Programme\HP [2012.10.30 19:49:29 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2012.10.29 20:37:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Downloads [2012.10.29 00:22:54 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012.11.21 00:41:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.21 00:36:55 | 000,003,938 | ---- | M] () -- C:\WINDOWS\wincmd.ini [2012.11.21 00:35:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.21 00:35:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2012.11.21 00:34:41 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012.11.21 00:32:19 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe [2012.11.21 00:26:03 | 000,186,442 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.11.21 00:24:29 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.11.21 00:24:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.20 23:48:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.11.20 20:45:04 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2012.11.20 20:21:16 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2012.11.19 21:00:45 | 000,000,751 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\dm-Fotowelt.lnk [2012.11.19 20:58:46 | 000,025,671 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Malena-Zeug PRIVAT BØRNEPASNING.pdf [2012.11.19 20:28:53 | 000,130,048 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.18 14:30:04 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2012.11.18 10:15:07 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2012.11.16 20:29:05 | 000,325,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.11.16 15:36:08 | 000,517,730 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.16 15:36:08 | 000,494,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.16 15:36:08 | 000,101,838 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.11.16 15:36:08 | 000,084,902 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.16 15:26:58 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.11.11 14:17:53 | 000,000,836 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\True Image 2013.lnk [2012.11.08 20:13:12 | 000,002,435 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Lexware buchhalter.lnk [2012.11.08 15:51:10 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini [2012.11.05 20:21:33 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LJ200 M276 Scan.lnk [2012.11.05 20:21:23 | 000,000,608 | -HS- | M] () -- C:\WINDOWS\System32\winzvprt5.sys [2012.11.05 20:21:23 | 000,000,222 | ---- | M] () -- C:\WINDOWS\System32\hppfaxprinter5.ini [2012.11.05 20:20:35 | 000,001,008 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LaserJet 200 color MFP M276 - Hilfe- und Lern-Center.lnk [2012.10.29 20:39:15 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.10.25 19:52:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat ========== Files Created - No Company Name ========== [2012.11.21 00:33:22 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe [2012.11.19 21:00:45 | 000,000,751 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\dm-Fotowelt.lnk [2012.11.19 20:58:46 | 000,025,671 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Malena-Zeug PRIVAT BØRNEPASNING.pdf [2012.11.11 14:17:53 | 000,000,836 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\True Image 2013.lnk [2012.11.05 23:25:49 | 000,244,992 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.11.05 20:21:55 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At4.job [2012.11.05 20:21:55 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At3.job [2012.11.05 20:21:54 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At2.job [2012.11.05 20:21:54 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At1.job [2012.11.05 20:21:33 | 000,000,927 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LJ200 M276 Scan.lnk [2012.11.05 20:21:23 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys [2012.11.05 20:21:23 | 000,000,222 | ---- | C] () -- C:\WINDOWS\System32\hppfaxprinter5.ini [2012.11.05 20:20:35 | 000,001,008 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LaserJet 200 color MFP M276 - Hilfe- und Lern-Center.lnk [2012.10.29 20:39:15 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2012.10.29 20:39:15 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.04.17 14:58:12 | 000,138,608 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvmc100.dll [2012.04.17 14:58:10 | 000,074,608 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvm100.dll [2012.04.17 14:58:08 | 000,309,616 | ---- | C] () -- C:\WINDOWS\System32\LxDNT100.dll [2012.02.27 09:41:52 | 000,202,240 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll [2012.02.16 19:58:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.03 13:41:41 | 000,002,001 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.bash_history [2012.02.03 09:30:24 | 000,000,113 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.grassrc6 [2012.01.16 19:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Import71.INI [2012.01.14 23:55:23 | 000,000,089 | ---- | C] () -- C:\WINDOWS\NetworkAnalystLayerUI.INI [2011.12.03 22:29:49 | 000,000,702 | ---- | C] () -- C:\WINDOWS\KmsTrans.ini [2011.10.07 19:20:47 | 000,000,663 | ---- | C] () -- C:\Dokumente und Einstellungen\***\EditLiveForJava.ini [2011.10.04 19:34:56 | 000,000,186 | ---- | C] () -- C:\WINDOWS\SHPTrans2006.INI [2011.06.19 19:42:06 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2010.05.05 09:53:41 | 002,510,317 | ---- | C] () -- C:\Dokumente und Einstellungen\***\GeoMaker.CAB [2010.05.05 09:53:41 | 000,004,253 | ---- | C] () -- C:\Dokumente und Einstellungen\***\SETUP.LST [2010.05.02 14:31:18 | 000,037,641 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Untitled Gantt Project.png [2010.05.01 22:43:28 | 000,003,414 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.ganttproject [2010.03.16 10:49:13 | 000,000,653 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.openev [2010.03.15 00:31:07 | 000,000,047 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\RegFree.ini [2010.01.08 22:20:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\hostname [2009.09.03 18:23:14 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel [2009.08.18 18:50:13 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND [2009.08.17 21:58:21 | 000,000,404 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\idl_assistantrc [2009.06.19 08:05:42 | 000,000,503 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.jalbum-recent-projects.properties [2009.06.19 07:55:43 | 000,000,038 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.jalbum-ftp-accounts.xml [2009.06.19 07:40:19 | 000,000,828 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.jalbum-defaults.jap [2009.06.14 11:53:59 | 000,130,048 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.09.21 13:07:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2011.04.25 15:47:19 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.11 14:19:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2011.09.06 23:07:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Caphyon [2011.11.12 09:53:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint [2011.09.11 19:19:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2009.04.18 19:49:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESRI [2009.04.06 14:29:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Infineon [2010.03.15 00:32:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IsolatedStorage [2012.11.08 20:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2009.04.06 20:51:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe [2012.07.02 21:31:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL [2009.12.15 23:40:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PDF Writer [2011.10.07 19:20:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PersonalBrain [2012.10.29 20:34:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2012.05.19 12:09:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TheBrain [2012.11.20 20:14:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp [2012.10.13 20:06:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2011.06.28 20:06:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.04.17 20:28:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010.10.29 20:43:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\.gephi07beta [2012.11.11 14:20:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Acronis [2010.08.23 20:47:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AnvSoft [2010.03.15 00:32:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\BeGraphic [2012.07.11 20:58:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint [2012.07.02 21:51:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\com.esri.ags.AppBuilder [2009.09.21 15:33:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DataEast [2012.11.21 00:25:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox [2012.04.15 12:02:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Elluminate [2012.06.27 20:39:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\EndNote [2009.09.03 20:40:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\EPSON [2010.01.21 15:56:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ESRI [2009.08.18 21:17:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FileZilla [2009.08.17 20:34:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\fltk.org [2009.08.02 22:53:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Focus Mp3 Recorder [2009.07.16 21:07:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Foxit [2009.09.04 07:46:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0 [2009.04.06 14:29:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Infineon [2009.06.19 07:40:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\JAlbum [2010.12.18 23:08:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\JOSM [2011.03.16 23:00:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech [2012.06.25 21:20:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Lexware [2012.08.08 22:00:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Notepad++ [2009.04.06 21:09:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org [2009.12.27 10:42:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera [2012.08.18 08:29:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Oracle [2009.12.15 23:40:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PDF Writer [2011.10.07 19:21:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PersonalBrain [2012.01.15 20:15:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\QuteCom [2012.05.20 21:51:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TheBrain [2010.09.01 21:24:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Thunderbird [2012.06.21 22:01:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Tracker Software [2012.09.26 11:39:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Vodafone [2012.05.04 14:02:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\webex ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C321E34 < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.11.2012 00:39:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 75,62% Memory free
4,84 Gb Paging File | 4,22 Gb Available in Paging File | 87,15% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 80,00 Gb Total Space | 27,07 Gb Free Space | 33,84% Space Free | Partition Type: NTFS
Drive D: | 142,88 Gb Total Space | 14,87 Gb Free Space | 10,41% Space Free | Partition Type: NTFS
Computer Name: SAMSUNG-P560 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Programme\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [dm Fotowelt] -- "C:\Programme\Fotowelt\dm Fotowelt.exe" "%1"
Directory [dm-Fotowelt] -- "C:\Programme\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\CyberLink\PowerDVD\PowerDVD.exe" = C:\Programme\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\CyberLink\PowerDVD\PowerDVD.exe" = C:\Programme\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Programme\CyberLink\PowerDirector\PDR.exe" = C:\Programme\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector -- (CyberLink Corp.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\Google\Google Talk\googletalk.exe" = C:\Programme\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\FaxApplications.exe" = C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\FaxApplications.exe:LocalSubNet:Enabled:HP LaserJet 200 color MFP M276 FaxApplications -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\DigitalWizards.exe" = C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\DigitalWizards.exe:LocalSubNet:Enabled:HP LaserJet 200 color MFP M276 DigitalWizards -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\HPNetworkCommunicator.exe" = C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Netzwerkkommunikator (HP LaserJet 200 color MFP M276) -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\EWSProxy.exe" = C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\EWSProxy.exe:LocalSubNet:Enabled:HP LaserJet 200 color MFP M276 EWSProxy -- (Hewlett-Packard Co.)
"E:\Installer\hpbcsiInstaller.exe" = E:\Installer\hpbcsiInstaller.exe:*:Enabled:HP Networked Printer Installer
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{0197D136-598D-4968-BEEA-91C1B764F05D}" = Lexware buchhalter 2012
"{028BF8B5-9143-4A68-84F3-A1A6D2E17889}" = hppLaserJetService
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0535BC5C-33E8-44DB-AEFB-0EDE4EF88052}" = GeoRoverXT
"{08DE5881-1312-46B3-86C0-4001DAB786F0}" = PDF-XChange Viewer
"{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D26E238-B81A-4541-8CAC-5CA3D69C12A5}" = Jalbum
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}" = HPLaserJet200color-MFPM276_HelpLearnCenter_SI
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{138C06D2-CF8E-250A-48D1-7421E7F1A525}" = ArcGIS Viewer for Flex
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{14E82399-E221-43EE-B819-055A00E499C3}" = Infineon TPM Professional Package
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1AA8913B-0A5E-4B70-8A1C-878283EF0F66}" = RSI ENVI 4.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F34839E-4826-4B64-B1B3-42E5AE8DEC5A}" = ArcGIS Desktop
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31A5ED9F-E07B-4F6E-8179-27325BAAC502}" = AuthenTec Fingerprint Sensor Minimum Install
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine for Microtek
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3B701A5D-1F4B-4178-8F86-6EB0D6BB3286}" = Inst565a
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C45ED46-5475-4E88-9EA5-38B962A4B8CF}" = ColorTool 2.0
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{48FB7C81-0EF5-4857-8849-DD526BAC7A36}" = Java Advanced Imaging 1.1.3 for JRE
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B02D3CE-A011-4475-93A5-774E0DA4E27E}" = hpbM276DSService
"{4D667C80-C106-4A7F-984E-42CD19F18CC1}" = Time Slider
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{51722911-C391-4118-97BF-B50100D2AB15}_is1" = Gephi 0.7
"{54525107-4C4E-44AC-AC65-806084151057}" = hppSendFaxM276
"{568C5D3E-5B79-47EC-A34B-8D7C8AEF1F8F}" = HPLJUTCore
"{59F3D2AC-5F1F-4A93-8F23-6FD4F029D9A9}" = True Image 2013
"{59F3D2AC-5F1F-4A93-8F23-6FD4F029D9A9}Visible" = True Image 2013
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.06
"{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}" = hpbDSService
"{6553F4A8-B67F-49BA-A882-FF499C83CF4B}" = 32 Bit HP CIO Components Installer
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6A136292-02AB-428E-8E9A-2628A52FA98E}" = HP LaserJet 200 color MFP M276 Fax
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C0BB722-74DF-4D06-95AA-1D9D4C2E906B}" = KML Geocode
"{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{7C960641-0A27-45C6-96F8-BE4E04A4CC2C}" = hpStatusAlerts
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.22
"{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1
"{88B2E402-DE40-4422-9CCB-D285F8602C93}" = HP Product FWUpdater
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FC67FB0-5F99-4DBC-9B32-E0C027862220}" = MySQL Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9615709B-777E-4EF7-ADF6-45131FA64C1E}" = Easy ALS Manager
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA7C8031-C18D-42A9-8426-0DD1CBCC9E3A}" = hppM276LaserJetService
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B361ED10-259E-4B76-B35E-E47BB6DDDD74}" = hppFaxDrvM276
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7A20537-1A1F-47D4-8526-DC9BABB315FD}" = Lexware Elster
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C97E3F48-DE95-4E00-80AF-32D75C69302D}" = HPLJUTM276
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}" = HP LaserJet 200 color MFP M276
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0AA26A2-08B8-4858-BB69-E50A542DC6ED}" = HP LaserJet 200 color MFP M276 HP Device Toolbox
"{D58D3C8E-2B39-455C-AE79-878AEA3D38FC}" = HP Unified IO
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4289A7B-F94B-4CB5-A09A-96D3634E9669}" = Tableau Public 6.0
"{E6770DAF-AA6B-4875-9B99-16B8FAC70547}" = hpStatusAlertsM276
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA540E75-A545-4C9D-B42E-9C8FC09630C4}" = HP LJ200 M276 HP Scan
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF719B9F-2D42-4790-87E8-005B4088E951}" = KMLReport
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F156F43B-0335-49CE-AA04-8B3FD74BEDD5}" = ArcScripts Cartograms
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.01.25.A
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"1190-3857-8766-9166" = TheBrain 7
"7-Zip" = 7-Zip 4.65
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ArcGIS License Manager" = ArcGIS License Manager
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Banco de Dados Spring DF" = Banco de Dados Spring DF
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1007
"CDex" = CDex - Open Source Digital Audio CD Extractor
"com.esri.ags.AppBuilder" = ArcGIS Viewer for Flex
"dm-Fotowelt" = dm-Fotowelt
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON SX110 Series" = Druckerdeinstallation für EPSON SX110 Series
"ESET Online Scanner" = ESET Online Scanner v3
"ET GeoWizards 9.9" = ET GeoWizards 9.9
"FileZilla Client" = FileZilla Client 3.2.4.1
"Filzip 3.0.6.93_is1" = Filzip 3.06
"FWTools247" = FWTools 2.4.7
"GanttProject" = GanttProject
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"iDump" = iDump (Build: 28)
"ie8" = Windows Internet Explorer 8
"InstallShield_{1AA8913B-0A5E-4B70-8A1C-878283EF0F66}" = RSI ENVI 4.3
"InstallShield_{48FB7C81-0EF5-4857-8849-DD526BAC7A36}" = Java Advanced Imaging 1.1.3 for JRE
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"IrfanView" = IrfanView (remove only)
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Mendeley Desktop" = Mendeley Desktop 1.3.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Monteverdi" = Monteverdi-1.8
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"No23 Recorder" = No23 Recorder
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OTB-Applications" = OrfeoToolbox-Applications-3.10
"Pen Tablet Driver" = Stifttablett
"Prism" = Prism Videodatei-Konverter
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"Python 2.4.1" = Python 2.4.1
"Quantum GIS Wroclaw" = Quantum GIS Wroclaw 1.7.3 Wroclaw
"SpywareBlaster_is1" = SpywareBlaster 4.4
"ST6UNST #1" = GEGraph
"ST6UNST #2" = LIDAR Data Handler (8.1)
"Strassenverzeichnisse_is1" = R2009_V1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 0.9.9
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9C
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{BDE4805C-4A64-4C6D-8547-5B7DB885C65F}_is1" = Daniel's XL Toolbox 5.04
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.11.2012 13:44:48 | Computer Name = SAMSUNG-P560 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 20.11.2012 05:18:02 | Computer Name = SAMSUNG-P560 | Source = PerfNet | ID = 2005
Description = Die Leistungsinformationen vom Serverdienst konnten nicht gelesen
werden. Es werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene
Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information
ist DWORD 2.
Error - 20.11.2012 05:18:02 | Computer Name = SAMSUNG-P560 | Source = PerfNet | ID = 2006
Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden.
Es
werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene Fehlercode
ist DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information ist DWORD 2.
Error - 20.11.2012 12:51:41 | Computer Name = SAMSUNG-P560 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 20.11.2012 15:12:23 | Computer Name = SAMSUNG-P560 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung dm-fotowelt.exe, Version 0.0.0.0, fehlgeschlagenes
Modul dm-fotowelt.exe, Version 0.0.0.0, Fehleradresse 0x0000ea87.
Error - 20.11.2012 16:32:34 | Computer Name = SAMSUNG-P560 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application hplaserjetservice.exe, version 9.22.816.0, stamp
4e3a385c, faulting module hpzjcd01.dll, version 7.0.13.0, stamp 48081c3a, debug?
0, fault address 0x000131ae.
Error - 20.11.2012 19:22:49 | Computer Name = SAMSUNG-P560 | Source = nview_info | ID = 11141121
Description =
Error - 20.11.2012 19:25:59 | Computer Name = SAMSUNG-P560 | Source = PerfNet | ID = 2005
Description = Die Leistungsinformationen vom Serverdienst konnten nicht gelesen
werden. Es werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene
Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information
ist DWORD 2.
Error - 20.11.2012 19:25:59 | Computer Name = SAMSUNG-P560 | Source = PerfNet | ID = 2006
Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden.
Es
werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene Fehlercode
ist DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information ist DWORD 2.
Error - 20.11.2012 19:27:37 | Computer Name = SAMSUNG-P560 | Source = FolderSize | ID = 0
Description =
[ OSession Events ]
Error - 19.04.2010 09:38:43 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18225
seconds with 4020 seconds of active time. This session ended with a crash.
Error - 05.05.2010 16:14:12 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.
Error - 05.05.2010 16:14:30 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.
Error - 26.05.2011 16:08:23 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 26.05.2011 16:11:57 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.08.2011 12:13:10 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.08.2011 14:09:30 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.08.2011 14:09:45 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
Error - 17.11.2012 10:44:29 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 10959
seconds with 2580 seconds of active time. This session ended with a crash.
Error - 17.11.2012 10:44:48 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4020
seconds with 600 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 20.11.2012 17:15:59 | Computer Name = SAMSUNG-P560 | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 20.11.2012 17:16:04 | Computer Name = SAMSUNG-P560 | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 20.11.2012 17:16:08 | Computer Name = SAMSUNG-P560 | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 20.11.2012 17:16:13 | Computer Name = SAMSUNG-P560 | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 20.11.2012 17:16:18 | Computer Name = SAMSUNG-P560 | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 20.11.2012 17:16:22 | Computer Name = SAMSUNG-P560 | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 20.11.2012 17:16:27 | Computer Name = SAMSUNG-P560 | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 20.11.2012 19:26:25 | Computer Name = SAMSUNG-P560 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DS1410D" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 20.11.2012 19:26:25 | Computer Name = SAMSUNG-P560 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst 27000@samsung-p560.
Error - 20.11.2012 19:26:25 | Computer Name = SAMSUNG-P560 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "27000@samsung-p560" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-21 14:12:08
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHZ2250BH_G2 rev.00000009
Running: kyn4bn1d.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\pxddrfob.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8F6F360, 0x378C3D, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs tdrpman.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\Ftdisk \Device\HarddiskVolume1 fltsrv.sys (Acronis Storage Filter Management Driver/Acronis)
Device \Driver\Ftdisk \Device\HarddiskVolume2 fltsrv.sys (Acronis Storage Filter Management Driver/Acronis)
Device \Driver\Ftdisk \Device\HarddiskVolume3 fltsrv.sys (Acronis Storage Filter Management Driver/Acronis)
Device \Driver\Disk \Device\Harddisk0\DR0 fltsrv.sys (Acronis Storage Filter Management Driver/Acronis)
Device \Driver\Ftdisk \Device\FtControl fltsrv.sys (Acronis Storage Filter Management Driver/Acronis)
---- EOF - GMER 1.0.15 ----
|
|
22.11.2012, 14:53
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Java/CVE-2012-0507.CG und Windows Performanz Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
22.11.2012, 17:29
| #3 |
| | Java/CVE-2012-0507.CG und Windows Performanz Hallo,
__________________danke für Deine Rückmeldung. Hier kommen aswMBR und TDS Killer logs. aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-22 17:05:39
-----------------------------
17:05:39.718 OS Version: Windows 5.1.2600 Service Pack 3
17:05:39.718 Number of processors: 2 586 0x1706
17:05:39.718 ComputerName: SAMSUNG-P560 UserName: ***
17:05:40.406 Initialize success
17:06:20.734 AVAST engine defs: 12112200
17:06:52.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:06:52.781 Disk 0 Vendor: FUJITSU_MHZ2250BH_G2 00000009 Size: 238475MB BusType: 3
17:06:52.812 Disk 0 MBR read successfully
17:06:52.812 Disk 0 MBR scan
17:06:52.843 Disk 0 Windows XP default MBR code
17:06:52.859 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
17:06:52.859 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 81917 MB offset 20980890
17:06:52.890 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 146310 MB offset 188747685
17:06:52.890 Disk 0 scanning sectors +488392065
17:06:52.953 Disk 0 scanning C:\WINDOWS\system32\drivers
17:07:02.156 Service scanning
17:07:10.937 Service MpKsl42a0614a C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{1DCB9B1A-AE19-45F9-B71B-678FBCF09D10}\MpKsl42a0614a.sys **LOCKED** 32
17:07:22.328 Modules scanning
17:07:28.062 Disk 0 trace - called modules:
17:07:28.078 ntoskrnl.exe fltsrv.sys hal.dll tdrpman.sys CLASSPNP.SYS disk.sys vidsflt.sys atapi.sys pciide.sys PCIIDEX.SYS
17:07:28.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac5dab8]
17:07:28.078 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x8ac7d948]
17:07:28.078 5 vidsflt.sys[f74edd9b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ac6ed98]
17:07:28.734 AVAST engine scan C:\WINDOWS
17:07:44.703 AVAST engine scan C:\WINDOWS\system32
17:10:23.093 AVAST engine scan C:\WINDOWS\system32\drivers
17:10:36.484 AVAST engine scan C:\Dokumente und Einstellungen\***
17:19:07.218 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\MBR.dat"
17:19:07.218 The log file has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\aswMBR.txt"
Code:
ATTFilter 17:20:10.0250 3940 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:20:10.0328 3940 ============================================================
17:20:10.0328 3940 Current date / time: 2012/11/22 17:20:10.0328
17:20:10.0328 3940 SystemInfo:
17:20:10.0328 3940
17:20:10.0328 3940 OS Version: 5.1.2600 ServicePack: 3.0
17:20:10.0328 3940 Product type: Workstation
17:20:10.0328 3940 ComputerName: SAMSUNG-P560
17:20:10.0328 3940 UserName: ***
17:20:10.0328 3940 Windows directory: C:\WINDOWS
17:20:10.0328 3940 System windows directory: C:\WINDOWS
17:20:10.0328 3940 Processor architecture: Intel x86
17:20:10.0328 3940 Number of processors: 2
17:20:10.0328 3940 Page size: 0x1000
17:20:10.0328 3940 Boot type: Normal boot
17:20:10.0328 3940 ============================================================
17:20:11.0578 3940 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:20:11.0578 3940 ============================================================
17:20:11.0578 3940 \Device\Harddisk0\DR0:
17:20:11.0578 3940 MBR partitions:
17:20:11.0578 3940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x140249A, BlocksNum 0x9FFEB0B
17:20:11.0578 3940 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xB400FA5, BlocksNum 0x11DC35DC
17:20:11.0578 3940 ============================================================
17:20:11.0625 3940 C: <-> \Device\Harddisk0\DR0\Partition1
17:20:11.0718 3940 D: <-> \Device\Harddisk0\DR0\Partition2
17:20:11.0718 3940 ============================================================
17:20:11.0718 3940 Initialize success
17:20:11.0718 3940 ============================================================
17:21:47.0140 3252 ============================================================
17:21:47.0140 3252 Scan started
17:21:47.0140 3252 Mode: Manual; SigCheck; TDLFS;
17:21:47.0140 3252 ============================================================
17:21:47.0765 3252 ================ Scan system memory ========================
17:21:47.0781 3252 System memory - ok
17:21:47.0781 3252 ================ Scan services =============================
17:21:47.0906 3252 [ EF788A8B277A8A93D34A16AEE17F71D8 ] 27000@samsung-p560 C:\Programme\ESRI\License\arcgis9x\lmtools.exe
17:21:48.0031 3252 27000@samsung-p560 ( UnsignedFile.Multi.Generic ) - warning
17:21:48.0031 3252 27000@samsung-p560 - detected UnsignedFile.Multi.Generic (1)
17:21:48.0125 3252 Abiosdsk - ok
17:21:48.0125 3252 abp480n5 - ok
17:21:48.0171 3252 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:21:48.0296 3252 ACPI - ok
17:21:48.0296 3252 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:21:48.0390 3252 ACPIEC - ok
17:21:48.0500 3252 [ 35BCB0F33FABA91F93C062FBE7EA1EAC ] AcrSch2Svc C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
17:21:48.0546 3252 AcrSch2Svc - ok
17:21:48.0578 3252 [ C1EB9968EC89FBA5F3A264E2E57923AB ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
17:21:48.0593 3252 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
17:21:48.0593 3252 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
17:21:48.0656 3252 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:21:48.0671 3252 AdobeFlashPlayerUpdateSvc - ok
17:21:48.0671 3252 adpu160m - ok
17:21:48.0718 3252 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:21:48.0812 3252 aec - ok
17:21:48.0859 3252 [ DF139E5866C19E0B3217EF210198D875 ] afcdp C:\WINDOWS\system32\DRIVERS\afcdp.sys
17:21:48.0953 3252 afcdp - ok
17:21:49.0062 3252 [ 1AEA25F70F12ABB494A4E35E1D717414 ] afcdpsrv C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
17:21:49.0296 3252 afcdpsrv - ok
17:21:49.0343 3252 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:21:49.0421 3252 AFD - ok
17:21:49.0453 3252 [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
17:21:49.0500 3252 AgereModemAudio - ok
17:21:49.0546 3252 [ 1CFEBA39FC613E45B49D3EDDFBCDA289 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
17:21:49.0640 3252 AgereSoftModem - ok
17:21:49.0656 3252 Aha154x - ok
17:21:49.0656 3252 aic78u2 - ok
17:21:49.0671 3252 aic78xx - ok
17:21:49.0703 3252 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:21:49.0796 3252 Alerter - ok
17:21:49.0812 3252 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
17:21:49.0906 3252 ALG - ok
17:21:49.0906 3252 AliIde - ok
17:21:49.0906 3252 amsint - ok
17:21:49.0984 3252 [ EB4E26AD3A0E681C2FAABBACB0691A34 ] Apache2.2 C:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe
17:21:49.0984 3252 Apache2.2 ( UnsignedFile.Multi.Generic ) - warning
17:21:49.0984 3252 Apache2.2 - detected UnsignedFile.Multi.Generic (1)
17:21:50.0062 3252 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:21:50.0062 3252 Apple Mobile Device - ok
17:21:50.0093 3252 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:21:50.0187 3252 AppMgmt - ok
17:21:50.0187 3252 asc - ok
17:21:50.0203 3252 asc3350p - ok
17:21:50.0203 3252 asc3550 - ok
17:21:50.0328 3252 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:21:50.0375 3252 aspnet_state - ok
17:21:50.0406 3252 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:21:50.0500 3252 AsyncMac - ok
17:21:50.0515 3252 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:21:50.0609 3252 atapi - ok
17:21:50.0609 3252 Atdisk - ok
17:21:50.0640 3252 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:21:50.0718 3252 Atmarpc - ok
17:21:50.0750 3252 [ 73742099982CF514512E1941F2862C33 ] ATSWPDRV C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
17:21:50.0765 3252 ATSWPDRV - ok
17:21:50.0796 3252 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:21:50.0906 3252 AudioSrv - ok
17:21:50.0937 3252 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:21:51.0000 3252 audstub - ok
17:21:51.0031 3252 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:21:51.0109 3252 Beep - ok
17:21:51.0140 3252 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
17:21:51.0218 3252 BITS - ok
17:21:51.0296 3252 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
17:21:51.0312 3252 Bonjour Service - ok
17:21:51.0343 3252 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
17:21:51.0390 3252 Browser - ok
17:21:51.0437 3252 [ ECDC40CC54603C711E1A7A1C9255184A ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
17:21:51.0468 3252 btaudio - ok
17:21:51.0500 3252 [ 58A49BD10E08D3D4333A60DEDCB1CED8 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
17:21:51.0500 3252 BTDriver - ok
17:21:51.0562 3252 [ 885B6D0F826A216EEE4C3AD883809012 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
17:21:51.0593 3252 BTKRNL - ok
17:21:51.0656 3252 [ 49E9ED37FAEC5E8C03E81FD73D3884D6 ] btwdins C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
17:21:51.0671 3252 btwdins - ok
17:21:51.0671 3252 [ B1D350F3F13CF340FCE93912D2BA1EBF ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
17:21:51.0703 3252 BTWDNDIS - ok
17:21:51.0750 3252 [ 8BCD7BFE9C70A8FF7444263435B18AA1 ] btwmodem C:\WINDOWS\system32\DRIVERS\btwmodem.sys
17:21:51.0750 3252 btwmodem - ok
17:21:51.0765 3252 [ 57E91E9925976BBC98984EEBAAF1D84C ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
17:21:51.0812 3252 BTWUSB - ok
17:21:51.0828 3252 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:21:51.0921 3252 cbidf2k - ok
17:21:51.0953 3252 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:21:52.0031 3252 CCDECODE - ok
17:21:52.0046 3252 cd20xrnt - ok
17:21:52.0062 3252 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:21:52.0140 3252 Cdaudio - ok
17:21:52.0171 3252 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:21:52.0265 3252 Cdfs - ok
17:21:52.0281 3252 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:21:52.0359 3252 Cdrom - ok
17:21:52.0406 3252 [ C9503EED292DB41937C22F620FDAA39C ] cglptnt C:\Programme\totalcmd\cglptnt.sys
17:21:52.0421 3252 cglptnt - ok
17:21:52.0421 3252 Changer - ok
17:21:52.0437 3252 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:21:52.0515 3252 CiSvc - ok
17:21:52.0531 3252 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:21:52.0625 3252 ClipSrv - ok
17:21:52.0671 3252 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:21:52.0687 3252 clr_optimization_v2.0.50727_32 - ok
17:21:52.0718 3252 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:21:52.0765 3252 clr_optimization_v4.0.30319_32 - ok
17:21:52.0781 3252 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:21:52.0875 3252 CmBatt - ok
17:21:52.0875 3252 CmdIde - ok
17:21:52.0906 3252 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:21:53.0000 3252 Compbatt - ok
17:21:53.0000 3252 COMSysApp - ok
17:21:53.0015 3252 Cpqarray - ok
17:21:53.0031 3252 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:21:53.0109 3252 CryptSvc - ok
17:21:53.0109 3252 dac2w2k - ok
17:21:53.0125 3252 dac960nt - ok
17:21:53.0156 3252 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:21:53.0218 3252 DcomLaunch - ok
17:21:53.0265 3252 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:21:53.0359 3252 Dhcp - ok
17:21:53.0359 3252 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:21:53.0453 3252 Disk - ok
17:21:53.0453 3252 dmadmin - ok
17:21:53.0484 3252 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:21:53.0609 3252 dmboot - ok
17:21:53.0609 3252 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:21:53.0703 3252 dmio - ok
17:21:53.0734 3252 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:21:53.0828 3252 dmload - ok
17:21:53.0843 3252 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:21:53.0937 3252 dmserver - ok
17:21:53.0953 3252 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:21:54.0046 3252 DMusic - ok
17:21:54.0093 3252 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:21:54.0171 3252 Dnscache - ok
17:21:54.0203 3252 [ 128AE3AEDDE1E3AE772C88320628FE7C ] DNSeFilter C:\WINDOWS\system32\drivers\SamsungEDS.sys
17:21:54.0203 3252 DNSeFilter ( UnsignedFile.Multi.Generic ) - warning
17:21:54.0203 3252 DNSeFilter - detected UnsignedFile.Multi.Generic (1)
17:21:54.0234 3252 [ 8A4CB9438571814B128B6DC30D698064 ] DOSMEMIO C:\WINDOWS\system32\MEMIO.SYS
17:21:54.0250 3252 DOSMEMIO ( UnsignedFile.Multi.Generic ) - warning
17:21:54.0250 3252 DOSMEMIO - detected UnsignedFile.Multi.Generic (1)
17:21:54.0281 3252 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:21:54.0359 3252 Dot3svc - ok
17:21:54.0359 3252 dpti2o - ok
17:21:54.0390 3252 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:21:54.0484 3252 drmkaud - ok
17:21:54.0484 3252 DS1410D - ok
17:21:54.0515 3252 [ AEE21A637EDE5BD4F89CD90883149104 ] e1yexpress C:\WINDOWS\system32\DRIVERS\e1y5132.sys
17:21:54.0531 3252 e1yexpress - ok
17:21:54.0546 3252 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:21:54.0625 3252 EapHost - ok
17:21:54.0656 3252 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:21:54.0750 3252 ERSvc - ok
17:21:54.0781 3252 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
17:21:54.0812 3252 Eventlog - ok
17:21:54.0843 3252 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
17:21:54.0875 3252 EventSystem - ok
17:21:54.0906 3252 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
17:21:54.0953 3252 ew_hwusbdev - ok
17:21:54.0984 3252 [ 61A973F60E94A551BA7B15F3460444FB ] ew_usbenumfilter C:\WINDOWS\system32\DRIVERS\ew_usbenumfilter.sys
17:21:55.0015 3252 ew_usbenumfilter - ok
17:21:55.0031 3252 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:21:55.0125 3252 Fastfat - ok
17:21:55.0156 3252 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:21:55.0218 3252 FastUserSwitchingCompatibility - ok
17:21:55.0234 3252 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
17:21:55.0312 3252 Fdc - ok
17:21:55.0328 3252 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:21:55.0421 3252 Fips - ok
17:21:55.0468 3252 [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:21:55.0531 3252 FLEXnet Licensing Service - ok
17:21:55.0578 3252 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
17:21:55.0656 3252 Flpydisk - ok
17:21:55.0703 3252 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:21:55.0781 3252 FltMgr - ok
17:21:55.0812 3252 [ E20D64EDF74D80874837B16506D58166 ] fltsrv C:\WINDOWS\system32\DRIVERS\fltsrv.sys
17:21:55.0812 3252 fltsrv - ok
17:21:55.0859 3252 [ 5043F0D9A22AABF550508B3165C5B0FD ] FolderSize C:\Programme\FolderSize\FolderSizeSvc.exe
17:21:55.0890 3252 FolderSize ( UnsignedFile.Multi.Generic ) - warning
17:21:55.0890 3252 FolderSize - detected UnsignedFile.Multi.Generic (1)
17:21:55.0937 3252 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:21:55.0953 3252 FontCache3.0.0.0 - ok
17:21:55.0984 3252 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:21:56.0078 3252 Fs_Rec - ok
17:21:56.0078 3252 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:21:56.0156 3252 Ftdisk - ok
17:21:56.0187 3252 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:21:56.0203 3252 GEARAspiWDM - ok
17:21:56.0250 3252 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Programme\NOS\bin\getPlus_Helper.dll
17:21:56.0265 3252 getPlusHelper - ok
17:21:56.0296 3252 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:21:56.0390 3252 Gpc - ok
17:21:56.0453 3252 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9b887e0a7795c C:\Programme\Google\Update\GoogleUpdate.exe
17:21:56.0468 3252 gupdate1c9b887e0a7795c - ok
17:21:56.0468 3252 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
17:21:56.0484 3252 gupdatem - ok
17:21:56.0500 3252 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:21:56.0593 3252 HDAudBus - ok
17:21:56.0625 3252 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:21:56.0718 3252 helpsvc - ok
17:21:56.0734 3252 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
17:21:56.0828 3252 HidServ - ok
17:21:56.0843 3252 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:21:56.0921 3252 HidUsb - ok
17:21:56.0953 3252 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:21:57.0031 3252 hkmsvc - ok
17:21:57.0109 3252 [ 86724A200BF1F08A03FB563660FCD928 ] HP DS Service C:\Programme\HP\HPBDSService\HPBDSService.exe
17:21:57.0125 3252 HP DS Service ( UnsignedFile.Multi.Generic ) - warning
17:21:57.0125 3252 HP DS Service - detected UnsignedFile.Multi.Generic (1)
17:21:57.0171 3252 [ 896DA1A34D78FA82F7A98EAD1A4F4B3B ] HP LaserJet Service C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe
17:21:57.0171 3252 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - warning
17:21:57.0171 3252 HP LaserJet Service - detected UnsignedFile.Multi.Generic (1)
17:21:57.0187 3252 hpn - ok
17:21:57.0218 3252 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:21:57.0250 3252 HTTP - ok
17:21:57.0265 3252 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:21:57.0359 3252 HTTPFilter - ok
17:21:57.0375 3252 [ 88B2115311628579BDE805DDDDD913B7 ] huawei_cdcacm C:\WINDOWS\system32\DRIVERS\ew_jucdcacm.sys
17:21:57.0468 3252 huawei_cdcacm - ok
17:21:57.0500 3252 [ 77F6E1CF7A4B1460214E6343B0EAD4C7 ] huawei_cdcecm C:\WINDOWS\system32\DRIVERS\ew_jucdcecm.sys
17:21:57.0531 3252 huawei_cdcecm - ok
17:21:57.0562 3252 [ 2AEB89AEAC08ECD23FC0DA3EB4330A29 ] huawei_enumerator C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
17:21:57.0593 3252 huawei_enumerator - ok
17:21:57.0609 3252 [ FF66400ACC543F4EEFE83CDE5B1B4164 ] huawei_ext_ctrl C:\WINDOWS\system32\DRIVERS\ew_juextctrl.sys
17:21:57.0640 3252 huawei_ext_ctrl - ok
17:21:57.0640 3252 i2omgmt - ok
17:21:57.0640 3252 i2omp - ok
17:21:57.0687 3252 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:21:57.0765 3252 i8042prt - ok
17:21:57.0875 3252 [ 7612564EE841AF81DC07081906647640 ] IDL DicomEx Storage SCP C:\Programme\RSI\IDL63\bin\bin.x86\idl_dicomexstorscp.exe
17:21:57.0875 3252 IDL DicomEx Storage SCP ( UnsignedFile.Multi.Generic ) - warning
17:21:57.0875 3252 IDL DicomEx Storage SCP - detected UnsignedFile.Multi.Generic (1)
17:21:57.0953 3252 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:21:57.0968 3252 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:21:57.0968 3252 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:21:58.0015 3252 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:21:58.0078 3252 idsvc - ok
17:21:58.0125 3252 [ 204AC659F069616AE00627A1B467655D ] IFXSpMgtSrv C:\WINDOWS\system32\ifxspmgt.exe
17:21:58.0140 3252 IFXSpMgtSrv - ok
17:21:58.0187 3252 [ 02B893D0B89E0B28881A1CAB6F337A0B ] IFXTCS C:\WINDOWS\system32\IFXTCS.exe
17:21:58.0218 3252 IFXTCS - ok
17:21:58.0265 3252 [ 667CFDB801DF771F47B7C39373C2D850 ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
17:21:58.0343 3252 IFXTPM - ok
17:21:58.0359 3252 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:21:58.0453 3252 Imapi - ok
17:21:58.0468 3252 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
17:21:58.0546 3252 ImapiService - ok
17:21:58.0562 3252 ini910u - ok
17:21:58.0718 3252 [ 19AFBB8427CE65042599555E578170DF ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:21:58.0906 3252 IntcAzAudAddService - ok
17:21:58.0921 3252 IntelIde - ok
17:21:58.0953 3252 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:21:59.0031 3252 intelppm - ok
17:21:59.0046 3252 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:21:59.0125 3252 Ip6Fw - ok
17:21:59.0140 3252 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:21:59.0218 3252 IpInIp - ok
17:21:59.0250 3252 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:21:59.0328 3252 IpNat - ok
17:21:59.0375 3252 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Programme\iPod\bin\iPodService.exe
17:21:59.0437 3252 iPod Service - ok
17:21:59.0468 3252 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:21:59.0546 3252 IPSec - ok
17:21:59.0562 3252 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:21:59.0640 3252 IRENUM - ok
17:21:59.0671 3252 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:21:59.0750 3252 isapnp - ok
17:21:59.0843 3252 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
17:21:59.0859 3252 JavaQuickStarterService - ok
17:21:59.0875 3252 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:21:59.0953 3252 Kbdclass - ok
17:21:59.0984 3252 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:22:00.0078 3252 kbdhid - ok
17:22:00.0109 3252 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:22:00.0187 3252 kmixer - ok
17:22:00.0203 3252 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:22:00.0281 3252 KSecDD - ok
17:22:00.0312 3252 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:22:00.0375 3252 lanmanserver - ok
17:22:00.0406 3252 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:22:00.0453 3252 lanmanworkstation - ok
17:22:00.0453 3252 lbrtfdc - ok
17:22:00.0515 3252 [ C215E09622118383B236DD56C2065183 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
17:22:00.0531 3252 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:22:00.0531 3252 LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:22:00.0562 3252 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:22:00.0656 3252 LmHosts - ok
17:22:00.0671 3252 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:22:00.0734 3252 Messenger - ok
17:22:00.0765 3252 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:22:00.0859 3252 mnmdd - ok
17:22:00.0890 3252 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:22:00.0968 3252 mnmsrvc - ok
17:22:00.0984 3252 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:22:01.0078 3252 Modem - ok
17:22:01.0093 3252 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:22:01.0187 3252 Mouclass - ok
17:22:01.0187 3252 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:22:01.0265 3252 mouhid - ok
17:22:01.0281 3252 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:22:01.0375 3252 MountMgr - ok
17:22:01.0406 3252 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
17:22:01.0421 3252 MozillaMaintenance - ok
17:22:01.0453 3252 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:22:01.0468 3252 MpFilter - ok
17:22:01.0578 3252 [ A69630D039C38018689190234F866D77 ] MpKsl42a0614a C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{1DCB9B1A-AE19-45F9-B71B-678FBCF09D10}\MpKsl42a0614a.sys
17:22:01.0578 3252 MpKsl42a0614a - ok
17:22:01.0593 3252 mraid35x - ok
17:22:01.0593 3252 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:22:01.0687 3252 MRxDAV - ok
17:22:01.0734 3252 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:22:01.0796 3252 MRxSmb - ok
17:22:01.0828 3252 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:22:01.0906 3252 MSDTC - ok
17:22:01.0921 3252 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:22:02.0015 3252 Msfs - ok
17:22:02.0015 3252 MSIServer - ok
17:22:02.0046 3252 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:22:02.0125 3252 MSKSSRV - ok
17:22:02.0203 3252 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Programme\Microsoft Security Client\MsMpEng.exe
17:22:02.0218 3252 MsMpSvc - ok
17:22:02.0250 3252 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:22:02.0312 3252 MSPCLOCK - ok
17:22:02.0328 3252 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:22:02.0406 3252 MSPQM - ok
17:22:02.0421 3252 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:22:02.0500 3252 mssmbios - ok
17:22:02.0515 3252 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:22:02.0593 3252 MSTEE - ok
17:22:02.0625 3252 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:22:02.0671 3252 Mup - ok
17:22:02.0687 3252 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:22:02.0765 3252 NABTSFEC - ok
17:22:02.0796 3252 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
17:22:02.0890 3252 napagent - ok
17:22:02.0921 3252 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:22:03.0000 3252 NDIS - ok
17:22:03.0015 3252 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:22:03.0093 3252 NdisIP - ok
17:22:03.0140 3252 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:22:03.0171 3252 NdisTapi - ok
17:22:03.0218 3252 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:22:03.0296 3252 Ndisuio - ok
17:22:03.0328 3252 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:22:03.0406 3252 NdisWan - ok
17:22:03.0421 3252 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:22:03.0453 3252 NDProxy - ok
17:22:03.0500 3252 [ F7C14F5077BF2BC476C348B88A7F74E2 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
17:22:03.0500 3252 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:22:03.0500 3252 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:22:03.0515 3252 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:22:03.0593 3252 NetBIOS - ok
17:22:03.0625 3252 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:22:03.0718 3252 NetBT - ok
17:22:03.0750 3252 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
17:22:03.0828 3252 NetDDE - ok
17:22:03.0828 3252 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:22:03.0906 3252 NetDDEdsdm - ok
17:22:03.0921 3252 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:22:04.0000 3252 Netlogon - ok
17:22:04.0031 3252 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
17:22:04.0125 3252 Netman - ok
17:22:04.0156 3252 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:22:04.0156 3252 NetTcpPortSharing - ok
17:22:04.0296 3252 [ 91F027C242D3FF6E5C09F92A0518297F ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
17:22:04.0546 3252 NETw5x32 - ok
17:22:04.0578 3252 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
17:22:04.0609 3252 Nla - ok
17:22:04.0656 3252 [ F44ADDBF29905CB19F52FC9FE6A0EFA1 ] nosGetPlusHelper C:\Programme\NOS\bin\getPlus_Helper_3004.dll
17:22:04.0656 3252 nosGetPlusHelper - ok
17:22:04.0671 3252 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:22:04.0750 3252 Npfs - ok
17:22:04.0796 3252 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:22:04.0953 3252 Ntfs - ok
17:22:05.0000 3252 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:22:05.0062 3252 NtLmSsp - ok
17:22:05.0109 3252 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:22:05.0203 3252 NtmsSvc - ok
17:22:05.0203 3252 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:22:05.0281 3252 Null - ok
17:22:05.0484 3252 [ AD4E53F0CAAC3DDC1B34BEC01F5CAB3D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:22:05.0843 3252 nv - ok
17:22:05.0906 3252 [ F0A93CE4233187889020DED62D07CEB2 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys
17:22:05.0906 3252 NVHDA - ok
17:22:05.0921 3252 [ 51CC53015DC3ED715441711350F7D96F ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
17:22:05.0937 3252 NVSvc - ok
17:22:05.0968 3252 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:22:06.0046 3252 NwlnkFlt - ok
17:22:06.0062 3252 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:22:06.0140 3252 NwlnkFwd - ok
17:22:06.0234 3252 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
17:22:06.0250 3252 odserv - ok
17:22:06.0328 3252 [ 7E980A7AA0CF8F9F079500AD9FEFCC74 ] omniserv C:\Programme\Softex\OmniPass\Omniserv.exe
17:22:06.0343 3252 omniserv ( UnsignedFile.Multi.Generic ) - warning
17:22:06.0343 3252 omniserv - detected UnsignedFile.Multi.Generic (1)
17:22:06.0375 3252 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
17:22:06.0390 3252 ose - ok
17:22:06.0406 3252 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
17:22:06.0500 3252 Parport - ok
17:22:06.0531 3252 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:22:06.0609 3252 PartMgr - ok
17:22:06.0640 3252 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:22:06.0718 3252 ParVdm - ok
17:22:06.0718 3252 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:22:06.0812 3252 PCI - ok
17:22:06.0812 3252 PCIDump - ok
17:22:06.0828 3252 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:22:06.0906 3252 PCIIde - ok
17:22:06.0906 3252 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:22:06.0984 3252 Pcmcia - ok
17:22:06.0984 3252 PDCOMP - ok
17:22:06.0984 3252 PDFRAME - ok
17:22:07.0000 3252 PDRELI - ok
17:22:07.0015 3252 PDRFRAME - ok
17:22:07.0015 3252 perc2 - ok
17:22:07.0031 3252 perc2hib - ok
17:22:07.0093 3252 [ F21B077B1FBA7AA331FA1087078D92E8 ] PersonalSecureDrive C:\WINDOWS\System32\drivers\psd.sys
17:22:07.0093 3252 PersonalSecureDrive - ok
17:22:07.0109 3252 [ C30A73C602C09BC8404A18497AD24145 ] PersonalSecureDriveService C:\WINDOWS\system32\IfxPsdSv.exe
17:22:07.0125 3252 PersonalSecureDriveService - ok
17:22:07.0140 3252 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
17:22:07.0171 3252 PlugPlay - ok
17:22:07.0187 3252 [ E638656001C52A1FAA34F92E6D3A086B ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
17:22:07.0203 3252 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:22:07.0203 3252 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:22:07.0218 3252 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:22:07.0296 3252 PolicyAgent - ok
17:22:07.0296 3252 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:22:07.0390 3252 PptpMiniport - ok
17:22:07.0390 3252 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:22:07.0468 3252 ProtectedStorage - ok
17:22:07.0500 3252 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:22:07.0578 3252 PSched - ok
17:22:07.0625 3252 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:22:07.0703 3252 Ptilink - ok
17:22:07.0718 3252 ql1080 - ok
17:22:07.0718 3252 Ql10wnt - ok
17:22:07.0718 3252 ql12160 - ok
17:22:07.0734 3252 ql1240 - ok
17:22:07.0750 3252 ql1280 - ok
17:22:07.0765 3252 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:22:07.0859 3252 RasAcd - ok
17:22:07.0875 3252 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:22:07.0953 3252 RasAuto - ok
17:22:08.0000 3252 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:22:08.0062 3252 Rasl2tp - ok
17:22:08.0093 3252 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:22:08.0171 3252 RasMan - ok
17:22:08.0187 3252 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:22:08.0281 3252 RasPppoe - ok
17:22:08.0281 3252 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:22:08.0359 3252 Raspti - ok
17:22:08.0375 3252 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:22:08.0468 3252 Rdbss - ok
17:22:08.0484 3252 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:22:08.0578 3252 RDPCDD - ok
17:22:08.0609 3252 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:22:08.0703 3252 rdpdr - ok
17:22:08.0734 3252 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:22:08.0796 3252 RDPWD - ok
17:22:08.0812 3252 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:22:08.0890 3252 RDSessMgr - ok
17:22:08.0906 3252 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:22:08.0984 3252 redbook - ok
17:22:09.0015 3252 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:22:09.0093 3252 RemoteAccess - ok
17:22:09.0125 3252 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:22:09.0203 3252 RemoteRegistry - ok
17:22:09.0296 3252 [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo C:\Programme\CyberLink\Shared Files\RichVideo.exe
17:22:09.0312 3252 RichVideo - ok
17:22:09.0359 3252 [ C2EF513BBE069F0D4EE0938A76F975D3 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
17:22:09.0375 3252 rimmptsk - ok
17:22:09.0421 3252 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
17:22:09.0500 3252 RpcLocator - ok
17:22:09.0531 3252 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\System32\rpcss.dll
17:22:09.0562 3252 RpcSs - ok
17:22:09.0593 3252 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:22:09.0687 3252 RSVP - ok
17:22:09.0703 3252 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
17:22:09.0765 3252 SamSs - ok
17:22:09.0843 3252 [ B1C20CF045A559FF8B622893D05067B5 ] Samsung Update Plus C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
17:22:09.0859 3252 Samsung Update Plus ( UnsignedFile.Multi.Generic ) - warning
17:22:09.0859 3252 Samsung Update Plus - detected UnsignedFile.Multi.Generic (1)
17:22:09.0921 3252 [ 27E8DE3890E8EE4B38DF44B10F5007BF ] samsung-p560 C:\Programme\ESRI\License\arcgis9x\lmgrd.exe
17:22:09.0953 3252 samsung-p560 ( UnsignedFile.Multi.Generic ) - warning
17:22:09.0953 3252 samsung-p560 - detected UnsignedFile.Multi.Generic (1)
17:22:09.0984 3252 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:22:10.0078 3252 SCardSvr - ok
17:22:10.0109 3252 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:22:10.0187 3252 Schedule - ok
17:22:10.0203 3252 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:22:10.0296 3252 sdbus - ok
17:22:10.0312 3252 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:22:10.0390 3252 Secdrv - ok
17:22:10.0406 3252 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
17:22:10.0500 3252 seclogon - ok
17:22:10.0515 3252 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
17:22:10.0593 3252 SENS - ok
17:22:10.0640 3252 [ B3C1B187FEFC941F63CE0DF93D02EB9F ] Sentinel C:\WINDOWS\System32\Drivers\SENTINEL.SYS
17:22:10.0640 3252 Sentinel - ok
17:22:10.0656 3252 [ ACCDF944417FCE3B9BDDFC197C704A27 ] SentinelProtectionServer C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
17:22:10.0671 3252 SentinelProtectionServer - ok
17:22:10.0687 3252 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:22:10.0750 3252 serenum - ok
17:22:10.0765 3252 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:22:10.0843 3252 Serial - ok
17:22:10.0890 3252 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
17:22:10.0953 3252 sffdisk - ok
17:22:10.0984 3252 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
17:22:11.0062 3252 sffp_sd - ok
17:22:11.0093 3252 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:22:11.0171 3252 Sfloppy - ok
17:22:11.0218 3252 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:22:11.0296 3252 SharedAccess - ok
17:22:11.0328 3252 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:22:11.0328 3252 ShellHWDetection - ok
17:22:11.0343 3252 Simbad - ok
17:22:11.0500 3252 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:22:11.0656 3252 Skype C2C Service - ok
17:22:11.0734 3252 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
17:22:11.0734 3252 SkypeUpdate - ok
17:22:11.0765 3252 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:22:11.0843 3252 SLIP - ok
17:22:11.0875 3252 [ 851310C1B742D2DF2D334603836FFDF5 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
17:22:11.0890 3252 snapman - ok
17:22:11.0906 3252 [ A44FAD36D97FB5FF5B57CCEB581EB29F ] SNM WLAN Service C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe
17:22:11.0921 3252 SNM WLAN Service ( UnsignedFile.Multi.Generic ) - warning
17:22:11.0921 3252 SNM WLAN Service - detected UnsignedFile.Multi.Generic (1)
17:22:11.0921 3252 Sparrow - ok
17:22:11.0953 3252 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:22:12.0031 3252 splitter - ok
17:22:12.0078 3252 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:22:12.0109 3252 Spooler - ok
17:22:12.0156 3252 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:22:12.0234 3252 sr - ok
17:22:12.0234 3252 srescan - ok
17:22:12.0265 3252 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
17:22:12.0359 3252 srservice - ok
17:22:12.0406 3252 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:22:12.0468 3252 Srv - ok
17:22:12.0484 3252 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:22:12.0562 3252 SSDPSRV - ok
17:22:12.0609 3252 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:22:12.0703 3252 stisvc - ok
17:22:12.0765 3252 [ 0EBE46CF63F94A0ECC401DFB4C4FC139 ] StkCMini C:\WINDOWS\system32\Drivers\StkCMini.sys
17:22:12.0828 3252 StkCMini - ok
17:22:12.0843 3252 [ 6F0530313A2874A0B3D81809DE74A2E5 ] StkSSrv C:\WINDOWS\System32\StkCSrv.exe
17:22:12.0859 3252 StkSSrv - ok
17:22:12.0875 3252 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:22:12.0968 3252 streamip - ok
17:22:13.0000 3252 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:22:13.0093 3252 swenum - ok
17:22:13.0109 3252 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:22:13.0187 3252 swmidi - ok
17:22:13.0203 3252 SwPrv - ok
17:22:13.0203 3252 symc810 - ok
17:22:13.0218 3252 symc8xx - ok
17:22:13.0234 3252 sym_hi - ok
17:22:13.0234 3252 sym_u3 - ok
17:22:13.0500 3252 [ A214C8AA6A6C06C9DBAB1310E38DAB4A ] syncagentsrv C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe
17:22:13.0875 3252 syncagentsrv - ok
17:22:13.0906 3252 [ AAF5E46AE0FB391AD94850AC00707330 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:22:13.0953 3252 SynTP - ok
17:22:13.0968 3252 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:22:14.0062 3252 sysaudio - ok
17:22:14.0093 3252 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:22:14.0171 3252 SysmonLog - ok
17:22:14.0265 3252 [ 5781D4C12D0D204447F9936D421C1B80 ] TabletServicePen C:\WINDOWS\system32\Pen_Tablet.exe
17:22:14.0437 3252 TabletServicePen - ok
17:22:14.0468 3252 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:22:14.0562 3252 TapiSrv - ok
17:22:14.0593 3252 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:22:14.0640 3252 Tcpip - ok
17:22:14.0687 3252 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:22:14.0765 3252 TDPIPE - ok
17:22:14.0812 3252 [ 6345E3829FD130A144454F9F5C2A3B9E ] tdrpman C:\WINDOWS\system32\DRIVERS\tdrpman.sys
17:22:14.0843 3252 tdrpman - ok
17:22:14.0890 3252 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:22:14.0968 3252 TDTCP - ok
17:22:14.0984 3252 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:22:15.0078 3252 TermDD - ok
17:22:15.0109 3252 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
17:22:15.0203 3252 TermService - ok
17:22:15.0218 3252 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:22:15.0234 3252 Themes - ok
17:22:15.0265 3252 [ A8C31102F448231596168FFC9F568B9A ] tib_mounter C:\WINDOWS\system32\DRIVERS\tib_mounter.sys
17:22:15.0312 3252 tib_mounter - ok
17:22:15.0343 3252 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:22:15.0421 3252 TlntSvr - ok
17:22:15.0421 3252 TosIde - ok
17:22:15.0437 3252 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:22:15.0515 3252 TrkWks - ok
17:22:15.0531 3252 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:22:15.0609 3252 Udfs - ok
17:22:15.0609 3252 ultra - ok
17:22:15.0656 3252 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
17:22:15.0703 3252 UMWdf - ok
17:22:15.0734 3252 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:22:15.0828 3252 Update - ok
17:22:15.0875 3252 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:22:15.0953 3252 upnphost - ok
17:22:15.0968 3252 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
17:22:16.0062 3252 UPS - ok
17:22:16.0093 3252 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
17:22:16.0171 3252 usbaudio - ok
17:22:16.0218 3252 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:22:16.0296 3252 usbccgp - ok
17:22:16.0312 3252 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:22:16.0390 3252 usbehci - ok
17:22:16.0406 3252 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:22:16.0484 3252 usbhub - ok
17:22:16.0515 3252 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:22:16.0578 3252 usbprint - ok
17:22:16.0609 3252 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:22:16.0687 3252 usbscan - ok
17:22:16.0687 3252 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:22:16.0781 3252 USBSTOR - ok
17:22:16.0796 3252 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:22:16.0859 3252 usbuhci - ok
17:22:16.0890 3252 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
17:22:16.0968 3252 usbvideo - ok
17:22:17.0000 3252 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:22:17.0093 3252 VgaSave - ok
17:22:17.0109 3252 ViaIde - ok
17:22:17.0140 3252 [ 26B75DCB58B006867EFD659E845CD65E ] vididr C:\WINDOWS\system32\DRIVERS\vididr.sys
17:22:17.0140 3252 vididr - ok
17:22:17.0156 3252 [ 40AFA68F81F90636D1300099E9CFC8CE ] vidsflt C:\WINDOWS\system32\DRIVERS\vidsflt.sys
17:22:17.0171 3252 vidsflt - ok
17:22:17.0203 3252 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:22:17.0281 3252 VolSnap - ok
17:22:17.0328 3252 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
17:22:17.0406 3252 VSS - ok
17:22:17.0421 3252 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
17:22:17.0515 3252 W32Time - ok
17:22:17.0546 3252 [ 85F2115FEA646693C195C101E15F5667 ] wacmoumonitor C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
17:22:17.0562 3252 wacmoumonitor - ok
17:22:17.0578 3252 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
17:22:17.0593 3252 wacommousefilter - ok
17:22:17.0625 3252 [ A45BC72E1BBF4286A58EF9B894871394 ] wacomvhid C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
17:22:17.0640 3252 wacomvhid - ok
17:22:17.0640 3252 [ 889459833432B161CB99CFDF84A1A9BB ] WacomVKHid C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
17:22:17.0656 3252 WacomVKHid - ok
17:22:17.0687 3252 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:22:17.0781 3252 Wanarp - ok
17:22:17.0828 3252 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
17:22:17.0843 3252 Wdf01000 - ok
17:22:17.0843 3252 WDICA - ok
17:22:17.0859 3252 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:22:17.0953 3252 wdmaud - ok
17:22:18.0000 3252 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:22:18.0093 3252 WebClient - ok
17:22:18.0156 3252 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:22:18.0234 3252 winmgmt - ok
17:22:18.0265 3252 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:22:18.0296 3252 WmdmPmSN - ok
17:22:18.0328 3252 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:22:18.0390 3252 Wmi - ok
17:22:18.0406 3252 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:22:18.0500 3252 WmiApSrv - ok
17:22:18.0609 3252 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:22:18.0656 3252 WPFFontCache_v0400 - ok
17:22:18.0687 3252 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:22:18.0781 3252 wscsvc - ok
17:22:18.0796 3252 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:22:18.0859 3252 WSTCODEC - ok
17:22:18.0875 3252 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:22:18.0953 3252 wuauserv - ok
17:22:19.0000 3252 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:22:19.0125 3252 WZCSVC - ok
17:22:19.0156 3252 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:22:19.0234 3252 xmlprov - ok
17:22:19.0250 3252 ================ Scan global ===============================
17:22:19.0281 3252 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
17:22:19.0328 3252 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:22:19.0343 3252 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:22:19.0359 3252 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
17:22:19.0359 3252 [Global] - ok
17:22:19.0359 3252 ================ Scan MBR ==================================
17:22:19.0390 3252 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
17:22:19.0703 3252 \Device\Harddisk0\DR0 - ok
17:22:19.0703 3252 ================ Scan VBR ==================================
17:22:19.0703 3252 [ 5001E9B82DBCB32D7C107DF526336FBA ] \Device\Harddisk0\DR0\Partition1
17:22:19.0703 3252 \Device\Harddisk0\DR0\Partition1 - ok
17:22:19.0718 3252 [ 61F02124E5EE6EAB6B589E64BF0E0B2E ] \Device\Harddisk0\DR0\Partition2
17:22:19.0718 3252 \Device\Harddisk0\DR0\Partition2 - ok
17:22:19.0718 3252 ============================================================
17:22:19.0718 3252 Scan finished
17:22:19.0718 3252 ============================================================
17:22:19.0843 2088 Detected object count: 17
17:22:19.0843 2088 Actual detected object count: 17
17:22:53.0515 2088 27000@samsung-p560 ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0515 2088 27000@samsung-p560 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:53.0531 2088 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0531 2088 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:53.0531 2088 Apache2.2 ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0531 2088 Apache2.2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:53.0531 2088 DNSeFilter ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0531 2088 DNSeFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:53.0546 2088 DOSMEMIO ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0546 2088 DOSMEMIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:53.0546 2088 FolderSize ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0546 2088 FolderSize ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:53.0546 2088 HP DS Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0546 2088 HP DS Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:53.0562 2088 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0562 2088 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:53.0562 2088 IDL DicomEx Storage SCP ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0562 2088 IDL DicomEx Storage SCP ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:53.0562 2088 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0562 2088 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:53.0578 2088 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0578 2088 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:53.0578 2088 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0578 2088 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:53.0578 2088 omniserv ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0578 2088 omniserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:53.0593 2088 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0593 2088 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:53.0593 2088 Samsung Update Plus ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0593 2088 Samsung Update Plus ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:53.0593 2088 samsung-p560 ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0593 2088 samsung-p560 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:53.0593 2088 SNM WLAN Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0593 2088 SNM WLAN Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
22.11.2012, 18:49
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java/CVE-2012-0507.CG und Windows Performanz Mach bitte einen CustomScan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.11.2012, 20:40
| #5 |
| | Java/CVE-2012-0507.CG und Windows Performanz Hi Cosinus, hier kommt die OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.11.2012 20:27:56 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Gunter\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 72,84% Memory free 4,84 Gb Paging File | 4,16 Gb Available in Paging File | 85,97% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 80,00 Gb Total Space | 26,95 Gb Free Space | 33,69% Space Free | Partition Type: NTFS Drive D: | 142,88 Gb Total Space | 14,86 Gb Free Space | 10,40% Space Free | Partition Type: NTFS Computer Name: SAMSUNG-P560 | User Name: Gunter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.22 20:23:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gunter\Desktop\OTL.exe PRC - [2012.11.11 14:18:29 | 003,729,400 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.09.24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.09.12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.08.23 03:50:28 | 000,813,576 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe PRC - [2012.08.23 03:50:22 | 000,403,888 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe PRC - [2012.08.23 03:49:48 | 006,049,096 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2012.08.18 21:22:02 | 007,027,752 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe PRC - [2012.07.24 15:13:58 | 000,943,856 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\TibMounterMonitor.exe PRC - [2012.07.03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.05.24 12:28:56 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2011.10.17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\HPBDSService\HPBDSService.exe PRC - [2011.10.14 13:27:46 | 000,304,696 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\StatusAlerts\bin\HPStatusAlerts.exe PRC - [2011.08.04 00:12:46 | 000,164,352 | ---- | M] (HP) -- C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe PRC - [2010.04.06 00:41:46 | 000,116,224 | ---- | M] (Brio) -- C:\Programme\FolderSize\FolderSizeSvc.exe PRC - [2009.01.09 19:14:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2009.01.09 19:14:42 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2008.10.07 16:13:44 | 002,772,992 | ---- | M] () -- C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe PRC - [2008.10.06 17:07:26 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2008.09.08 12:20:18 | 000,031,248 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkCSrv.exe PRC - [2008.08.13 12:57:52 | 002,670,592 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe PRC - [2008.08.13 12:54:16 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe PRC - [2008.08.13 12:49:18 | 000,018,944 | ---- | M] () -- C:\Programme\Softex\OmniPass\OPXPApp.exe PRC - [2008.05.21 15:44:30 | 000,299,008 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\MagicKBD\PerformanceManager.exe PRC - [2008.05.20 19:02:08 | 000,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Programme\Samsung\MagicKBD\MagicKBD.exe PRC - [2008.05.01 23:41:38 | 000,136,488 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe PRC - [2008.05.01 23:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.18 04:27:12 | 000,013,312 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe PRC - [2008.03.17 17:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe PRC - [2007.12.20 19:40:30 | 000,659,456 | ---- | M] (Samsung Electronics,.LTD) -- C:\Programme\Samsung\Samsung EDS\EDSAgent.exe PRC - [2007.07.23 23:59:22 | 000,660,760 | ---- | M] (Infineon Technologies AG) -- C:\Programme\Infineon\Security Platform Software\SpTNA.exe PRC - [2007.07.23 23:59:22 | 000,185,624 | ---- | M] (Infineon Technologies AG) -- C:\Programme\Infineon\Security Platform Software\PSDrt.exe PRC - [2007.07.23 23:59:12 | 000,140,568 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IfxPsdSv.exe PRC - [2006.10.30 13:29:28 | 000,036,864 | ---- | M] () -- C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe PRC - [2006.03.14 06:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe PRC - [2004.03.08 13:26:30 | 000,548,864 | ---- | M] () -- C:\Programme\ESRI\License\arcgis9x\ARCGIS.EXE PRC - [1999.12.01 12:38:28 | 000,467,968 | ---- | M] () -- C:\Programme\ESRI\License\arcgis9x\lmgrd.exe ========== Modules (No Company Name) ========== MOD - [2012.11.16 15:32:14 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\b75ca75b9c2eb103f98a457ec9256ce7\System.Xml.Linq.ni.dll MOD - [2012.11.16 15:31:44 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\b809681da85a58046cb39f268b6697ad\System.Web.ni.dll MOD - [2012.11.16 15:31:35 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll MOD - [2012.11.16 15:31:27 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\709bb78b419d5d5e30f2acfd722abb29\System.Runtime.Serialization.Formatters.Soap.ni.dll MOD - [2012.11.16 15:31:21 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\188d6391f7485a07e1218b5fc4ec2207\System.Deployment.ni.dll MOD - [2012.11.16 15:30:21 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll MOD - [2012.11.16 15:28:05 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll MOD - [2012.11.16 15:27:59 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll MOD - [2012.11.16 15:27:43 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll MOD - [2012.11.16 15:27:18 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\3710da7b61c2c4ed10903487dbde1c35\System.Core.ni.dll MOD - [2012.11.16 15:26:12 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll MOD - [2012.11.16 15:26:00 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll MOD - [2012.11.16 15:24:57 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012.08.23 03:35:38 | 013,873,200 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\ti_managers.dll MOD - [2012.08.23 03:31:22 | 001,590,656 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Acronis\Home\icudt38.dll MOD - [2012.08.23 01:12:16 | 000,019,840 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\ti_managers_proxy_stub.dll MOD - [2012.08.23 00:42:50 | 000,435,584 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Acronis\Home\ulxmlrpcpp.dll MOD - [2012.07.27 21:51:38 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2012.07.24 14:48:28 | 000,012,160 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\icudt38.dll MOD - [2012.06.18 16:24:30 | 000,260,096 | ---- | M] () -- C:\Programme\Notepad++\NppShell_05.dll MOD - [2011.10.14 13:25:02 | 000,111,160 | ---- | M] () -- C:\Programme\HP\StatusAlerts\bin\NativeUtils.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2009.09.21 13:10:41 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.09.21 13:10:37 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2009.09.21 13:10:35 | 000,413,696 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll MOD - [2008.10.07 16:13:44 | 002,772,992 | ---- | M] () -- C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe MOD - [2008.08.13 12:58:48 | 000,047,056 | ---- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll MOD - [2008.08.13 12:57:52 | 002,670,592 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe MOD - [2008.08.13 12:49:18 | 000,073,728 | ---- | M] () -- C:\Programme\Softex\OmniPass\OPXPGina.dll MOD - [2008.08.13 12:49:18 | 000,018,944 | ---- | M] () -- C:\Programme\Softex\OmniPass\OPXPApp.exe MOD - [2008.08.13 12:48:18 | 000,151,552 | ---- | M] () -- C:\Programme\Softex\OmniPass\ginastub.dll MOD - [2008.08.13 12:48:04 | 000,061,440 | ---- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll MOD - [2008.08.13 12:47:46 | 000,438,272 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll MOD - [2008.08.13 12:47:38 | 000,065,536 | ---- | M] () -- C:\Programme\Softex\OmniPass\opfsdll.dll MOD - [2008.08.13 12:47:34 | 001,101,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll MOD - [2008.08.13 12:47:26 | 000,540,672 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll MOD - [2008.08.13 12:47:26 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll MOD - [2008.08.13 12:47:12 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll MOD - [2008.07.29 12:55:14 | 000,969,728 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2008.05.14 14:13:00 | 001,486,848 | ---- | M] () -- C:\WINDOWS\system32\nview.dll MOD - [2008.05.14 14:13:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll MOD - [2007.04.01 08:00:28 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll MOD - [2006.10.30 13:29:28 | 000,036,864 | ---- | M] () -- C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe MOD - [2006.08.12 11:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll MOD - [2005.07.12 15:34:22 | 000,045,056 | ---- | M] () -- C:\Programme\Samsung\MagicKBD\EasyBoxDll.dll MOD - [2004.09.08 12:45:58 | 000,368,128 | ---- | M] () -- C:\Programme\Filzip\fzshext.dll MOD - [2004.03.08 13:26:30 | 000,548,864 | ---- | M] () -- C:\Programme\ESRI\License\arcgis9x\ARCGIS.EXE MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll MOD - [1999.12.01 12:38:28 | 000,467,968 | ---- | M] () -- C:\Programme\ESRI\License\arcgis9x\lmgrd.exe ========== Services (SafeList) ========== SRV - [2012.11.11 14:18:29 | 003,729,400 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2012.11.11 09:45:01 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.30 19:50:32 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.09.24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.08.23 03:50:28 | 000,813,576 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2012.08.18 21:22:02 | 007,027,752 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.24 12:28:56 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.10.17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\HP\HPBDSService\HPBDSService.exe -- (HP DS Service) SRV - [2011.08.04 00:12:46 | 000,164,352 | ---- | M] (HP) [Auto | Running] -- C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.03.07 22:50:03 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.09.01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) SRV - [2010.04.06 00:41:46 | 000,116,224 | ---- | M] (Brio) [Auto | Running] -- C:\Programme\FolderSize\FolderSizeSvc.exe -- (FolderSize) SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) SRV - [2009.04.30 21:43:01 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2008.09.08 12:20:18 | 000,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\system32\StkCSrv.exe -- (StkSSrv) SRV - [2008.08.13 12:54:16 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv) SRV - [2008.05.13 07:44:00 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus) SRV - [2008.05.01 23:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen) SRV - [2008.03.18 04:27:12 | 000,013,312 | R--- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008.03.17 17:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2007.07.23 23:59:12 | 000,140,568 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService) SRV - [2006.10.30 13:29:28 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe -- (SNM WLAN Service) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.03.27 16:45:52 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\RSI\IDL63\bin\bin.x86\idl_dicomexstorscp.exe -- (IDL DicomEx Storage SCP) SRV - [2006.03.14 06:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2005.11.14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [1999.12.01 12:41:52 | 000,592,896 | ---- | M] () [Auto | Stopped] -- C:\Programme\ESRI\License\arcgis9x\lmtools.exe -- (27000@samsung-p560) SRV - [1999.12.01 12:38:28 | 000,467,968 | ---- | M] () [Auto | Running] -- C:\Programme\ESRI\License\arcgis9x\lmgrd.exe -- (samsung-p560) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Boot | Stopped] -- system32\ZoneLabs\srescan.sys -- (srescan) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | Auto | Stopped] -- SYSTEM32\drivers\DS1410D.SYS -- (DS1410D) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\Gunter\LOKALE~1\Temp\aswMBR.sys -- (aswMBR) DRV - [2012.11.11 14:18:33 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp) DRV - [2012.11.11 14:18:22 | 000,806,184 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman) DRV - [2012.11.11 14:18:15 | 000,689,672 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tib_mounter.sys -- (tib_mounter) DRV - [2012.11.11 14:18:08 | 000,139,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vididr.sys -- (vididr) DRV - [2012.11.11 14:18:07 | 000,099,720 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vidsflt.sys -- (vidsflt) DRV - [2012.11.11 14:18:04 | 000,192,904 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman) DRV - [2012.11.11 14:17:56 | 000,093,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fltsrv.sys -- (fltsrv) DRV - [2012.03.16 13:55:26 | 000,102,784 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2012.03.16 13:55:26 | 000,089,856 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV - [2012.03.16 13:55:26 | 000,073,984 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2012.03.16 13:55:26 | 000,066,688 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm) DRV - [2012.03.16 13:55:26 | 000,026,624 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV - [2012.03.16 13:55:26 | 000,011,136 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV - [2010.12.17 06:56:10 | 000,014,424 | ---- | M] (Ghisler Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\totalcmd\CGLPTNT.SYS -- (cglptnt) DRV - [2009.10.26 14:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) DRV - [2008.09.12 19:30:08 | 001,374,736 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\StkCMini.sys -- (StkCMini) DRV - [2008.09.05 20:20:22 | 000,041,376 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2008.05.30 12:44:42 | 000,146,944 | R--- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) DRV - [2008.05.20 09:53:00 | 004,800,000 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2008.04.15 09:16:44 | 000,244,368 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) DRV - [2008.03.21 04:13:00 | 001,203,776 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.03.17 21:14:52 | 000,015,144 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV - [2008.02.15 17:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008.01.15 21:11:46 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2008.01.14 18:01:02 | 000,030,208 | ---- | M] (Samsung Electronics,.LTD) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS -- (DNSeFilter) DRV - [2007.07.23 23:59:14 | 000,038,816 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\psd.sys -- (PersonalSecureDrive) DRV - [2007.07.23 23:59:12 | 000,041,216 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2007.03.31 05:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2007.03.23 02:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2007.03.23 02:50:36 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem) DRV - [2007.03.23 02:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2007.03.23 02:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2007.03.23 02:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2007.02.16 20:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2007.02.16 01:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid) DRV - [2006.03.14 06:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel) DRV - [2000.08.24 00:19:38 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\..\SearchScopes,DefaultScope = {EBDE5A0F-6BBF-459D-9B97-4C256F56BC3C} IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\..\SearchScopes\{EBDE5A0F-6BBF-459D-9B97-4C256F56BC3C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb}:1.5.3 FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1 FF - prefs.js..keyword.URL: "hxxp://go.gmx.net/tb/mff_keyurl_search/?su=" FF - prefs.js..network.proxy.http: "31.7.56.72" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, fritz.box, 192.168.178.254, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Programme\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.9: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.29 20:38:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.29 00:23:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.10.30 19:49:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.09.01 21:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Extensions [2010.09.01 21:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.22 17:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions [2010.04.28 09:07:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.10.03 10:45:31 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.05.12 00:02:37 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2012.09.26 20:53:48 | 000,000,000 | ---D | M] (Ghostery) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\firefox@ghostery.com [2012.11.10 12:31:34 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\https-everywhere@eff.org [2012.09.16 09:20:29 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\ich@maltegoetz.de [2011.05.17 20:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\nostmp [2012.02.08 23:18:14 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\piclens@cooliris.com [2012.11.03 17:31:37 | 002,042,908 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\firebug@software.joehewitt.com.xpi [2012.10.23 15:58:46 | 000,183,174 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\stealthyextension@gmail.com.xpi [2012.11.22 17:37:10 | 000,530,519 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011.08.19 18:08:10 | 000,031,532 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}.xpi [2012.11.22 17:37:11 | 000,804,737 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.02.09 22:12:13 | 000,138,614 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.10.29 20:38:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.04 21:52:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.05.04 14:02:43 | 000,303,416 | ---- | M] (Cisco WebEx LLC) -- C:\Programme\mozilla firefox\plugins\ieatgpc.dll [2012.05.04 14:02:27 | 000,215,864 | ---- | M] (Cisco WebEx LLC) -- C:\Programme\mozilla firefox\plugins\npatgpc.dll [2009.11.18 15:49:42 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.06.27 19:57:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-789336058-854245398-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\TibMounterMonitor.exe (Acronis) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe () O4 - HKLM..\Run: [DMHotKey] C:\Programme\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics) O4 - HKLM..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD) O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\Samsung\MagicKBD\PreMKbd.exe () O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe () O4 - HKLM..\Run: [StatusAlerts] C:\Programme\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\S-1-5-21-789336058-854245398-1801674531-1003..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKU\S-1-5-21-789336058-854245398-1801674531-1003..\Run: [Power2GoExpress] NA File not found O4 - Startup: C:\Dokumente und Einstellungen\Gunter\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Gunter\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Gunter\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-789336058-854245398-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-789336058-854245398-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-789336058-854245398-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.71.128.11 80.71.128.27 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{486B557B-F110-4BF1-88D5-1D07F221CC27}: DhcpNameServer = 80.71.128.11 80.71.128.27 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Programme\Softex\OmniPass\opxpgina.dll) - C:\Programme\Softex\OmniPass\OPXPGina.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Gunter\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Gunter\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.04.06 13:57:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {39D10505-1933-40C6-9EEC-9BB731C6C424} - Outlook Express ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {48C95ABB-F4F0-9803-8F31-0DEFD4B9D821} - Browseranpassungen ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {75BDBAC0-47EE-DC03-CE53-80D61FC3DEFA} - Vektorgrafik-Rendering (VML) ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {CE27FC7B-4FDA-5717-4383-0171F9DF7DAC} - Internet Explorer ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.clmp3enc - C:\Programme\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.22 20:24:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gunter\Desktop\OTL.exe [2012.11.22 17:04:30 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Gunter\Desktop\tdsskiller.exe [2012.11.22 17:02:45 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Gunter\Desktop\aswMBR.exe [2012.11.19 21:48:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gunter\restore [2012.11.19 21:00:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\dm-Fotowelt [2012.11.19 20:44:28 | 000,000,000 | ---D | C] -- C:\Programme\dm [2012.11.14 10:40:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gunter\Lokale Einstellungen\Anwendungsdaten\PCHealth [2012.11.11 14:20:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Acronis [2012.11.11 14:18:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy [2012.11.11 14:17:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2012.11.11 14:17:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Acronis [2012.11.11 14:17:20 | 000,000,000 | ---D | C] -- C:\Programme\Acronis [2012.11.11 14:17:18 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Acronis [2012.11.05 20:23:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gunter\Lokale Einstellungen\Anwendungsdaten\HP [2012.11.05 20:22:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Hewlett-Packard Company [2012.11.05 20:21:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\HpUpdate [2012.11.05 20:21:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HP_LaserJet_Fax_0_6 [2012.11.05 20:20:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HP [2012.11.05 20:20:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HP [2012.11.05 20:20:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hewlett-Packard [2012.11.05 20:20:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gunter\Startmenü\Programme\HP [2012.11.05 20:19:27 | 000,187,960 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\hppscancoins32.dll [2012.11.05 20:16:29 | 000,000,000 | ---D | C] -- C:\Programme\HP [2012.10.30 19:49:29 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2012.10.29 20:37:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gunter\Downloads [2012.10.29 00:22:54 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012.11.22 20:23:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gunter\Desktop\OTL.exe [2012.11.22 20:23:33 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini [2012.11.22 17:25:49 | 000,003,972 | ---- | M] () -- C:\WINDOWS\wincmd.ini [2012.11.22 17:19:07 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Gunter\Desktop\MBR.dat [2012.11.22 17:04:37 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Gunter\Desktop\tdsskiller.exe [2012.11.22 17:02:12 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Gunter\Desktop\aswMBR.exe [2012.11.22 16:59:16 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012.11.22 16:50:39 | 000,186,442 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.11.22 16:49:03 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.11.22 16:49:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.22 12:41:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.22 00:48:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.11.21 20:21:04 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2012.11.21 19:50:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.11.21 14:30:09 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2012.11.21 10:15:04 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2012.11.21 08:32:33 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Gunter\Desktop\kyn4bn1d.exe [2012.11.21 00:35:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.21 00:32:19 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Gunter\Desktop\Defogger.exe [2012.11.20 20:45:04 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2012.11.19 21:00:45 | 000,000,751 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\dm-Fotowelt.lnk [2012.11.19 20:58:46 | 000,025,671 | ---- | M] () -- C:\Dokumente und Einstellungen\Gunter\Desktop\Malena-Zeug PRIVAT BØRNEPASNING.pdf [2012.11.19 20:28:53 | 000,130,048 | ---- | M] () -- C:\Dokumente und Einstellungen\Gunter\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.16 20:29:05 | 000,325,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.11.16 15:36:08 | 000,517,730 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.16 15:36:08 | 000,494,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.16 15:36:08 | 000,101,838 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.11.16 15:36:08 | 000,084,902 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.16 15:26:58 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.11.11 14:17:53 | 000,000,836 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\True Image 2013.lnk [2012.11.08 20:13:12 | 000,002,435 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Lexware buchhalter.lnk [2012.11.05 20:21:33 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LJ200 M276 Scan.lnk [2012.11.05 20:21:23 | 000,000,608 | -HS- | M] () -- C:\WINDOWS\System32\winzvprt5.sys [2012.11.05 20:21:23 | 000,000,222 | ---- | M] () -- C:\WINDOWS\System32\hppfaxprinter5.ini [2012.11.05 20:20:35 | 000,001,008 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LaserJet 200 color MFP M276 - Hilfe- und Lern-Center.lnk [2012.10.29 20:39:15 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.10.25 19:52:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat ========== Files Created - No Company Name ========== [2012.11.22 17:19:07 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\Desktop\MBR.dat [2012.11.21 08:33:01 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\Desktop\kyn4bn1d.exe [2012.11.21 00:33:22 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\Desktop\Defogger.exe [2012.11.19 21:00:45 | 000,000,751 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\dm-Fotowelt.lnk [2012.11.19 20:58:46 | 000,025,671 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\Desktop\Malena-Zeug PRIVAT BØRNEPASNING.pdf [2012.11.11 14:17:53 | 000,000,836 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\True Image 2013.lnk [2012.11.05 23:25:49 | 000,244,992 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.11.05 20:21:55 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At4.job [2012.11.05 20:21:55 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At3.job [2012.11.05 20:21:54 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At2.job [2012.11.05 20:21:54 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At1.job [2012.11.05 20:21:33 | 000,000,927 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LJ200 M276 Scan.lnk [2012.11.05 20:21:23 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys [2012.11.05 20:21:23 | 000,000,222 | ---- | C] () -- C:\WINDOWS\System32\hppfaxprinter5.ini [2012.11.05 20:20:35 | 000,001,008 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LaserJet 200 color MFP M276 - Hilfe- und Lern-Center.lnk [2012.10.29 20:39:15 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2012.10.29 20:39:15 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.04.17 14:58:12 | 000,138,608 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvmc100.dll [2012.04.17 14:58:10 | 000,074,608 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvm100.dll [2012.04.17 14:58:08 | 000,309,616 | ---- | C] () -- C:\WINDOWS\System32\LxDNT100.dll [2012.02.27 09:41:52 | 000,202,240 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll [2012.02.16 19:58:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.03 13:41:41 | 000,002,001 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\.bash_history [2012.02.03 09:30:24 | 000,000,113 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\.grassrc6 [2012.01.16 19:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Import71.INI [2012.01.14 23:55:23 | 000,000,089 | ---- | C] () -- C:\WINDOWS\NetworkAnalystLayerUI.INI [2011.12.03 22:29:49 | 000,000,702 | ---- | C] () -- C:\WINDOWS\KmsTrans.ini [2011.10.07 19:20:47 | 000,000,663 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\EditLiveForJava.ini [2011.10.04 19:34:56 | 000,000,186 | ---- | C] () -- C:\WINDOWS\SHPTrans2006.INI [2011.06.19 19:42:06 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\defogger_reenable [2010.05.05 09:53:41 | 002,510,317 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\GeoMaker.CAB [2010.05.05 09:53:41 | 000,004,253 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\SETUP.LST [2010.05.02 14:31:18 | 000,037,641 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\Untitled Gantt Project.png [2010.05.01 22:43:28 | 000,003,414 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\.ganttproject [2010.03.16 10:49:13 | 000,000,653 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\.openev [2010.03.15 00:31:07 | 000,000,047 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\RegFree.ini [2010.01.08 22:20:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\hostname [2009.09.03 18:23:14 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\.recently-used.xbel [2009.08.18 18:50:13 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND [2009.08.17 21:58:21 | 000,000,404 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\idl_assistantrc [2009.06.19 08:05:42 | 000,000,503 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\.jalbum-recent-projects.properties [2009.06.19 07:55:43 | 000,000,038 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\.jalbum-ftp-accounts.xml [2009.06.19 07:40:19 | 000,000,828 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\.jalbum-defaults.jap [2009.06.14 11:53:59 | 000,130,048 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.09.21 13:07:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2011.04.25 15:47:19 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.11 14:19:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2011.09.06 23:07:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Caphyon [2011.11.12 09:53:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint [2011.09.11 19:19:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2009.04.18 19:49:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESRI [2009.04.06 14:29:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Infineon [2010.03.15 00:32:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IsolatedStorage [2012.11.08 20:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2009.04.06 20:51:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe [2012.07.02 21:31:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL [2009.12.15 23:40:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PDF Writer [2011.10.07 19:20:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PersonalBrain [2012.10.29 20:34:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2012.05.19 12:09:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TheBrain [2012.11.20 20:14:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp [2012.10.13 20:06:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2011.06.28 20:06:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.04.17 20:28:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010.10.29 20:43:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\.gephi07beta [2012.11.11 14:20:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Acronis [2010.08.23 20:47:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\AnvSoft [2010.03.15 00:32:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\BeGraphic [2012.07.11 20:58:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\CheckPoint [2012.07.02 21:51:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\com.esri.ags.AppBuilder [2009.09.21 15:33:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\DataEast [2012.11.22 16:49:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Dropbox [2012.04.15 12:02:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Elluminate [2012.06.27 20:39:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\EndNote [2009.09.03 20:40:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\EPSON [2010.01.21 15:56:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\ESRI [2009.08.18 21:17:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\FileZilla [2009.08.17 20:34:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\fltk.org [2009.08.02 22:53:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Focus Mp3 Recorder [2009.07.16 21:07:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Foxit [2009.09.04 07:46:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\gtk-2.0 [2009.04.06 14:29:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Infineon [2009.06.19 07:40:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\JAlbum [2010.12.18 23:08:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\JOSM [2011.03.16 23:00:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Leadertech [2012.06.25 21:20:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Lexware [2012.08.08 22:00:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Notepad++ [2009.04.06 21:09:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\OpenOffice.org [2009.12.27 10:42:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Opera [2012.08.18 08:29:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Oracle [2009.12.15 23:40:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\PDF Writer [2011.10.07 19:21:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\PersonalBrain [2012.01.15 20:15:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\QuteCom [2012.05.20 21:51:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\TheBrain [2010.09.01 21:24:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Thunderbird [2012.06.21 22:01:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Tracker Software [2012.09.26 11:39:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Vodafone [2012.05.04 14:02:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\webex [2012.09.26 11:38:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Vodafone ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.03.03 00:20:18 | 000,000,000 | ---D | M] -- C:\ArcScripts [2009.12.21 12:07:56 | 000,000,000 | -H-D | M] -- C:\BJPrinter [2011.06.25 19:36:02 | 000,000,000 | RHSD | M] -- C:\cmdcons [2012.06.25 21:15:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2012.11.22 16:50:39 | 000,000,000 | ---D | M] -- C:\flexlm [2009.04.06 14:15:54 | 000,000,000 | ---D | M] -- C:\Intel [2009.06.11 21:37:58 | 000,000,000 | ---D | M] -- C:\Kpcms [2012.03.08 08:49:03 | 000,000,000 | ---D | M] -- C:\Madita & Pim [2010.12.02 22:25:06 | 000,000,000 | ---D | M] -- C:\Meine Webseiten [2009.12.09 21:09:40 | 000,000,000 | R--D | M] -- C:\MSOCache [2010.08.23 20:30:53 | 000,000,000 | ---D | M] -- C:\MyWorks [2011.09.21 20:44:25 | 000,000,000 | ---D | M] -- C:\OSGeo4W [2009.08.26 21:19:57 | 000,000,000 | ---D | M] -- C:\Output Files [2012.11.19 20:44:28 | 000,000,000 | R--D | M] -- C:\Programme [2009.06.14 11:53:58 | 000,000,000 | ---D | M] -- C:\Python24 [2011.06.28 07:30:38 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2012.02.09 23:14:34 | 000,000,000 | ---D | M] -- C:\springdb [2012.11.22 20:31:38 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.04.24 22:17:27 | 000,000,000 | ---D | M] -- C:\TEMP [2011.12.03 22:27:16 | 000,000,000 | ---D | M] -- C:\TMP [2012.11.16 20:31:28 | 000,000,000 | ---D | M] -- C:\WINDOWS [2009.12.26 20:23:38 | 000,000,000 | ---D | M] -- C:\WTablet < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.10.29 20:43:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\.gephi07beta [2012.11.11 14:20:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Acronis [2012.07.02 21:51:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Adobe [2010.08.23 20:47:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\AnvSoft [2011.12.02 10:20:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Apple Computer [2010.03.15 00:32:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\BeGraphic [2012.07.11 20:58:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\CheckPoint [2012.07.02 21:51:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\com.esri.ags.AppBuilder [2010.11.15 09:01:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\CyberLink [2009.09.21 15:33:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\DataEast [2012.11.22 16:49:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Dropbox [2010.01.05 16:26:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\dvdcss [2012.04.15 12:02:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Elluminate [2012.06.27 20:39:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\EndNote [2009.09.03 20:40:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\EPSON [2010.01.21 15:56:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\ESRI [2009.08.18 21:17:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\FileZilla [2012.09.26 11:48:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\FLEXnet [2009.08.17 20:34:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\fltk.org [2009.08.02 22:53:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Focus Mp3 Recorder [2009.07.16 21:07:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Foxit [2009.04.08 21:25:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Google [2009.09.04 07:46:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\gtk-2.0 [2009.12.21 12:09:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Help [2012.11.05 20:22:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Hewlett-Packard Company [2012.11.20 21:55:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\HpUpdate [2009.04.06 14:03:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Identities [2009.04.06 14:29:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Infineon [2009.04.06 14:25:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\InstallShield [2009.06.19 07:40:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\JAlbum [2010.12.18 23:08:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\JOSM [2011.03.16 23:00:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Leadertech [2012.06.25 21:20:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Lexware [2009.04.06 20:03:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Macromedia [2011.05.14 16:31:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Malwarebytes [2012.07.01 19:33:25 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Microsoft [2009.04.06 21:14:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla [2010.08.23 21:00:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\NCH Software [2012.08.08 22:00:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Notepad++ [2009.04.06 21:09:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\OpenOffice.org [2009.12.27 10:42:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Opera [2012.08.18 08:29:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Oracle [2009.12.15 23:40:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\PDF Writer [2011.10.07 19:21:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\PersonalBrain [2012.01.15 20:15:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\QuteCom [2012.11.22 20:25:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Skype [2009.04.06 21:05:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Sun [2012.05.20 21:51:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\TheBrain [2010.09.01 21:24:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Thunderbird [2012.06.21 22:01:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Tracker Software [2011.10.24 23:53:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\U3 [2009.04.18 22:26:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\vlc [2012.09.26 11:39:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Vodafone [2012.05.04 14:02:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\webex [2012.11.22 16:50:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\WTablet < %APPDATA%\*.exe /s > [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2012.05.04 19:41:38 | 000,872,104 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Dropbox\bin\DropboxUpdateHelper.exe [2012.05.24 19:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Dropbox\bin\Uninstall.exe [2012.07.02 21:50:19 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2012.10.11 19:33:53 | 000,885,770 | ---- | M] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Microsoft\AddIns\XLToolbox\uninstall\unins000.exe [2012.07.01 19:33:25 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe [2012.07.01 19:33:25 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe [2012.07.01 19:33:25 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe [2012.07.01 19:33:25 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe [2012.07.02 21:31:35 | 000,287,934 | R--- | M] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Microsoft\Installer\{8FC67FB0-5F99-4DBC-9B32-E0C027862220}\InstallerIcon.exe [2010.09.01 14:52:56 | 000,032,032 | ---- | M] (NOS Microsystems Ltd.) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\nostmp\content\getPlusPlus_Adobe_reg.exe [2012.02.06 13:07:28 | 000,425,984 | ---- | M] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe [2012.02.06 13:07:28 | 000,545,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe [2007.10.18 17:53:00 | 000,276,847 | ---- | M] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Thunderbird\Profiles\0av7s8h4.default\extensions\{1f38ac4f-07a2-4d70-92e8-3b9cb468cda5}\platform\WINNT_x86-msvc\content\bin\readpst+.exe [2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\U3\temp\cleanup.exe < %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles > < %SYSTEMROOT%\System32\config\*.sav > [2009.04.06 15:44:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2009.04.06 15:44:56 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009.04.06 15:44:56 | 000,458,752 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %SYSTEMROOT%\*. /mp /s > < %SYSTEMROOT%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C321E34 < End of report > |
|
22.11.2012, 20:58
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java/CVE-2012-0507.CG und Windows PerformanzCode:
ATTFilter Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.71.128.11 80.71.128.27
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{486B557B-F110-4BF1-88D5-1D07F221CC27}: DhcpNameServer = 80.71.128.11 80.71.128.27
__________________ --> Java/CVE-2012-0507.CG und Windows Performanz |
|
22.11.2012, 21:08
| #7 |
| | Java/CVE-2012-0507.CG und Windows Performanz Nein, wieso? Wegen der IP? Ich bin hier in ein Netzwerk meiner Wohnanlage eingebunden. Das wird von https://parknet.dk/ betrieben. Wohne in Kopenhagen. Oder wegen der XP Professional? Auch nicht, die war bei meinem Rechner dabei. |
|
22.11.2012, 21:30
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java/CVE-2012-0507.CG und Windows Performanz Ein XP Professional war dabei? Ist recht ungewöhnlich Homeuser brauchen die Features einer Professionalversion äußerst selten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.11.2012, 22:00
| #9 |
| | Java/CVE-2012-0507.CG und Windows Performanz Hi Cosinus, Ich wollte keine Spielekiste sondern einen ordentlichen Rechner. Und den gab's online vom Systemhaus. Vorinstalliert war damals Vista und eine XP Version (Recovery??) gab's auf CD dazu. Die habe ich installiert. Aber das ist schon sicher 4-5 Jahre her. Wirklich alles ganz legal, und kein Crack oder Kopie vom Sys Admin. |
|
22.11.2012, 22:07
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java/CVE-2012-0507.CG und Windows Performanz Naja, die XP-Pro-Editions sind eher für Domänenrechner gedacht...also Bürokisten von Firmen die eine Windows-Server-Domäne haben...Domänenbeitritt eines Clients nur mit dieser Edititon möglich, wirklich für Heimanwender interessante Funktionen mehr als die Home-Edititon hat die Pro nicht...aber egal lassen wir das, ich frag meistens nach wenn mir eine Pro-Edition auffällt  Fixen mit OTL
Code:
ATTFilter :OTL
@Alternate Data Stream - 95 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C321E34
:Files
C:\WINDOWS\tasks\At*.job
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.11.2012, 22:27
| #11 |
| | Java/CVE-2012-0507.CG und Windows Performanz Hier kommt das OTL Log: Code:
ATTFilter All processes killed
========== OTL ==========
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C321E34 deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\***\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes
User: ***
->Temp folder emptied: 1387235027 bytes
->Temporary Internet Files folder emptied: 839696552 bytes
->Java cache emptied: 21370372 bytes
->FireFox cache emptied: 61619111 bytes
->Flash cache emptied: 62658 bytes
User: LocalService
->Temp folder emptied: 2206792 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 4416262 bytes
->Temporary Internet Files folder emptied: 962988 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 183943515 bytes
RecycleBin emptied: 9435300 bytes
Total Files Cleaned = 2.395,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 11222012_221512
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
23.11.2012, 10:59
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java/CVE-2012-0507.CG und Windows Performanz adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.11.2012, 19:18
| #13 |
| | Java/CVE-2012-0507.CG und Windows Performanz Hallo Cosinus, hier kommt das ADWCleaner Log: Code:
ATTFilter # AdwCleaner v2.008 - Datei am 23/11/2012 um 19:15:16 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : *** - SAMSUNG-P560
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\***\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Dokumente und Einstellungen\***\Software
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\ConduitSearchScopes
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2611275
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [989 octets] - [23/11/2012 19:15:16]
########## EOF - C:\AdwCleaner[R1].txt - [1048 octets] ##########
|
|
23.11.2012, 20:59
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java/CVE-2012-0507.CG und Windows Performanz adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.11.2012, 22:18
| #15 |
| | Java/CVE-2012-0507.CG und Windows Performanz Hier sind adwcleaner: Code:
ATTFilter # AdwCleaner v2.008 - Datei am 23/11/2012 um 22:00:57 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : *** - SAMSUNG-P560
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Dokumente und Einstellungen\***\Software
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2611275
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [1108 octets] - [23/11/2012 19:15:16]
AdwCleaner[S2].txt - [1051 octets] - [23/11/2012 22:00:57]
########## EOF - C:\AdwCleaner[S2].txt - [1111 octets] ##########
OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.11.2012 22:07:00 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 78,15% Memory free 4,84 Gb Paging File | 4,30 Gb Available in Paging File | 88,81% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 80,00 Gb Total Space | 30,97 Gb Free Space | 38,72% Space Free | Partition Type: NTFS Drive D: | 142,88 Gb Total Space | 14,87 Gb Free Space | 10,41% Space Free | Partition Type: NTFS Computer Name: SAMSUNG-P560 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe (Acronis) PRC - C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\TibMounterMonitor.exe (Acronis) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\HP\HPBDSService\HPBDSService.exe (Hewlett-Packard Company) PRC - C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe (HP) PRC - C:\Programme\FolderSize\FolderSizeSvc.exe (Brio) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe () PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) PRC - C:\WINDOWS\system32\StkCSrv.exe (Syntek America Inc.) PRC - C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.) PRC - C:\Programme\Softex\OmniPass\OPXPApp.exe () PRC - C:\Programme\Samsung\MagicKBD\PerformanceManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\MagicKBD\MagicKBD.exe (SAMSUNG Electronics Co., Ltd.) PRC - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe () PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.) PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD) PRC - C:\Programme\Infineon\Security Platform Software\SpTNA.exe (Infineon Technologies AG) PRC - C:\Programme\Infineon\Security Platform Software\PSDrt.exe (Infineon Technologies AG) PRC - C:\WINDOWS\system32\IfxPsdSv.exe (Infineon Technologies AG) PRC - C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe () PRC - C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) PRC - C:\Programme\ESRI\License\arcgis9x\ARCGIS.EXE () PRC - C:\Programme\ESRI\License\arcgis9x\lmgrd.exe () ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\b75ca75b9c2eb103f98a457ec9256ce7\System.Xml.Linq.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\b809681da85a58046cb39f268b6697ad\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\3710da7b61c2c4ed10903487dbde1c35\System.Core.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll () MOD - C:\Programme\Acronis\TrueImageHome\ti_managers.dll () MOD - C:\Programme\Gemeinsame Dateien\Acronis\Home\icudt38.dll () MOD - C:\Programme\Acronis\TrueImageHome\ti_managers_proxy_stub.dll () MOD - C:\Programme\Gemeinsame Dateien\Acronis\Home\ulxmlrpcpp.dll () MOD - C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\icudt38.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll () MOD - C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe () MOD - C:\Programme\Softex\OmniPass\hdddrv.dll () MOD - C:\Programme\Softex\OmniPass\OPXPGina.dll () MOD - C:\Programme\Softex\OmniPass\OPXPApp.exe () MOD - C:\Programme\Softex\OmniPass\ginastub.dll () MOD - C:\Programme\Softex\OmniPass\userdata.dll () MOD - C:\Programme\Softex\OmniPass\autheng.dll () MOD - C:\Programme\Softex\OmniPass\storeng.dll () MOD - C:\Programme\Softex\OmniPass\cryptodll.dll () MOD - C:\Programme\Softex\OmniPass\SSPLogon.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\WINDOWS\system32\nview.dll () MOD - C:\WINDOWS\system32\nvshell.dll () MOD - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe () MOD - C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe () MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll () MOD - C:\Programme\Samsung\MagicKBD\EasyBoxDll.dll () MOD - C:\Programme\ESRI\License\arcgis9x\ARCGIS.EXE () MOD - C:\WINDOWS\system32\pdfcmnnt.dll () MOD - C:\Programme\ESRI\License\arcgis9x\lmgrd.exe () ========== Services (SafeList) ========== SRV - (afcdpsrv) -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Skype C2C Service) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (syncagentsrv) -- C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe (Acronis) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (HP DS Service) -- C:\Programme\HP\HPBDSService\HPBDSService.exe (Hewlett-Packard Company) SRV - (HP LaserJet Service) -- C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe (HP) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (nosGetPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (FolderSize) -- C:\Programme\FolderSize\FolderSizeSvc.exe (Brio) SRV - (getPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (StkSSrv) -- C:\WINDOWS\system32\StkCSrv.exe (Syntek America Inc.) SRV - (omniserv) -- C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.) SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe () SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (PersonalSecureDriveService) -- C:\WINDOWS\system32\IfxPsdSv.exe (Infineon Technologies AG) SRV - (SNM WLAN Service) -- C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe () SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (IDL DicomEx Storage SCP) -- C:\Programme\RSI\IDL63\bin\bin.x86\idl_dicomexstorscp.exe () SRV - (SentinelProtectionServer) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (27000@samsung-p560) -- C:\Programme\ESRI\License\arcgis9x\lmtools.exe () SRV - (samsung-p560) -- C:\Programme\ESRI\License\arcgis9x\lmgrd.exe () ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (srescan) -- system32\ZoneLabs\srescan.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (DS1410D) -- SYSTEM32\drivers\DS1410D.SYS File not found DRV - (Changer) -- File not found DRV - (afcdp) -- C:\WINDOWS\system32\drivers\afcdp.sys (Acronis) DRV - (tdrpman) -- C:\WINDOWS\system32\drivers\tdrpman.sys (Acronis) DRV - (tib_mounter) -- C:\WINDOWS\system32\drivers\tib_mounter.sys (Acronis) DRV - (vididr) -- C:\WINDOWS\system32\drivers\vididr.sys (Acronis) DRV - (vidsflt) -- C:\WINDOWS\system32\drivers\vidsflt.sys (Acronis) DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis) DRV - (fltsrv) -- C:\WINDOWS\system32\drivers\fltsrv.sys (Acronis) DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_cdcacm) -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_cdcecm) -- C:\WINDOWS\system32\drivers\ew_jucdcecm.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_ext_ctrl) -- C:\WINDOWS\system32\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.) DRV - (ew_usbenumfilter) -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.) DRV - (cglptnt) -- C:\Programme\totalcmd\CGLPTNT.SYS (Ghisler Software GmbH) DRV - (NETw5x32) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (StkCMini) -- C:\WINDOWS\system32\drivers\StkCMini.sys (Syntek) DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation) DRV - (ATSWPDRV) -- C:\WINDOWS\system32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (e1yexpress) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology) DRV - (DNSeFilter) -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS (Samsung Electronics,.LTD) DRV - (PersonalSecureDrive) -- C:\WINDOWS\system32\drivers\psd.sys (Infineon Technologies AG) DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology) DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology) DRV - (Sentinel) -- C:\WINDOWS\system32\drivers\sentinel.sys (SafeNet, Inc.) DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\..\SearchScopes\{EBDE5A0F-6BBF-459D-9B97-4C256F56BC3C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb}:1.5.3 FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1 FF - prefs.js..keyword.URL: "hxxp://go.gmx.net/tb/mff_keyurl_search/?su=" FF - prefs.js..network.proxy.http: "31.7.56.72" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, fritz.box, 192.168.178.254, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Programme\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.9: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.29 20:38:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.29 00:23:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.10.30 19:49:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.09.01 21:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2010.09.01 21:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.23 20:25:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions [2010.04.28 09:07:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.10.03 10:45:31 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.05.12 00:02:37 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2012.09.26 20:53:48 | 000,000,000 | ---D | M] (Ghostery) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\firefox@ghostery.com [2012.11.10 12:31:34 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\https-everywhere@eff.org [2012.09.16 09:20:29 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\ich@maltegoetz.de [2011.05.17 20:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\nostmp [2012.02.08 23:18:14 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\piclens@cooliris.com [2012.11.03 17:31:37 | 002,042,908 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\firebug@software.joehewitt.com.xpi [2012.10.23 15:58:46 | 000,183,174 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\stealthyextension@gmail.com.xpi [2012.11.22 17:37:10 | 000,530,519 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011.08.19 18:08:10 | 000,031,532 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}.xpi [2012.11.23 20:25:43 | 000,804,627 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.02.09 22:12:13 | 000,138,614 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.10.29 20:38:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.04 21:52:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.05.04 14:02:43 | 000,303,416 | ---- | M] (Cisco WebEx LLC) -- C:\Programme\mozilla firefox\plugins\ieatgpc.dll [2012.05.04 14:02:27 | 000,215,864 | ---- | M] (Cisco WebEx LLC) -- C:\Programme\mozilla firefox\plugins\npatgpc.dll [2009.11.18 15:49:42 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.22 22:17:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-789336058-854245398-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\TibMounterMonitor.exe (Acronis) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe () O4 - HKLM..\Run: [DMHotKey] C:\Programme\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics) O4 - HKLM..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD) O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\Samsung\MagicKBD\PreMKbd.exe () O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe () O4 - HKLM..\Run: [StatusAlerts] C:\Programme\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\S-1-5-21-789336058-854245398-1801674531-1003..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKU\S-1-5-21-789336058-854245398-1801674531-1003..\Run: [Power2GoExpress] NA File not found O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-789336058-854245398-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-789336058-854245398-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-789336058-854245398-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.71.128.11 80.71.128.27 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{486B557B-F110-4BF1-88D5-1D07F221CC27}: DhcpNameServer = 80.71.128.11 80.71.128.27 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Programme\Softex\OmniPass\opxpgina.dll) - C:\Programme\Softex\OmniPass\OPXPGina.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.04.06 13:57:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.22 22:15:12 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.22 20:24:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2012.11.22 17:04:30 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\***\Desktop\tdsskiller.exe [2012.11.22 17:02:45 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\***\Desktop\aswMBR.exe [2012.11.19 21:48:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\restore [2012.11.19 21:00:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\dm-Fotowelt [2012.11.19 20:44:28 | 000,000,000 | ---D | C] -- C:\Programme\dm [2012.11.14 10:40:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PCHealth [2012.11.13 08:56:08 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys [2012.11.11 14:20:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Acronis [2012.11.11 14:18:31 | 000,234,752 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\afcdp.sys [2012.11.11 14:18:21 | 000,806,184 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpman.sys [2012.11.11 14:18:15 | 000,689,672 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\tib_mounter.sys [2012.11.11 14:18:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy [2012.11.11 14:18:08 | 000,139,336 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\vididr.sys [2012.11.11 14:18:07 | 000,099,720 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\vidsflt.sys [2012.11.11 14:18:04 | 000,192,904 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys [2012.11.11 14:17:56 | 000,093,928 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\fltsrv.sys [2012.11.11 14:17:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2012.11.11 14:17:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Acronis [2012.11.11 14:17:20 | 000,000,000 | ---D | C] -- C:\Programme\Acronis [2012.11.11 14:17:18 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Acronis [2012.11.05 20:23:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\HP [2012.11.05 20:22:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Hewlett-Packard Company [2012.11.05 20:21:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\HpUpdate [2012.11.05 20:21:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HP_LaserJet_Fax_0_6 [2012.11.05 20:21:23 | 000,019,624 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hppfaxprintermon5.dll [2012.11.05 20:21:23 | 000,015,144 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hppfaxprintermonui5.dll [2012.11.05 20:20:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HP [2012.11.05 20:20:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HP [2012.11.05 20:20:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hewlett-Packard [2012.11.05 20:20:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\HP [2012.11.05 20:19:45 | 000,291,840 | ---- | C] (Hewlett-Packard Corporation) -- C:\WINDOWS\System32\hpcpn117.dll [2012.11.05 20:19:42 | 000,238,080 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpbcoins32.dll [2012.11.05 20:19:27 | 000,873,888 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpptsplj276.dll [2012.11.05 20:19:27 | 000,491,064 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpwia1_lj276.dll [2012.11.05 20:19:27 | 000,187,960 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\hppscancoins32.dll [2012.11.05 20:16:29 | 000,000,000 | ---D | C] -- C:\Programme\HP [2012.10.30 19:49:29 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2012.10.29 20:37:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Downloads [2012.10.29 00:22:54 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012.11.23 22:04:06 | 000,186,442 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.11.23 22:02:49 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.11.23 22:02:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.23 21:48:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.11.23 21:41:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.23 19:14:05 | 000,543,531 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\adwcleaner.exe [2012.11.23 18:25:48 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012.11.22 23:02:40 | 000,004,031 | ---- | M] () -- C:\WINDOWS\wincmd.ini [2012.11.22 22:17:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2012.11.22 22:15:18 | 000,517,730 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.22 22:15:18 | 000,494,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.22 22:15:18 | 000,101,838 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.11.22 22:15:18 | 000,084,902 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.22 20:23:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2012.11.22 20:23:33 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini [2012.11.22 17:19:07 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\MBR.dat [2012.11.22 17:04:37 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\***\Desktop\tdsskiller.exe [2012.11.22 17:02:12 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\***\Desktop\aswMBR.exe [2012.11.21 19:50:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.11.21 08:32:33 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\kyn4bn1d.exe [2012.11.21 00:35:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.21 00:32:19 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe [2012.11.19 21:00:45 | 000,000,751 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\dm-Fotowelt.lnk [2012.11.19 20:58:46 | 000,025,671 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Malena-Zeug PRIVAT BØRNEPASNING.pdf [2012.11.19 20:28:53 | 000,130,048 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.16 20:29:05 | 000,325,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.11.16 15:26:58 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.11.11 14:18:33 | 000,234,752 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\afcdp.sys [2012.11.11 14:18:22 | 000,806,184 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpman.sys [2012.11.11 14:18:15 | 000,689,672 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tib_mounter.sys [2012.11.11 14:18:08 | 000,139,336 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\vididr.sys [2012.11.11 14:18:07 | 000,099,720 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\vidsflt.sys [2012.11.11 14:18:04 | 000,192,904 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys [2012.11.11 14:17:56 | 000,093,928 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\fltsrv.sys [2012.11.11 14:17:53 | 000,000,836 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\True Image 2013.lnk [2012.11.11 09:45:01 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.11.11 09:45:00 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.11.08 20:13:12 | 000,002,435 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Lexware buchhalter.lnk [2012.11.05 20:21:33 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LJ200 M276 Scan.lnk [2012.11.05 20:21:23 | 000,000,608 | -HS- | M] () -- C:\WINDOWS\System32\winzvprt5.sys [2012.11.05 20:21:23 | 000,000,222 | ---- | M] () -- C:\WINDOWS\System32\hppfaxprinter5.ini [2012.11.05 20:20:35 | 000,001,008 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LaserJet 200 color MFP M276 - Hilfe- und Lern-Center.lnk [2012.10.29 20:39:15 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.10.25 19:52:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat ========== Files Created - No Company Name ========== [2012.11.23 19:14:07 | 000,543,531 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\adwcleaner.exe [2012.11.22 17:19:07 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\MBR.dat [2012.11.21 08:33:01 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\kyn4bn1d.exe [2012.11.21 00:33:22 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe [2012.11.19 21:00:45 | 000,000,751 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\dm-Fotowelt.lnk [2012.11.19 20:58:46 | 000,025,671 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Malena-Zeug PRIVAT BØRNEPASNING.pdf [2012.11.11 14:17:53 | 000,000,836 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\True Image 2013.lnk [2012.11.05 23:25:49 | 000,244,992 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.11.05 20:21:33 | 000,000,927 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LJ200 M276 Scan.lnk [2012.11.05 20:21:23 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys [2012.11.05 20:21:23 | 000,000,222 | ---- | C] () -- C:\WINDOWS\System32\hppfaxprinter5.ini [2012.11.05 20:20:35 | 000,001,008 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LaserJet 200 color MFP M276 - Hilfe- und Lern-Center.lnk [2012.10.29 20:39:15 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2012.10.29 20:39:15 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.04.17 14:58:12 | 000,138,608 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvmc100.dll [2012.04.17 14:58:10 | 000,074,608 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvm100.dll [2012.04.17 14:58:08 | 000,309,616 | ---- | C] () -- C:\WINDOWS\System32\LxDNT100.dll [2012.02.27 09:41:52 | 000,202,240 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll [2012.02.16 19:58:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.03 13:41:41 | 000,002,001 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.bash_history [2012.02.03 09:30:24 | 000,000,113 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.grassrc6 [2012.01.16 19:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Import71.INI [2012.01.14 23:55:23 | 000,000,089 | ---- | C] () -- C:\WINDOWS\NetworkAnalystLayerUI.INI [2011.12.03 22:29:49 | 000,000,702 | ---- | C] () -- C:\WINDOWS\KmsTrans.ini [2011.10.07 19:20:47 | 000,000,663 | ---- | C] () -- C:\Dokumente und Einstellungen\***\EditLiveForJava.ini [2011.10.04 19:34:56 | 000,000,186 | ---- | C] () -- C:\WINDOWS\SHPTrans2006.INI [2011.06.19 19:42:06 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2010.05.05 09:53:41 | 002,510,317 | ---- | C] () -- C:\Dokumente und Einstellungen\***\GeoMaker.CAB [2010.05.05 09:53:41 | 000,004,253 | ---- | C] () -- C:\Dokumente und Einstellungen\***\SETUP.LST [2010.05.02 14:31:18 | 000,037,641 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Untitled Gantt Project.png [2010.05.01 22:43:28 | 000,003,414 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.ganttproject [2010.03.16 10:49:13 | 000,000,653 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.openev [2010.03.15 00:31:07 | 000,000,047 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\RegFree.ini [2010.01.08 22:20:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\hostname [2009.09.03 18:23:14 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel [2009.08.18 18:50:13 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND [2009.08.17 21:58:21 | 000,000,404 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\idl_assistantrc [2009.06.19 08:05:42 | 000,000,503 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.jalbum-recent-projects.properties [2009.06.19 07:55:43 | 000,000,038 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.jalbum-ftp-accounts.xml [2009.06.19 07:40:19 | 000,000,828 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.jalbum-defaults.jap [2009.06.14 11:53:59 | 000,130,048 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.09.21 13:07:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2011.04.25 15:47:19 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > und Extra.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.11.2012 22:07:00 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 78,15% Memory free
4,84 Gb Paging File | 4,30 Gb Available in Paging File | 88,81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 80,00 Gb Total Space | 30,97 Gb Free Space | 38,72% Space Free | Partition Type: NTFS
Drive D: | 142,88 Gb Total Space | 14,87 Gb Free Space | 10,41% Space Free | Partition Type: NTFS
Computer Name: SAMSUNG-P560 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-789336058-854245398-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Programme\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [dm Fotowelt] -- "C:\Programme\Fotowelt\dm Fotowelt.exe" "%1"
Directory [dm-Fotowelt] -- "C:\Programme\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\CyberLink\PowerDVD\PowerDVD.exe" = C:\Programme\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\CyberLink\PowerDVD\PowerDVD.exe" = C:\Programme\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Programme\CyberLink\PowerDirector\PDR.exe" = C:\Programme\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector -- (CyberLink Corp.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\Google\Google Talk\googletalk.exe" = C:\Programme\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\FaxApplications.exe" = C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\FaxApplications.exe:LocalSubNet:Enabled:HP LaserJet 200 color MFP M276 FaxApplications -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\DigitalWizards.exe" = C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\DigitalWizards.exe:LocalSubNet:Enabled:HP LaserJet 200 color MFP M276 DigitalWizards -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\HPNetworkCommunicator.exe" = C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Netzwerkkommunikator (HP LaserJet 200 color MFP M276) -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\EWSProxy.exe" = C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\EWSProxy.exe:LocalSubNet:Enabled:HP LaserJet 200 color MFP M276 EWSProxy -- (Hewlett-Packard Co.)
"E:\Installer\hpbcsiInstaller.exe" = E:\Installer\hpbcsiInstaller.exe:*:Enabled:HP Networked Printer Installer
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{0197D136-598D-4968-BEEA-91C1B764F05D}" = Lexware buchhalter 2012
"{028BF8B5-9143-4A68-84F3-A1A6D2E17889}" = hppLaserJetService
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0535BC5C-33E8-44DB-AEFB-0EDE4EF88052}" = GeoRoverXT
"{08DE5881-1312-46B3-86C0-4001DAB786F0}" = PDF-XChange Viewer
"{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D26E238-B81A-4541-8CAC-5CA3D69C12A5}" = Jalbum
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}" = HPLaserJet200color-MFPM276_HelpLearnCenter_SI
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{138C06D2-CF8E-250A-48D1-7421E7F1A525}" = ArcGIS Viewer for Flex
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{14E82399-E221-43EE-B819-055A00E499C3}" = Infineon TPM Professional Package
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1AA8913B-0A5E-4B70-8A1C-878283EF0F66}" = RSI ENVI 4.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F34839E-4826-4B64-B1B3-42E5AE8DEC5A}" = ArcGIS Desktop
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31A5ED9F-E07B-4F6E-8179-27325BAAC502}" = AuthenTec Fingerprint Sensor Minimum Install
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine for Microtek
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3B701A5D-1F4B-4178-8F86-6EB0D6BB3286}" = Inst565a
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C45ED46-5475-4E88-9EA5-38B962A4B8CF}" = ColorTool 2.0
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{48FB7C81-0EF5-4857-8849-DD526BAC7A36}" = Java Advanced Imaging 1.1.3 for JRE
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B02D3CE-A011-4475-93A5-774E0DA4E27E}" = hpbM276DSService
"{4D667C80-C106-4A7F-984E-42CD19F18CC1}" = Time Slider
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{51722911-C391-4118-97BF-B50100D2AB15}_is1" = Gephi 0.7
"{54525107-4C4E-44AC-AC65-806084151057}" = hppSendFaxM276
"{568C5D3E-5B79-47EC-A34B-8D7C8AEF1F8F}" = HPLJUTCore
"{59F3D2AC-5F1F-4A93-8F23-6FD4F029D9A9}" = True Image 2013
"{59F3D2AC-5F1F-4A93-8F23-6FD4F029D9A9}Visible" = True Image 2013
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.06
"{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}" = hpbDSService
"{6553F4A8-B67F-49BA-A882-FF499C83CF4B}" = 32 Bit HP CIO Components Installer
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6A136292-02AB-428E-8E9A-2628A52FA98E}" = HP LaserJet 200 color MFP M276 Fax
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C0BB722-74DF-4D06-95AA-1D9D4C2E906B}" = KML Geocode
"{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{7C960641-0A27-45C6-96F8-BE4E04A4CC2C}" = hpStatusAlerts
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.22
"{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1
"{88B2E402-DE40-4422-9CCB-D285F8602C93}" = HP Product FWUpdater
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FC67FB0-5F99-4DBC-9B32-E0C027862220}" = MySQL Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9615709B-777E-4EF7-ADF6-45131FA64C1E}" = Easy ALS Manager
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA7C8031-C18D-42A9-8426-0DD1CBCC9E3A}" = hppM276LaserJetService
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B361ED10-259E-4B76-B35E-E47BB6DDDD74}" = hppFaxDrvM276
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7A20537-1A1F-47D4-8526-DC9BABB315FD}" = Lexware Elster
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C97E3F48-DE95-4E00-80AF-32D75C69302D}" = HPLJUTM276
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}" = HP LaserJet 200 color MFP M276
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0AA26A2-08B8-4858-BB69-E50A542DC6ED}" = HP LaserJet 200 color MFP M276 HP Device Toolbox
"{D58D3C8E-2B39-455C-AE79-878AEA3D38FC}" = HP Unified IO
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4289A7B-F94B-4CB5-A09A-96D3634E9669}" = Tableau Public 6.0
"{E6770DAF-AA6B-4875-9B99-16B8FAC70547}" = hpStatusAlertsM276
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA540E75-A545-4C9D-B42E-9C8FC09630C4}" = HP LJ200 M276 HP Scan
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF719B9F-2D42-4790-87E8-005B4088E951}" = KMLReport
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F156F43B-0335-49CE-AA04-8B3FD74BEDD5}" = ArcScripts Cartograms
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.01.25.A
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"1190-3857-8766-9166" = TheBrain 7
"7-Zip" = 7-Zip 4.65
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ArcGIS License Manager" = ArcGIS License Manager
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Banco de Dados Spring DF" = Banco de Dados Spring DF
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1007
"CDex" = CDex - Open Source Digital Audio CD Extractor
"com.esri.ags.AppBuilder" = ArcGIS Viewer for Flex
"dm-Fotowelt" = dm-Fotowelt
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON SX110 Series" = Druckerdeinstallation für EPSON SX110 Series
"ESET Online Scanner" = ESET Online Scanner v3
"ET GeoWizards 9.9" = ET GeoWizards 9.9
"FileZilla Client" = FileZilla Client 3.2.4.1
"Filzip 3.0.6.93_is1" = Filzip 3.06
"FWTools247" = FWTools 2.4.7
"GanttProject" = GanttProject
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"iDump" = iDump (Build: 28)
"ie8" = Windows Internet Explorer 8
"InstallShield_{1AA8913B-0A5E-4B70-8A1C-878283EF0F66}" = RSI ENVI 4.3
"InstallShield_{48FB7C81-0EF5-4857-8849-DD526BAC7A36}" = Java Advanced Imaging 1.1.3 for JRE
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"IrfanView" = IrfanView (remove only)
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Mendeley Desktop" = Mendeley Desktop 1.3.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Monteverdi" = Monteverdi-1.8
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"No23 Recorder" = No23 Recorder
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OTB-Applications" = OrfeoToolbox-Applications-3.10
"Pen Tablet Driver" = Stifttablett
"Prism" = Prism Videodatei-Konverter
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"Python 2.4.1" = Python 2.4.1
"Quantum GIS Wroclaw" = Quantum GIS Wroclaw 1.7.3 Wroclaw
"SpywareBlaster_is1" = SpywareBlaster 4.4
"ST6UNST #1" = GEGraph
"ST6UNST #2" = LIDAR Data Handler (8.1)
"Strassenverzeichnisse_is1" = R2009_V1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 0.9.9
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9C
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-789336058-854245398-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{BDE4805C-4A64-4C6D-8547-5B7DB885C65F}_is1" = Daniel's XL Toolbox 5.04
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.11.2012 17:00:24 | Computer Name = SAMSUNG-P560 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ctfmon.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x10078fa0.
Error - 23.11.2012 17:00:24 | Computer Name = SAMSUNG-P560 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung magickbd.exe, Version 7.0.2.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00ac8fa0.
Error - 23.11.2012 17:00:25 | Computer Name = SAMSUNG-P560 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung schedhlp.exe, Version 1.0.0.473, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x10078fa0.
Error - 23.11.2012 17:00:28 | Computer Name = SAMSUNG-P560 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung performancemanager.exe, Version 1.0.2.1,
fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00cc8a90.
Error - 23.11.2012 17:00:28 | Computer Name = SAMSUNG-P560 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wscntfy.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x10078a90.
Error - 23.11.2012 17:00:29 | Computer Name = SAMSUNG-P560 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung batterymanager.exe, Version 2.1.4.2, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00ed80d0.
Error - 23.11.2012 17:00:29 | Computer Name = SAMSUNG-P560 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung tibmountermonitor.exe, Version 4.2.0.1061,
fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x010b8a90.
Error - 23.11.2012 17:00:29 | Computer Name = SAMSUNG-P560 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung dmhkcore.exe, Version 2.2.10.1, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c38a90.
Error - 23.11.2012 17:00:30 | Computer Name = SAMSUNG-P560 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung sptna.exe, Version 3.0.1413.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c180d0.
Error - 23.11.2012 17:04:02 | Computer Name = SAMSUNG-P560 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
[ OSession Events ]
Error - 19.04.2010 09:38:43 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18225
seconds with 4020 seconds of active time. This session ended with a crash.
Error - 05.05.2010 16:14:12 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.
Error - 05.05.2010 16:14:30 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.
Error - 26.05.2011 16:08:23 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 26.05.2011 16:11:57 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.08.2011 12:13:10 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.08.2011 14:09:30 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.08.2011 14:09:45 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
Error - 17.11.2012 10:44:29 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 10959
seconds with 2580 seconds of active time. This session ended with a crash.
Error - 17.11.2012 10:44:48 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4020
seconds with 600 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 23.11.2012 13:17:26 | Computer Name = SAMSUNG-P560 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DS1410D" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 23.11.2012 13:17:26 | Computer Name = SAMSUNG-P560 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst 27000@samsung-p560.
Error - 23.11.2012 13:17:26 | Computer Name = SAMSUNG-P560 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "27000@samsung-p560" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 23.11.2012 14:09:34 | Computer Name = SAMSUNG-P560 | Source = NetDDE | ID = 206
Description = "Listen" fehlgeschlagen: 23: NCB_LANA_NUM hat keine gültige Netzwerknummer
angegeben.
Error - 23.11.2012 14:09:44 | Computer Name = SAMSUNG-P560 | Source = NetDDE | ID = 206
Description = "Listen" fehlgeschlagen: 15:
Error - 23.11.2012 14:35:50 | Computer Name = SAMSUNG-P560 | Source = NetDDE | ID = 206
Description = "Listen" fehlgeschlagen: 23: NCB_LANA_NUM hat keine gültige Netzwerknummer
angegeben.
Error - 23.11.2012 14:36:04 | Computer Name = SAMSUNG-P560 | Source = NetDDE | ID = 206
Description = "Listen" fehlgeschlagen: 15:
Error - 23.11.2012 17:04:17 | Computer Name = SAMSUNG-P560 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DS1410D" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 23.11.2012 17:04:17 | Computer Name = SAMSUNG-P560 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst 27000@samsung-p560.
Error - 23.11.2012 17:04:17 | Computer Name = SAMSUNG-P560 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "27000@samsung-p560" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
< End of report >
|
|
| Themen zu Java/CVE-2012-0507.CG und Windows Performanz |
| 32 bit, 7-zip, application/pdf:, bho, bonjour, busse, entfernen, error, excel, festplatte, firefox, flash player, focus, fontcache, format, helper, hewlett packard, logfile, mozilla, mp3, nodrives, office 2007, plug-in, proxy, realtek, registry, rundll, scan, security, senden, server, sketchup, software, total commander, tracker, virus, visual studio, von heute auf morgen, windows, windows internet, windows xp |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
