| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.JS.Redirector bei Aufruf von FirefoxWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.01.2013, 19:22
| #1 |
| |  Trojan.JS.Redirector bei Aufruf von Firefox Wenn ich in meinem Profil den Firefox starte, dann meldet sich Kaspersky regelmäßig, das er den Zugriff auf "hxxp://www.proxyempire.com/index.php" verweigert, da dort der Trojaner "Trojan.JS.Redirector.xa" sich befindet. Diese Meldung kommt aber nur, wenn ich auf Facbook gehe. Weiterhin kommt diese Meldung jedoch nicht, wenn ich den IE benutze oder auf das Profil meiner Frau wechsele. Was ist das und wie kann ich das abstellen? Im Netz habe ich darüber nichts gefunden. Vielen Dank RvM |
|
08.01.2013, 19:41
| #2 |
| /// Malware-holic   | Trojan.JS.Redirector bei Aufruf von Firefox Hi
__________________kennst du denn die von Kaspersky benannte Seite? Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
08.01.2013, 20:31
| #3 |
| | Trojan.JS.Redirector bei Aufruf von Firefox OTL.txt
__________________Code:
ATTFilter OTL logfile created on: 08.01.2013 20:03:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Install\quicktime Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 34,85% Memory free 6,50 Gb Paging File | 3,85 Gb Available in Paging File | 59,21% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 488,18 Gb Total Space | 355,98 Gb Free Space | 72,92% Space Free | Partition Type: NTFS Drive D: | 488,29 Gb Total Space | 301,14 Gb Free Space | 61,67% Space Free | Partition Type: NTFS Drive E: | 443,22 Gb Total Space | 261,46 Gb Free Space | 58,99% Space Free | Partition Type: NTFS Drive F: | 443,23 Gb Total Space | 203,95 Gb Free Space | 46,01% Space Free | Partition Type: NTFS Computer Name: xxx | User Name: XXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Install\quicktime\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe () PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Users\XXX\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Synology\Assistant\UsbClientService.exe () PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\klwtblfs.exe (Kaspersky Lab ZAO) PRC - C:\Programme\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Programme\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH) PRC - C:\Programme\APC\PowerChute Personal Edition\mainserv.exe (Schneider Electric) PRC - C:\Programme\APC\PowerChute Personal Edition\apcsystray.exe (Schneider Electric) PRC - C:\Programme\IBM\Lotus\Notes\SUService.exe (IBM Corp) PRC - C:\Programme\IBM\Lotus\Notes\nsd.exe (IBM) PRC - C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Synology Data Replicator 3\Backup.exe (Synology Inc.) PRC - C:\Windows\System32\cjpcsc.exe (REINER SCT) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.) PRC - C:\Programme\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology, Corp.) PRC - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe () PRC - C:\Programme\MAGIX\PC_Check_Tuning_2010\MxTray.exe () PRC - C:\Programme\Synology Data Replicator 3\SynoDrService.exe () PRC - C:\Programme\UpsPilot\wpRMI.exe (Macrovision) PRC - C:\Programme\UpsPilot\monitor.exe (Macrovision) PRC - C:\Programme\UpsPilot\jre\bin\javaw.exe (Sun Microsystems, Inc.) PRC - D:\Install\prozessortools\Core Temp.exe () PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation) PRC - C:\Programme\ASUS\EPU-6 Engine\SixEngine.exe () PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Programme\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe () PRC - C:\Programme\Stardock\CursorFX\CursorFX.exe (Stardock Corporation) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) ========== Modules (No Company Name) ========== MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wfvie13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe () MOD - C:\Programme\WISO\Steuersoftware 2013\wgui13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wcore13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\rscorewinapi48.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wauff13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wreli13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wsteu13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\rsguiwinapi48.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\rsodbc48.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\rsdcom48.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll () MOD - C:\Programme\program\libxml2.dll () MOD - C:\Programme\program\libxslt.dll () MOD - C:\Programme\Tablet\Wacom\libxml2.dll () MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe () MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\RBScript.dll () MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\XML.dll () MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\CGamma.dll () MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\RegEx.dll () MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\Appearance Pak.dll () MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\Shell.dll () MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\CSensor.dll () MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll () MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll () MOD - C:\Programme\MAGIX\PC_Check_Tuning_2010\MXCleanerDll.DLL () MOD - C:\Programme\MAGIX\PC_Check_Tuning_2010\MxTray.exe () MOD - C:\Programme\MAGIX\PC_Check_Tuning_2010\MFL_u.DLL () MOD - D:\Install\prozessortools\Core Temp.exe () MOD - C:\Programme\MAGIX\PC_Check_Tuning_2010\MFL_u_VC8.dll () MOD - C:\Programme\ASUS\EPU-6 Engine\SixEngine.exe () MOD - C:\Programme\ASUS\EPU-6 Engine\AsusService.dll () MOD - C:\Programme\ASUS\EPU-6 Engine\pngio.dll () MOD - C:\Programme\Stardock\CursorFX\zlib1.dll () MOD - C:\Programme\MAGIX\PC_Check_Tuning_2010\PlayRIpl.dll () MOD - C:\Programme\Common Files\Nero\Lib\log4cxx.dll () MOD - C:\Windows\System32\AsIO.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll () SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (UsbClientService) -- C:\Programme\Synology\Assistant\UsbClientService.exe () SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (APC Data Service) -- C:\Programme\APC\PowerChute Personal Edition\dataserv.exe (Schneider Electric) SRV - (APC UPS Service) -- C:\Programme\APC\PowerChute Personal Edition\mainserv.exe (Schneider Electric) SRV - (LNSUSvc) -- C:\Programme\IBM\Lotus\Notes\SUService.exe (IBM Corp) SRV - (Lotus Notes Diagnostics) -- C:\Programme\IBM\Lotus\Notes\nsd.exe (IBM) SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia) SRV - (PMBDeviceInfoProvider) -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (cjpcsc) -- C:\Windows\System32\cjpcsc.exe (REINER SCT) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (TabletServiceWacom) -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.) SRV - (MCSWASVR) -- C:\Programme\Telekom\Mediencenter\WebDAV.AdminService.exe (Deutsche Telekom AG) SRV - (Netzmanager Service) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG) SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (SynoDrService) -- C:\Programme\Synology Data Replicator 3\SynoDrService.exe () SRV - (WinpowerRMI) -- C:\Programme\UpsPilot\wpRMI.exe (Macrovision) SRV - (Winpowermonitor) -- C:\Programme\UpsPilot\monitor.exe (Macrovision) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (AsSysCtrlService) -- C:\Programme\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe () SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (Ext2Fsd) -- File not found DRV - (cpuz132) -- C:\Users\XXX\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found DRV - (ALSysIO) -- C:\Users\XXX\AppData\Local\Temp\ALSysIO.sys File not found DRV - (adfs) -- File not found DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab) DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab) DRV - (busenum) -- C:\Windows\System32\drivers\busenum.sys (Windows (R) Win 7 DDK provider) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation) DRV - (cjusb) -- C:\Windows\System32\drivers\cjusb.sys (REINER SCT) DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation) DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation) DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation) DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation) DRV - (cbfs3) -- C:\Windows\System32\drivers\cbfs3.sys (EldoS Corporation) DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC1124 Inc) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (Spyder3) -- C:\Windows\System32\drivers\Spyder3.sys () DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (mv61xx) -- C:\Windows\System32\drivers\mv61xx.sys (Marvell Semiconductor, Inc.) DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (NPF_devolo) -- C:\Windows\System32\drivers\npf_devolo.sys (CACE Technologies) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation) DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. ) DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys () DRV - (bizVSerial) -- C:\Windows\System32\drivers\bizVSerialNT.sys (franson.biz) DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (LMouFlt2) -- C:\Windows\System32\drivers\LMouFlt2.Sys (Logitech, Inc.) DRV - (LHidFlt2) -- C:\Windows\System32\drivers\LHidFlt2.Sys (Logitech, Inc.) DRV - (cvspydr2) -- C:\Windows\System32\drivers\cvspydr2.sys (Colorvision Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 84 C5 40 51 59 CA 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {7548973C-5C35-4E05-87F3-97194EE4EB43} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CCS&o=15773&src=kw&q={searchTerms}&locale=&apn_ptnrs=HN&apn_dtid=YYYYYYYYDE&apn_uid=D6CDC2EC-9D38-4C79-8EE0-0C11FDD51121&apn_sauid=FAF0BC77-7BA8-4F78-B1A9-BE3E13106D01 IE - HKCU\..\SearchScopes\{7548973C-5C35-4E05-87F3-97194EE4EB43}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = proxy-kre.evonik.com/proxy-pac ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/" FF - prefs.js..extensions.enabledAddons: %7B3869b071-0fae-4c75-948a-60d9c56ea02b%7D:1.0 FF - prefs.js..extensions.enabledAddons: url_advisor%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: virtual_keyboard%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: content_blocker%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019 FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76 FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy-kre.evonik.com/proxy-pac" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF - HKLM\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 3\program File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\XXX\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( ) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\XXX\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 15:19:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012.12.21 15:39:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.21 15:39:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012.12.21 15:39:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.05 18:22:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.05 18:22:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.23 06:36:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] () [2010.08.19 18:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions [2010.08.19 18:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.01.08 19:38:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\0wfyg99q.default\extensions [2010.11.28 11:31:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\0wfyg99q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.02.24 07:19:24 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\0wfyg99q.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2010.02.24 07:19:24 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\0wfyg99q.default\extensions\noia2_option@kk.noia [2012.03.27 19:08:12 | 000,007,433 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\0wfyg99q.default\extensions\{3869b071-0fae-4c75-948a-60d9c56ea02b}.xpi [2012.12.29 14:28:45 | 000,533,036 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\0wfyg99q.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.12.12 21:31:45 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\0wfyg99q.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.11.23 21:56:16 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\0wfyg99q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.08 12:21:03 | 000,002,395 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\0wfyg99q.default\searchplugins\askcom.xml [2012.12.05 18:22:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.05 18:22:05 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2012.12.21 15:39:20 | 000,000,000 | ---D | M] (Content Blocker) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2013\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM [2012.12.21 15:39:20 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2013\FFEXT\URL_ADVISOR@KASPERSKY.COM [2012.12.21 15:39:20 | 000,000,000 | ---D | M] (Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2013\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM [2012.12.05 18:22:09 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008.08.16 16:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2008.08.16 16:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll [2008.08.16 16:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2008.05.21 07:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll [2008.05.21 07:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll [2008.05.21 07:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll [2008.08.16 16:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll [2008.02.22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll [2008.08.16 16:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.05.09 20:17:57 | 000,002,204 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 .psf O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 18 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files\Smart File Advisor\sfa.exe (Filefacts.net) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\XXX\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [Core Temp] D:\Install\prozessortools\Core Temp.exe () O4 - HKCU..\Run: [CursorFX] C:\Program Files\Stardock\CursorFX\CursorFX.exe (Stardock Corporation) O4 - HKCU..\Run: [Data Replicator 3] C:\Program Files\Synology Data Replicator 3\Backup.exe (Synology Inc.) O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe () O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.exe - Verknüpfung.lnk = C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} hxxp://www.fujidirekt.de/ips-opdata/layout/aspadmin/objects/canvasx.cab (CanvasX Class) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.fujidirekt.de/ips-opdata/objects/jordan.cab (JordanUploader Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C79CDDA-D716-4FC5-8C27-BD7CEFBB60F9}: DhcpNameServer = 172.16.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D49B4065-FBB4-42A2-BE1F-5C1C667C04D3}: DhcpNameServer = 195.50.140.178 195.50.140.114 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{593515b5-1e82-11e0-836e-90e6ba441b8d}\Shell - "" = AutoRun O33 - MountPoints2\{593515b5-1e82-11e0-836e-90e6ba441b8d}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.08 17:56:05 | 000,000,000 | ---D | C] -- C:\d8e392f8f2f1247224 [2013.01.02 19:41:00 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.01.02 19:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\URE [2013.01.02 19:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\readmes [2013.01.02 19:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\program [2013.01.02 19:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\share [2013.01.02 19:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\Basis [2012.12.27 11:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.12.22 16:57:12 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.22 16:57:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.13 15:42:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.12.13 15:42:15 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.12.13 15:42:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.12.13 15:42:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.12.13 15:42:15 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.12.13 15:42:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.12.13 15:42:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.12.13 15:42:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.12.12 18:35:48 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.12.12 18:35:45 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012.12.12 18:35:45 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.12.12 18:35:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012.12.12 18:35:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012.12.12 18:35:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 18:35:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 18:35:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 18:35:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 18:35:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 18:35:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 18:35:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012.12.12 18:35:38 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012.12.12 18:35:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.07.10 20:28:39 | 013,923,704 | ---- | C] (Schneider Electric) -- C:\Users\XXX\PCPE Setup.exe [2012.07.10 20:28:39 | 001,079,808 | ---- | C] (Microsoft Corporation) -- C:\Users\XXX\mfc80u.dll [2012.07.10 20:28:39 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Users\XXX\msvcr80.dll [2012.07.10 20:28:39 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\XXX\grm_res.dll [2012.07.10 20:28:39 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\XXX\fr_res.dll [2012.07.10 20:28:39 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\XXX\pt_res.dll [2012.07.10 20:28:39 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\XXX\it_res.dll [2012.07.10 20:28:39 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\XXX\es_res.dll [2012.07.10 20:28:39 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\XXX\en_res.dll [2012.07.10 20:28:39 | 000,020,856 | ---- | C] (Schneider Electric) -- C:\Users\XXX\ru_res.dll [2012.07.10 20:28:39 | 000,020,344 | ---- | C] (Schneider Electric) -- C:\Users\XXX\jp_res.dll [2012.07.10 20:28:39 | 000,019,832 | ---- | C] (Schneider Electric) -- C:\Users\XXX\zh_res.dll [4 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\XXX\*.tmp files -> C:\Users\XXX\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.08 19:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.08 19:44:03 | 000,000,244 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2013.01.08 19:23:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.08 19:14:03 | 000,000,244 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2013.01.08 19:14:01 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2013.01.08 18:01:30 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.08 18:01:23 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\PCCT - MAGIX AG.job [2013.01.08 17:59:50 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.08 17:59:50 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.08 17:45:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.08 17:45:04 | 2616,500,224 | -HS- | M] () -- C:\hiberfil.sys [2013.01.05 12:07:00 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Synology Data Replicator 3-XXX-PC-XXX.job [2013.01.04 20:24:39 | 000,017,060 | ---- | M] () -- C:\Windows\cdplayer.ini [2013.01.02 21:13:14 | 003,854,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.02 21:12:57 | 512,230,196 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.01.02 19:41:47 | 000,001,011 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.01.02 19:41:00 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2012.12.28 10:40:24 | 000,657,746 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.28 10:40:24 | 000,617,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.28 10:40:24 | 000,131,418 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.28 10:40:24 | 000,107,670 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.27 11:16:14 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.12.26 23:10:01 | 000,007,601 | ---- | M] () -- C:\Users\XXX\AppData\Local\Resmon.ResmonCfg [2012.12.17 16:24:58 | 000,001,904 | ---- | M] () -- C:\Users\XXX\Desktop\DreamBoxEdit.lnk [2012.12.17 15:13:43 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.12 19:46:41 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.12.12 19:46:41 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [4 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\XXX\*.tmp files -> C:\Users\XXX\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.02 21:12:57 | 512,230,196 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.01.02 19:41:47 | 000,001,011 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.01.02 19:41:00 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2012.12.27 11:16:14 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.10.16 16:27:19 | 000,001,456 | ---- | C] () -- C:\Users\XXX\AppData\Local\Adobe Für Web speichern 13.0 Prefs [2012.08.13 11:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files\readme.html [2012.07.10 20:33:10 | 013,338,112 | ---- | C] () -- C:\Users\XXX\PCPE_3.0.1.msi [2012.07.10 20:28:39 | 000,018,808 | ---- | C] () -- C:\Users\XXX\ResourceReader.dll [2012.05.31 16:51:52 | 000,140,770 | ---- | C] () -- C:\Users\XXX\.TransferManager.db [2012.05.08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link [2012.02.09 17:06:27 | 000,001,456 | ---- | C] () -- C:\Users\XXX\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.02.06 19:49:44 | 000,001,074 | ---- | C] () -- C:\Users\XXX\Videos - Verknüpfung.lnk [2012.02.06 19:45:11 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll [2012.01.14 22:05:14 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini [2012.01.14 22:05:14 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini [2011.12.12 22:06:04 | 000,051,034 | ---- | C] () -- C:\Users\XXX\install.xml [2011.11.07 21:55:07 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.09.03 21:36:05 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll [2011.08.08 19:45:37 | 000,000,100 | ---- | C] () -- C:\Windows\notesnsd.ini [2011.07.01 17:00:06 | 000,017,408 | ---- | C] () -- C:\Users\XXX\AppData\Local\WebpageIcons.db [2011.06.20 20:03:56 | 000,007,601 | ---- | C] () -- C:\Users\XXX\AppData\Local\Resmon.ResmonCfg [2010.11.14 18:34:05 | 000,122,157 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\mdbu.bin [2010.05.19 19:22:59 | 000,000,600 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\winscp.rnd [2010.05.10 18:43:15 | 000,000,132 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010.04.03 18:25:51 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.11.23 20:46:31 | 000,000,016 | ---- | C] () -- C:\Users\XXX\persistent_state ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.11.15 10:57:01 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Acronis [2010.12.25 19:58:25 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AnvSoft [2009.12.07 17:57:48 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AOMrec [2012.12.24 18:37:27 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Audacity [2010.02.10 20:33:26 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Buhl Data Service [2012.09.13 16:13:59 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Canon [2012.09.13 16:17:08 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Canon_Inc_IC [2010.09.13 19:11:12 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010.12.25 20:08:33 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CocoonSoftware [2012.03.19 08:53:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2010.05.30 17:29:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CursorArts [2012.11.15 21:53:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Dropbox [2012.03.13 19:57:18 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoft [2012.03.13 19:57:09 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers [2010.12.09 17:59:51 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Epson [2010.06.07 19:45:12 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Facebook [2013.01.02 10:31:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FileZilla [2010.07.12 14:59:20 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FreeFLVConverter [2009.12.14 11:02:15 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Haenlein-Software [2010.04.10 17:12:02 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\HDRsoft [2010.03.31 17:13:43 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ICAClient [2009.11.03 19:19:24 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Leadertech [2010.01.08 10:21:21 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\MAGIX [2011.05.23 20:42:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Notepad++ [2009.10.31 22:19:19 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OpenOffice.org [2011.01.15 18:05:14 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\phonostar-Player [2011.05.23 18:43:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Photo! Web Album [2012.01.06 16:24:35 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ProtectDisc [2010.09.07 19:05:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.01.15 18:05:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Teleca [2010.08.19 18:22:17 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Thunderbird [2009.11.20 06:54:14 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Ulead Systems [2011.03.12 19:30:56 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\VanDyke [2011.11.08 19:41:39 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\XMedia Recode ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E8BE05FA < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.01.2013 20:03:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Install\quicktime
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 34,85% Memory free
6,50 Gb Paging File | 3,85 Gb Available in Paging File | 59,21% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 488,18 Gb Total Space | 355,98 Gb Free Space | 72,92% Space Free | Partition Type: NTFS
Drive D: | 488,29 Gb Total Space | 301,14 Gb Free Space | 61,67% Space Free | Partition Type: NTFS
Drive E: | 443,22 Gb Total Space | 261,46 Gb Free Space | 58,99% Space Free | Partition Type: NTFS
Drive F: | 443,23 Gb Total Space | 203,95 Gb Free Space | 46,01% Space Free | Partition Type: NTFS
Computer Name: XXX | User Name: Rolf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02877E15-8E51-426C-88F0-DD81E9E87D81}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |
"{0B99A39D-E808-4DE1-BBFD-6E4B97E44B7C}" = lport=49173 | protocol=6 | dir=in | name=akamai netsession interface |
"{1423DDD4-3485-4663-BC83-7F801C855E40}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{26819F85-00A1-4F19-BEB4-2791024D21F0}" = lport=139 | protocol=6 | dir=in | app=system |
"{2C2958C3-DBEE-4321-9595-F382518283B9}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{32A4E211-6E2B-46C8-8C16-C2C071460652}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36B84E8C-6A22-4C55-9967-A4684B689C94}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6516A48D-45D9-4966-B4D8-70531D2F30BA}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"{75311F82-7CC5-422F-9170-9926606589F0}" = rport=138 | protocol=17 | dir=out | app=system |
"{78810B26-A774-46F7-8BE3-656ABF79B8A4}" = lport=137 | protocol=17 | dir=in | app=system |
"{949C39DE-E069-476A-AFA9-A91934D5A302}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A076EA47-4F55-44DE-9726-94F3953E6030}" = rport=139 | protocol=6 | dir=out | app=system |
"{A5291452-0262-4F2E-A437-175384FD606A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A732FBCA-2550-4DED-9119-0F31BAF0CD84}" = rport=137 | protocol=17 | dir=out | app=system |
"{ADCB92D6-3382-4FAA-8467-83778D7673AE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{BA1893F7-93CC-44F5-AA5D-CCB7478F3C4A}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"{CCD7E1BF-0CDA-4F37-93DD-0A0D9DC6C036}" = lport=138 | protocol=17 | dir=in | app=system |
"{D7DEF4CA-6C84-4327-9B31-BF3E12C51A1C}" = rport=445 | protocol=6 | dir=out | app=system |
"{DE6C0782-DAC3-420C-895C-07DA5DBE3A65}" = lport=445 | protocol=6 | dir=in | app=system |
"{DF8575E5-744C-4B85-9C36-BB5E4ED034E5}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{E89ADFEF-5E4E-4FC3-A9B5-B0319745000A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03DDF14E-15C9-4F42-AAA1-CB6F9351EBC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{03E94794-DE9C-4A11-878F-D31262354308}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{041FBC00-D667-4AD6-9498-E1FB37626CBF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{05DF3EB2-9719-4742-B3EA-C635FEE22B60}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1DDF20D8-FD27-45DD-A89A-9EC7148F3BFB}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{298F6958-B855-49F6-9C97-9CECA62750C1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{49B88E3E-5167-4BC8-ACF7-5F13BD4B430B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4BB949DF-62FA-4356-85CF-B1622E9103D6}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe |
"{525F8ECE-FF41-4867-870C-3C0333802BEF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{52B8EF40-0CC1-4165-980C-F78452CA0DE6}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe |
"{5CF3C1EF-B19E-44D7-8573-52404656D529}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5ED389F8-A604-4CEB-B899-7FC4B536F181}" = protocol=6 | dir=in | app=c:\program files\synology data replicator 3\backup.exe |
"{6BAC2045-6D0A-4ECC-B303-264ACAAF7DF4}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{72D58C0E-359C-4CF3-BAD3-50105DFD289D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{74827A88-6081-4D16-9AD8-E6D37614C6AC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{7869A60D-0AD2-42AB-93F2-151484CD1A62}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{7A523F85-CF58-4CAA-9B6C-42D65645FDD7}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A38ECBAB-E4A3-4B1F-A3C2-C1A6F4FAB2EB}" = protocol=17 | dir=in | app=c:\program files\synology data replicator 3\backup.exe |
"{A4ACBAC2-0750-4EAE-A90F-7B1498200AD1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A4DF07BE-28DC-4127-83E9-6A728AA82287}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C09C125C-54DC-440E-87BE-EC0AD5F81DDF}" = protocol=17 | dir=in | app=c:\users\rolf\appdata\local\akamai\netsession_win.exe |
"{D2E41FF7-0191-4CFE-9621-D6B79EE7E3BE}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe |
"{E8CEBF14-DFD5-41E4-B888-8EDF170670E6}" = protocol=6 | dir=in | app=c:\users\rolf\appdata\local\akamai\netsession_win.exe |
"{EA6FF75C-9245-4856-B6EE-EB11C4DD8CBA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EA8F1BC7-B0EF-4388-A261-139AA18BC1BF}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{ED7B1B0B-CD01-43B0-96C4-D30B56D3F8BE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FB692E0A-328E-480B-BD04-81576DD4D90A}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe |
"TCP Query User{056861EB-4361-4093-8627-53C3F78A0C1B}C:\program files\bouquet editor suite\bouquet editor suite.exe" = protocol=6 | dir=in | app=c:\program files\bouquet editor suite\bouquet editor suite.exe |
"TCP Query User{2E54C178-783F-48D2-82E5-5FAAF3EA1DC2}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{2EE2837C-CD10-468A-BA59-B80D4B7BA196}D:\dreambox\dcc\dcc.exe" = protocol=6 | dir=in | app=d:\dreambox\dcc\dcc.exe |
"TCP Query User{3457EE4E-6111-4913-8FCD-8889899E492F}C:\program files\synology\assistant\dsassistant.exe" = protocol=6 | dir=in | app=c:\program files\synology\assistant\dsassistant.exe |
"TCP Query User{4D5678B6-4FF3-4338-B6E4-C520D0EA7487}D:\dreambox\dcc\dcc_e2.exe" = protocol=6 | dir=in | app=d:\dreambox\dcc\dcc_e2.exe |
"TCP Query User{5A7566D5-4DE1-4CF8-BB4F-468A4D553FE0}C:\program files\upspilot\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\upspilot\jre\bin\javaw.exe |
"TCP Query User{666AAA5B-6E67-4469-8B15-1A386E5FAF62}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{8303C8E7-0BD2-4823-ADFD-5ABCAA97E9B2}C:\program files\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe" = protocol=6 | dir=in | app=c:\program files\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe |
"TCP Query User{8BC43F7A-AE64-4651-88D1-E04580FCC502}C:\program files\magix\webradio_recorder_5\webradio.exe" = protocol=6 | dir=in | app=c:\program files\magix\webradio_recorder_5\webradio.exe |
"TCP Query User{931DCDC5-3F03-4EFE-807F-1493E856C7EF}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{BE8CC6F2-B8E8-4AC4-9ACF-31C9ECBF685B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{ECCB6C0B-EDE7-4AAB-BD00-3CA8D38737A0}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{364DB94D-8941-450F-B33A-F970319EB4CC}C:\program files\upspilot\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\upspilot\jre\bin\javaw.exe |
"UDP Query User{36CE9A5E-6F42-497C-A941-48CCB68A7445}C:\program files\synology\assistant\dsassistant.exe" = protocol=17 | dir=in | app=c:\program files\synology\assistant\dsassistant.exe |
"UDP Query User{4206CFB5-A1EB-4997-9B72-1ABD0DA83515}C:\program files\magix\webradio_recorder_5\webradio.exe" = protocol=17 | dir=in | app=c:\program files\magix\webradio_recorder_5\webradio.exe |
"UDP Query User{49BF68AF-4A0D-4E03-A6C4-9AC983BF9E9E}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{5B51C7EB-5D5E-47B8-8A53-E004F1BF88A8}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{5D07362B-D12F-47CC-A7F8-875979B00DEE}C:\program files\bouquet editor suite\bouquet editor suite.exe" = protocol=17 | dir=in | app=c:\program files\bouquet editor suite\bouquet editor suite.exe |
"UDP Query User{682E7FCC-AC97-4370-86A5-04B85D7BA67E}D:\dreambox\dcc\dcc.exe" = protocol=17 | dir=in | app=d:\dreambox\dcc\dcc.exe |
"UDP Query User{6E8E7AEB-F7ED-4CB2-B2B1-F2BE81E579E7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{9FCFE8E8-D1D2-4075-AEFB-CDE39750EE94}D:\dreambox\dcc\dcc_e2.exe" = protocol=17 | dir=in | app=d:\dreambox\dcc\dcc_e2.exe |
"UDP Query User{CDECF5AF-124B-45FE-9290-05C41987897D}C:\program files\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe" = protocol=17 | dir=in | app=c:\program files\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe |
"UDP Query User{E49CD7FB-E60D-4A05-BEBB-43C9B8E02087}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{EFA02182-2BB6-4D4B-A70F-FD48B36DF4D7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{02698606-3A21-489D-9D2A-75C9E8D3E5BD}" = Adobe Creative Suite 5 Design Premium
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = easycap video grabber
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3FF55F91-4296-46D0-B045-1429CD46AF99}" = Adobe Setup
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{5BDEA9E0-E55B-45A7-93F7-6B8F68F851E5}" = Topaz InFocus
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DF6D752-00FB-4FE3-A3C6-7C09279A1031}" = Nero 8
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{76B830B5-AFE2-498E-8A0E-0BB64B5EC87E}" = BOINC
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A76CAF3-D7D8-45C0-9CCB-8AC1DDF38516}" = Magic Bullet PhotoLooks 32 bit
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{857CC5F0-040E-1016-A173-D55ADD80C260}" = Adobe InDesign CS5.5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E310838-457C-4269-B177-3EFB300CBDDC}" = Synology Data Replicator 3
"{8ED262EE-FC73-47A9-BB86-D92223246881}" = PowerChute Personal Edition 3.0.2
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{97B4DF0B-7499-455F-AFBA-F70F64D6D86A}" = SweetIM for Messenger 3.5
"{997AFE6A-F337-4A6A-8A99-2C32025E0BFF}" = Tunebite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1194237-547A-461d-BD44-B97B1574A7DA}" = SweetIM Toolbar for Internet Explorer 4.1
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A7091E1D-36A4-47F1-A739-173CC341414F}" = Cisco Systems VPN Client 5.0.03.0560
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B1B669F9-B9FE-486D-924F-D6678FDB0FD5}" = Adobe Setup
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B75932F6-EC0A-4E3A-AA7A-11AAC267B8A3}" = Adobe Creative Suite 3 Design Premium
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BD60F72D-3F2F-4AE1-9C41-3CF75B2CA59A}" = DVR-Studio Pro 2
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{C9D456FD-C25B-49DE-AA71-6B76D6550B23}" = Adobe Fireworks CS3
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D17BC5AF-E3C4-4217-83EF-D228A8A154D9}" = Lotus Notes 8.5.3 de
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9B6F270-EEAD-4B5B-82ED-1EEE8CB5F273}" = StarMoney 8.0
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FBDCDFA2-6950-46A1-B31E-B1B3DF08242B}" = Miro Video Converter
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FC5A8E68-A2E5-4E14-91FA-7A3FB83C7E23}" = Adobe Photoshop Lightroom 4.2
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7CA796BB949C28BF49AB1F5C63987DDCDB6198D2" = Windows-Treiberpaket - eMPIA Technology Inc, (emAudio) MEDIA (01/29/2007 5.7.0129.0)
"7-Zip" = 7-Zip 9.07 beta
"83F59976468EB2453DAA02D2C182FC19F4ACFDA8" = Windows-Treiberpaket - eMPIA Technology (USB28xxBGA) Media (01/16/2007 5.7.0116.0)
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional - English, Français, Deutsch_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c7ed6c08f4acf68bf0512885eec384" = Adobe Fireworks CS3
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_dba14d7ef3aa07282d2b5a7a98d902a" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Akamai" = Akamai NetSession Interface Service
"Audacity_is1" = Audacity 2.0
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber Lame PlugIn" = Audiograbber Lame PlugIn 3.96 APS
"Bouquet Editor Suite_is1" = Bouquet Editor Suite v1.2 Uninstall
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CCleaner" = CCleaner
"CD Bremse_is1" = CD Bremse 1.49
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"CRT" = VanDyke Software CRT 5.0
"CursorFX" = CursorFX
"Digital Photo Professional" = Canon Utilities Digital Photo Professional 3.11
"dlanconf" = devolo dLAN-Konfigurationsassistent
"DreamBoxEdit" = dreamboxEDIT -- The one and only settings editor for your Dreambox
"dslmon" = devolo Informer
"DVD Shrink_is1" = DVD Shrink 3.1
"EOS Utility" = Canon Utilities EOS Utility
"EPSON PX720WD Series" = EPSON PX720WD Series Printer Uninstall
"EPSON PX720WD Series Manual" = EPSON PX720WD Series Handbuch
"EPSON PX720WD Series Network Guide" = EPSON PX720WD Series Netzwerk-Handbuch
"EPSON Scanner" = EPSON Scan
"Ext2Fsd_is1" = Ext2Fsd 0.51
"FileZilla" = FileZilla (remove only)
"FileZilla Client" = FileZilla Client 3.6.0.2
"F-Recovery for CompactFlash" = F-Recovery for CompactFlash
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free DVD MP3 Ripper_is1" = Free DVD MP3 Ripper 1.12
"Free FLV Converter_is1" = Free FLV Converter V 6.9.0
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.5
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"iCare Data Recovery_is1" = iCare Data Recovery 4.5.3
"ImageBrowser EX" = Canon Utilities ImageBrowser EX
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 3.0
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Filme auf DVD 7 D" = MAGIX Filme auf DVD 7 7.0.3.0 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX PC Check & Tuning 2010 D" = MAGIX PC Check & Tuning 2010 5.0.30.804 (D)
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX Video deluxe 16 Plus D" = MAGIX Video deluxe 16 Plus 9.0.0.54 (D)
"MAGIX Webradio Recorder 5 D" = MAGIX Webradio Recorder 5 5.0.0.326 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mediencenter Software" = Mediencenter Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mv61xxDriver" = marvell 61xx
"MyCamera" = Canon Utilities MyCamera
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Netzmanager" = Netzmanager
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"Photo! Web Album_is1" = Photo! Web Album 1.2
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.7
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SDR2" = Schlag den Raab - Das 2. Spiel
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"Smart Data Recovery_is1" = Smart Data Recovery v4.3
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"smartmontools" = smartmontools
"Spyder3Elite" = Spyder3Elite
"Synology Assistant" = Synology Assistant (remove only)
"TeamViewer 7" = TeamViewer 7
"Topaz InFocus" = Topaz InFocus
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.5
"Wacom Tablet Driver" = Wacom Tablett
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WFTK" = Canon Utilities WFT-E1/E2/E3/E4 Utility
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.45-4
"Winpower" = Winpower
"winscp3_is1" = WinSCP 4.2.7
"XMedia Recode" = XMedia Recode 3.0.4.6
"YTdetect" = Yahoo! Detect
"ZapNotes" = ZapNotes
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 9
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Facebook Plug-In" = Facebook Plug-In
"Kies Air Discovery Service" = Kies Air Discovery Service
"QUICKMEDIACONVERTER" = QMC
"SugarSync" = SugarSync Manager
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.11.2012 14:00:16 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description =
Error - 02.12.2012 14:00:11 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description =
Error - 09.12.2012 14:00:11 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description =
Error - 16.12.2012 14:00:11 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description =
Error - 23.12.2012 14:00:10 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description =
Error - 30.12.2012 14:00:11 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description =
Error - 03.01.2013 18:12:26 | Computer Name = XXX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 17.0.1.4715,
Zeitstempel: 0x50b71a4b Name des fehlerhaften Moduls: xul.dll, Version: 17.0.1.4715,
Zeitstempel: 0x50b7198b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00144ed8 ID des fehlerhaften
Prozesses: 0x6a4 Startzeit der fehlerhaften Anwendung: 0x01cde9b648600ce8 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: a760ef2e-55f2-11e2-b07b-90e6ba441b8d
Error - 04.01.2013 04:44:35 | Computer Name = XXX | Source = TabletServiceWacom | ID = 1
Description =
Error - 06.01.2013 14:00:17 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description =
Error - 08.01.2013 12:46:39 | Computer Name = XXX | Source = APC Data Service | ID = 0
Description = Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine
Verbindung mit dem Dienstcontroller herstellen
[ System Events ]
Error - 08.01.2013 12:36:37 | Computer Name = XXX | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?01.?2013 um 17:34:58 unerwartet heruntergefahren.
Error - 08.01.2013 12:36:41 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 08.01.2013 12:37:18 | Computer Name = XXX | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Stromversorgung" wurde mit folgendem Fehler beendet: %%4203
Error - 08.01.2013 12:45:10 | Computer Name = XXX | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?01.?2013 um 17:40:34 unerwartet heruntergefahren.
Error - 08.01.2013 12:45:15 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 08.01.2013 12:45:53 | Computer Name = XXX | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Mediencenter Service erreicht.
Error - 08.01.2013 12:45:53 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mediencenter Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 08.01.2013 12:48:53 | Computer Name = XXX | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 08.01.2013 12:49:37 | Computer Name = XXX | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Google Update Service (gupdate) erreicht.
Error - 08.01.2013 12:49:37 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
< End of report >
|
|
08.01.2013, 20:33
| #4 |
| | Trojan.JS.Redirector bei Aufruf von Firefox OTL.txt Code:
ATTFilter OTL logfile created on: 08.01.2013 20:03:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Install\quicktime Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 34,85% Memory free 6,50 Gb Paging File | 3,85 Gb Available in Paging File | 59,21% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 488,18 Gb Total Space | 355,98 Gb Free Space | 72,92% Space Free | Partition Type: NTFS Drive D: | 488,29 Gb Total Space | 301,14 Gb Free Space | 61,67% Space Free | Partition Type: NTFS Drive E: | 443,22 Gb Total Space | 261,46 Gb Free Space | 58,99% Space Free | Partition Type: NTFS Drive F: | 443,23 Gb Total Space | 203,95 Gb Free Space | 46,01% Space Free | Partition Type: NTFS Computer Name: xxx | User Name: XXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Install\quicktime\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe () PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Users\XXX\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Synology\Assistant\UsbClientService.exe () PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\klwtblfs.exe (Kaspersky Lab ZAO) PRC - C:\Programme\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Programme\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH) PRC - C:\Programme\APC\PowerChute Personal Edition\mainserv.exe (Schneider Electric) PRC - C:\Programme\APC\PowerChute Personal Edition\apcsystray.exe (Schneider Electric) PRC - C:\Programme\IBM\Lotus\Notes\SUService.exe (IBM Corp) PRC - C:\Programme\IBM\Lotus\Notes\nsd.exe (IBM) PRC - C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Synology Data Replicator 3\Backup.exe (Synology Inc.) PRC - C:\Windows\System32\cjpcsc.exe (REINER SCT) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.) PRC - C:\Programme\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology, Corp.) PRC - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe () PRC - C:\Programme\MAGIX\PC_Check_Tuning_2010\MxTray.exe () PRC - C:\Programme\Synology Data Replicator 3\SynoDrService.exe () PRC - C:\Programme\UpsPilot\wpRMI.exe (Macrovision) PRC - C:\Programme\UpsPilot\monitor.exe (Macrovision) PRC - C:\Programme\UpsPilot\jre\bin\javaw.exe (Sun Microsystems, Inc.) PRC - D:\Install\prozessortools\Core Temp.exe () PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation) PRC - C:\Programme\ASUS\EPU-6 Engine\SixEngine.exe () PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Programme\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe () PRC - C:\Programme\Stardock\CursorFX\CursorFX.exe (Stardock Corporation) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) ========== Modules (No Company Name) ========== MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wfvie13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe () MOD - C:\Programme\WISO\Steuersoftware 2013\wgui13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wcore13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\rscorewinapi48.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wauff13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wreli13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wsteu13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\rsguiwinapi48.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\rsodbc48.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\rsdcom48.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll () MOD - C:\Programme\program\libxml2.dll () MOD - C:\Programme\program\libxslt.dll () MOD - C:\Programme\Tablet\Wacom\libxml2.dll () MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe () MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\RBScript.dll () MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\XML.dll () MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\CGamma.dll () MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\RegEx.dll () MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\Appearance Pak.dll () MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\Shell.dll () MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\CSensor.dll () MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll () MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll () MOD - C:\Programme\MAGIX\PC_Check_Tuning_2010\MXCleanerDll.DLL () MOD - C:\Programme\MAGIX\PC_Check_Tuning_2010\MxTray.exe () MOD - C:\Programme\MAGIX\PC_Check_Tuning_2010\MFL_u.DLL () MOD - D:\Install\prozessortools\Core Temp.exe () MOD - C:\Programme\MAGIX\PC_Check_Tuning_2010\MFL_u_VC8.dll () MOD - C:\Programme\ASUS\EPU-6 Engine\SixEngine.exe () MOD - C:\Programme\ASUS\EPU-6 Engine\AsusService.dll () MOD - C:\Programme\ASUS\EPU-6 Engine\pngio.dll () MOD - C:\Programme\Stardock\CursorFX\zlib1.dll () MOD - C:\Programme\MAGIX\PC_Check_Tuning_2010\PlayRIpl.dll () MOD - C:\Programme\Common Files\Nero\Lib\log4cxx.dll () MOD - C:\Windows\System32\AsIO.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll () SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (UsbClientService) -- C:\Programme\Synology\Assistant\UsbClientService.exe () SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (APC Data Service) -- C:\Programme\APC\PowerChute Personal Edition\dataserv.exe (Schneider Electric) SRV - (APC UPS Service) -- C:\Programme\APC\PowerChute Personal Edition\mainserv.exe (Schneider Electric) SRV - (LNSUSvc) -- C:\Programme\IBM\Lotus\Notes\SUService.exe (IBM Corp) SRV - (Lotus Notes Diagnostics) -- C:\Programme\IBM\Lotus\Notes\nsd.exe (IBM) SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia) SRV - (PMBDeviceInfoProvider) -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (cjpcsc) -- C:\Windows\System32\cjpcsc.exe (REINER SCT) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (TabletServiceWacom) -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.) SRV - (MCSWASVR) -- C:\Programme\Telekom\Mediencenter\WebDAV.AdminService.exe (Deutsche Telekom AG) SRV - (Netzmanager Service) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG) SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (SynoDrService) -- C:\Programme\Synology Data Replicator 3\SynoDrService.exe () SRV - (WinpowerRMI) -- C:\Programme\UpsPilot\wpRMI.exe (Macrovision) SRV - (Winpowermonitor) -- C:\Programme\UpsPilot\monitor.exe (Macrovision) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (AsSysCtrlService) -- C:\Programme\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe () SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (Ext2Fsd) -- File not found DRV - (cpuz132) -- C:\Users\XXX\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found DRV - (ALSysIO) -- C:\Users\XXX\AppData\Local\Temp\ALSysIO.sys File not found DRV - (adfs) -- File not found DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab) DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab) DRV - (busenum) -- C:\Windows\System32\drivers\busenum.sys (Windows (R) Win 7 DDK provider) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation) DRV - (cjusb) -- C:\Windows\System32\drivers\cjusb.sys (REINER SCT) DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation) DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation) DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation) DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation) DRV - (cbfs3) -- C:\Windows\System32\drivers\cbfs3.sys (EldoS Corporation) DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC1124 Inc) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (Spyder3) -- C:\Windows\System32\drivers\Spyder3.sys () DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (mv61xx) -- C:\Windows\System32\drivers\mv61xx.sys (Marvell Semiconductor, Inc.) DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (NPF_devolo) -- C:\Windows\System32\drivers\npf_devolo.sys (CACE Technologies) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation) DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. ) DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys () DRV - (bizVSerial) -- C:\Windows\System32\drivers\bizVSerialNT.sys (franson.biz) DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (LMouFlt2) -- C:\Windows\System32\drivers\LMouFlt2.Sys (Logitech, Inc.) DRV - (LHidFlt2) -- C:\Windows\System32\drivers\LHidFlt2.Sys (Logitech, Inc.) DRV - (cvspydr2) -- C:\Windows\System32\drivers\cvspydr2.sys (Colorvision Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 84 C5 40 51 59 CA 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {7548973C-5C35-4E05-87F3-97194EE4EB43} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CCS&o=15773&src=kw&q={searchTerms}&locale=&apn_ptnrs=HN&apn_dtid=YYYYYYYYDE&apn_uid=D6CDC2EC-9D38-4C79-8EE0-0C11FDD51121&apn_sauid=FAF0BC77-7BA8-4F78-B1A9-BE3E13106D01 IE - HKCU\..\SearchScopes\{7548973C-5C35-4E05-87F3-97194EE4EB43}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = proxy-kre.evonik.com/proxy-pac ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/" FF - prefs.js..extensions.enabledAddons: %7B3869b071-0fae-4c75-948a-60d9c56ea02b%7D:1.0 FF - prefs.js..extensions.enabledAddons: url_advisor%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: virtual_keyboard%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: content_blocker%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019 FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76 FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy-kre.evonik.com/proxy-pac" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF - HKLM\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 3\program File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\XXX\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( ) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\XXX\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 15:19:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012.12.21 15:39:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.21 15:39:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012.12.21 15:39:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.05 18:22:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.05 18:22:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.23 06:36:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] () [2010.08.19 18:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions [2010.08.19 18:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.01.08 19:38:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\0wfyg99q.default\extensions [2010.11.28 11:31:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\0wfyg99q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.02.24 07:19:24 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\0wfyg99q.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2010.02.24 07:19:24 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\0wfyg99q.default\extensions\noia2_option@kk.noia [2012.03.27 19:08:12 | 000,007,433 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\0wfyg99q.default\extensions\{3869b071-0fae-4c75-948a-60d9c56ea02b}.xpi [2012.12.29 14:28:45 | 000,533,036 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\0wfyg99q.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.12.12 21:31:45 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\0wfyg99q.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.11.23 21:56:16 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\0wfyg99q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.08 12:21:03 | 000,002,395 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\0wfyg99q.default\searchplugins\askcom.xml [2012.12.05 18:22:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.05 18:22:05 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2012.12.21 15:39:20 | 000,000,000 | ---D | M] (Content Blocker) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2013\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM [2012.12.21 15:39:20 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2013\FFEXT\URL_ADVISOR@KASPERSKY.COM [2012.12.21 15:39:20 | 000,000,000 | ---D | M] (Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2013\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM [2012.12.05 18:22:09 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008.08.16 16:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2008.08.16 16:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll [2008.08.16 16:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2008.05.21 07:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll [2008.05.21 07:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll [2008.05.21 07:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll [2008.08.16 16:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll [2008.02.22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll [2008.08.16 16:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.05.09 20:17:57 | 000,002,204 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 .psf O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 18 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files\Smart File Advisor\sfa.exe (Filefacts.net) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\XXX\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [Core Temp] D:\Install\prozessortools\Core Temp.exe () O4 - HKCU..\Run: [CursorFX] C:\Program Files\Stardock\CursorFX\CursorFX.exe (Stardock Corporation) O4 - HKCU..\Run: [Data Replicator 3] C:\Program Files\Synology Data Replicator 3\Backup.exe (Synology Inc.) O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe () O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.exe - Verknüpfung.lnk = C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} hxxp://www.fujidirekt.de/ips-opdata/layout/aspadmin/objects/canvasx.cab (CanvasX Class) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.fujidirekt.de/ips-opdata/objects/jordan.cab (JordanUploader Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C79CDDA-D716-4FC5-8C27-BD7CEFBB60F9}: DhcpNameServer = 172.16.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D49B4065-FBB4-42A2-BE1F-5C1C667C04D3}: DhcpNameServer = 195.50.140.178 195.50.140.114 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{593515b5-1e82-11e0-836e-90e6ba441b8d}\Shell - "" = AutoRun O33 - MountPoints2\{593515b5-1e82-11e0-836e-90e6ba441b8d}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.08 17:56:05 | 000,000,000 | ---D | C] -- C:\d8e392f8f2f1247224 [2013.01.02 19:41:00 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.01.02 19:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\URE [2013.01.02 19:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\readmes [2013.01.02 19:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\program [2013.01.02 19:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\share [2013.01.02 19:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\Basis [2012.12.27 11:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.12.22 16:57:12 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.22 16:57:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.13 15:42:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.12.13 15:42:15 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.12.13 15:42:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.12.13 15:42:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.12.13 15:42:15 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.12.13 15:42:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.12.13 15:42:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.12.13 15:42:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.12.12 18:35:48 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.12.12 18:35:45 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012.12.12 18:35:45 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.12.12 18:35:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012.12.12 18:35:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012.12.12 18:35:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 18:35:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 18:35:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 18:35:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 18:35:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 18:35:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 18:35:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012.12.12 18:35:38 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012.12.12 18:35:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.07.10 20:28:39 | 013,923,704 | ---- | C] (Schneider Electric) -- C:\Users\XXX\PCPE Setup.exe [2012.07.10 20:28:39 | 001,079,808 | ---- | C] (Microsoft Corporation) -- C:\Users\XXX\mfc80u.dll [2012.07.10 20:28:39 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Users\XXX\msvcr80.dll [2012.07.10 20:28:39 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\XXX\grm_res.dll [2012.07.10 20:28:39 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\XXX\fr_res.dll [2012.07.10 20:28:39 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\XXX\pt_res.dll [2012.07.10 20:28:39 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\XXX\it_res.dll [2012.07.10 20:28:39 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\XXX\es_res.dll [2012.07.10 20:28:39 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\XXX\en_res.dll [2012.07.10 20:28:39 | 000,020,856 | ---- | C] (Schneider Electric) -- C:\Users\XXX\ru_res.dll [2012.07.10 20:28:39 | 000,020,344 | ---- | C] (Schneider Electric) -- C:\Users\XXX\jp_res.dll [2012.07.10 20:28:39 | 000,019,832 | ---- | C] (Schneider Electric) -- C:\Users\XXX\zh_res.dll [4 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\XXX\*.tmp files -> C:\Users\XXX\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.08 19:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.08 19:44:03 | 000,000,244 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2013.01.08 19:23:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.08 19:14:03 | 000,000,244 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2013.01.08 19:14:01 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2013.01.08 18:01:30 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.08 18:01:23 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\PCCT - MAGIX AG.job [2013.01.08 17:59:50 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.08 17:59:50 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.08 17:45:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.08 17:45:04 | 2616,500,224 | -HS- | M] () -- C:\hiberfil.sys [2013.01.05 12:07:00 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Synology Data Replicator 3-XXX-PC-XXX.job [2013.01.04 20:24:39 | 000,017,060 | ---- | M] () -- C:\Windows\cdplayer.ini [2013.01.02 21:13:14 | 003,854,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.02 21:12:57 | 512,230,196 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.01.02 19:41:47 | 000,001,011 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.01.02 19:41:00 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2012.12.28 10:40:24 | 000,657,746 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.28 10:40:24 | 000,617,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.28 10:40:24 | 000,131,418 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.28 10:40:24 | 000,107,670 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.27 11:16:14 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.12.26 23:10:01 | 000,007,601 | ---- | M] () -- C:\Users\XXX\AppData\Local\Resmon.ResmonCfg [2012.12.17 16:24:58 | 000,001,904 | ---- | M] () -- C:\Users\XXX\Desktop\DreamBoxEdit.lnk [2012.12.17 15:13:43 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.12 19:46:41 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.12.12 19:46:41 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [4 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\XXX\*.tmp files -> C:\Users\XXX\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.02 21:12:57 | 512,230,196 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.01.02 19:41:47 | 000,001,011 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.01.02 19:41:00 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2012.12.27 11:16:14 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.10.16 16:27:19 | 000,001,456 | ---- | C] () -- C:\Users\XXX\AppData\Local\Adobe Für Web speichern 13.0 Prefs [2012.08.13 11:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files\readme.html [2012.07.10 20:33:10 | 013,338,112 | ---- | C] () -- C:\Users\XXX\PCPE_3.0.1.msi [2012.07.10 20:28:39 | 000,018,808 | ---- | C] () -- C:\Users\XXX\ResourceReader.dll [2012.05.31 16:51:52 | 000,140,770 | ---- | C] () -- C:\Users\XXX\.TransferManager.db [2012.05.08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link [2012.02.09 17:06:27 | 000,001,456 | ---- | C] () -- C:\Users\XXX\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.02.06 19:49:44 | 000,001,074 | ---- | C] () -- C:\Users\XXX\Videos - Verknüpfung.lnk [2012.02.06 19:45:11 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll [2012.01.14 22:05:14 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini [2012.01.14 22:05:14 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini [2011.12.12 22:06:04 | 000,051,034 | ---- | C] () -- C:\Users\XXX\install.xml [2011.11.07 21:55:07 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.09.03 21:36:05 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll [2011.08.08 19:45:37 | 000,000,100 | ---- | C] () -- C:\Windows\notesnsd.ini [2011.07.01 17:00:06 | 000,017,408 | ---- | C] () -- C:\Users\XXX\AppData\Local\WebpageIcons.db [2011.06.20 20:03:56 | 000,007,601 | ---- | C] () -- C:\Users\XXX\AppData\Local\Resmon.ResmonCfg [2010.11.14 18:34:05 | 000,122,157 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\mdbu.bin [2010.05.19 19:22:59 | 000,000,600 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\winscp.rnd [2010.05.10 18:43:15 | 000,000,132 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010.04.03 18:25:51 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.11.23 20:46:31 | 000,000,016 | ---- | C] () -- C:\Users\XXX\persistent_state ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.11.15 10:57:01 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Acronis [2010.12.25 19:58:25 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AnvSoft [2009.12.07 17:57:48 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AOMrec [2012.12.24 18:37:27 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Audacity [2010.02.10 20:33:26 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Buhl Data Service [2012.09.13 16:13:59 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Canon [2012.09.13 16:17:08 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Canon_Inc_IC [2010.09.13 19:11:12 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010.12.25 20:08:33 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CocoonSoftware [2012.03.19 08:53:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2010.05.30 17:29:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CursorArts [2012.11.15 21:53:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Dropbox [2012.03.13 19:57:18 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoft [2012.03.13 19:57:09 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers [2010.12.09 17:59:51 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Epson [2010.06.07 19:45:12 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Facebook [2013.01.02 10:31:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FileZilla [2010.07.12 14:59:20 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FreeFLVConverter [2009.12.14 11:02:15 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Haenlein-Software [2010.04.10 17:12:02 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\HDRsoft [2010.03.31 17:13:43 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ICAClient [2009.11.03 19:19:24 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Leadertech [2010.01.08 10:21:21 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\MAGIX [2011.05.23 20:42:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Notepad++ [2009.10.31 22:19:19 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OpenOffice.org [2011.01.15 18:05:14 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\phonostar-Player [2011.05.23 18:43:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Photo! Web Album [2012.01.06 16:24:35 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ProtectDisc [2010.09.07 19:05:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.01.15 18:05:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Teleca [2010.08.19 18:22:17 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Thunderbird [2009.11.20 06:54:14 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Ulead Systems [2011.03.12 19:30:56 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\VanDyke [2011.11.08 19:41:39 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\XMedia Recode ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E8BE05FA < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.01.2013 20:03:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Install\quicktime
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 34,85% Memory free
6,50 Gb Paging File | 3,85 Gb Available in Paging File | 59,21% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 488,18 Gb Total Space | 355,98 Gb Free Space | 72,92% Space Free | Partition Type: NTFS
Drive D: | 488,29 Gb Total Space | 301,14 Gb Free Space | 61,67% Space Free | Partition Type: NTFS
Drive E: | 443,22 Gb Total Space | 261,46 Gb Free Space | 58,99% Space Free | Partition Type: NTFS
Drive F: | 443,23 Gb Total Space | 203,95 Gb Free Space | 46,01% Space Free | Partition Type: NTFS
Computer Name: XXX | User Name: Rolf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02877E15-8E51-426C-88F0-DD81E9E87D81}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |
"{0B99A39D-E808-4DE1-BBFD-6E4B97E44B7C}" = lport=49173 | protocol=6 | dir=in | name=akamai netsession interface |
"{1423DDD4-3485-4663-BC83-7F801C855E40}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{26819F85-00A1-4F19-BEB4-2791024D21F0}" = lport=139 | protocol=6 | dir=in | app=system |
"{2C2958C3-DBEE-4321-9595-F382518283B9}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{32A4E211-6E2B-46C8-8C16-C2C071460652}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36B84E8C-6A22-4C55-9967-A4684B689C94}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6516A48D-45D9-4966-B4D8-70531D2F30BA}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"{75311F82-7CC5-422F-9170-9926606589F0}" = rport=138 | protocol=17 | dir=out | app=system |
"{78810B26-A774-46F7-8BE3-656ABF79B8A4}" = lport=137 | protocol=17 | dir=in | app=system |
"{949C39DE-E069-476A-AFA9-A91934D5A302}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A076EA47-4F55-44DE-9726-94F3953E6030}" = rport=139 | protocol=6 | dir=out | app=system |
"{A5291452-0262-4F2E-A437-175384FD606A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A732FBCA-2550-4DED-9119-0F31BAF0CD84}" = rport=137 | protocol=17 | dir=out | app=system |
"{ADCB92D6-3382-4FAA-8467-83778D7673AE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{BA1893F7-93CC-44F5-AA5D-CCB7478F3C4A}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"{CCD7E1BF-0CDA-4F37-93DD-0A0D9DC6C036}" = lport=138 | protocol=17 | dir=in | app=system |
"{D7DEF4CA-6C84-4327-9B31-BF3E12C51A1C}" = rport=445 | protocol=6 | dir=out | app=system |
"{DE6C0782-DAC3-420C-895C-07DA5DBE3A65}" = lport=445 | protocol=6 | dir=in | app=system |
"{DF8575E5-744C-4B85-9C36-BB5E4ED034E5}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{E89ADFEF-5E4E-4FC3-A9B5-B0319745000A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03DDF14E-15C9-4F42-AAA1-CB6F9351EBC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{03E94794-DE9C-4A11-878F-D31262354308}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{041FBC00-D667-4AD6-9498-E1FB37626CBF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{05DF3EB2-9719-4742-B3EA-C635FEE22B60}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1DDF20D8-FD27-45DD-A89A-9EC7148F3BFB}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{298F6958-B855-49F6-9C97-9CECA62750C1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{49B88E3E-5167-4BC8-ACF7-5F13BD4B430B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4BB949DF-62FA-4356-85CF-B1622E9103D6}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe |
"{525F8ECE-FF41-4867-870C-3C0333802BEF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{52B8EF40-0CC1-4165-980C-F78452CA0DE6}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe |
"{5CF3C1EF-B19E-44D7-8573-52404656D529}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5ED389F8-A604-4CEB-B899-7FC4B536F181}" = protocol=6 | dir=in | app=c:\program files\synology data replicator 3\backup.exe |
"{6BAC2045-6D0A-4ECC-B303-264ACAAF7DF4}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{72D58C0E-359C-4CF3-BAD3-50105DFD289D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{74827A88-6081-4D16-9AD8-E6D37614C6AC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{7869A60D-0AD2-42AB-93F2-151484CD1A62}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{7A523F85-CF58-4CAA-9B6C-42D65645FDD7}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A38ECBAB-E4A3-4B1F-A3C2-C1A6F4FAB2EB}" = protocol=17 | dir=in | app=c:\program files\synology data replicator 3\backup.exe |
"{A4ACBAC2-0750-4EAE-A90F-7B1498200AD1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A4DF07BE-28DC-4127-83E9-6A728AA82287}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C09C125C-54DC-440E-87BE-EC0AD5F81DDF}" = protocol=17 | dir=in | app=c:\users\rolf\appdata\local\akamai\netsession_win.exe |
"{D2E41FF7-0191-4CFE-9621-D6B79EE7E3BE}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe |
"{E8CEBF14-DFD5-41E4-B888-8EDF170670E6}" = protocol=6 | dir=in | app=c:\users\rolf\appdata\local\akamai\netsession_win.exe |
"{EA6FF75C-9245-4856-B6EE-EB11C4DD8CBA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EA8F1BC7-B0EF-4388-A261-139AA18BC1BF}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{ED7B1B0B-CD01-43B0-96C4-D30B56D3F8BE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FB692E0A-328E-480B-BD04-81576DD4D90A}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe |
"TCP Query User{056861EB-4361-4093-8627-53C3F78A0C1B}C:\program files\bouquet editor suite\bouquet editor suite.exe" = protocol=6 | dir=in | app=c:\program files\bouquet editor suite\bouquet editor suite.exe |
"TCP Query User{2E54C178-783F-48D2-82E5-5FAAF3EA1DC2}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{2EE2837C-CD10-468A-BA59-B80D4B7BA196}D:\dreambox\dcc\dcc.exe" = protocol=6 | dir=in | app=d:\dreambox\dcc\dcc.exe |
"TCP Query User{3457EE4E-6111-4913-8FCD-8889899E492F}C:\program files\synology\assistant\dsassistant.exe" = protocol=6 | dir=in | app=c:\program files\synology\assistant\dsassistant.exe |
"TCP Query User{4D5678B6-4FF3-4338-B6E4-C520D0EA7487}D:\dreambox\dcc\dcc_e2.exe" = protocol=6 | dir=in | app=d:\dreambox\dcc\dcc_e2.exe |
"TCP Query User{5A7566D5-4DE1-4CF8-BB4F-468A4D553FE0}C:\program files\upspilot\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\upspilot\jre\bin\javaw.exe |
"TCP Query User{666AAA5B-6E67-4469-8B15-1A386E5FAF62}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{8303C8E7-0BD2-4823-ADFD-5ABCAA97E9B2}C:\program files\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe" = protocol=6 | dir=in | app=c:\program files\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe |
"TCP Query User{8BC43F7A-AE64-4651-88D1-E04580FCC502}C:\program files\magix\webradio_recorder_5\webradio.exe" = protocol=6 | dir=in | app=c:\program files\magix\webradio_recorder_5\webradio.exe |
"TCP Query User{931DCDC5-3F03-4EFE-807F-1493E856C7EF}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{BE8CC6F2-B8E8-4AC4-9ACF-31C9ECBF685B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{ECCB6C0B-EDE7-4AAB-BD00-3CA8D38737A0}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{364DB94D-8941-450F-B33A-F970319EB4CC}C:\program files\upspilot\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\upspilot\jre\bin\javaw.exe |
"UDP Query User{36CE9A5E-6F42-497C-A941-48CCB68A7445}C:\program files\synology\assistant\dsassistant.exe" = protocol=17 | dir=in | app=c:\program files\synology\assistant\dsassistant.exe |
"UDP Query User{4206CFB5-A1EB-4997-9B72-1ABD0DA83515}C:\program files\magix\webradio_recorder_5\webradio.exe" = protocol=17 | dir=in | app=c:\program files\magix\webradio_recorder_5\webradio.exe |
"UDP Query User{49BF68AF-4A0D-4E03-A6C4-9AC983BF9E9E}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{5B51C7EB-5D5E-47B8-8A53-E004F1BF88A8}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{5D07362B-D12F-47CC-A7F8-875979B00DEE}C:\program files\bouquet editor suite\bouquet editor suite.exe" = protocol=17 | dir=in | app=c:\program files\bouquet editor suite\bouquet editor suite.exe |
"UDP Query User{682E7FCC-AC97-4370-86A5-04B85D7BA67E}D:\dreambox\dcc\dcc.exe" = protocol=17 | dir=in | app=d:\dreambox\dcc\dcc.exe |
"UDP Query User{6E8E7AEB-F7ED-4CB2-B2B1-F2BE81E579E7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{9FCFE8E8-D1D2-4075-AEFB-CDE39750EE94}D:\dreambox\dcc\dcc_e2.exe" = protocol=17 | dir=in | app=d:\dreambox\dcc\dcc_e2.exe |
"UDP Query User{CDECF5AF-124B-45FE-9290-05C41987897D}C:\program files\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe" = protocol=17 | dir=in | app=c:\program files\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe |
"UDP Query User{E49CD7FB-E60D-4A05-BEBB-43C9B8E02087}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{EFA02182-2BB6-4D4B-A70F-FD48B36DF4D7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{02698606-3A21-489D-9D2A-75C9E8D3E5BD}" = Adobe Creative Suite 5 Design Premium
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = easycap video grabber
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3FF55F91-4296-46D0-B045-1429CD46AF99}" = Adobe Setup
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{5BDEA9E0-E55B-45A7-93F7-6B8F68F851E5}" = Topaz InFocus
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DF6D752-00FB-4FE3-A3C6-7C09279A1031}" = Nero 8
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{76B830B5-AFE2-498E-8A0E-0BB64B5EC87E}" = BOINC
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A76CAF3-D7D8-45C0-9CCB-8AC1DDF38516}" = Magic Bullet PhotoLooks 32 bit
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{857CC5F0-040E-1016-A173-D55ADD80C260}" = Adobe InDesign CS5.5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E310838-457C-4269-B177-3EFB300CBDDC}" = Synology Data Replicator 3
"{8ED262EE-FC73-47A9-BB86-D92223246881}" = PowerChute Personal Edition 3.0.2
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{97B4DF0B-7499-455F-AFBA-F70F64D6D86A}" = SweetIM for Messenger 3.5
"{997AFE6A-F337-4A6A-8A99-2C32025E0BFF}" = Tunebite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1194237-547A-461d-BD44-B97B1574A7DA}" = SweetIM Toolbar for Internet Explorer 4.1
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A7091E1D-36A4-47F1-A739-173CC341414F}" = Cisco Systems VPN Client 5.0.03.0560
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B1B669F9-B9FE-486D-924F-D6678FDB0FD5}" = Adobe Setup
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B75932F6-EC0A-4E3A-AA7A-11AAC267B8A3}" = Adobe Creative Suite 3 Design Premium
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BD60F72D-3F2F-4AE1-9C41-3CF75B2CA59A}" = DVR-Studio Pro 2
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{C9D456FD-C25B-49DE-AA71-6B76D6550B23}" = Adobe Fireworks CS3
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D17BC5AF-E3C4-4217-83EF-D228A8A154D9}" = Lotus Notes 8.5.3 de
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9B6F270-EEAD-4B5B-82ED-1EEE8CB5F273}" = StarMoney 8.0
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FBDCDFA2-6950-46A1-B31E-B1B3DF08242B}" = Miro Video Converter
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FC5A8E68-A2E5-4E14-91FA-7A3FB83C7E23}" = Adobe Photoshop Lightroom 4.2
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7CA796BB949C28BF49AB1F5C63987DDCDB6198D2" = Windows-Treiberpaket - eMPIA Technology Inc, (emAudio) MEDIA (01/29/2007 5.7.0129.0)
"7-Zip" = 7-Zip 9.07 beta
"83F59976468EB2453DAA02D2C182FC19F4ACFDA8" = Windows-Treiberpaket - eMPIA Technology (USB28xxBGA) Media (01/16/2007 5.7.0116.0)
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional - English, Français, Deutsch_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c7ed6c08f4acf68bf0512885eec384" = Adobe Fireworks CS3
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_dba14d7ef3aa07282d2b5a7a98d902a" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Akamai" = Akamai NetSession Interface Service
"Audacity_is1" = Audacity 2.0
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber Lame PlugIn" = Audiograbber Lame PlugIn 3.96 APS
"Bouquet Editor Suite_is1" = Bouquet Editor Suite v1.2 Uninstall
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CCleaner" = CCleaner
"CD Bremse_is1" = CD Bremse 1.49
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"CRT" = VanDyke Software CRT 5.0
"CursorFX" = CursorFX
"Digital Photo Professional" = Canon Utilities Digital Photo Professional 3.11
"dlanconf" = devolo dLAN-Konfigurationsassistent
"DreamBoxEdit" = dreamboxEDIT -- The one and only settings editor for your Dreambox
"dslmon" = devolo Informer
"DVD Shrink_is1" = DVD Shrink 3.1
"EOS Utility" = Canon Utilities EOS Utility
"EPSON PX720WD Series" = EPSON PX720WD Series Printer Uninstall
"EPSON PX720WD Series Manual" = EPSON PX720WD Series Handbuch
"EPSON PX720WD Series Network Guide" = EPSON PX720WD Series Netzwerk-Handbuch
"EPSON Scanner" = EPSON Scan
"Ext2Fsd_is1" = Ext2Fsd 0.51
"FileZilla" = FileZilla (remove only)
"FileZilla Client" = FileZilla Client 3.6.0.2
"F-Recovery for CompactFlash" = F-Recovery for CompactFlash
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free DVD MP3 Ripper_is1" = Free DVD MP3 Ripper 1.12
"Free FLV Converter_is1" = Free FLV Converter V 6.9.0
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.5
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"iCare Data Recovery_is1" = iCare Data Recovery 4.5.3
"ImageBrowser EX" = Canon Utilities ImageBrowser EX
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 3.0
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Filme auf DVD 7 D" = MAGIX Filme auf DVD 7 7.0.3.0 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX PC Check & Tuning 2010 D" = MAGIX PC Check & Tuning 2010 5.0.30.804 (D)
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX Video deluxe 16 Plus D" = MAGIX Video deluxe 16 Plus 9.0.0.54 (D)
"MAGIX Webradio Recorder 5 D" = MAGIX Webradio Recorder 5 5.0.0.326 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mediencenter Software" = Mediencenter Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mv61xxDriver" = marvell 61xx
"MyCamera" = Canon Utilities MyCamera
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Netzmanager" = Netzmanager
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"Photo! Web Album_is1" = Photo! Web Album 1.2
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.7
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SDR2" = Schlag den Raab - Das 2. Spiel
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"Smart Data Recovery_is1" = Smart Data Recovery v4.3
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"smartmontools" = smartmontools
"Spyder3Elite" = Spyder3Elite
"Synology Assistant" = Synology Assistant (remove only)
"TeamViewer 7" = TeamViewer 7
"Topaz InFocus" = Topaz InFocus
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.5
"Wacom Tablet Driver" = Wacom Tablett
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WFTK" = Canon Utilities WFT-E1/E2/E3/E4 Utility
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.45-4
"Winpower" = Winpower
"winscp3_is1" = WinSCP 4.2.7
"XMedia Recode" = XMedia Recode 3.0.4.6
"YTdetect" = Yahoo! Detect
"ZapNotes" = ZapNotes
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 9
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Facebook Plug-In" = Facebook Plug-In
"Kies Air Discovery Service" = Kies Air Discovery Service
"QUICKMEDIACONVERTER" = QMC
"SugarSync" = SugarSync Manager
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.11.2012 14:00:16 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description =
Error - 02.12.2012 14:00:11 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description =
Error - 09.12.2012 14:00:11 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description =
Error - 16.12.2012 14:00:11 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description =
Error - 23.12.2012 14:00:10 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description =
Error - 30.12.2012 14:00:11 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description =
Error - 03.01.2013 18:12:26 | Computer Name = XXX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 17.0.1.4715,
Zeitstempel: 0x50b71a4b Name des fehlerhaften Moduls: xul.dll, Version: 17.0.1.4715,
Zeitstempel: 0x50b7198b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00144ed8 ID des fehlerhaften
Prozesses: 0x6a4 Startzeit der fehlerhaften Anwendung: 0x01cde9b648600ce8 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: a760ef2e-55f2-11e2-b07b-90e6ba441b8d
Error - 04.01.2013 04:44:35 | Computer Name = XXX | Source = TabletServiceWacom | ID = 1
Description =
Error - 06.01.2013 14:00:17 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description =
Error - 08.01.2013 12:46:39 | Computer Name = XXX | Source = APC Data Service | ID = 0
Description = Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine
Verbindung mit dem Dienstcontroller herstellen
[ System Events ]
Error - 08.01.2013 12:36:37 | Computer Name = XXX | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?01.?2013 um 17:34:58 unerwartet heruntergefahren.
Error - 08.01.2013 12:36:41 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 08.01.2013 12:37:18 | Computer Name = XXX | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Stromversorgung" wurde mit folgendem Fehler beendet: %%4203
Error - 08.01.2013 12:45:10 | Computer Name = XXX | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?01.?2013 um 17:40:34 unerwartet heruntergefahren.
Error - 08.01.2013 12:45:15 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 08.01.2013 12:45:53 | Computer Name = XXX | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Mediencenter Service erreicht.
Error - 08.01.2013 12:45:53 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mediencenter Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 08.01.2013 12:48:53 | Computer Name = XXX | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 08.01.2013 12:49:37 | Computer Name = XXX | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Google Update Service (gupdate) erreicht.
Error - 08.01.2013 12:49:37 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
< End of report >
|
|
08.01.2013, 20:35
| #5 |
| /// Malware-holic | Trojan.JS.Redirector bei Aufruf von Firefox Hi bekomm ich noch ne Antwort auf meine Frage...?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.01.2013, 21:20
| #6 |
| | Trojan.JS.Redirector bei Aufruf von Firefox Sorry - ich kenne weder diese URL, noch komm ich darauf, denn Kasperky sperrt zum Glück den Zugriff. Wie ich beim suchen im Netz gelesen hab, hat jemand das exakt gleiche Problem, das bei ihm, genau wie bei mir, gestern auftritt und seit dem ziemlich lästig ist. Keine Ahnung, was für ein Plugin vom Firefox auf diese URL will. Ich habe z.B. keinerelei Extra-Proxies eingestellt. |
|
08.01.2013, 23:34
| #7 |
| /// Malware-holic | Trojan.JS.Redirector bei Aufruf von Firefox Hi, download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 21:11
| #8 |
| | Trojan.JS.Redirector bei Aufruf von Firefox Das Proggi hat nix besonderes gefunden - hier das Logfile: Code:
ATTFilter 21:08:22.0985 6076 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:08:23.0216 6076 ============================================================
21:08:23.0216 6076 Current date / time: 2013/01/09 21:08:23.0216
21:08:23.0216 6076 SystemInfo:
21:08:23.0216 6076
21:08:23.0216 6076 OS Version: 6.1.7601 ServicePack: 1.0
21:08:23.0216 6076 Product type: Workstation
21:08:23.0216 6076 ComputerName: ROLF-PC
21:08:23.0216 6076 UserName: Rolf
21:08:23.0216 6076 Windows directory: C:\Windows
21:08:23.0216 6076 System windows directory: C:\Windows
21:08:23.0216 6076 Processor architecture: Intel x86
21:08:23.0216 6076 Number of processors: 4
21:08:23.0216 6076 Page size: 0x1000
21:08:23.0216 6076 Boot type: Normal boot
21:08:23.0216 6076 ============================================================
21:08:24.0716 6076 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0xFC58B, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000050
21:08:24.0729 6076 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:08:24.0784 6076 ============================================================
21:08:24.0784 6076 \Device\Harddisk1\DR1:
21:08:24.0784 6076 MBR partitions:
21:08:24.0784 6076 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:08:24.0784 6076 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3D05E000
21:08:24.0784 6076 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x3D090800, BlocksNum 0x37675800
21:08:24.0784 6076 \Device\Harddisk0\DR0:
21:08:24.0784 6076 MBR partitions:
21:08:24.0784 6076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3D093B3F
21:08:24.0784 6076 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3D093B7E, BlocksNum 0x37671E43
21:08:24.0784 6076 ============================================================
21:08:24.0844 6076 C: <-> \Device\Harddisk1\DR1\Partition2
21:08:24.0855 6076 D: <-> \Device\Harddisk0\DR0\Partition1
21:08:24.0890 6076 E: <-> \Device\Harddisk0\DR0\Partition2
21:08:24.0976 6076 F: <-> \Device\Harddisk1\DR1\Partition3
21:08:24.0976 6076 ============================================================
21:08:24.0976 6076 Initialize success
21:08:24.0976 6076 ============================================================
21:08:42.0190 2264 ============================================================
21:08:42.0190 2264 Scan started
21:08:42.0190 2264 Mode: Manual; SigCheck; TDLFS;
21:08:42.0190 2264 ============================================================
21:08:44.0055 2264 ================ Scan system memory ========================
21:08:44.0055 2264 System memory - ok
21:08:44.0055 2264 ================ Scan services =============================
21:08:44.0196 2264 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:08:44.0275 2264 1394ohci - ok
21:08:44.0301 2264 [ BEB5E6A8C17C3C7485563281E0F9E77E ] 61883 C:\Windows\system32\DRIVERS\61883.sys
21:08:44.0355 2264 61883 - ok
21:08:44.0441 2264 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
21:08:44.0472 2264 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
21:08:44.0511 2264 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:08:44.0525 2264 ACPI - ok
21:08:44.0551 2264 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:08:44.0604 2264 AcpiPmi - ok
21:08:44.0607 2264 adfs - ok
21:08:44.0645 2264 [ 23F78687CBF3972704650A799420BFA8 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
21:08:44.0709 2264 ADIHdAudAddService - ok
21:08:44.0801 2264 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:08:44.0816 2264 AdobeARMservice - ok
21:08:44.0905 2264 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:08:44.0920 2264 AdobeFlashPlayerUpdateSvc - ok
21:08:44.0952 2264 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:08:44.0980 2264 adp94xx - ok
21:08:44.0997 2264 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:08:45.0015 2264 adpahci - ok
21:08:45.0031 2264 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:08:45.0045 2264 adpu320 - ok
21:08:45.0057 2264 [ 4DC6B0772D1698F04FC79053A21C8260 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
21:08:45.0077 2264 AEADIFilters - ok
21:08:45.0101 2264 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:08:45.0152 2264 AeLookupSvc - ok
21:08:45.0202 2264 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:08:45.0265 2264 AFD - ok
21:08:45.0310 2264 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:08:45.0326 2264 agp440 - ok
21:08:45.0359 2264 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:08:45.0375 2264 aic78xx - ok
21:08:45.0592 2264 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files\common files\akamai/netsession_win_ce5ba24.dll
21:08:45.0592 2264 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
21:08:45.0601 2264 Akamai ( HiddenFile.Multi.Generic ) - warning
21:08:45.0601 2264 Akamai - detected HiddenFile.Multi.Generic (1)
21:08:45.0630 2264 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:08:45.0702 2264 ALG - ok
21:08:45.0735 2264 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:08:45.0760 2264 aliide - ok
21:08:45.0894 2264 ALSysIO - ok
21:08:45.0911 2264 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:08:45.0930 2264 amdagp - ok
21:08:45.0961 2264 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:08:45.0977 2264 amdide - ok
21:08:46.0010 2264 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:08:46.0055 2264 AmdK8 - ok
21:08:46.0069 2264 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:08:46.0095 2264 AmdPPM - ok
21:08:46.0116 2264 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:08:46.0130 2264 amdsata - ok
21:08:46.0142 2264 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:08:46.0157 2264 amdsbs - ok
21:08:46.0170 2264 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:08:46.0182 2264 amdxata - ok
21:08:46.0237 2264 [ 107AB19CC1D40B9D04537F6EEAAC34C9 ] APC Data Service C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
21:08:46.0247 2264 APC Data Service - ok
21:08:46.0306 2264 [ C7F8C8080B055B3DE9A8141DFD8E308A ] APC UPS Service C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
21:08:46.0327 2264 APC UPS Service - ok
21:08:46.0355 2264 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
21:08:46.0426 2264 AppID - ok
21:08:46.0451 2264 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:08:46.0507 2264 AppIDSvc - ok
21:08:46.0526 2264 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
21:08:46.0570 2264 Appinfo - ok
21:08:46.0630 2264 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:08:46.0649 2264 Apple Mobile Device - ok
21:08:46.0671 2264 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:08:46.0689 2264 arc - ok
21:08:46.0712 2264 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:08:46.0730 2264 arcsas - ok
21:08:46.0744 2264 [ 2B4E66FAC6503494A2C6F32BB6AB3826 ] AsIO C:\Windows\system32\drivers\AsIO.sys
21:08:46.0760 2264 AsIO - ok
21:08:46.0781 2264 [ E781164C7D47950E3D218C84B2901CB2 ] AsSysCtrlService C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
21:08:46.0802 2264 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - warning
21:08:46.0802 2264 AsSysCtrlService - detected UnsignedFile.Multi.Generic (1)
21:08:46.0817 2264 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:08:46.0905 2264 AsyncMac - ok
21:08:46.0946 2264 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:08:46.0961 2264 atapi - ok
21:08:47.0065 2264 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:08:47.0177 2264 AudioEndpointBuilder - ok
21:08:47.0204 2264 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:08:47.0227 2264 Audiosrv - ok
21:08:47.0255 2264 [ C44BDD77E06053CF5AFE046F3A47C16B ] Avc C:\Windows\system32\DRIVERS\avc.sys
21:08:47.0282 2264 Avc - ok
21:08:47.0352 2264 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
21:08:47.0366 2264 AVP - ok
21:08:47.0404 2264 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:08:47.0464 2264 AxInstSV - ok
21:08:47.0521 2264 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
21:08:47.0581 2264 b06bdrv - ok
21:08:47.0604 2264 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:08:47.0625 2264 b57nd60x - ok
21:08:47.0675 2264 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:08:47.0722 2264 BDESVC - ok
21:08:47.0731 2264 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:08:47.0762 2264 Beep - ok
21:08:47.0796 2264 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
21:08:47.0831 2264 BFE - ok
21:08:47.0872 2264 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
21:08:47.0916 2264 BITS - ok
21:08:47.0937 2264 [ 66F655B08EED3230E059D197C8A1969B ] bizVSerial C:\Windows\system32\drivers\bizVSerialNT.sys
21:08:47.0956 2264 bizVSerial ( UnsignedFile.Multi.Generic ) - warning
21:08:47.0956 2264 bizVSerial - detected UnsignedFile.Multi.Generic (1)
21:08:47.0980 2264 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:08:48.0001 2264 blbdrive - ok
21:08:48.0052 2264 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:08:48.0067 2264 Bonjour Service - ok
21:08:48.0094 2264 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:08:48.0119 2264 bowser - ok
21:08:48.0136 2264 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:08:48.0169 2264 BrFiltLo - ok
21:08:48.0187 2264 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:08:48.0227 2264 BrFiltUp - ok
21:08:48.0257 2264 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
21:08:48.0286 2264 Browser - ok
21:08:48.0305 2264 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:08:48.0335 2264 Brserid - ok
21:08:48.0349 2264 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:08:48.0384 2264 BrSerWdm - ok
21:08:48.0395 2264 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:08:48.0426 2264 BrUsbMdm - ok
21:08:48.0450 2264 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:08:48.0485 2264 BrUsbSer - ok
21:08:48.0499 2264 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:08:48.0532 2264 BTHMODEM - ok
21:08:48.0557 2264 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:08:48.0602 2264 bthserv - ok
21:08:48.0640 2264 [ C4A3AF25CA352B22046033A0088C1563 ] busenum C:\Windows\system32\DRIVERS\busenum.sys
21:08:48.0655 2264 busenum - ok
21:08:48.0715 2264 [ AFAB1D4CAB04218CBAB0AE69625D0D65 ] cbfs3 C:\Windows\system32\drivers\cbfs3.sys
21:08:48.0735 2264 cbfs3 - ok
21:08:48.0740 2264 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:08:48.0785 2264 cdfs - ok
21:08:48.0815 2264 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:08:48.0849 2264 cdrom - ok
21:08:48.0881 2264 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
21:08:48.0934 2264 CertPropSvc - ok
21:08:48.0950 2264 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:08:48.0970 2264 circlass - ok
21:08:49.0001 2264 [ BDF4915D53BDEF80738A30AC3F7CDC76 ] cjpcsc C:\Windows\system32\cjpcsc.exe
21:08:49.0021 2264 cjpcsc - ok
21:08:49.0056 2264 [ 997CBCE9E5DCFD9216452F609AE74B18 ] cjusb C:\Windows\system32\DRIVERS\cjusb.sys
21:08:49.0067 2264 cjusb - ok
21:08:49.0090 2264 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
21:08:49.0110 2264 CLFS - ok
21:08:49.0169 2264 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:08:49.0185 2264 clr_optimization_v2.0.50727_32 - ok
21:08:49.0277 2264 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:08:49.0306 2264 clr_optimization_v4.0.30319_32 - ok
21:08:49.0311 2264 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:08:49.0329 2264 CmBatt - ok
21:08:49.0356 2264 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:08:49.0369 2264 cmdide - ok
21:08:49.0419 2264 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
21:08:49.0454 2264 CNG - ok
21:08:49.0489 2264 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:08:49.0504 2264 Compbatt - ok
21:08:49.0539 2264 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:08:49.0574 2264 CompositeBus - ok
21:08:49.0577 2264 COMSysApp - ok
21:08:49.0679 2264 cpuz132 - ok
21:08:49.0725 2264 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:08:49.0741 2264 crcdisk - ok
21:08:49.0779 2264 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:08:49.0825 2264 CryptSvc - ok
21:08:49.0857 2264 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
21:08:49.0880 2264 CVirtA - ok
21:08:49.0955 2264 [ 98B1B70E250EBCA7B7A0A56AD2A7E62F ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
21:08:49.0994 2264 CVPND - ok
21:08:50.0015 2264 [ 465CED77E7C4F9D71B81BA600EDAFAC1 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
21:08:50.0024 2264 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
21:08:50.0024 2264 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
21:08:50.0056 2264 [ C6644D1A70C050FDD7ECBE8C3AC05313 ] cvspydr2 C:\Windows\system32\DRIVERS\cvspydr2.sys
21:08:50.0097 2264 cvspydr2 - ok
21:08:50.0156 2264 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:08:50.0204 2264 DcomLaunch - ok
21:08:50.0241 2264 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:08:50.0285 2264 defragsvc - ok
21:08:50.0314 2264 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:08:50.0337 2264 DfsC - ok
21:08:50.0382 2264 [ 73FC5BC52572084EC1241514CF6230A0 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
21:08:50.0400 2264 dg_ssudbus - ok
21:08:50.0415 2264 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:08:50.0465 2264 Dhcp - ok
21:08:50.0511 2264 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
21:08:50.0557 2264 discache - ok
21:08:50.0580 2264 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:08:50.0591 2264 Disk - ok
21:08:50.0597 2264 [ 86D52C32A308F84BBC626BFF7C1FB710 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
21:08:50.0607 2264 DNE - ok
21:08:50.0644 2264 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:08:50.0657 2264 Dnscache - ok
21:08:50.0697 2264 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:08:50.0755 2264 dot3svc - ok
21:08:50.0787 2264 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
21:08:50.0831 2264 DPS - ok
21:08:50.0864 2264 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:08:50.0895 2264 drmkaud - ok
21:08:50.0936 2264 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:08:50.0959 2264 DXGKrnl - ok
21:08:50.0978 2264 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
21:08:51.0015 2264 EapHost - ok
21:08:51.0085 2264 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
21:08:51.0156 2264 ebdrv - ok
21:08:51.0178 2264 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
21:08:51.0208 2264 EFS - ok
21:08:51.0274 2264 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:08:51.0300 2264 ehRecvr - ok
21:08:51.0323 2264 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
21:08:51.0345 2264 ehSched - ok
21:08:51.0386 2264 [ 309AC30471A0F1C3A89DEE1C81230576 ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
21:08:51.0398 2264 ElbyCDIO - ok
21:08:51.0424 2264 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:08:51.0443 2264 elxstor - ok
21:08:51.0468 2264 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:08:51.0504 2264 ErrDev - ok
21:08:51.0545 2264 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
21:08:51.0608 2264 EventSystem - ok
21:08:51.0634 2264 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
21:08:51.0688 2264 exfat - ok
21:08:51.0714 2264 Ext2Fsd - ok
21:08:51.0760 2264 Fabs - ok
21:08:51.0796 2264 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:08:51.0829 2264 fastfat - ok
21:08:51.0900 2264 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
21:08:51.0924 2264 Fax - ok
21:08:51.0939 2264 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:08:51.0954 2264 fdc - ok
21:08:51.0973 2264 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
21:08:52.0015 2264 fdPHost - ok
21:08:52.0031 2264 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
21:08:52.0089 2264 FDResPub - ok
21:08:52.0115 2264 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:08:52.0129 2264 FileInfo - ok
21:08:52.0136 2264 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:08:52.0169 2264 Filetrace - ok
21:08:52.0366 2264 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
21:08:52.0426 2264 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
21:08:52.0426 2264 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
21:08:52.0455 2264 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:08:52.0474 2264 FLEXnet Licensing Service - ok
21:08:52.0486 2264 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:08:52.0511 2264 flpydisk - ok
21:08:52.0540 2264 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:08:52.0554 2264 FltMgr - ok
21:08:52.0593 2264 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
21:08:52.0631 2264 FontCache - ok
21:08:52.0734 2264 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:08:52.0751 2264 FontCache3.0.0.0 - ok
21:08:52.0784 2264 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:08:52.0800 2264 FsDepends - ok
21:08:52.0828 2264 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:08:52.0845 2264 Fs_Rec - ok
21:08:52.0883 2264 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:08:52.0904 2264 fvevol - ok
21:08:52.0923 2264 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:08:52.0940 2264 gagp30kx - ok
21:08:52.0986 2264 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:08:52.0999 2264 GEARAspiWDM - ok
21:08:53.0035 2264 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:08:53.0080 2264 gpsvc - ok
21:08:53.0148 2264 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:08:53.0163 2264 gupdate - ok
21:08:53.0176 2264 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:08:53.0190 2264 gupdatem - ok
21:08:53.0206 2264 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:08:53.0259 2264 hcw85cir - ok
21:08:53.0291 2264 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:08:53.0333 2264 HdAudAddService - ok
21:08:53.0359 2264 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:08:53.0384 2264 HDAudBus - ok
21:08:53.0410 2264 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:08:53.0436 2264 HidBatt - ok
21:08:53.0455 2264 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:08:53.0491 2264 HidBth - ok
21:08:53.0509 2264 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:08:53.0536 2264 HidIr - ok
21:08:53.0565 2264 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
21:08:53.0603 2264 hidserv - ok
21:08:53.0621 2264 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:08:53.0638 2264 HidUsb - ok
21:08:53.0676 2264 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:08:53.0736 2264 hkmsvc - ok
21:08:53.0768 2264 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:08:53.0790 2264 HomeGroupListener - ok
21:08:53.0829 2264 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:08:53.0860 2264 HomeGroupProvider - ok
21:08:53.0888 2264 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:08:53.0903 2264 HpSAMD - ok
21:08:53.0943 2264 [ C3B270B2CFF40BE343AFE5052B3AF559 ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:08:53.0995 2264 HTCAND32 - ok
21:08:54.0043 2264 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:08:54.0076 2264 HTTP - ok
21:08:54.0080 2264 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:08:54.0091 2264 hwpolicy - ok
21:08:54.0121 2264 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:08:54.0150 2264 i8042prt - ok
21:08:54.0188 2264 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:08:54.0211 2264 iaStorV - ok
21:08:54.0263 2264 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:08:54.0294 2264 idsvc - ok
21:08:54.0326 2264 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:08:54.0341 2264 iirsp - ok
21:08:54.0368 2264 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:08:54.0430 2264 IKEEXT - ok
21:08:54.0461 2264 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:08:54.0481 2264 intelide - ok
21:08:54.0501 2264 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:08:54.0523 2264 intelppm - ok
21:08:54.0549 2264 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:08:54.0586 2264 IPBusEnum - ok
21:08:54.0601 2264 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:08:54.0638 2264 IpFilterDriver - ok
21:08:54.0681 2264 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:08:54.0731 2264 iphlpsvc - ok
21:08:54.0750 2264 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:08:54.0769 2264 IPMIDRV - ok
21:08:54.0781 2264 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:08:54.0826 2264 IPNAT - ok
21:08:54.0866 2264 [ CA9D4B998BFF311A539604ED87318FA0 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:08:54.0894 2264 iPod Service - ok
21:08:54.0918 2264 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:08:54.0935 2264 IRENUM - ok
21:08:54.0951 2264 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:08:54.0975 2264 isapnp - ok
21:08:55.0009 2264 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:08:55.0028 2264 iScsiPrt - ok
21:08:55.0069 2264 [ 994EBB45C4B438E1F6EA0B958AE9B9A3 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
21:08:55.0085 2264 ivusb - ok
21:08:55.0096 2264 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:08:55.0108 2264 kbdclass - ok
21:08:55.0134 2264 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:08:55.0164 2264 kbdhid - ok
21:08:55.0185 2264 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
21:08:55.0199 2264 KeyIso - ok
21:08:55.0228 2264 [ EA26CB00F83686856F2C79673C00C686 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
21:08:55.0241 2264 kl1 - ok
21:08:55.0305 2264 [ FBC7F840F1118D358D2AFB8C1714B384 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
21:08:55.0330 2264 KLIF - ok
21:08:55.0414 2264 [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
21:08:55.0425 2264 KLIM6 - ok
21:08:55.0453 2264 [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
21:08:55.0465 2264 klkbdflt - ok
21:08:55.0479 2264 [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
21:08:55.0504 2264 klmouflt - ok
21:08:55.0545 2264 [ 53C0DF6C5139CB78A631E7AFCD893730 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
21:08:55.0559 2264 kltdi - ok
21:08:55.0596 2264 [ 71A38C123600172511C26BFABD0EF579 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
21:08:55.0611 2264 kneps - ok
21:08:55.0649 2264 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:08:55.0665 2264 KSecDD - ok
21:08:55.0711 2264 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:08:55.0729 2264 KSecPkg - ok
21:08:55.0758 2264 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
21:08:55.0811 2264 KtmRm - ok
21:08:55.0836 2264 [ 0C6E346CDE730CF1356DD69AD6E9BC42 ] L8042Kbd C:\Windows\system32\DRIVERS\L8042Kbd.sys
21:08:55.0846 2264 L8042Kbd - ok
21:08:55.0861 2264 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
21:08:55.0903 2264 LanmanServer - ok
21:08:55.0931 2264 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:08:55.0969 2264 LanmanWorkstation - ok
21:08:56.0001 2264 [ 03976C309EDE05D39017C05B817CD94F ] LHidFlt2 C:\Windows\system32\DRIVERS\LHidFlt2.Sys
21:08:56.0030 2264 LHidFlt2 - ok
21:08:56.0040 2264 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:08:56.0066 2264 lltdio - ok
21:08:56.0084 2264 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:08:56.0123 2264 lltdsvc - ok
21:08:56.0141 2264 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
21:08:56.0171 2264 lmhosts - ok
21:08:56.0195 2264 [ 26407519FCA64EC4091FE1F815B4AFC4 ] LMouFlt2 C:\Windows\system32\DRIVERS\LMouFlt2.Sys
21:08:56.0224 2264 LMouFlt2 - ok
21:08:56.0311 2264 [ 2098AF12149789FA6608422C8796F77C ] LNSUSvc C:\Program Files\IBM\Lotus\Notes\SUService.exe
21:08:56.0365 2264 LNSUSvc - ok
21:08:56.0548 2264 [ E4FA829273FDF5BD20FC9804FD5F9C20 ] Lotus Notes Diagnostics C:\Program Files\IBM\Lotus\Notes\nsd.exe
21:08:56.0616 2264 Lotus Notes Diagnostics - ok
21:08:56.0643 2264 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:08:56.0656 2264 LSI_FC - ok
21:08:56.0688 2264 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:08:56.0709 2264 LSI_SAS - ok
21:08:56.0723 2264 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:08:56.0735 2264 LSI_SAS2 - ok
21:08:56.0739 2264 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:08:56.0753 2264 LSI_SCSI - ok
21:08:56.0775 2264 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
21:08:56.0799 2264 luafv - ok
21:08:56.0886 2264 [ FA4A4270B22B8E16FBAE59DC03C38D6F ] MCSWASVR C:\Program Files\Telekom\Mediencenter\WebDAV.AdminService.exe
21:08:56.0913 2264 MCSWASVR ( UnsignedFile.Multi.Generic ) - warning
21:08:56.0913 2264 MCSWASVR - detected UnsignedFile.Multi.Generic (1)
21:08:56.0940 2264 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:08:56.0961 2264 Mcx2Svc - ok
21:08:56.0971 2264 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:08:56.0986 2264 megasas - ok
21:08:57.0000 2264 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:08:57.0015 2264 MegaSR - ok
21:08:57.0035 2264 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
21:08:57.0060 2264 MMCSS - ok
21:08:57.0071 2264 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:08:57.0095 2264 Modem - ok
21:08:57.0111 2264 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:08:57.0134 2264 monitor - ok
21:08:57.0156 2264 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:08:57.0168 2264 mouclass - ok
21:08:57.0176 2264 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:08:57.0200 2264 mouhid - ok
21:08:57.0224 2264 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:08:57.0235 2264 mountmgr - ok
21:08:57.0323 2264 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:08:57.0340 2264 MozillaMaintenance - ok
21:08:57.0385 2264 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:08:57.0418 2264 mpio - ok
21:08:57.0441 2264 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:08:57.0526 2264 mpsdrv - ok
21:08:57.0609 2264 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:08:57.0788 2264 MpsSvc - ok
21:08:57.0830 2264 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:08:57.0878 2264 MRxDAV - ok
21:08:57.0919 2264 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:08:57.0949 2264 mrxsmb - ok
21:08:57.0990 2264 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:08:58.0024 2264 mrxsmb10 - ok
21:08:58.0049 2264 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:08:58.0081 2264 mrxsmb20 - ok
21:08:58.0103 2264 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
21:08:58.0119 2264 msahci - ok
21:08:58.0144 2264 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:08:58.0161 2264 msdsm - ok
21:08:58.0179 2264 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
21:08:58.0196 2264 MSDTC - ok
21:08:58.0226 2264 [ 114B67C324D64C8195FD3BF93B4DF02A ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
21:08:58.0258 2264 MSDV - ok
21:08:58.0284 2264 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:08:58.0306 2264 Msfs - ok
21:08:58.0310 2264 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:08:58.0334 2264 mshidkmdf - ok
21:08:58.0356 2264 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:08:58.0366 2264 msisadrv - ok
21:08:58.0395 2264 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:08:58.0431 2264 MSiSCSI - ok
21:08:58.0436 2264 msiserver - ok
21:08:58.0459 2264 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:08:58.0496 2264 MSKSSRV - ok
21:08:58.0513 2264 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:08:58.0536 2264 MSPCLOCK - ok
21:08:58.0540 2264 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:08:58.0573 2264 MSPQM - ok
21:08:58.0596 2264 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:08:58.0610 2264 MsRPC - ok
21:08:58.0623 2264 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:08:58.0634 2264 mssmbios - ok
21:08:58.0660 2264 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:08:58.0684 2264 MSTEE - ok
21:08:58.0688 2264 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:08:58.0710 2264 MTConfig - ok
21:08:58.0734 2264 [ 0F24624106D8042E7F27882D9D6FF5C0 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
21:08:58.0786 2264 MTsensor - ok
21:08:58.0798 2264 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:08:58.0814 2264 Mup - ok
21:08:58.0831 2264 [ AA8CB9E508E9F193177D977859CC735C ] mv61xx C:\Windows\system32\DRIVERS\mv61xx.sys
21:08:58.0846 2264 mv61xx - ok
21:08:58.0890 2264 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
21:08:58.0944 2264 napagent - ok
21:08:58.0986 2264 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:08:59.0011 2264 NativeWifiP - ok
21:08:59.0059 2264 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:08:59.0088 2264 NDIS - ok
21:08:59.0100 2264 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:08:59.0143 2264 NdisCap - ok
21:08:59.0156 2264 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:08:59.0193 2264 NdisTapi - ok
21:08:59.0221 2264 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:08:59.0271 2264 Ndisuio - ok
21:08:59.0313 2264 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:08:59.0353 2264 NdisWan - ok
21:08:59.0385 2264 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:08:59.0418 2264 NDProxy - ok
21:08:59.0510 2264 [ A0101E836D2A39682E134C47B1565256 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
21:08:59.0541 2264 Nero BackItUp Scheduler 3 - ok
21:08:59.0559 2264 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:08:59.0604 2264 NetBIOS - ok
21:08:59.0641 2264 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:08:59.0710 2264 NetBT - ok
21:08:59.0723 2264 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
21:08:59.0735 2264 Netlogon - ok
21:08:59.0756 2264 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
21:08:59.0795 2264 Netman - ok
21:08:59.0834 2264 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
21:08:59.0883 2264 netprofm - ok
21:08:59.0915 2264 [ 27EE4B406E2F26F6117A9A420BD4CB65 ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
21:08:59.0945 2264 netr28u - ok
21:08:59.0963 2264 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:08:59.0974 2264 NetTcpPortSharing - ok
21:09:00.0046 2264 [ 450D0D2062C54DDA23583A78C0EB63D9 ] Netzmanager Service C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
21:09:00.0054 2264 Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
21:09:00.0054 2264 Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
21:09:00.0068 2264 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:09:00.0085 2264 nfrd960 - ok
21:09:00.0128 2264 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
21:09:00.0165 2264 NlaSvc - ok
21:09:00.0225 2264 [ 6EF0506CE1F553E9BD085645933C8686 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
21:09:00.0243 2264 NMIndexingService - ok
21:09:00.0256 2264 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:09:00.0281 2264 Npfs - ok
21:09:00.0333 2264 [ 75AC610A7481CB1F343DC971249BCB19 ] NPF_devolo C:\Windows\system32\drivers\npf_devolo.sys
21:09:00.0351 2264 NPF_devolo ( UnsignedFile.Multi.Generic ) - warning
21:09:00.0351 2264 NPF_devolo - detected UnsignedFile.Multi.Generic (1)
21:09:00.0385 2264 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
21:09:00.0411 2264 nsi - ok
21:09:00.0434 2264 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:09:00.0458 2264 nsiproxy - ok
21:09:00.0551 2264 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:09:00.0605 2264 Ntfs - ok
21:09:00.0625 2264 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
21:09:00.0666 2264 Null - ok
21:09:00.0900 2264 [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:09:01.0101 2264 nvlddmkm - ok
21:09:01.0136 2264 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:09:01.0150 2264 nvraid - ok
21:09:01.0178 2264 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:09:01.0193 2264 nvstor - ok
21:09:01.0234 2264 [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:09:01.0259 2264 nvsvc - ok
21:09:01.0344 2264 [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:09:01.0380 2264 nvUpdatusService - ok
21:09:01.0406 2264 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:09:01.0420 2264 nv_agp - ok
21:09:01.0444 2264 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:09:01.0471 2264 ohci1394 - ok
21:09:01.0515 2264 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:09:01.0565 2264 p2pimsvc - ok
21:09:01.0583 2264 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:09:01.0605 2264 p2psvc - ok
21:09:01.0628 2264 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:09:01.0666 2264 Parport - ok
21:09:01.0700 2264 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:09:01.0716 2264 partmgr - ok
21:09:01.0754 2264 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
21:09:01.0786 2264 Parvdm - ok
21:09:01.0816 2264 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:09:01.0849 2264 PcaSvc - ok
21:09:01.0883 2264 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
21:09:01.0900 2264 pci - ok
21:09:01.0911 2264 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
21:09:01.0925 2264 pciide - ok
21:09:01.0948 2264 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:09:01.0966 2264 pcmcia - ok
21:09:01.0984 2264 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
21:09:01.0999 2264 pcw - ok
21:09:02.0019 2264 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:09:02.0055 2264 PEAUTH - ok
21:09:02.0128 2264 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
21:09:02.0198 2264 pla - ok
21:09:02.0238 2264 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:09:02.0269 2264 PlugPlay - ok
21:09:02.0376 2264 [ E9605A180001A6B5551112D91DE92CA1 ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
21:09:02.0413 2264 PMBDeviceInfoProvider - ok
21:09:02.0439 2264 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:09:02.0454 2264 PNRPAutoReg - ok
21:09:02.0461 2264 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:09:02.0479 2264 PNRPsvc - ok
21:09:02.0498 2264 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:09:02.0535 2264 PolicyAgent - ok
21:09:02.0566 2264 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
21:09:02.0591 2264 Power - ok
21:09:02.0608 2264 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:09:02.0646 2264 PptpMiniport - ok
21:09:02.0668 2264 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:09:02.0699 2264 Processor - ok
21:09:02.0734 2264 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
21:09:02.0771 2264 ProfSvc - ok
21:09:02.0785 2264 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:09:02.0804 2264 ProtectedStorage - ok
21:09:02.0870 2264 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:09:02.0903 2264 Psched - ok
21:09:02.0950 2264 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
21:09:02.0964 2264 PSI - ok
21:09:02.0994 2264 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
21:09:03.0006 2264 PxHelp20 - ok
21:09:03.0055 2264 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:09:03.0125 2264 ql2300 - ok
21:09:03.0143 2264 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:09:03.0155 2264 ql40xx - ok
21:09:03.0178 2264 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
21:09:03.0205 2264 QWAVE - ok
21:09:03.0230 2264 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:09:03.0245 2264 QWAVEdrv - ok
21:09:03.0280 2264 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:09:03.0313 2264 RasAcd - ok
21:09:03.0335 2264 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:09:03.0375 2264 RasAgileVpn - ok
21:09:03.0395 2264 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
21:09:03.0421 2264 RasAuto - ok
21:09:03.0434 2264 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:09:03.0468 2264 Rasl2tp - ok
21:09:03.0483 2264 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
21:09:03.0521 2264 RasMan - ok
21:09:03.0549 2264 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:09:03.0594 2264 RasPppoe - ok
21:09:03.0609 2264 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:09:03.0649 2264 RasSstp - ok
21:09:03.0680 2264 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:09:03.0716 2264 rdbss - ok
21:09:03.0731 2264 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:09:03.0746 2264 rdpbus - ok
21:09:03.0776 2264 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:09:03.0818 2264 RDPCDD - ok
21:09:03.0826 2264 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:09:03.0854 2264 RDPENCDD - ok
21:09:03.0878 2264 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:09:03.0913 2264 RDPREFMP - ok
21:09:03.0943 2264 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:09:03.0973 2264 RDPWD - ok
21:09:04.0009 2264 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:09:04.0023 2264 rdyboost - ok
21:09:04.0069 2264 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
21:09:04.0111 2264 RemoteAccess - ok
21:09:04.0130 2264 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:09:04.0163 2264 RemoteRegistry - ok
21:09:04.0188 2264 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:09:04.0218 2264 RpcEptMapper - ok
21:09:04.0241 2264 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
21:09:04.0256 2264 RpcLocator - ok
21:09:04.0289 2264 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
21:09:04.0335 2264 RpcSs - ok
21:09:04.0376 2264 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:09:04.0418 2264 rspndr - ok
21:09:04.0468 2264 [ 318F4F327190B2AEE7AAE9CAFD19BB19 ] RTL8187B C:\Windows\system32\DRIVERS\wg111v3.sys
21:09:04.0509 2264 RTL8187B - ok
21:09:04.0524 2264 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
21:09:04.0540 2264 SamSs - ok
21:09:04.0588 2264 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:09:04.0605 2264 sbp2port - ok
21:09:04.0626 2264 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:09:04.0665 2264 SCardSvr - ok
21:09:04.0693 2264 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:09:04.0716 2264 scfilter - ok
21:09:04.0760 2264 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
21:09:04.0818 2264 Schedule - ok
21:09:04.0844 2264 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:09:04.0870 2264 SCPolicySvc - ok
21:09:04.0910 2264 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:09:04.0924 2264 SDRSVC - ok
21:09:04.0950 2264 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:09:04.0985 2264 secdrv - ok
21:09:05.0008 2264 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
21:09:05.0054 2264 seclogon - ok
21:09:05.0135 2264 [ 2D0599DD0124764FC939C59985C860DE ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
21:09:05.0163 2264 Secunia PSI Agent - ok
21:09:05.0185 2264 [ 20B9E1ADBC58958B480933E4DA005DFB ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
21:09:05.0203 2264 Secunia Update Agent - ok
21:09:05.0225 2264 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
21:09:05.0266 2264 SENS - ok
21:09:05.0300 2264 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:09:05.0339 2264 SensrSvc - ok
21:09:05.0359 2264 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:09:05.0385 2264 Serenum - ok
21:09:05.0406 2264 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:09:05.0439 2264 Serial - ok
21:09:05.0465 2264 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:09:05.0490 2264 sermouse - ok
21:09:05.0529 2264 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:09:05.0568 2264 SessionEnv - ok
21:09:05.0596 2264 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:09:05.0634 2264 sffdisk - ok
21:09:05.0650 2264 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:09:05.0674 2264 sffp_mmc - ok
21:09:05.0695 2264 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:09:05.0713 2264 sffp_sd - ok
21:09:05.0723 2264 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:09:05.0771 2264 sfloppy - ok
21:09:05.0824 2264 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:09:05.0884 2264 SharedAccess - ok
21:09:05.0933 2264 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:09:05.0969 2264 ShellHWDetection - ok
21:09:06.0006 2264 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:09:06.0025 2264 sisagp - ok
21:09:06.0054 2264 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:09:06.0071 2264 SiSRaid2 - ok
21:09:06.0086 2264 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:09:06.0103 2264 SiSRaid4 - ok
21:09:06.0120 2264 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:09:06.0153 2264 Smb - ok
21:09:06.0183 2264 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:09:06.0198 2264 SNMPTRAP - ok
21:09:06.0210 2264 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:09:06.0221 2264 spldr - ok
21:09:06.0271 2264 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
21:09:06.0316 2264 Spooler - ok
21:09:06.0386 2264 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:09:06.0464 2264 sppsvc - ok
21:09:06.0499 2264 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:09:06.0531 2264 sppuinotify - ok
21:09:06.0584 2264 [ 1C63FE706AB797BC3C24813FF969B4DE ] Spyder3 C:\Windows\system32\DRIVERS\Spyder3.sys
21:09:06.0606 2264 Spyder3 - ok
21:09:06.0641 2264 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:09:06.0664 2264 srv - ok
21:09:06.0686 2264 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:09:06.0719 2264 srv2 - ok
21:09:06.0741 2264 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:09:06.0770 2264 srvnet - ok
21:09:06.0798 2264 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:09:06.0838 2264 SSDPSRV - ok
21:09:06.0863 2264 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:09:06.0905 2264 SstpSvc - ok
21:09:06.0946 2264 [ E3D493BFB7CD108EC50B2F560C96367C ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
21:09:06.0959 2264 ssudmdm - ok
21:09:07.0089 2264 [ E4AEA6FC64A979375149B86882CA2100 ] StarMoney 8.0 OnlineUpdate C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
21:09:07.0114 2264 StarMoney 8.0 OnlineUpdate - ok
21:09:07.0179 2264 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:09:07.0198 2264 Stereo Service - ok
21:09:07.0213 2264 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:09:07.0225 2264 stexstor - ok
21:09:07.0263 2264 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:09:07.0295 2264 StiSvc - ok
21:09:07.0324 2264 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
21:09:07.0335 2264 swenum - ok
21:09:07.0457 2264 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:09:07.0488 2264 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
21:09:07.0488 2264 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
21:09:07.0522 2264 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
21:09:07.0562 2264 swprv - ok
21:09:07.0663 2264 [ CF01636A8753AF8C6B81F49A3404AA5D ] SynoDrService C:\Program Files\Synology Data Replicator 3\SynoDrService.exe
21:09:07.0670 2264 SynoDrService ( UnsignedFile.Multi.Generic ) - warning
21:09:07.0670 2264 SynoDrService - detected UnsignedFile.Multi.Generic (1)
21:09:07.0755 2264 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
21:09:07.0797 2264 SysMain - ok
21:09:07.0848 2264 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:09:07.0872 2264 TabletInputService - ok
21:09:08.0269 2264 [ EA37613DA7360048291A5C1BE77DC0A9 ] TabletServiceWacom C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
21:09:08.0355 2264 TabletServiceWacom - ok
21:09:08.0393 2264 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
21:09:08.0418 2264 TapiSrv - ok
21:09:08.0447 2264 [ 77BD6143C6DCE0A1BF7B5571BED860DC ] tbhsd C:\Windows\system32\drivers\tbhsd.sys
21:09:08.0457 2264 tbhsd - ok
21:09:08.0489 2264 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
21:09:08.0522 2264 TBS - ok
21:09:08.0569 2264 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:09:08.0612 2264 Tcpip - ok
21:09:08.0644 2264 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:09:08.0669 2264 TCPIP6 - ok
21:09:08.0690 2264 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:09:08.0703 2264 tcpipreg - ok
21:09:08.0735 2264 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:09:08.0764 2264 TDPIPE - ok
21:09:08.0787 2264 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:09:08.0810 2264 TDTCP - ok
21:09:08.0839 2264 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:09:08.0865 2264 tdx - ok
21:09:08.0992 2264 [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
21:09:09.0039 2264 TeamViewer7 - ok
21:09:09.0069 2264 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:09:09.0085 2264 TermDD - ok
21:09:09.0124 2264 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
21:09:09.0165 2264 TermService - ok
21:09:09.0187 2264 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
21:09:09.0227 2264 Themes - ok
21:09:09.0255 2264 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
21:09:09.0289 2264 THREADORDER - ok
21:09:09.0318 2264 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
21:09:09.0364 2264 TrkWks - ok
21:09:09.0430 2264 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:09:09.0472 2264 TrustedInstaller - ok
21:09:09.0499 2264 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:09:09.0537 2264 tssecsrv - ok
21:09:09.0583 2264 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:09:09.0600 2264 TsUsbFlt - ok
21:09:09.0648 2264 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:09:09.0685 2264 tunnel - ok
21:09:09.0717 2264 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:09:09.0729 2264 uagp35 - ok
21:09:09.0764 2264 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:09:09.0800 2264 udfs - ok
21:09:09.0827 2264 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:09:09.0857 2264 UI0Detect - ok
21:09:09.0882 2264 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:09:09.0895 2264 uliagpkx - ok
21:09:09.0942 2264 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
21:09:09.0959 2264 umbus - ok
21:09:09.0978 2264 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:09:09.0997 2264 UmPass - ok
21:09:10.0024 2264 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
21:09:10.0054 2264 upnphost - ok
21:09:10.0099 2264 [ AE246F574C9089E284D9D34B63694C45 ] USB28xxBGA C:\Windows\system32\DRIVERS\emBDA.sys
21:09:10.0142 2264 USB28xxBGA - ok
21:09:10.0185 2264 [ 3B2A32C73238F537EB5E695D12ACFB74 ] USB28xxOEM C:\Windows\system32\DRIVERS\emOEM.sys
21:09:10.0230 2264 USB28xxOEM - ok
21:09:10.0269 2264 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
21:09:10.0317 2264 USBAAPL - ok
21:09:10.0362 2264 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:09:10.0390 2264 usbaudio - ok
21:09:10.0422 2264 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:09:10.0460 2264 usbccgp - ok
21:09:10.0479 2264 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:09:10.0514 2264 usbcir - ok
21:09:10.0602 2264 [ 2773500AFE1BB7944C0F1D46C910B7DD ] UsbClientService C:\Program Files\Synology\Assistant\UsbClientService.exe
21:09:10.0615 2264 UsbClientService - ok
21:09:10.0654 2264 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:09:10.0665 2264 usbehci - ok
21:09:10.0715 2264 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:09:10.0733 2264 usbhub - ok
21:09:10.0748 2264 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:09:10.0774 2264 usbohci - ok
21:09:10.0793 2264 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:09:10.0814 2264 usbprint - ok
21:09:10.0855 2264 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:09:10.0898 2264 usbscan - ok
21:09:10.0928 2264 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:09:10.0978 2264 USBSTOR - ok
21:09:11.0004 2264 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:09:11.0022 2264 usbuhci - ok
21:09:11.0038 2264 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
21:09:11.0065 2264 UxSms - ok
21:09:11.0082 2264 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
21:09:11.0095 2264 VaultSvc - ok
21:09:11.0110 2264 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:09:11.0123 2264 vdrvroot - ok
21:09:11.0150 2264 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
21:09:11.0192 2264 vds - ok
21:09:11.0213 2264 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:09:11.0228 2264 vga - ok
21:09:11.0244 2264 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:09:11.0267 2264 VgaSave - ok
21:09:11.0304 2264 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:09:11.0318 2264 vhdmp - ok
21:09:11.0337 2264 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:09:11.0349 2264 viaagp - ok
21:09:11.0363 2264 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
21:09:11.0385 2264 ViaC7 - ok
21:09:11.0412 2264 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
21:09:11.0424 2264 viaide - ok
21:09:11.0450 2264 [ 817DA66B1B889FAD1DBF669E0E2F3228 ] vmm C:\Windows\system32\Drivers\vmm.sys
21:09:11.0463 2264 vmm - ok
21:09:11.0499 2264 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:09:11.0515 2264 volmgr - ok
21:09:11.0552 2264 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:09:11.0565 2264 volmgrx - ok
21:09:11.0583 2264 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:09:11.0597 2264 volsnap - ok
21:09:11.0637 2264 [ B26536ADD1D748CDA104D856C979AE79 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
21:09:11.0652 2264 vpcbus - ok
21:09:11.0682 2264 [ 2ABE8281DB609D8BB1BD1B2F93800D5F ] VPCNetS2 C:\Windows\system32\DRIVERS\VMNetSrv.sys
21:09:11.0692 2264 VPCNetS2 - ok
21:09:11.0715 2264 [ A0F7E923A6261760130F22B85DF9040E ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
21:09:11.0729 2264 vpcnfltr - ok
21:09:11.0735 2264 [ 5F4B55E91CE7E2523C9E1E0ECE858869 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
21:09:11.0749 2264 vpcusb - ok
21:09:11.0794 2264 [ B487191FE18D6863381A1AC55482469A ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
21:09:11.0808 2264 vpcvmm - ok
21:09:11.0823 2264 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:09:11.0837 2264 vsmraid - ok
21:09:11.0923 2264 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
21:09:11.0973 2264 VSS - ok
21:09:11.0979 2264 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:09:12.0003 2264 vwifibus - ok
21:09:12.0025 2264 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:09:12.0054 2264 vwififlt - ok
21:09:12.0085 2264 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
21:09:12.0114 2264 W32Time - ok
21:09:12.0147 2264 [ F24EE97511FB901189E11CBBD51605BA ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
21:09:12.0155 2264 wacmoumonitor - ok
21:09:12.0188 2264 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
21:09:12.0197 2264 wacommousefilter - ok
21:09:12.0213 2264 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:09:12.0237 2264 WacomPen - ok
21:09:12.0260 2264 [ 846B58EA44BF8C92E4B59F4E2252C4C0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
21:09:12.0269 2264 wacomvhid - ok
21:09:12.0284 2264 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:09:12.0322 2264 WANARP - ok
21:09:12.0327 2264 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:09:12.0348 2264 Wanarpv6 - ok
21:09:12.0390 2264 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
21:09:12.0430 2264 wbengine - ok
21:09:12.0454 2264 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:09:12.0483 2264 WbioSrvc - ok
21:09:12.0508 2264 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:09:12.0538 2264 wcncsvc - ok
21:09:12.0557 2264 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:09:12.0604 2264 WcsPlugInService - ok
21:09:12.0618 2264 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:09:12.0635 2264 Wd - ok
21:09:12.0688 2264 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
21:09:12.0703 2264 WDC_SAM - ok
21:09:12.0750 2264 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:09:12.0778 2264 Wdf01000 - ok
21:09:12.0798 2264 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:09:12.0843 2264 WdiServiceHost - ok
21:09:12.0849 2264 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:09:12.0864 2264 WdiSystemHost - ok
21:09:12.0882 2264 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
21:09:12.0914 2264 WebClient - ok
21:09:12.0930 2264 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:09:12.0958 2264 Wecsvc - ok
21:09:12.0980 2264 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:09:13.0004 2264 wercplsupport - ok
21:09:13.0022 2264 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:09:13.0058 2264 WerSvc - ok
21:09:13.0064 2264 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:09:13.0087 2264 WfpLwf - ok
21:09:13.0102 2264 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:09:13.0113 2264 WIMMount - ok
21:09:13.0170 2264 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:09:13.0205 2264 WinDefend - ok
21:09:13.0217 2264 WinHttpAutoProxySvc - ok
21:09:13.0372 2264 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:09:13.0417 2264 Winmgmt - ok
21:09:13.0450 2264 Winpowermonitor - ok
21:09:13.0458 2264 WinpowerRMI - ok
21:09:13.0514 2264 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
21:09:13.0574 2264 WinRM - ok
21:09:13.0615 2264 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:09:13.0645 2264 WinUsb - ok
21:09:13.0697 2264 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:09:13.0735 2264 Wlansvc - ok
21:09:13.0763 2264 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:09:13.0784 2264 WmiAcpi - ok
21:09:13.0807 2264 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:09:13.0835 2264 wmiApSrv - ok
21:09:13.0887 2264 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:09:13.0924 2264 WMPNetworkSvc - ok
21:09:13.0939 2264 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:09:14.0004 2264 WPCSvc - ok
21:09:14.0053 2264 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:09:14.0074 2264 WPDBusEnum - ok
21:09:14.0107 2264 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:09:14.0145 2264 ws2ifsl - ok
21:09:14.0182 2264 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
21:09:14.0198 2264 wscsvc - ok
21:09:14.0204 2264 WSearch - ok
21:09:14.0272 2264 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:09:14.0325 2264 wuauserv - ok
21:09:14.0362 2264 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:09:14.0374 2264 WudfPf - ok
21:09:14.0388 2264 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:09:14.0410 2264 WUDFRd - ok
21:09:14.0433 2264 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:09:14.0463 2264 wudfsvc - ok
21:09:14.0485 2264 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:09:14.0519 2264 WwanSvc - ok
21:09:14.0554 2264 [ 21886AE871840739885A34E7F216AFA7 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
21:09:14.0565 2264 yukonw7 - ok
21:09:14.0613 2264 ================ Scan global ===============================
21:09:14.0663 2264 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:09:14.0717 2264 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
21:09:14.0727 2264 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
21:09:14.0773 2264 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:09:14.0824 2264 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:09:14.0830 2264 [Global] - ok
21:09:14.0830 2264 ================ Scan MBR ==================================
21:09:14.0858 2264 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:09:15.0124 2264 \Device\Harddisk1\DR1 - ok
21:09:15.0127 2264 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:09:15.0218 2264 \Device\Harddisk0\DR0 - ok
21:09:15.0219 2264 ================ Scan VBR ==================================
21:09:15.0223 2264 [ A9227739A722AEEF0A79713F44B65708 ] \Device\Harddisk1\DR1\Partition1
21:09:15.0224 2264 \Device\Harddisk1\DR1\Partition1 - ok
21:09:15.0240 2264 [ EF176E7607B27F74412F6601428DBDD4 ] \Device\Harddisk1\DR1\Partition2
21:09:15.0242 2264 \Device\Harddisk1\DR1\Partition2 - ok
21:09:15.0262 2264 [ 332C1BA47ADE6250770124B1776450C3 ] \Device\Harddisk1\DR1\Partition3
21:09:15.0263 2264 \Device\Harddisk1\DR1\Partition3 - ok
21:09:15.0265 2264 [ 2F7F9C0911771E1721C7CFC507CC9624 ] \Device\Harddisk0\DR0\Partition1
21:09:15.0267 2264 \Device\Harddisk0\DR0\Partition1 - ok
21:09:15.0270 2264 [ E662520527C65EF66AEC3E4D9398BBE0 ] \Device\Harddisk0\DR0\Partition2
21:09:15.0273 2264 \Device\Harddisk0\DR0\Partition2 - ok
21:09:15.0273 2264 ============================================================
21:09:15.0273 2264 Scan finished
21:09:15.0273 2264 ============================================================
21:09:15.0287 4256 Detected object count: 10
21:09:15.0287 4256 Actual detected object count: 10
21:09:18.0259 4256 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
21:09:18.0259 4256 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
21:09:18.0260 4256 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:18.0260 4256 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:09:18.0262 4256 bizVSerial ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:18.0262 4256 bizVSerial ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:09:18.0263 4256 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:18.0263 4256 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:09:18.0264 4256 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:18.0264 4256 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:09:18.0265 4256 MCSWASVR ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:18.0265 4256 MCSWASVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:09:18.0267 4256 Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:18.0267 4256 Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:09:18.0269 4256 NPF_devolo ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:18.0269 4256 NPF_devolo ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:09:18.0270 4256 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:18.0270 4256 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:09:18.0272 4256 SynoDrService ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:18.0272 4256 SynoDrService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
10.01.2013, 00:43
| #9 | |
| /// Malware-holic | Trojan.JS.Redirector bei Aufruf von Firefox Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.01.2013, 17:33
| #10 |
| | Trojan.JS.Redirector bei Aufruf von Firefox Ich hab den Fehler gefunden: Es war das Google - Cache Tool. Nachdem ich dieses Ad-On deaktiviert habe, kommt keine Fehlermeldung mehr. |
|
10.01.2013, 17:36
| #11 |
| /// Malware-holic | Trojan.JS.Redirector bei Aufruf von Firefox Ja, trotzdem sind wir nicht fertig. weiter bitte mit cf
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.01.2013, 18:36
| #12 |
| | Trojan.JS.Redirector bei Aufruf von Firefox Hier also wunschgemäß die conbofix.txt Code:
ATTFilter ComboFix 13-01-08.01 - Rolf 10.01.2013 18:01:49.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3327.1349 [GMT 1:00]
ausgeführt von:: c:\users\Rolf\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Rolf\ia_remove.sh2871.tmp
c:\users\Rolf\ResourceReader.dll
c:\windows\IsUn0407.exe
c:\windows\system\Color
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\UA000106.DLL
c:\windows\UA000107.DLL
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-10 bis 2013-01-10 ))))))))))))))))))))))))))))))
.
.
2013-01-10 17:12 . 2013-01-10 17:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-10 17:12 . 2013-01-10 17:12 -------- d-----w- c:\users\Hanna\AppData\Local\temp
2013-01-10 17:12 . 2013-01-10 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-10 16:32 . 2013-01-10 16:32 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D68A8EDA-D0DD-4091-BF42-308AFD70588C}\offreg.dll
2013-01-10 12:53 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D68A8EDA-D0DD-4091-BF42-308AFD70588C}\mpengine.dll
2013-01-09 20:28 . 2013-01-09 20:29 -------- d-----w- c:\program files\program
2013-01-09 18:52 . 2013-01-09 18:52 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-02 18:40 . 2013-01-02 18:40 -------- d-----w- c:\program files\URE
2013-01-02 18:40 . 2013-01-09 20:28 -------- d-----w- c:\program files\readmes
2013-01-02 18:40 . 2013-01-09 20:28 -------- d-----w- c:\program files\Basis
2013-01-02 18:40 . 2013-01-02 18:40 -------- d-----w- c:\program files\share
2012-12-22 15:57 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 15:57 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-12-12 17:35 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 17:35 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 18:46 . 2012-04-11 18:00 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 18:46 . 2011-05-21 16:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 13:42 . 2012-06-08 09:38 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\system32\msxml4.dll
2012-10-16 07:39 . 2012-11-28 12:38 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2008-08-16 15:42 . 2013-01-10 16:29 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 15:42 . 2013-01-10 16:29 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 15:42 . 2013-01-10 16:29 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 15:42 . 2013-01-10 16:29 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 15:43 . 2013-01-10 16:29 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 15:42 . 2013-01-10 16:29 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 15:42 . 2013-01-10 16:29 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 06:41 . 2013-01-10 16:29 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 06:41 . 2013-01-10 16:29 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 06:41 . 2013-01-10 16:29 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 11:58 . 2013-01-10 16:29 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 15:42 . 2013-01-10 16:29 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2013-01-10 16:29 . 2013-01-10 16:29 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\System32\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\System32\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-05-15 13:55 155416 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2011-06-01 20:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2011-06-01 20:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2011-06-01 20:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2011-06-01 20:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WebDavOverlayUpload]
@="{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}"
[HKEY_CLASSES_ROOT\CLSID\{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}]
2010-10-27 11:13 284304 ----a-w- c:\windows\System32\WebDAV.ShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Core Temp"="d:\install\prozessortools\Core Temp.exe" [2009-08-05 378384]
"Akamai NetSession Interface"="c:\users\Rolf\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Data Replicator 3"="c:\program files\Synology Data Replicator 3\Backup.exe" [2011-02-22 11587584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
"Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe" [2011-04-04 280824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-11-13 356376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
E-Mail.lnk - c:\program files\Mozilla Thunderbird\thunderbird.exe [2009-10-30 388576]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [N/A]
.
c:\users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\program\quickstart.exe [2012-8-13 1199104]
thunderbird.exe - Verknüpfung.lnk - c:\program files\Mozilla Thunderbird\thunderbird.exe [2009-10-30 388576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]
Spyder3Utility.lnk - c:\program files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe [2010-6-4 7667970]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\WISO\Steuersoftware 2013\mshaktuell.exe [2012-12-8 1386136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v3 Setup-Assistent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Setup-Assistent.lnk
backup=c:\windows\pss\NETGEAR WG111v3 Setup-Assistent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-08-30 11:24 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Display]
2012-01-24 14:09 284024 ----a-w- c:\program files\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 Ext2Fsd;Linux ext2 file system driver; [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [x]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
R4 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [x]
R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
R4 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 APC Data Service;APC Data Service;c:\program files\APC\PowerChute Personal Edition\dataserv.exe [x]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 LNSUSvc;Lotus Notes Smart Upgrade Service ;c:\program files\IBM\Lotus\Notes\SUService.exe [x]
S2 Lotus Notes Diagnostics;Lotus Notes-Diagnose;c:\program files\IBM\Lotus\Notes\nsd.exe [x]
S2 MCSWASVR;Mediencenter Service;c:\program files\Telekom\Mediencenter\WebDAV.AdminService.exe [x]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 SynoDrService;SynoDrService;c:\program files\Synology Data Replicator 3\SynoDrService.exe [x]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 UsbClientService;UsbClientService;c:\program files\Synology\Assistant\UsbClientService.exe [x]
S3 ALSysIO;ALSysIO;c:\users\Rolf\AppData\Local\Temp\ALSysIO.sys [x]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys [x]
S3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ALSYSIO
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:48]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 15:09]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 15:09]
.
2013-01-10 c:\windows\Tasks\PCCT - MAGIX AG.job
- c:\progra~1\MAGIX\PC_CHE~1\MxTray.exe [2010-01-08 07:13]
.
2012-12-31 c:\windows\Tasks\Synology Data Replicator 3-Rolf-PC-Rolf.job
- c:\program files\Synology Data Replicator 3\Backup.exe [2011-02-22 02:14]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube to MP3 Converter - c:\users\Rolf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 172.16.0.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.fujidirekt.de/ips-opdata/objects/jordan.cab
FF - ProfilePath - c:\users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\0wfyg99q.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/photosfromkids?ref=profile
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?barid={52044F48-D66C-11E0-86BC-90E6BA441B8D}&src=2&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Acronis Scheduler2 Service - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
AddRemove-_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
AddRemove-Kies Air Discovery Service - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:bf,8e,52,6b,2f,fe,65,66,50,ca,e3,5c,77,66,27,c8,d7,ff,84,21,ec,
fc,d9,ce,2c,cf,e3,88,6c,24,9c,73,e3,eb,9c,21,43,d5,19,be,1d,1c,96,e2,6a,13,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:bf,8e,52,6b,2f,fe,65,66,50,ca,e3,5c,77,66,27,c8,d7,ff,84,21,ec,
fc,d9,ce,2c,cf,e3,88,6c,24,9c,73,e3,eb,9c,21,43,d5,19,be,1d,1c,96,e2,6a,13,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\CbFsNetRdr3.dll
.
Zeit der Fertigstellung: 2013-01-10 18:18:22
ComboFix-quarantined-files.txt 2013-01-10 17:18
.
Vor Suchlauf: 25 Verzeichnis(se), 381.330.788.352 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 380.792.573.952 Bytes frei
.
- - End Of File - - A59288752D15563E43740B287C0367E3
|
|
10.01.2013, 18:58
| #13 |
| /// Malware-holic | Trojan.JS.Redirector bei Aufruf von Firefox hast du irgendwas mit dem tdss killer gelöscht? laut combofix log hast du.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.01.2013, 19:06
| #14 |
| | Trojan.JS.Redirector bei Aufruf von Firefox Nein - denn da gab es ja nichts zu löschen. Ich habe nur im Firefox das Google Cache Tool Adon deaktiviert und dan deinstalliert. Seit dem läuft wider alles rund. |
|
10.01.2013, 19:11
| #15 |
| /// Malware-holic | Trojan.JS.Redirector bei Aufruf von Firefox hi noch n bissel Adware haben wir. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Trojan.JS.Redirector bei Aufruf von Firefox |
| abstellen, aufruf, facebook trojaner, firefox, gefunde, kaspersky, kaspersky anti-virus 2012, melde, meldet, meldung, nichts, profil, regelmäßig, starte, troja, trojaner, verweigert, zugriff |
Linear-Darstellung
