| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner clickcompare entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.02.2013, 22:55
| #1 |
| |  Trojaner clickcompare entfernen Hallo liebes Trojanerboard-Team! Mein Laptop ist mit dem clickcompare Trojaner infiziert. Ich hab mir wie in Schritt zwei beschrieben OTL runtergeladen. Leider hängt sich das Programm immer wieder beim "scanning FireFox settings" auf. was nun? Ich freue mich über eure Hilfe. Vielen Dank Janna |
|
09.02.2013, 07:25
| #2 |
| | Trojaner clickcompare entfernen Auch über Nacht hat OTL es leider nicht geschafft, dafür aber der Suchlauf von Malwarebytes. Folgende 5 Funde gibts zu verzeichnen: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.08.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Janna :: YOUR-2D1ABB0973 [Administrator] 08.02.2013 23:07:22 MBAM-log-2013-02-09 (08-11-54).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 371121 Laufzeit: 1 Stunde(n), 37 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 2 HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Daten: 078f1ce3c3efd421c2034e2ec3a9a3ef -> Keine Aktion durchgeführt. HKCU\Software\InstalledBrowserExtensions\215 Apps|4479 (PUP.CrossFire.SA) -> Daten: Giant Savings -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Temp\is357113909\FunmoodsLatest.exe (PUP.FunMoods) -> Keine Aktion durchgeführt. (Ende) Geändert von janna1312 (09.02.2013 um 08:12 Uhr) |
|
11.02.2013, 15:20
| #3 |
| /// Helfer-Team  | Trojaner clickcompare entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
dann: Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ |
|
11.02.2013, 21:51
| #4 |
| | Trojaner clickcompare entfernen Hey t'john, erstmal herzlichen Dank für deine Antwort! 1.: Hier die AdwCleanerergebnisse:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.112 - Datei am 11/02/2013 um 21:23:10 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Janna - YOUR-2D1ABB0973
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Janna\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Programme\Mozilla FireFox\searchplugins\fast.xml
Gelöscht mit Neustart : C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj
Ordner Gelöscht : C:\DOKUME~1\Janna\LOKALE~1\Temp\AskSearch
Ordner Gelöscht : C:\DOKUME~1\Janna\LOKALE~1\Temp\boost_interprocess
Ordner Gelöscht : C:\Dokumente und Einstellungen\Janna\Anwendungsdaten\Mozilla\Firefox\Profiles\6o7p0wv8.default\extensions\crossriderapp4479@crossrider.com
Ordner Gelöscht : C:\Dokumente und Einstellungen\Janna\Anwendungsdaten\OpenCandy
Ordner Gelöscht : C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Anwendungsdaten\Giant Savings
Ordner Gelöscht : C:\Programme\Giant Savings
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\Giant Savings
Schlüssel Gelöscht : HKCU\Software\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011441179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444479}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Giant Savings
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Giant Savings
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.2 (de)
Datei : C:\Dokumente und Einstellungen\Janna\Anwendungsdaten\Mozilla\Firefox\Profiles\6o7p0wv8.default\prefs.js
Gelöscht : user_pref("browser.search.defaultenginename", "Fast Browser Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&[...]
Gelöscht : user_pref("browser.search.order.1", "Fast Browser Search");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.InstallationThankYouPage", true);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1352131418);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.searchUserConifrmation", false[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setHomepage", false);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setNewTab", false);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setSearch", false);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.active", true);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.addressbar", "");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.addressbarenhanced", "");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.backgroundjs", "\n\n//\n");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.backgroundver", 35);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.can_run_bg_code", true);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", "");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.changeprevious", false);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1352131418");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.value", "1352131418");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_arbitrary_code.expiration", "Mon Feb 11 201[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_arbitrary_code.value", "%22%28function%28%2[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.expiration", "Mon Feb 11 2013 21:[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_cf_bu1.value", "1360613535");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.expiration", "Fri Feb 15 2013 [...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.value", "%22DE%22");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.value", "1360613523");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 0[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.value", "%221360595384%22");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.value", "%221%22");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.value", "%2214019%22");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.value", "1352133675324");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.value", "%221171%22");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.value", "%22102874%22");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.value", "1352132410851");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.cookie.lastrequest.value", "%7B%22path%22%3A%22/forum/v[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons dis[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.domain", "");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.enablesearch", false);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.fbremoteurl", "");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.group", 0);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.homepage", "");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.iframe", false);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.value", "86");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.value", "0");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.value", "%7B%7D");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.expiration", "Tue Feb 12[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.value", "true");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.value", "%7B%7D");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.expiration", "Fri[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.value", "%7B%22re[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.manifesturl", "");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.newtab", "");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.opensearch", "");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.name", "base");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.ver", 4);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.ver", 15);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.code", "var a=appAPI.db.getList([...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.name", "GPL Background (BG)");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.ver", 32);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.name", "CrossriderAppUtils");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.name", "CrossriderUtils");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.name", "FFAppAPIWrapper");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.ver", 4);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.name", "jQuery");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.ver", 3);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.name", "debug");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.ver", 3);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.name", "resources");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.name", "initializer");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.name", "jquery_1_7_1");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.ver", 3);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.name", "resources_background");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.ver", 1);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.name", "appApiMessage");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.ver", 1);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.name", "appApiValidation");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.ver", 1);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.code", "(function(a){if(typeof a===\"[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.name", "CrossriderInfo");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015"[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Gelöscht : user_pref("extensions.crossriderapp4479.4479.pluginsversion", 57);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.publisher", "215 Apps");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.searchstatus", 0);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.setnewtab", false);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.settingsurl", "");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.thankyou", "");
Gelöscht : user_pref("extensions.crossriderapp4479.4479.updateinterval", 360);
Gelöscht : user_pref("extensions.crossriderapp4479.4479.ver", 86);
Gelöscht : user_pref("extensions.crossriderapp4479.adsOldValue", -1);
Gelöscht : user_pref("extensions.crossriderapp4479.apps", "4479");
Gelöscht : user_pref("extensions.crossriderapp4479.bic", "13ad15f3366e6b35799e3e9b12f2c2c7");
Gelöscht : user_pref("extensions.crossriderapp4479.cid", 4479);
Gelöscht : user_pref("extensions.crossriderapp4479.firstrun", false);
Gelöscht : user_pref("extensions.crossriderapp4479.hadappinstalled", true);
Gelöscht : user_pref("extensions.crossriderapp4479.installationdate", 1352132408);
Gelöscht : user_pref("extensions.crossriderapp4479.lastcheck", 22676892);
Gelöscht : user_pref("extensions.crossriderapp4479.lastcheckitem", 22676892);
Gelöscht : user_pref("extensions.crossriderapp4479.modetype", "production");
Gelöscht : user_pref("extensions.crossriderapp4479.reportInstall", true);
Gelöscht : user_pref("extensions.enabledAddons", "ich%40maltegoetz.de:1.4.3,%7Be4a8a97b-f2ed-450b-b12d-ee082ba2[...]
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [19837 octets] - [11/02/2013 21:23:10]
########## EOF - C:\AdwCleaner[S1].txt - [19898 octets] ##########
2. Die OTL.Txt-Ergebnisse:OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.02.2013 21:33:24 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Janna\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,11 Mb Total Physical Memory | 498,49 Mb Available Physical Memory | 49,16% Memory free 2,39 Gb Paging File | 1,89 Gb Available in Paging File | 79,32% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,28 Gb Total Space | 3,07 Gb Free Space | 4,13% Space Free | Partition Type: NTFS Computer Name: YOUR-2D1ABB0973 | User Name: Janna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Janna\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Programme\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.) PRC - C:\Programme\Synaptics\SynTP\Toshiba.exe (Synaptics, Inc.) PRC - C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation) PRC - C:\Programme\Toshiba\ConfigFree\CFSServ.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) PRC - C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba\Bluetooth Monitor\BtMon2.exe (TOSHIBA) PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Modules (No Company Name) ========== MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll () MOD - C:\WINDOWS\system32\sbe.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\tsbwls.dll () MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll () MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll () MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll () MOD - C:\Programme\Intel\Wireless\Bin\acAuth.dll () MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (LiveUpdate Notice Service) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (CFSvcs) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (Winsock - Google Desktop Search Backup Before Last Install) -- File not found DRV - (Winsock - Google Desktop Search Backup Before First Install) -- File not found DRV - (WDICA) -- File not found DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (SMCB000) -- C:\WINDOWS\system32\drivers\HIDSMSC.SYS (SMSC) DRV - (qkbfiltr) -- C:\WINDOWS\system32\drivers\qkbfiltr.sys (Quanta Computer, Inc.) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.) DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (X10Hid) -- C:\WINDOWS\system32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions) DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions) DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (BDA_Loader_220) -- C:\WINDOWS\system32\drivers\BDA_Loader_220.sys (WideView Technology Inc.) DRV - (BDA_Capture_220) -- C:\WINDOWS\system32\drivers\BDA_Capture_220.sys (WideViewer Electronics CO., LTD) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions) DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions) DRV - (BoiHwsetup) -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys (Quanta Computer Corp) DRV - (qmofiltr) -- C:\WINDOWS\system32\drivers\qmofiltr.sys (Quanta Computer, Inc.) DRV - (ovt530) -- C:\WINDOWS\system32\drivers\ov530vid.sys (OmniVision Technologies, Inc.) DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.) DRV - (VcomPort) -- C:\WINDOWS\system32\drivers\vcomrico.sys (HSDS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-180914410-1256611159-1260016420-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome IE - HKU\S-1-5-21-180914410-1256611159-1260016420-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-180914410-1256611159-1260016420-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-180914410-1256611159-1260016420-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-180914410-1256611159-1260016420-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Startfenster.de - Mein Startfenster im Internet IE - HKU\S-1-5-21-180914410-1256611159-1260016420-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome IE - HKU\S-1-5-21-180914410-1256611159-1260016420-1005\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-180914410-1256611159-1260016420-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-180914410-1256611159-1260016420-1005\..\SearchScopes\{2F52A2DD-EA96-4CD8-8E69-D1066ACE67F5}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNWN IE - HKU\S-1-5-21-180914410-1256611159-1260016420-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-180914410-1256611159-1260016420-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-180914410-1256611159-1260016420-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local IE - HKU\S-1-5-21-180914410-1256611159-1260016420-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.hiergehtslos.de" FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Programme\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\Janna\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\Janna\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.04.22 19:19:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Programme\Google\Google Gears\Firefox\ [2010.03.05 11:15:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.17 18:58:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.02.07 07:25:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.02.07 07:24:24 | 000,000,000 | ---D | M] [2009.09.21 11:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Janna\Anwendungsdaten\Mozilla\Extensions [2009.09.21 11:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Janna\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2013.02.11 21:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Janna\Anwendungsdaten\Mozilla\Firefox\Profiles\6o7p0wv8.default\extensions [2012.09.16 09:50:53 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Dokumente und Einstellungen\Janna\Anwendungsdaten\Mozilla\Firefox\Profiles\6o7p0wv8.default\extensions\ich@maltegoetz.de [2012.12.11 16:10:58 | 000,036,098 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Janna\Anwendungsdaten\Mozilla\Firefox\Profiles\6o7p0wv8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.02.01 12:50:01 | 000,817,973 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Janna\Anwendungsdaten\Mozilla\Firefox\Profiles\6o7p0wv8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.27 10:33:22 | 000,242,136 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Janna\Anwendungsdaten\Mozilla\Firefox\Profiles\6o7p0wv8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.02.07 07:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\JANNA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\6O7P0WV8.DEFAULT\EXTENSIONS\CROSSRIDERAPP4479@CROSSRIDER.COM [2013.02.07 07:25:21 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.06.27 06:53:35 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 04:45:44 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.27 06:53:35 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2009.10.02 19:18:33 | 000,003,700 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fast.png [2012.06.27 06:53:35 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.27 06:53:35 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.27 06:53:35 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Move Media Player 7 (Enabled) = C:\Dokumente und Einstellungen\Janna\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Programme\DivX\DivX Content Uploader\npUpload.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Programme\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2004.08.10 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-180914410-1256611159-1260016420-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKU\S-1-5-21-180914410-1256611159-1260016420-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-180914410-1256611159-1260016420-1005\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [swxermanco.tmp] "C:\DOKUME~1\Janna\LOKALE~1\Temp\swxermanco.tmp" File not found O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [Toshiba Hotkey Utility] C:\Programme\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.) O4 - HKLM..\Run: [xrwncosame.tmp] "C:\DOKUME~1\Janna\LOKALE~1\Temp\xrwncosame.tmp" File not found O4 - HKU\S-1-5-21-180914410-1256611159-1260016420-1005..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe" File not found O4 - HKU\S-1-5-21-180914410-1256611159-1260016420-1005..\Run: [TomTomHOME.exe] "C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe" File not found O4 - HKU\S-1-5-21-180914410-1256611159-1260016420-1005..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Monitor.lnk = C:\Programme\Toshiba\Bluetooth Monitor\BtMon2.exe (TOSHIBA) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Office-Bibliothek-Direktsuche.lnk = C:\Programme\Office-Bibliothek\PCLib.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-180914410-1256611159-1260016420-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Janna\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Janna\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.) O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1224438493 (Image Uploader Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184336875890 (MUWebControl Class) O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.ak.studivz.net/photouploader/ImageUploader4.cab (Image Uploader Control) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {96512D57-F751-4088-A689-5778FCC77F7A} studiVZ | Bist Du schon drin? (Photo Uploader Control) O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1214330372 (Image Uploader Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAC0943A-D640-473F-AA94-A96257E3A965}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.03.17 13:02:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.08 22:26:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Janna\Desktop\OTL.exe [2013.02.08 20:55:37 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2013.02.07 07:24:09 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.02.02 11:16:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Janna\Desktop\__MACOSX [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- C:\Dokumente und Einstellungen\Janna\Eigene Dateien\CAJECVZH. File not found -- C:\Dokumente und Einstellungen\Janna\Eigene Dateien\CAEZOPUB. [2013.02.11 21:28:42 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.02.11 21:28:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.02.11 21:28:36 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys [2013.02.11 21:27:07 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat [2013.02.11 21:20:22 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.02.11 21:16:09 | 000,587,659 | ---- | M] () -- C:\Dokumente und Einstellungen\Janna\Desktop\adwcleaner.exe [2013.02.11 01:53:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.02.09 07:25:01 | 000,128,914 | ---- | M] () -- C:\Dokumente und Einstellungen\Janna\Desktop\Unbenannt.JPG [2013.02.08 23:06:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2013.02.08 22:21:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Janna\Desktop\OTL.exe [2013.02.08 22:10:01 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Janna\defogger_reenable [2013.02.08 20:55:14 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.07 23:53:37 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.02.07 23:53:35 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.02.06 15:48:23 | 000,368,568 | ---- | M] () -- C:\Dokumente und Einstellungen\Janna\Desktop\img173.pdf [2013.02.05 11:23:17 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2013.02.04 15:18:04 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013.01.13 11:05:16 | 000,463,298 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.01.13 11:05:16 | 000,444,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.01.13 11:05:16 | 000,086,134 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.01.13 11:05:16 | 000,072,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.01.13 10:48:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== File not found -- C:\Dokumente und Einstellungen\Janna\Eigene Dateien\CAJECVZH. File not found -- C:\Dokumente und Einstellungen\Janna\Eigene Dateien\CAEZOPUB. [2013.02.11 21:16:15 | 000,587,659 | ---- | C] () -- C:\Dokumente und Einstellungen\Janna\Desktop\adwcleaner.exe [2013.02.09 07:25:00 | 000,128,914 | ---- | C] () -- C:\Dokumente und Einstellungen\Janna\Desktop\Unbenannt.JPG [2013.02.08 22:10:01 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Janna\defogger_reenable [2013.02.06 15:48:21 | 000,368,568 | ---- | C] () -- C:\Dokumente und Einstellungen\Janna\Desktop\img173.pdf [2012.05.12 09:04:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSBrow.INI [2012.02.15 09:45:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.01.07 20:48:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.04.12 12:11:28 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat [2011.01.19 12:48:22 | 000,000,845 | ---- | C] () -- C:\Dokumente und Einstellungen\Janna\.recently-used.xbel [2008.08.25 17:47:42 | 000,001,343 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2007.11.08 21:53:16 | 000,000,288 | ---- | C] () -- C:\Dokumente und Einstellungen\Janna\default.pls [2007.01.11 13:27:38 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.10.10 16:11:19 | 000,107,008 | ---- | C] () -- C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.10.09 18:15:50 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2006.03.17 12:59:10 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Und 3.: Die Extras.Txt-Datei:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.02.2013 21:33:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Janna\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,11 Mb Total Physical Memory | 498,49 Mb Available Physical Memory | 49,16% Memory free
2,39 Gb Paging File | 1,89 Gb Available in Paging File | 79,32% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,28 Gb Total Space | 3,07 Gb Free Space | 4,13% Space Free | Partition Type: NTFS
Computer Name: YOUR-2D1ABB0973 | User Name: Janna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-180914410-1256611159-1260016420-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- (ICQ Ltd.)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\AntiVir PersonalEdition Classic\avcenter.exe" = C:\Programme\AntiVir PersonalEdition Classic\avcenter.exe:*:Enabled:AntiVir PersonalEdition Classic starten
"C:\Programme\Internet Explorer\iexplore.exe" = C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Janna\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Janna\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}" = Cisco AnyConnect VPN Client
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EB6332B-AF02-457C-A31C-835458C5B48B}" = TOSHIBA Benutzerhandbücher
"{44087BB4-73BC-4341-B40D-0A2D31262751}" = Toshiba Hotkey Utility
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{45E55CFF-A44A-4DD1-8BD4-D87026D3E480}" = Fischer Weltalmanach 2006
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD-Speicherkarten-Formatierung
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4B55E0A8-07F5-4966-9B7B-D32C8ADC0FF4}" = Digimax Converter
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{54971F17-9D16-4D43-95D6-3A86E3D20EDB}" = Office-Bibliothek 4.1
"{55A4E9CC-3F8D-4940-A2A4-EE04D3BADF74}" = OpenOffice.org 2.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58AEE3E0-8746-11DD-81B6-000AE67E2618}_is1" = grafstat4
"{61539202-097E-487E-9237-B291AB56D54C}" = Bluetooth Monitor 2
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zoom-Dienstprogramm
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{713E5AB1-2389-43A6-8313-CB4D3C44C4FA}" = Samsung USB Driver
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A250D351-A07F-4D5D-AB6C-693C69B9BFAF}" = Hercules Webcam
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACA1086B-9B62-4F80-B4B9-5659395E4F25}" = Toshiba Controls Utility
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD-Sicherheitsmodul
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F19D07BC-6240-49D3-BA5C-59B015DF8916}" = EPSON Easy Photo Print
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity_is1" = Audacity 2.0.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANONBJ_Deinstall_CNMCP4b.DLL" = Canon i850
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5047&SUBSYS_1179FF31" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup" = DivX-Setup
"Druckschriften Nord_is1" = Pelikan Schulschriften
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESDX4800_4200 Benutzerhandbuch" = ESDX4800_4200 Benutzerhandbuch
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free MP3 Cutter and Editor_is1" = Free MP3 Cutter and Editor 2.6
"Free Studio_is1" = Free Studio version 4.2
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.4.628
"Free YouTube Download_is1" = Free YouTube Download version 3.1.22.319
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"ICQLite" = ICQ 5.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Inca Ball_is1" = Inca Ball
"InstallShield_{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{45E55CFF-A44A-4DD1-8BD4-D87026D3E480}" = Fischer Weltalmanach 2006
"InstallShield_{ACA1086B-9B62-4F80-B4B9-5659395E4F25}" = Toshiba Controls Utility
"InstallShield_{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility
"Klinisches Wörterbuch 258/2" = Klinisches Wörterbuch 258/2
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Luxor 3" = Luxor 3
"Magic Match The Genies Journey" = Magic Match The Genies Journey
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPEG4E" = MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Diagnose-Tool" = TOSHIBA PC-Diagnose-Tool
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Prozess" = Prozess
"RDC-7 Camera Utility" = RDC-7 Camera Utility
"RealPlayer 6.0" = RealPlayer
"SciTE_{14906E3B-DA79-49B7-A747-49260999BA4B}_is1" = SciTE - Scintilla Text Editor 1.70 with Extensions (wbd-1)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tumblebugs" = Tumblebugs
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.3
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordToPDF_is1" = WordToPDF 2.4
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware" = X10 Hardware(TM)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zuma Deluxe" = Zuma Deluxe
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-180914410-1256611159-1260016420-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Move Media Player" = Move Media Player
"Music Converter" = Music Converter
"Music Converter Packages" = Music Converter Packages
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.02.2013 21:28:23 | Computer Name = YOUR-2D1ABB0973 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2547
Error - 10.02.2013 22:28:28 | Computer Name = YOUR-2D1ABB0973 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10.02.2013 22:28:28 | Computer Name = YOUR-2D1ABB0973 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3608313
Error - 10.02.2013 22:28:28 | Computer Name = YOUR-2D1ABB0973 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3608313
Error - 10.02.2013 22:28:30 | Computer Name = YOUR-2D1ABB0973 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10.02.2013 22:28:30 | Computer Name = YOUR-2D1ABB0973 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3610469
Error - 10.02.2013 22:28:30 | Computer Name = YOUR-2D1ABB0973 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3610469
Error - 10.02.2013 22:28:32 | Computer Name = YOUR-2D1ABB0973 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10.02.2013 22:28:32 | Computer Name = YOUR-2D1ABB0973 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3612485
Error - 10.02.2013 22:28:32 | Computer Name = YOUR-2D1ABB0973 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3612485
[ OSession Events ]
Error - 22.11.2012 12:15:01 | Computer Name = YOUR-2D1ABB0973 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 80
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.11.2012 12:15:53 | Computer Name = YOUR-2D1ABB0973 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 29
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.11.2012 12:19:54 | Computer Name = YOUR-2D1ABB0973 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 212
seconds with 60 seconds of active time. This session ended with a crash.
Error - 22.11.2012 12:20:25 | Computer Name = YOUR-2D1ABB0973 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.11.2012 12:23:06 | Computer Name = YOUR-2D1ABB0973 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 139
seconds with 60 seconds of active time. This session ended with a crash.
Error - 22.11.2012 12:25:43 | Computer Name = YOUR-2D1ABB0973 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 121
seconds with 120 seconds of active time. This session ended with a crash.
Error - 22.11.2012 12:33:11 | Computer Name = YOUR-2D1ABB0973 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 433
seconds with 360 seconds of active time. This session ended with a crash.
Error - 22.11.2012 12:34:44 | Computer Name = YOUR-2D1ABB0973 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 52
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.11.2012 12:35:27 | Computer Name = YOUR-2D1ABB0973 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.11.2012 12:35:55 | Computer Name = YOUR-2D1ABB0973 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 10.02.2013 22:28:34 | Computer Name = YOUR-2D1ABB0973 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 11.02.2013 06:15:10 | Computer Name = YOUR-2D1ABB0973 | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)
Error - 11.02.2013 06:15:10 | Computer Name = YOUR-2D1ABB0973 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 11.02.2013 16:02:59 | Computer Name = YOUR-2D1ABB0973 | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
"Automatische Updates" hergestellt werden, daher können Updates nicht nach dem
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
eine Verbindung herzustellen.
Error - 11.02.2013 16:04:05 | Computer Name = YOUR-2D1ABB0973 | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)
Error - 11.02.2013 16:04:05 | Computer Name = YOUR-2D1ABB0973 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 11.02.2013 16:10:19 | Computer Name = YOUR-2D1ABB0973 | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)
Error - 11.02.2013 16:10:19 | Computer Name = YOUR-2D1ABB0973 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 11.02.2013 16:10:20 | Computer Name = YOUR-2D1ABB0973 | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)
Error - 11.02.2013 16:10:20 | Computer Name = YOUR-2D1ABB0973 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
< End of report >
Die Dateien, die das Malewareprogramm gefunden hat habe ich bislang nicht angerührt, soll ich da noch irgendwas machen, löschen oder Quarantäne, oder hat sich das erübrigt? Danke nochmal und viele Grüße, Janna |
|
12.02.2013, 07:36
| #5 |
| /// Helfer-Team | Trojaner clickcompare entfernen Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
DRV - (Winsock - Google Desktop Search Backup Before Last Install) -- File not found
DRV - (Winsock - Google Desktop Search Backup Before First Install) -- File not found
IE - HKU\S-1-5-21-180914410-1256611159-1260016420-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local
IE - HKU\S-1-5-21-180914410-1256611159-1260016420-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
FF - prefs.js..browser.startup.homepage: "http://www.hiergehtslos.de"
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [swxermanco.tmp] "C:\DOKUME~1\Janna\LOKALE~1\Temp\swxermanco.tmp" File not found
O4 - HKLM..\Run: [xrwncosame.tmp] "C:\DOKUME~1\Janna\LOKALE~1\Temp\xrwncosame.tmp" File not found
O4 - HKU\S-1-5-21-180914410-1256611159-1260016420-1005..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe" File not found
File not found -- C:\Dokumente und Einstellungen\Janna\Eigene Dateien\CAJECVZH.
File not found -- C:\Dokumente und Einstellungen\Janna\Eigene Dateien\CAEZOPUB.
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.exe
C:\Dokumente und Einstellungen\Janna\Anwendungsdaten\*.exe
C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Anwendungsdaten\*.exe
C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Anwendungsdaten\*.tmp
C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Temp\*.exe
C:\Dokumente und Einstellungen\Janna\*.exe
C:\Dokumente und Einstellungen\Janna\Startmenü\Programme\Autostart\ctfmon.lnk
C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). |
|
12.02.2013, 13:15
| #6 |
| | Trojaner clickcompare entfernen Hallo t'john, hier die Dateien. 1. OTL: All processes killed ========== OTL ========== Error: No service named Winsock - Google Desktop Search Backup Before Last Install was found to stop! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock - Google Desktop Search Backup Before Last Install deleted successfully. File File not found not found. Error: No service named Winsock - Google Desktop Search Backup Before First Install was found to stop! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock - Google Desktop Search Backup Before First Install deleted successfully. File File not found not found. HKU\S-1-5-21-180914410-1256611159-1260016420-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKU\S-1-5-21-180914410-1256611159-1260016420-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Prefs.js: "hxxp://www.hiergehtslos.de" removed from browser.startup.homepage Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}\ deleted successfully. C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\swxermanco.tmp deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\xrwncosame.tmp deleted successfully. Registry value HKEY_USERS\S-1-5-21-180914410-1256611159-1260016420-1005\Software\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully. ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\*.dll not found. File\Folder C:\ProgramData\*.tmp not found. File\Folder C:\ProgramData\TEMP not found. File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.exe not found. File\Folder C:\Dokumente und Einstellungen\Janna\Anwendungsdaten\*.exe not found. File\Folder C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Anwendungsdaten\*.exe not found. File\Folder C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Anwendungsdaten\*.tmp not found. C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Temp\AdobeUpdater12345.exe moved successfully. C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Temp\aiw7128234.EXE moved successfully. C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Temp\DivXSetup.exe moved successfully. C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Temp\DWPUpgradeInstaller.exe moved successfully. C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Temp\FP_PL_PFS_INSTALLER.exe moved successfully. C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Temp\GDSSetup.exe moved successfully. C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Temp\GoogleInstApp.exe moved successfully. C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Temp\ICQInstall.exe moved successfully. C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Temp\ose00000.exe moved successfully. C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Temp\SkypeSetup.exe moved successfully. File\Folder C:\Dokumente und Einstellungen\Janna\*.exe not found. File\Folder C:\Dokumente und Einstellungen\Janna\Startmenü\Programme\Autostart\ctfmon.lnk not found. Folder C:\Dokumente und Einstellungen\Janna\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Auflösungscache wurde geleert. C:\Dokumente und Einstellungen\Janna\Desktop\cmd.bat deleted successfully. C:\Dokumente und Einstellungen\Janna\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Janna ->Temp folder emptied: 9314106554 bytes ->Temporary Internet Files folder emptied: 222521802 bytes ->Java cache emptied: 42479492 bytes ->FireFox cache emptied: 74058539 bytes ->Google Chrome cache emptied: 7263561 bytes ->Flash cache emptied: 159416 bytes User: LocalService ->Temp folder emptied: 65536 bytes ->Temporary Internet Files folder emptied: 902725 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 345331447 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 5518727 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 175480478 bytes RecycleBin emptied: 3191552118 bytes Total Files Cleaned = 12.760,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02122013_105331 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... 2. MBAR (kein Neustart, da keine Malware gefunden wurde): Malwarebytes Anti-Rootkit BETA 1.01.0.1020 Malwarebytes : Free Anti-Malware download Database version: v2013.02.12.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Janna :: YOUR-2D1ABB0973 [administrator] 12.02.2013 11:41:18 mbar-log-2013-02-12 (11-41-18).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 27773 Time elapsed: 31 minute(s), 6 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) 3. aswMBR: aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-02-12 12:15:56 ----------------------------- 12:15:56.625 OS Version: Windows 5.1.2600 Service Pack 3 12:15:56.625 Number of processors: 2 586 0xE08 12:15:56.625 ComputerName: YOUR-2D1ABB0973 UserName: Janna 12:15:57.468 Initialize success 12:18:34.296 AVAST engine defs: 13021101 12:26:08.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 12:26:08.671 Disk 0 Vendor: HTS541080G9SA00 MB4OC60R Size: 76319MB BusType: 3 12:26:08.687 Disk 0 MBR read successfully 12:26:08.687 Disk 0 MBR scan 12:26:08.984 Disk 0 Windows XP default MBR code 12:26:08.984 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76065 MB offset 63 12:26:09.125 Disk 0 Partition 2 00 88 Linux plaintext A*Kárò'ó 251 MB offset 155782305 12:26:09.187 Disk 0 scanning sectors +156296385 12:26:09.312 Disk 0 scanning C:\WINDOWS\system32\drivers 12:26:44.000 Service scanning 12:27:18.406 Modules scanning 12:27:27.531 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS** 12:27:28.750 Disk 0 trace - called modules: 12:27:28.765 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 12:27:28.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f6bab8] 12:27:28.781 3 CLASSPNP.SYS[f77acfd7] -> nt!IofCallDriver -> \Device\0000007e[0x86f4c9e8] 12:27:28.781 5 ACPI.sys[f7702620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f20d98] 12:27:30.671 AVAST engine scan C:\WINDOWS 12:28:02.484 AVAST engine scan C:\WINDOWS\system32 12:34:33.250 AVAST engine scan C:\WINDOWS\system32\drivers 12:34:59.359 AVAST engine scan C:\Dokumente und Einstellungen\Janna 12:48:12.031 File: C:\Dokumente und Einstellungen\Janna\Eigene Dateien\Downloads\rkill.com **INFECTED** Win32:Malware-gen 13:00:33.500 AVAST engine scan C:\Dokumente und Einstellungen\All Users 13:02:31.312 Scan finished successfully 13:10:43.000 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Janna\Desktop\MBR.dat" 13:10:43.000 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Janna\Desktop\aswMBR.txt" Viele Grüße, Janna |
|
13.02.2013, 14:57
| #7 |
| /// Helfer-Team | Trojaner clickcompare entfernen Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
|
|
13.02.2013, 19:29
| #8 |
| | Trojaner clickcompare entfernen Hey t'john, hier die 3 Logfiles. 1. tdsskiller: 15:05:01.0156 1668 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 15:05:01.0531 1668 ============================================================ 15:05:01.0531 1668 Current date / time: 2013/02/13 15:05:01.0531 15:05:01.0531 1668 SystemInfo: 15:05:01.0531 1668 15:05:01.0531 1668 OS Version: 5.1.2600 ServicePack: 3.0 15:05:01.0531 1668 Product type: Workstation 15:05:01.0531 1668 ComputerName: YOUR-2D1ABB0973 15:05:01.0531 1668 UserName: Janna 15:05:01.0531 1668 Windows directory: C:\WINDOWS 15:05:01.0531 1668 System windows directory: C:\WINDOWS 15:05:01.0531 1668 Processor architecture: Intel x86 15:05:01.0531 1668 Number of processors: 2 15:05:01.0531 1668 Page size: 0x1000 15:05:01.0531 1668 Boot type: Normal boot 15:05:01.0531 1668 ============================================================ 15:05:03.0843 1668 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 15:05:03.0890 1668 ============================================================ 15:05:03.0890 1668 \Device\Harddisk0\DR0: 15:05:03.0937 1668 MBR partitions: 15:05:03.0937 1668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9490C62 15:05:03.0937 1668 ============================================================ 15:05:03.0953 1668 C: <-> \Device\Harddisk0\DR0\Partition1 15:05:04.0000 1668 ============================================================ 15:05:04.0000 1668 Initialize success 15:05:04.0000 1668 ============================================================ 15:06:03.0171 1700 ============================================================ 15:06:03.0171 1700 Scan started 15:06:03.0171 1700 Mode: Manual; SigCheck; TDLFS; 15:06:03.0171 1700 ============================================================ 15:06:04.0093 1700 ================ Scan system memory ======================== 15:06:07.0593 1700 System memory - ok 15:06:07.0593 1700 ================ Scan services ============================= 15:06:07.0796 1700 Abiosdsk - ok 15:06:07.0796 1700 abp480n5 - ok 15:06:07.0843 1700 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 15:06:12.0156 1700 ACPI - ok 15:06:12.0187 1700 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 15:06:12.0515 1700 ACPIEC - ok 15:06:12.0609 1700 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 15:06:12.0656 1700 AdobeFlashPlayerUpdateSvc - ok 15:06:12.0656 1700 adpu160m - ok 15:06:12.0671 1700 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 15:06:12.0890 1700 aec - ok 15:06:12.0921 1700 [ 12DAFD934641DCF61E446313BC261EC2 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys 15:06:13.0078 1700 AegisP ( UnsignedFile.Multi.Generic ) - warning 15:06:13.0078 1700 AegisP - detected UnsignedFile.Multi.Generic (1) 15:06:13.0125 1700 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 15:06:13.0156 1700 AFD - ok 15:06:13.0171 1700 Aha154x - ok 15:06:13.0171 1700 aic78u2 - ok 15:06:13.0187 1700 aic78xx - ok 15:06:13.0218 1700 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll 15:06:13.0515 1700 Alerter - ok 15:06:13.0546 1700 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe 15:06:13.0765 1700 ALG - ok 15:06:13.0781 1700 AliIde - ok 15:06:13.0781 1700 amsint - ok 15:06:13.0921 1700 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe 15:06:14.0109 1700 AntiVirSchedulerService - ok 15:06:14.0156 1700 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe 15:06:14.0234 1700 AntiVirService - ok 15:06:14.0359 1700 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe 15:06:14.0437 1700 Apple Mobile Device - ok 15:06:14.0468 1700 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 15:06:14.0718 1700 AppMgmt - ok 15:06:14.0765 1700 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys 15:06:14.0968 1700 Arp1394 - ok 15:06:14.0968 1700 asc - ok 15:06:14.0984 1700 asc3350p - ok 15:06:14.0984 1700 asc3550 - ok 15:06:15.0093 1700 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 15:06:15.0187 1700 aspnet_state - ok 15:06:15.0218 1700 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 15:06:15.0421 1700 AsyncMac - ok 15:06:15.0437 1700 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 15:06:15.0578 1700 atapi - ok 15:06:15.0593 1700 Atdisk - ok 15:06:15.0609 1700 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 15:06:15.0843 1700 Atmarpc - ok 15:06:15.0875 1700 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 15:06:16.0125 1700 AudioSrv - ok 15:06:16.0156 1700 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 15:06:16.0468 1700 audstub - ok 15:06:16.0593 1700 [ 7768CE75C5CBF0D8F441CE2BBD806B7F ] Automatisches LiveUpdate - Scheduler C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe 15:06:16.0671 1700 Automatisches LiveUpdate - Scheduler - ok 15:06:16.0703 1700 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys 15:06:17.0640 1700 avgntflt - ok 15:06:17.0687 1700 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys 15:06:17.0765 1700 avipbb - ok 15:06:17.0796 1700 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys 15:06:17.0843 1700 avkmgr - ok 15:06:17.0890 1700 [ E00F4431DE291C2D393F31F12445CB3D ] BDA_Capture_220 C:\WINDOWS\system32\Drivers\BDA_Capture_220.sys 15:06:17.0968 1700 BDA_Capture_220 ( UnsignedFile.Multi.Generic ) - warning 15:06:17.0968 1700 BDA_Capture_220 - detected UnsignedFile.Multi.Generic (1) 15:06:18.0015 1700 [ 01DAB88E8242549A8231714D4ED05328 ] BDA_Loader_220 C:\WINDOWS\system32\Drivers\BDA_Loader_220.sys 15:06:18.0109 1700 BDA_Loader_220 ( UnsignedFile.Multi.Generic ) - warning 15:06:18.0109 1700 BDA_Loader_220 - detected UnsignedFile.Multi.Generic (1) 15:06:18.0203 1700 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 15:06:18.0562 1700 Beep - ok 15:06:18.0687 1700 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll 15:06:19.0046 1700 BITS - ok 15:06:19.0062 1700 [ 141BEFBD4F2A84A66E2F54B9E32E40D1 ] BoiHwsetup C:\WINDOWS\system32\drivers\BoiHwSetup.sys 15:06:19.0140 1700 BoiHwsetup - ok 15:06:19.0218 1700 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe 15:06:19.0343 1700 Bonjour Service - ok 15:06:19.0406 1700 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll 15:06:19.0468 1700 Browser - ok 15:06:19.0515 1700 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys 15:06:19.0796 1700 BthEnum - ok 15:06:19.0859 1700 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys 15:06:20.0125 1700 BthPan - ok 15:06:20.0171 1700 [ 592E1CEDBE314D0EF184DC6F46141E76 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys 15:06:20.0234 1700 BTHPORT - ok 15:06:20.0265 1700 [ 26C601EF7525E31379744ABFC6F35A1B ] BthServ C:\WINDOWS\System32\bthserv.dll 15:06:20.0546 1700 BthServ - ok 15:06:20.0578 1700 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys 15:06:20.0781 1700 BTHUSB - ok 15:06:20.0812 1700 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 15:06:21.0031 1700 cbidf2k - ok 15:06:21.0078 1700 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 15:06:21.0281 1700 CCDECODE - ok 15:06:21.0281 1700 cd20xrnt - ok 15:06:21.0375 1700 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 15:06:21.0562 1700 Cdaudio - ok 15:06:21.0593 1700 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 15:06:21.0750 1700 Cdfs - ok 15:06:21.0765 1700 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 15:06:21.0968 1700 Cdrom - ok 15:06:22.0140 1700 [ 3CB0CC8879956C187E87E18634EE5164 ] CFSvcs C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe 15:06:22.0203 1700 CFSvcs ( UnsignedFile.Multi.Generic ) - warning 15:06:22.0203 1700 CFSvcs - detected UnsignedFile.Multi.Generic (1) 15:06:22.0218 1700 Changer - ok 15:06:22.0250 1700 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe 15:06:22.0515 1700 CiSvc - ok 15:06:22.0578 1700 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 15:06:22.0828 1700 ClipSrv - ok 15:06:22.0906 1700 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:06:23.0234 1700 clr_optimization_v2.0.50727_32 - ok 15:06:23.0265 1700 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 15:06:23.0515 1700 CmBatt - ok 15:06:23.0531 1700 CmdIde - ok 15:06:23.0578 1700 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 15:06:23.0718 1700 Compbatt - ok 15:06:23.0718 1700 COMSysApp - ok 15:06:23.0734 1700 Cpqarray - ok 15:06:23.0750 1700 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 15:06:23.0953 1700 CryptSvc - ok 15:06:23.0953 1700 dac2w2k - ok 15:06:23.0953 1700 dac960nt - ok 15:06:24.0031 1700 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 15:06:24.0125 1700 DcomLaunch - ok 15:06:24.0171 1700 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 15:06:24.0421 1700 Dhcp - ok 15:06:24.0421 1700 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 15:06:24.0625 1700 Disk - ok 15:06:24.0703 1700 [ EE4325BECEF51B8C32B4329097E4F301 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS 15:06:24.0765 1700 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning 15:06:24.0765 1700 DLABOIOM - detected UnsignedFile.Multi.Generic (1) 15:06:24.0781 1700 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 15:06:24.0781 1700 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning 15:06:24.0781 1700 DLACDBHM - detected UnsignedFile.Multi.Generic (1) 15:06:24.0812 1700 [ F17CFEB7F7E90496931523E5BA11D399 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS 15:06:24.0843 1700 DLADResN ( UnsignedFile.Multi.Generic ) - warning 15:06:24.0843 1700 DLADResN - detected UnsignedFile.Multi.Generic (1) 15:06:24.0875 1700 [ 752376E109A090970BFA9722F0F40B03 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 15:06:25.0000 1700 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning 15:06:25.0000 1700 DLAIFS_M - detected UnsignedFile.Multi.Generic (1) 15:06:25.0031 1700 [ 62EE7902E74B90BF1CCC4643FC6C07A7 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 15:06:25.0156 1700 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning 15:06:25.0156 1700 DLAOPIOM - detected UnsignedFile.Multi.Generic (1) 15:06:25.0171 1700 [ 5C220124C5AFEAEE84A9BB89D685C17B ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS 15:06:25.0250 1700 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning 15:06:25.0250 1700 DLAPoolM - detected UnsignedFile.Multi.Generic (1) 15:06:25.0265 1700 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS 15:06:25.0281 1700 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning 15:06:25.0281 1700 DLARTL_N - detected UnsignedFile.Multi.Generic (1) 15:06:25.0312 1700 [ 4EBB78D9BBF072119363B35B9B3E518F ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 15:06:25.0390 1700 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning 15:06:25.0390 1700 DLAUDFAM - detected UnsignedFile.Multi.Generic (1) 15:06:25.0421 1700 [ 333B770E52D2CEA7BD86391120466E43 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 15:06:25.0500 1700 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning 15:06:25.0500 1700 DLAUDF_M - detected UnsignedFile.Multi.Generic (1) 15:06:25.0515 1700 dmadmin - ok 15:06:25.0562 1700 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 15:06:25.0906 1700 dmboot - ok 15:06:26.0015 1700 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys 15:06:26.0156 1700 dmio - ok 15:06:26.0187 1700 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 15:06:26.0343 1700 dmload - ok 15:06:26.0375 1700 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll 15:06:26.0593 1700 dmserver - ok 15:06:26.0609 1700 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 15:06:26.0812 1700 DMusic - ok 15:06:26.0906 1700 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 15:06:27.0156 1700 Dnscache - ok 15:06:27.0234 1700 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 15:06:27.0578 1700 Dot3svc - ok 15:06:27.0593 1700 dpti2o - ok 15:06:27.0625 1700 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 15:06:27.0875 1700 drmkaud - ok 15:06:27.0921 1700 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 15:06:27.0937 1700 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning 15:06:27.0937 1700 DRVMCDB - detected UnsignedFile.Multi.Generic (1) 15:06:27.0937 1700 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 15:06:27.0953 1700 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning 15:06:27.0953 1700 DRVNDDM - detected UnsignedFile.Multi.Generic (1) 15:06:28.0015 1700 [ 2646883E6DD867CD872D5B51B6036710 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys 15:06:28.0171 1700 E100B - ok 15:06:28.0218 1700 [ E1FA10ED8F9F700C1BE1EAE05A80EF57 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys 15:06:28.0312 1700 e1express - ok 15:06:28.0359 1700 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll 15:06:28.0562 1700 EapHost - ok 15:06:28.0640 1700 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe 15:06:28.0734 1700 ehRecvr - ok 15:06:28.0781 1700 [ E774BF24A6CB798DCE67AD1C8E917152 ] ehSched C:\WINDOWS\eHome\ehSched.exe 15:06:28.0859 1700 ehSched - ok 15:06:28.0906 1700 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll 15:06:29.0125 1700 ERSvc - ok 15:06:29.0234 1700 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe 15:06:29.0265 1700 Eventlog - ok 15:06:29.0328 1700 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll 15:06:29.0390 1700 EventSystem - ok 15:06:29.0453 1700 [ 56DED3ADE453272E6A0AD582D945D1A4 ] EvtEng C:\Programme\Intel\Wireless\Bin\EvtEng.exe 15:06:29.0515 1700 EvtEng ( UnsignedFile.Multi.Generic ) - warning 15:06:29.0515 1700 EvtEng - detected UnsignedFile.Multi.Generic (1) 15:06:29.0562 1700 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 15:06:29.0750 1700 Fastfat - ok 15:06:29.0796 1700 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 15:06:29.0859 1700 FastUserSwitchingCompatibility - ok 15:06:29.0875 1700 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 15:06:30.0093 1700 Fdc - ok 15:06:30.0109 1700 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 15:06:30.0281 1700 Fips - ok 15:06:30.0296 1700 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 15:06:30.0515 1700 Flpydisk - ok 15:06:30.0625 1700 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 15:06:30.0796 1700 FltMgr - ok 15:06:30.0906 1700 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 15:06:30.0984 1700 FontCache3.0.0.0 - ok 15:06:31.0062 1700 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 15:06:31.0328 1700 Fs_Rec - ok 15:06:31.0343 1700 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 15:06:31.0500 1700 Ftdisk - ok 15:06:31.0562 1700 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 15:06:31.0609 1700 GEARAspiWDM - ok 15:06:31.0671 1700 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 15:06:31.0875 1700 Gpc - ok 15:06:31.0968 1700 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9a80e8bf8ed48 C:\Programme\Google\Update\GoogleUpdate.exe 15:06:31.0984 1700 gupdate1c9a80e8bf8ed48 - ok 15:06:32.0000 1700 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe 15:06:32.0015 1700 gupdatem - ok 15:06:32.0046 1700 [ A8BCCB6AB8E43C39F4EF1BC4DB8D6165 ] HdAudAddService C:\WINDOWS\system32\drivers\CHDAud.sys 15:06:32.0218 1700 HdAudAddService - ok 15:06:32.0250 1700 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 15:06:32.0453 1700 HDAudBus - ok 15:06:32.0578 1700 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 15:06:32.0812 1700 helpsvc - ok 15:06:32.0859 1700 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll 15:06:33.0125 1700 HidServ - ok 15:06:33.0218 1700 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 15:06:33.0406 1700 HidUsb - ok 15:06:33.0453 1700 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 15:06:33.0640 1700 hkmsvc - ok 15:06:33.0640 1700 hpn - ok 15:06:33.0734 1700 [ A30D7011C1B80A0BC16602D99218D522 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 15:06:33.0828 1700 HSFHWAZL - ok 15:06:33.0906 1700 [ 5A5A7721D9C62D77FC0FABA9B2CF5BE9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 15:06:34.0046 1700 HSF_DPV - ok 15:06:34.0140 1700 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 15:06:34.0203 1700 HTTP - ok 15:06:34.0250 1700 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 15:06:34.0546 1700 HTTPFilter - ok 15:06:34.0546 1700 i2omgmt - ok 15:06:34.0562 1700 i2omp - ok 15:06:34.0609 1700 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 15:06:34.0812 1700 i8042prt - ok 15:06:34.0906 1700 [ 81EFE1C5542AFB2570758F39AE3B1151 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 15:06:35.0046 1700 ialm - ok 15:06:35.0109 1700 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe 15:06:35.0203 1700 IDriverT ( UnsignedFile.Multi.Generic ) - warning 15:06:35.0203 1700 IDriverT - detected UnsignedFile.Multi.Generic (1) 15:06:35.0281 1700 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:06:35.0453 1700 idsvc - ok 15:06:35.0484 1700 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 15:06:35.0781 1700 Imapi - ok 15:06:35.0859 1700 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe 15:06:36.0000 1700 ImapiService - ok 15:06:36.0015 1700 ini910u - ok 15:06:36.0031 1700 IntelIde - ok 15:06:36.0078 1700 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 15:06:36.0218 1700 intelppm - ok 15:06:36.0234 1700 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 15:06:36.0453 1700 Ip6Fw - ok 15:06:36.0578 1700 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 15:06:36.0937 1700 IpFilterDriver - ok 15:06:36.0953 1700 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 15:06:37.0296 1700 IpInIp - ok 15:06:37.0359 1700 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 15:06:37.0609 1700 IpNat - ok 15:06:37.0687 1700 [ EF1C51222117B37AFBFF8F4642EA8C62 ] iPod Service C:\Programme\iPod\bin\iPodService.exe 15:06:37.0750 1700 iPod Service - ok 15:06:37.0796 1700 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 15:06:38.0156 1700 IPSec - ok 15:06:38.0187 1700 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 15:06:38.0406 1700 IRENUM - ok 15:06:38.0437 1700 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 15:06:38.0578 1700 isapnp - ok 15:06:38.0625 1700 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys 15:06:38.0656 1700 Iviaspi ( UnsignedFile.Multi.Generic ) - warning 15:06:38.0656 1700 Iviaspi - detected UnsignedFile.Multi.Generic (1) 15:06:38.0671 1700 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 15:06:38.0859 1700 Kbdclass - ok 15:06:38.0859 1700 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys 15:06:39.0140 1700 kbdhid - ok 15:06:39.0156 1700 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 15:06:39.0437 1700 kmixer - ok 15:06:39.0468 1700 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 15:06:39.0593 1700 KSecDD - ok 15:06:39.0625 1700 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 15:06:39.0703 1700 lanmanserver - ok 15:06:39.0734 1700 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 15:06:39.0796 1700 lanmanworkstation - ok 15:06:39.0796 1700 lbrtfdc - ok 15:06:39.0937 1700 [ FB466FAA799EACE5075FC1DE269F0066 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE 15:06:40.0078 1700 LiveUpdate - ok 15:06:40.0296 1700 [ C837D17DE0B349539AA527EE750EBE2A ] LiveUpdate Notice Service C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 15:06:40.0328 1700 LiveUpdate Notice Service - ok 15:06:40.0406 1700 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 15:06:40.0609 1700 LmHosts - ok 15:06:40.0703 1700 [ 52404CC76E9D53843BDF97564BB16BED ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe 15:06:40.0781 1700 McrdSvc - ok 15:06:40.0812 1700 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 15:06:40.0890 1700 mdmxsdk - ok 15:06:40.0906 1700 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll 15:06:41.0125 1700 Messenger - ok 15:06:41.0171 1700 [ DED60230E3019C508769EC3C15BCDA44 ] MHN C:\WINDOWS\System32\mhn.dll 15:06:41.0250 1700 MHN ( UnsignedFile.Multi.Generic ) - warning 15:06:41.0250 1700 MHN - detected UnsignedFile.Multi.Generic (1) 15:06:41.0265 1700 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys 15:06:41.0312 1700 MHNDRV ( UnsignedFile.Multi.Generic ) - warning 15:06:41.0312 1700 MHNDRV - detected UnsignedFile.Multi.Generic (1) 15:06:41.0437 1700 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe 15:06:41.0500 1700 Microsoft Office Groove Audit Service - ok 15:06:41.0500 1700 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 15:06:41.0750 1700 mnmdd - ok 15:06:41.0781 1700 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 15:06:42.0000 1700 mnmsrvc - ok 15:06:42.0062 1700 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 15:06:42.0234 1700 Modem - ok 15:06:42.0265 1700 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 15:06:42.0484 1700 Mouclass - ok 15:06:42.0515 1700 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 15:06:42.0734 1700 mouhid - ok 15:06:42.0781 1700 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 15:06:42.0937 1700 MountMgr - ok 15:06:43.0093 1700 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 15:06:43.0203 1700 MozillaMaintenance - ok 15:06:43.0234 1700 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys 15:06:43.0453 1700 MPE - ok 15:06:43.0468 1700 mraid35x - ok 15:06:43.0468 1700 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 15:06:43.0687 1700 MRxDAV - ok 15:06:43.0750 1700 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 15:06:43.0859 1700 MRxSmb - ok 15:06:43.0906 1700 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe 15:06:44.0109 1700 MSDTC - ok 15:06:44.0187 1700 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 15:06:44.0328 1700 Msfs - ok 15:06:44.0328 1700 MSIServer - ok 15:06:44.0390 1700 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 15:06:44.0578 1700 MSKSSRV - ok 15:06:44.0593 1700 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 15:06:44.0796 1700 MSPCLOCK - ok 15:06:44.0812 1700 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 15:06:45.0031 1700 MSPQM - ok 15:06:45.0062 1700 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 15:06:45.0218 1700 mssmbios - ok 15:06:45.0296 1700 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 15:06:45.0500 1700 MSTEE - ok 15:06:45.0609 1700 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 15:06:45.0640 1700 Mup - ok 15:06:45.0656 1700 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 15:06:45.0890 1700 NABTSFEC - ok 15:06:45.0937 1700 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll 15:06:46.0250 1700 napagent - ok 15:06:46.0312 1700 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 15:06:46.0515 1700 NDIS - ok 15:06:46.0625 1700 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 15:06:46.0875 1700 NdisIP - ok 15:06:46.0921 1700 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 15:06:47.0046 1700 NdisTapi - ok 15:06:47.0062 1700 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 15:06:47.0343 1700 Ndisuio - ok 15:06:47.0421 1700 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 15:06:47.0640 1700 NdisWan - ok 15:06:47.0671 1700 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 15:06:47.0718 1700 NDProxy - ok 15:06:47.0718 1700 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 15:06:47.0875 1700 NetBIOS - ok 15:06:47.0906 1700 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 15:06:48.0125 1700 NetBT - ok 15:06:48.0234 1700 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe 15:06:48.0468 1700 NetDDE - ok 15:06:48.0484 1700 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 15:06:48.0609 1700 NetDDEdsdm - ok 15:06:48.0718 1700 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys 15:06:48.0765 1700 Netdevio ( UnsignedFile.Multi.Generic ) - warning 15:06:48.0765 1700 Netdevio - detected UnsignedFile.Multi.Generic (1) 15:06:48.0796 1700 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe 15:06:48.0937 1700 Netlogon - ok 15:06:49.0015 1700 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll 15:06:49.0375 1700 Netman - ok 15:06:49.0453 1700 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:06:49.0531 1700 NetTcpPortSharing - ok 15:06:49.0562 1700 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys 15:06:49.0687 1700 NIC1394 - ok 15:06:49.0750 1700 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll 15:06:49.0781 1700 Nla - ok 15:06:49.0812 1700 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 15:06:49.0953 1700 Npfs - ok 15:06:50.0015 1700 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 15:06:50.0171 1700 Ntfs - ok 15:06:50.0187 1700 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 15:06:50.0328 1700 NtLmSsp - ok 15:06:50.0375 1700 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 15:06:50.0625 1700 NtmsSvc - ok 15:06:50.0656 1700 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 15:06:50.0859 1700 Null - ok 15:06:51.0078 1700 [ E955C80EEB77E809263B9C4443A1D188 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 15:06:51.0468 1700 nv - ok 15:06:51.0515 1700 [ 5ECB80F1A9E530AEE7574DCAC7068796 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe 15:06:51.0640 1700 NVSvc - ok 15:06:51.0671 1700 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 15:06:51.0859 1700 NwlnkFlt - ok 15:06:51.0906 1700 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 15:06:52.0140 1700 NwlnkFwd - ok 15:06:52.0312 1700 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE 15:06:52.0421 1700 odserv - ok 15:06:52.0500 1700 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys 15:06:52.0640 1700 ohci1394 - ok 15:06:52.0671 1700 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 15:06:52.0765 1700 ose - ok 15:06:52.0859 1700 [ 71CFFB1E06AA8978A7B4A346C191F8BA ] ovt530 C:\WINDOWS\system32\Drivers\ov530vid.sys 15:06:52.0937 1700 ovt530 ( UnsignedFile.Multi.Generic ) - warning 15:06:52.0937 1700 ovt530 - detected UnsignedFile.Multi.Generic (1) 15:06:52.0953 1700 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 15:06:53.0281 1700 Parport - ok 15:06:53.0343 1700 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 15:06:53.0484 1700 PartMgr - ok 15:06:53.0515 1700 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 15:06:53.0703 1700 ParVdm - ok 15:06:53.0734 1700 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 15:06:53.0906 1700 PCI - ok 15:06:53.0906 1700 PCIDump - ok 15:06:53.0921 1700 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 15:06:54.0093 1700 PCIIde - ok 15:06:54.0109 1700 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys 15:06:54.0234 1700 Pcmcia - ok 15:06:54.0234 1700 PDCOMP - ok 15:06:54.0234 1700 PDFRAME - ok 15:06:54.0250 1700 PDRELI - ok 15:06:54.0250 1700 PDRFRAME - ok 15:06:54.0265 1700 perc2 - ok 15:06:54.0265 1700 perc2hib - ok 15:06:54.0312 1700 [ 444F122E68DB44C0589227781F3C8B3F ] Pfc C:\WINDOWS\system32\drivers\pfc.sys 15:06:54.0375 1700 Pfc ( UnsignedFile.Multi.Generic ) - warning 15:06:54.0375 1700 Pfc - detected UnsignedFile.Multi.Generic (1) 15:06:54.0406 1700 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe 15:06:54.0437 1700 PlugPlay - ok 15:06:54.0453 1700 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 15:06:54.0593 1700 PolicyAgent - ok 15:06:54.0625 1700 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 15:06:54.0859 1700 PptpMiniport - ok 15:06:54.0859 1700 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 15:06:55.0046 1700 ProtectedStorage - ok 15:06:55.0078 1700 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 15:06:55.0281 1700 PSched - ok 15:06:55.0312 1700 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 15:06:55.0515 1700 Ptilink - ok 15:06:55.0531 1700 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 15:06:55.0546 1700 PxHelp20 - ok 15:06:55.0562 1700 [ 7DC7ACA4E775E9D823F5773A2F47A2AC ] qkbfiltr C:\WINDOWS\system32\drivers\qkbfiltr.sys 15:06:55.0625 1700 qkbfiltr ( UnsignedFile.Multi.Generic ) - warning 15:06:55.0625 1700 qkbfiltr - detected UnsignedFile.Multi.Generic (1) 15:06:55.0625 1700 ql1080 - ok 15:06:55.0640 1700 Ql10wnt - ok 15:06:55.0640 1700 ql12160 - ok 15:06:55.0656 1700 ql1240 - ok 15:06:55.0656 1700 ql1280 - ok 15:06:55.0671 1700 [ 8652B9E134C3478BE948BF089DF8ED5E ] qmofiltr C:\WINDOWS\system32\drivers\qmofiltr.sys 15:06:55.0750 1700 qmofiltr ( UnsignedFile.Multi.Generic ) - warning 15:06:55.0750 1700 qmofiltr - detected UnsignedFile.Multi.Generic (1) 15:06:55.0765 1700 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 15:06:55.0937 1700 RasAcd - ok 15:06:56.0046 1700 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll 15:06:56.0406 1700 RasAuto - ok 15:06:56.0453 1700 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 15:06:56.0640 1700 Rasl2tp - ok 15:06:56.0687 1700 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll 15:06:56.0875 1700 RasMan - ok 15:06:56.0953 1700 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 15:06:57.0187 1700 RasPppoe - ok 15:06:57.0265 1700 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 15:06:57.0484 1700 Raspti - ok 15:06:57.0515 1700 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 15:06:57.0703 1700 Rdbss - ok 15:06:57.0750 1700 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 15:06:57.0937 1700 RDPCDD - ok 15:06:57.0968 1700 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 15:06:58.0156 1700 rdpdr - ok 15:06:58.0281 1700 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 15:06:58.0359 1700 RDPWD - ok 15:06:58.0390 1700 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 15:06:58.0593 1700 RDSessMgr - ok 15:06:58.0625 1700 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 15:06:58.0812 1700 redbook - ok 15:06:58.0828 1700 [ 1B2857EF12D79A9F9ADBA14B0637CBF8 ] RegSrvc C:\Programme\Intel\Wireless\Bin\RegSrvc.exe 15:06:58.0906 1700 RegSrvc ( UnsignedFile.Multi.Generic ) - warning 15:06:58.0906 1700 RegSrvc - detected UnsignedFile.Multi.Generic (1) 15:06:58.0953 1700 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 15:06:59.0203 1700 RemoteAccess - ok 15:06:59.0234 1700 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 15:06:59.0453 1700 RemoteRegistry - ok 15:06:59.0484 1700 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys 15:06:59.0671 1700 RFCOMM - ok 15:06:59.0687 1700 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe 15:06:59.0875 1700 RpcLocator - ok 15:06:59.0968 1700 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll 15:07:00.0062 1700 RpcSs - ok 15:07:00.0109 1700 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe 15:07:00.0375 1700 RSVP - ok 15:07:00.0500 1700 [ 6C5155CC0E805C7BE6028BFF7AC14524 ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe 15:07:00.0609 1700 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning 15:07:00.0609 1700 S24EventMonitor - detected UnsignedFile.Multi.Generic (1) 15:07:00.0625 1700 [ 1CC074E0D48383D4E9BFFC6A26C2A58A ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys 15:07:00.0687 1700 s24trans ( UnsignedFile.Multi.Generic ) - warning 15:07:00.0687 1700 s24trans - detected UnsignedFile.Multi.Generic (1) 15:07:00.0703 1700 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe 15:07:00.0843 1700 SamSs - ok 15:07:00.0875 1700 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 15:07:01.0156 1700 SCardSvr - ok 15:07:01.0203 1700 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll 15:07:01.0421 1700 Schedule - ok 15:07:01.0453 1700 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys 15:07:01.0609 1700 sdbus - ok 15:07:01.0640 1700 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 15:07:01.0953 1700 Secdrv - ok 15:07:01.0968 1700 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll 15:07:02.0250 1700 seclogon - ok 15:07:02.0265 1700 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll 15:07:02.0421 1700 SENS - ok 15:07:02.0468 1700 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys 15:07:02.0687 1700 Serial - ok 15:07:02.0781 1700 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys 15:07:03.0000 1700 sffdisk - ok 15:07:03.0125 1700 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys 15:07:03.0328 1700 sffp_sd - ok 15:07:03.0343 1700 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 15:07:03.0546 1700 Sfloppy - ok 15:07:03.0609 1700 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 15:07:03.0859 1700 SharedAccess - ok 15:07:03.0890 1700 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 15:07:03.0906 1700 ShellHWDetection - ok 15:07:03.0906 1700 Simbad - ok 15:07:03.0953 1700 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe 15:07:03.0968 1700 SkypeUpdate - ok 15:07:04.0000 1700 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 15:07:04.0203 1700 SLIP - ok 15:07:04.0281 1700 [ 6C7F2B518F8A7ABE1C145F26AA48C633 ] SMCB000 C:\WINDOWS\system32\DRIVERS\hidsmsc.sys 15:07:04.0343 1700 SMCB000 - ok 15:07:04.0343 1700 Sparrow - ok 15:07:04.0375 1700 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 15:07:04.0640 1700 splitter - ok 15:07:04.0703 1700 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 15:07:04.0734 1700 Spooler - ok 15:07:04.0750 1700 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 15:07:04.0921 1700 sr - ok 15:07:05.0000 1700 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll 15:07:05.0312 1700 srservice - ok 15:07:05.0437 1700 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 15:07:05.0546 1700 Srv - ok 15:07:05.0562 1700 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 15:07:05.0765 1700 SSDPSRV - ok 15:07:05.0812 1700 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 15:07:05.0843 1700 ssmdrv - ok 15:07:05.0906 1700 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll 15:07:06.0171 1700 stisvc - ok 15:07:06.0218 1700 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 15:07:06.0421 1700 streamip - ok 15:07:06.0500 1700 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 15:07:06.0906 1700 swenum - ok 15:07:06.0921 1700 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 15:07:07.0109 1700 swmidi - ok 15:07:07.0109 1700 SwPrv - ok 15:07:07.0125 1700 symc810 - ok 15:07:07.0125 1700 symc8xx - ok 15:07:07.0140 1700 sym_hi - ok 15:07:07.0140 1700 sym_u3 - ok 15:07:07.0187 1700 [ A6CC8C28D5AAD4179EF32F05BED55E91 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys 15:07:07.0296 1700 SynTP - ok 15:07:07.0328 1700 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 15:07:07.0515 1700 sysaudio - ok 15:07:07.0546 1700 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 15:07:07.0734 1700 SysmonLog - ok 15:07:07.0781 1700 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 15:07:08.0000 1700 TapiSrv - ok 15:07:08.0109 1700 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 15:07:08.0171 1700 Tcpip - ok 15:07:08.0203 1700 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 15:07:08.0406 1700 TDPIPE - ok 15:07:08.0437 1700 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 15:07:08.0656 1700 TDTCP - ok 15:07:08.0703 1700 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 15:07:08.0890 1700 TermDD - ok 15:07:08.0968 1700 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll 15:07:09.0187 1700 TermService - ok 15:07:09.0203 1700 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll 15:07:09.0218 1700 Themes - ok 15:07:09.0265 1700 [ 244CFBFFDEFB77F3DF571A8CD108FC06 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys 15:07:09.0375 1700 tifm21 - ok 15:07:09.0406 1700 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 15:07:09.0656 1700 TlntSvr - ok 15:07:09.0656 1700 TosIde - ok 15:07:09.0718 1700 [ CC069342EE0EAE55B32A0AE99CF6185C ] tosrfec C:\WINDOWS\system32\DRIVERS\tosrfec.sys 15:07:09.0765 1700 tosrfec ( UnsignedFile.Multi.Generic ) - warning 15:07:09.0765 1700 tosrfec - detected UnsignedFile.Multi.Generic (1) 15:07:09.0781 1700 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll 15:07:10.0015 1700 TrkWks - ok 15:07:10.0078 1700 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 15:07:10.0312 1700 Udfs - ok 15:07:10.0312 1700 UIUSys - ok 15:07:10.0312 1700 ultra - ok 15:07:10.0437 1700 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 15:07:10.0625 1700 Update - ok 15:07:10.0656 1700 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll 15:07:10.0859 1700 upnphost - ok 15:07:10.0890 1700 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe 15:07:11.0171 1700 UPS - ok 15:07:11.0203 1700 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys 15:07:11.0312 1700 USBAAPL - ok 15:07:11.0359 1700 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 15:07:11.0531 1700 usbccgp - ok 15:07:11.0609 1700 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 15:07:11.0796 1700 usbehci - ok 15:07:11.0812 1700 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 15:07:12.0015 1700 usbhub - ok 15:07:12.0031 1700 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 15:07:12.0359 1700 usbprint - ok 15:07:12.0375 1700 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 15:07:12.0562 1700 usbscan - ok 15:07:12.0578 1700 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:07:12.0765 1700 USBSTOR - ok 15:07:12.0765 1700 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 15:07:12.0984 1700 usbuhci - ok 15:07:13.0015 1700 [ 7FD4FECFA6B8431C7F182F9E1C84784D ] VcomPort C:\WINDOWS\system32\DRIVERS\vcomrico.sys 15:07:13.0093 1700 VcomPort ( UnsignedFile.Multi.Generic ) - warning 15:07:13.0093 1700 VcomPort - detected UnsignedFile.Multi.Generic (1) 15:07:13.0140 1700 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 15:07:13.0328 1700 VgaSave - ok 15:07:13.0343 1700 ViaIde - ok 15:07:13.0406 1700 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 15:07:13.0562 1700 VolSnap - ok 15:07:13.0640 1700 [ E4D2305EBB9DE0871A1E13294D0F349B ] vpnagent C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe 15:07:13.0750 1700 vpnagent - ok 15:07:13.0781 1700 [ E1F2333A88EC4A5C8EA6BE357323B72D ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva.sys 15:07:13.0859 1700 vpnva - ok 15:07:13.0921 1700 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe 15:07:14.0187 1700 VSS - ok 15:07:14.0218 1700 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll 15:07:14.0453 1700 W32Time - ok 15:07:14.0593 1700 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys 15:07:14.0734 1700 w39n51 - ok 15:07:14.0781 1700 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 15:07:14.0984 1700 Wanarp - ok 15:07:14.0984 1700 WDICA - ok 15:07:15.0015 1700 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 15:07:15.0343 1700 wdmaud - ok 15:07:15.0390 1700 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll 15:07:15.0625 1700 WebClient - ok 15:07:15.0671 1700 [ E0A00B06EA067C84E124B407DFFA1AF1 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 15:07:15.0796 1700 winachsf - ok 15:07:15.0875 1700 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 15:07:16.0062 1700 winmgmt - ok 15:07:16.0109 1700 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 15:07:16.0218 1700 WmdmPmSN - ok 15:07:16.0296 1700 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll 15:07:16.0343 1700 Wmi - ok 15:07:16.0406 1700 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 15:07:16.0625 1700 WmiAcpi - ok 15:07:16.0718 1700 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 15:07:17.0000 1700 WmiApSrv - ok 15:07:17.0109 1700 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe 15:07:17.0265 1700 WMPNetworkSvc - ok 15:07:17.0312 1700 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys 15:07:17.0421 1700 WpdUsb - ok 15:07:17.0453 1700 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys 15:07:17.0796 1700 WS2IFSL - ok 15:07:17.0859 1700 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll 15:07:18.0062 1700 wscsvc - ok 15:07:18.0109 1700 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 15:07:18.0296 1700 WSTCODEC - ok 15:07:18.0312 1700 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 15:07:18.0515 1700 wuauserv - ok 15:07:18.0546 1700 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 15:07:18.0625 1700 WudfPf - ok 15:07:18.0656 1700 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 15:07:19.0015 1700 WudfRd - ok 15:07:19.0062 1700 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 15:07:19.0156 1700 WudfSvc - ok 15:07:19.0203 1700 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 15:07:19.0468 1700 WZCSVC - ok 15:07:19.0562 1700 [ 81E8DA36CE70858898D5EB81E28A47D2 ] X10Hid C:\WINDOWS\system32\Drivers\x10hid.sys 15:07:19.0671 1700 X10Hid - ok 15:07:19.0703 1700 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe 15:07:19.0765 1700 x10nets ( UnsignedFile.Multi.Generic ) - warning 15:07:19.0765 1700 x10nets - detected UnsignedFile.Multi.Generic (1) 15:07:19.0796 1700 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 15:07:20.0093 1700 xmlprov - ok 15:07:20.0125 1700 ================ Scan global =============================== 15:07:20.0156 1700 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll 15:07:20.0250 1700 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 15:07:20.0265 1700 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 15:07:20.0296 1700 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe 15:07:20.0296 1700 [Global] - ok 15:07:20.0296 1700 ================ Scan MBR ================================== 15:07:20.0312 1700 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0 15:07:20.0671 1700 \Device\Harddisk0\DR0 - ok 15:07:20.0671 1700 ================ Scan VBR ================================== 15:07:20.0671 1700 [ F461E5580FA3D954BB6FD46142113E20 ] \Device\Harddisk0\DR0\Partition1 15:07:20.0671 1700 \Device\Harddisk0\DR0\Partition1 - ok 15:07:20.0671 1700 ============================================================ 15:07:20.0671 1700 Scan finished 15:07:20.0671 1700 ============================================================ 15:07:20.0796 0548 Detected object count: 31 15:07:20.0796 0548 Actual detected object count: 31 15:08:08.0265 0548 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0265 0548 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0265 0548 BDA_Capture_220 ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0265 0548 BDA_Capture_220 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0265 0548 BDA_Loader_220 ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0265 0548 BDA_Loader_220 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0265 0548 CFSvcs ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0265 0548 CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0265 0548 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0265 0548 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0281 0548 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0281 0548 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0281 0548 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0281 0548 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0281 0548 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0281 0548 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0281 0548 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0281 0548 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0281 0548 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0281 0548 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0296 0548 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0296 0548 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0296 0548 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0296 0548 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0296 0548 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0296 0548 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0296 0548 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0296 0548 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0296 0548 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0296 0548 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0296 0548 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0296 0548 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0296 0548 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0296 0548 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0296 0548 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0296 0548 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0312 0548 MHN ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0312 0548 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0312 0548 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0312 0548 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0312 0548 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0312 0548 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0312 0548 ovt530 ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0312 0548 ovt530 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0312 0548 Pfc ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0312 0548 Pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0328 0548 qkbfiltr ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0328 0548 qkbfiltr ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0328 0548 qmofiltr ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0328 0548 qmofiltr ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0328 0548 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0328 0548 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0328 0548 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0328 0548 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0328 0548 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0328 0548 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0343 0548 tosrfec ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0343 0548 tosrfec ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0343 0548 VcomPort ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0343 0548 VcomPort ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:08:08.0343 0548 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user 15:08:08.0343 0548 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:09:01.0609 2460 Deinitialize success 2. eset: ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=6de680ff76e7484cb9ac46ebc2e18f0b # engine=13145 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-13 06:15:53 # local_time=2013-02-13 07:15:53 (+0100, Westeuropäische Normalzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1799 16775165 100 100 34002 226202643 26643 0 # scanned=148645 # found=4 # cleaned=0 # scan_time=14474 sh=EF50E9B48CA05EC1423DD9C858738A2971BFB8A8 ft=1 fh=5f4591e8147a9bfd vn="Win32/StartPage.OIE trojan" ac=I fn="C:\Dokumente und Einstellungen\Janna\Eigene Dateien\Downloads\vlc-1.1.11-win32.exe" sh=EF50E9B48CA05EC1423DD9C858738A2971BFB8A8 ft=1 fh=5f4591e8147a9bfd vn="Win32/StartPage.OIE trojan" ac=I fn="F:\System Volume Information\_restore{DD0FF237-AD14-4090-B42A-4C4F2C77CAA7}\RP1155\A0103641.exe" sh=EF50E9B48CA05EC1423DD9C858738A2971BFB8A8 ft=1 fh=5f4591e8147a9bfd vn="Win32/StartPage.OIE trojan" ac=I fn="F:\Backup 29.11.11\Downloads\vlc-1.1.11-win32.exe" sh=EF50E9B48CA05EC1423DD9C858738A2971BFB8A8 ft=1 fh=5f4591e8147a9bfd vn="Win32/StartPage.OIE trojan" ac=I fn="F:\Backup 03.02.13\Downloads\vlc-1.1.11-win32.exe" 3. security check: Results of screen317's Security Check version 0.99.57 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.5.502.149 Adobe Reader 10.1.5 Adobe Reader out of Date! Mozilla Firefox (18.0.2) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: ````````````````````End of Log`````````````````````` LG, Janna |
|
14.02.2013, 05:13
| #9 |
| /// Helfer-Team | Trojaner clickcompare entfernen Aktualisiere:
Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
14.02.2013, 13:36
| #10 |
| | Trojaner clickcompare entfernen Hi t'john, hier die Ergebnisse: 1. PluginCheck: PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 18.0 ist aktuell Flash (11,5,502,149) ist aktuell. Java (1,7,0,13) ist aktuell. Adobe Reader 11,0,1,36 ist aktuell. 2. PluginCheck: PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 18.0 ist aktuell Flash (11,5,502,149) ist aktuell. Java ist nicht Installiert oder nicht aktiviert. Adobe Reader 11,0,1,36 ist aktuell. LG, Janna |
|
15.02.2013, 12:13
| #11 |
| /// Helfer-Team | Trojaner clickcompare entfernen Sehr gut!  damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
15.02.2013, 14:52
| #12 |
| | Trojaner clickcompare entfernen 1000 Dank!!!! |
|
16.02.2013, 01:01
| #13 |
| /// Helfer-Team | Trojaner clickcompare entfernen wuensche eine virenfreie Zeit  |
|
| Themen zu Trojaner clickcompare entfernen |
| clickcompare, entferne, entfernen, firefox, firefox settings, freue, hängt, immer wieder, infiziert., laptop, programm, scan, scanning, schritt, troja, trojaner |
Linear-Darstellung
