| |
| |||||||
Log-Analyse und Auswertung: TR.Necurs.A Drive-by Download. Virenscanner & Windows update & Firewall außer FunktionWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.02.2013, 21:33
| #1 |
 |  TR.Necurs.A Drive-by Download. Virenscanner & Windows update & Firewall außer Funktion Hallo, bisher habe ich mir noch durch dieses tolle Board und Google selbst helfen können, doch nun bin ich an einem Punkt wo ich nicht mehr weiter weiß außer das System zu plätten. Folgendes Szenario: Mein Schwiegervater hat einen Link in einer E-Mail von einem Bekannten geöffnet. Die Website auf die er geleitet wurde war leider scheinbar präpariert. Ihm ist es auch sofort aufgefallen, allerdings eben zu spät. Die kostenlose Version von Avira Antivir hat nach einem Komplettscan zwei Malwares gefunden. Einmal einen TR.Necurs.A im Java Ordner (zu der Zeit Version Java 6 Update 9 ), der wohl durch eine Sicherheitslücke im veralteten Java als Drive-by Download dort gelandet ist. Entdeckt heute morgen (So, 17.02.2013) um 11:07 nach knapp 72 minütigem Scan von Avira. Ebenfalls entdeckt zur gleichen Zeit eine Datei mit zufälligem Namen .exe als TR.Gen. Ich bin heute um 18 Uhr eingetroffen und habe das System begutachtet. Beide Funde waren in Quarantäne. Auffällig war sofort, dass die Avira Echtzeitscanner nicht liefen und sich auch nicht aktivieren ließen. Bei dem System handelt es sich um ein Windows XP SP3 (legale Kopie mit aktuellen Updates bis ca Februar 2013) Ich habe dann angefangen die Sicherheitslücken zu schließen. Das alte Java deinstalliert und Java 6 Update 39 installiert. Flash Player update gemacht. Ich wollte dann Adobe Reader updaten, weil da noch eine Version 9 drauf war, dies war aber nicht möglich. Auch eine Neuinstallation vom Adobe Reader hat nicht funktioniert. Die Installation nach dem Ausführen vom Acrobat IT Tools Cleaner auch nicht. Ist aber vielleicht ein anderes Problem, will es nur der Vollständigkeit halber erwähnen. Im Anschluss habe ich das funktionsunfähige Avira Antivir deinstalliert, neugestartet und McAfee installiert. Dieser Scanner hat ebenfalls nicht funktioniert. Also den auch wieder deinstalliert, neustart, und Avast installiert. Dann erneut den PC gestartet. Gleiches Problem, Scanner funktionieren nicht, Updates der Virendefinitionen oder Programm gehen auch nicht, Reparatur auch nicht. Den Avast Dienst manuell über die Verwaltung starten ging ebenfalls nicht. Folgender Error:  Windows Updates sind deaktiviert, obwohl sie in der Systemsteuerung bei Windows Update aktiviert sind. Sicherheitscenter meldet aber deaktiviert. Manuell nach Updates suchen (bei XP über den IE) funktioniert ebenfalls nicht. Windows Firewall wird bei jedem Systemstart wieder deaktiviert. Habe dann in der Registry nach seltsamen Starteinträgen gesucht, Hijackthis laufen lassen und den Report zur Onlineauswertung auf der Homepage gegeben. Leider bin ich auf nichts gestoßen. Die Dateien bzw. Registryeinträge, die laut Google von TR.Necurs.A angelegt werden sollten, finde ich ebenfalls nicht, wie z. B. hier beschrieben hxxp://blog.yoocare.com/remove-trojanwin64necurs-a-virus-permanently-manual-removal Ich habe dann die drei Schritte aus der Anleitung befolgt und poste euch nun hier die Ergebnisse des Scans. Direkt vorweg, leider hat der Scan mit GMER nicht recht funktioniert. Es kamen mehrere Errors und dann meinte er, er hätte nichts gefunden, und hat mir auch kein Logfile angezeigt. Netzwerkverbindungen waren deaktiviert und Prozesse auch soweit Möglich beendet. Ich hoffe ihr könnt mir und meinem Schwiegervater weiterhelfen. Auf dem System sind natürlich wichtige Daten wie Word und PDF Dokumente, E-Mails und Bilder, und leider existiert kein Backup. Aufgrund der vermuteten Infektion habe ich allerdings vorerst von einem Überspielen der Daten auf einen externen Datenträger abgeraten. OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.02.2013 19:57:30 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Alfred\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 82,57% Memory free 4,58 Gb Paging File | 4,11 Gb Available in Paging File | 89,84% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 216,87 Gb Total Space | 23,74 Gb Free Space | 10,95% Space Free | Partition Type: NTFS Drive D: | 16,00 Gb Total Space | 12,15 Gb Free Space | 75,90% Space Free | Partition Type: NTFS Computer Name: HP1 | User Name: Alfred | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.17 19:55:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Alfred\Desktop\OTL.exe PRC - [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Alfred\Anwendungsdaten\Dropbox\bin\Dropbox.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2010.04.05 11:55:01 | 000,116,104 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe PRC - [2010.02.18 11:38:40 | 000,684,680 | ---- | M] (SPAMfighter) -- C:\Programme\Common Files\Common Toolkit Suite\FighterSuiteService.exe PRC - [2010.02.03 12:57:56 | 000,389,120 | R--- | M] (Teleca) -- C:\Programme\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe PRC - [2009.12.11 13:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe PRC - [2009.11.19 15:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe PRC - [2009.09.29 11:29:00 | 000,356,352 | R--- | M] (Teleca Sweden AB) -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe PRC - [2009.09.29 11:28:26 | 001,011,712 | R--- | M] (Teleca Sweden AB) -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe PRC - [2009.09.29 11:03:26 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe PRC - [2009.09.29 11:03:02 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe PRC - [2009.08.19 21:54:13 | 000,271,744 | ---- | M] (IncrediMail, Ltd.) -- C:\Programme\IncrediMail\Bin\IncMail.exe PRC - [2009.08.19 21:54:13 | 000,210,304 | ---- | M] (IncrediMail, Ltd.) -- C:\Programme\IncrediMail\Bin\ImApp.exe PRC - [2009.06.03 08:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\logger.exe PRC - [2009.04.14 11:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe PRC - [2008.10.03 22:58:58 | 000,962,480 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe PRC - [2008.10.03 22:55:12 | 004,378,000 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2008.10.03 21:40:00 | 000,165,144 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe PRC - [2008.10.03 21:39:54 | 000,554,264 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.04.07 07:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Programme\PDF Complete\pdfsvc.exe PRC - [2007.08.09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe PRC - [2007.01.31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006.09.25 08:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\CLI.exe PRC - [2006.07.10 10:53:08 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe ========== Modules (No Company Name) ========== MOD - [2013.01.10 22:11:30 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e7cef47e\mscorlib.dll MOD - [2013.01.10 22:11:28 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_f6d7c91e\system.drawing.dll MOD - [2013.01.10 22:11:19 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_72ede471\system.xml.dll MOD - [2013.01.10 22:11:13 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_2717e290\system.windows.forms.dll MOD - [2013.01.10 22:11:03 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_e2bf0d85\system.dll MOD - [2013.01.10 22:10:53 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll MOD - [2013.01.10 22:10:53 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2013.01.10 22:10:52 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll MOD - [2013.01.10 22:10:50 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2010.04.05 11:55:01 | 000,116,104 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe MOD - [2010.02.10 17:08:38 | 000,237,361 | R--- | M] () -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll MOD - [2010.02.10 17:08:38 | 000,237,361 | R--- | M] () -- C:\Programme\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll MOD - [2009.09.29 11:24:24 | 000,139,264 | R--- | M] () -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll MOD - [2009.08.19 21:54:14 | 000,230,784 | ---- | M] () -- C:\Programme\IncrediMail\Bin\ImLookExU.dll MOD - [2009.08.19 21:54:14 | 000,071,040 | ---- | M] () -- C:\Programme\IncrediMail\Bin\wlessfp1.dll MOD - [2009.08.19 21:54:13 | 000,116,096 | ---- | M] () -- C:\Programme\IncrediMail\Bin\ImComUtlU.dll MOD - [2009.08.19 21:54:13 | 000,079,232 | ---- | M] () -- C:\Programme\IncrediMail\Bin\ImAppRU.dll MOD - [2009.03.25 02:24:28 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll MOD - [2009.03.25 02:24:28 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll MOD - [2009.03.25 02:24:27 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll MOD - [2009.03.25 02:23:40 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.03.25 02:23:40 | 000,180,224 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms.resources\1.0.5000.0_de_b77a5c561934e089\system.windows.forms.resources.dll MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007.01.11 16:33:20 | 000,106,496 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc80-mt-1_33.dll MOD - [2006.07.10 10:53:08 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [Auto | Stopped] -- -- (0208231241116309mcinstcleanup) SRV - [2013.02.17 18:47:23 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.01 12:26:44 | 000,061,696 | ---- | M] () [Unknown (-1) | Unknown] -- C:\WINDOWS\System32\drivers\cb010bd02561def3.sys -- (cb010bd02561def3) SRV - [2013.02.01 12:26:37 | 000,074,240 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Installer\{2A781366-67FF-1FE0-3C30-7D941BF2EEAB}\syshost.exe -- (syshost32) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2010.04.05 11:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2010.02.18 11:38:40 | 000,684,680 | ---- | M] (SPAMfighter) [Auto | Running] -- C:\Programme\Common Files\Common Toolkit Suite\FighterSuiteService.exe -- (Common Toolkit Service) SRV - [2009.11.08 10:49:57 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.10.03 21:39:54 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.04.07 07:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Programme\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2007.08.09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2007.01.31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.02.01 12:26:44 | 000,061,696 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINDOWS\System32\drivers\cb010bd02561def3.sys -- (cb010bd02561def3) DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012.10.30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012.10.30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.07.04 15:05:05 | 000,139,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD) DRV - [2011.08.17 14:49:54 | 000,138,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD) DRV - [2011.07.15 14:29:31 | 000,456,320 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\DRIVERS\mrxsmb.sys -- (MRxSmb) DRV - [2011.07.08 15:02:00 | 000,010,496 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\ndistapi.sys -- (NdisTapi) DRV - [2011.04.21 14:37:43 | 000,105,472 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup) DRV - [2011.02.17 14:18:03 | 000,357,888 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\srv.sys -- (Srv) DRV - [2010.11.02 16:17:02 | 000,040,960 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy) DRV - [2009.11.10 10:43:53 | 000,585,280 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\emBDA.sys -- (USB28xxBGA) DRV - [2009.11.10 10:43:53 | 000,549,952 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\emOEM.sys -- (USB28xxOEM) DRV - [2009.11.08 10:39:20 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2009.10.20 17:20:16 | 000,265,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\HTTP.sys -- (HTTP) DRV - [2009.09.13 14:50:42 | 000,971,168 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\tdrpm140.sys -- (tdrpman140) DRV - [2009.09.13 14:50:38 | 000,540,000 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\timntr.sys -- (timounter) DRV - [2009.09.13 14:50:38 | 000,044,704 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\tifsfilt.sys -- (tifsfilter) DRV - [2009.09.13 14:50:34 | 000,134,272 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\snman380.sys -- (snapman380) DRV - [2009.06.24 12:18:41 | 000,092,928 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD) DRV - [2009.06.10 15:49:32 | 000,024,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2008.07.11 14:44:00 | 000,191,872 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\fslx.sys -- (FSLX) DRV - [2008.06.20 12:51:12 | 000,361,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\tcpip.sys -- (Tcpip) DRV - [2008.04.25 12:36:53 | 000,091,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\ndiswan.sys -- (NdisWan) DRV - [2008.04.25 12:36:51 | 000,182,912 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS) DRV - [2008.04.14 03:23:26 | 000,040,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\termdd.sys -- (TermDD) DRV - [2008.04.14 03:23:26 | 000,021,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP) DRV - [2008.04.14 03:23:26 | 000,012,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE) DRV - [2008.04.14 03:02:33 | 000,073,472 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sr.sys -- (sr) DRV - [2008.04.14 03:02:16 | 000,120,576 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia) DRV - [2008.04.14 03:02:13 | 000,068,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\pci.sys -- (PCI) DRV - [2008.04.14 03:02:10 | 000,080,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\parport.sys -- (Parport) DRV - [2008.04.14 03:02:08 | 000,046,848 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\p3.sys -- (P3) DRV - [2008.04.14 02:58:36 | 000,025,216 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\kbdclass.sys -- (Kbdclass) DRV - [2008.04.14 02:58:18 | 000,154,112 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio) DRV - [2008.04.14 02:58:13 | 000,800,384 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\dmboot.sys -- (dmboot) DRV - [2008.04.14 02:58:03 | 000,037,632 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\isapnp.sys -- (isapnp) DRV - [2008.04.14 02:57:20 | 000,040,448 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\intelppm.sys -- (intelppm) DRV - [2008.04.14 02:57:19 | 000,005,504 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\intelide.sys -- (IntelIde) DRV - [2008.04.14 02:55:34 | 000,052,992 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\i8042prt.sys -- (i8042prt) DRV - [2008.04.14 02:54:59 | 000,065,536 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\serial.sys -- (Serial) DRV - [2008.04.14 02:52:51 | 000,057,728 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\redbook.sys -- (redbook) DRV - [2008.04.14 02:52:51 | 000,044,672 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips) DRV - [2008.04.14 02:52:02 | 000,053,760 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap) DRV - [2008.04.14 02:49:36 | 000,023,552 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\mouclass.sys -- (Mouclass) DRV - [2008.04.14 02:49:32 | 000,030,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem) DRV - [2008.04.14 02:49:03 | 000,188,800 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ACPI.sys -- (ACPI) DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\MPE.sys -- (MPE) DRV - [2008.04.14 00:15:14 | 000,060,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio) DRV - [2008.04.13 20:46:26 | 000,085,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys -- (NABTSFEC) DRV - [2008.04.13 20:46:24 | 000,019,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS -- (WSTCODEC) DRV - [2008.04.13 20:46:24 | 000,017,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\CCDECODE.sys -- (CCDECODE) DRV - [2008.04.13 20:46:24 | 000,011,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SLIP.sys -- (SLIP) DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\StreamIP.sys -- (streamip) DRV - [2008.04.13 20:46:22 | 000,010,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\NdisIP.sys -- (NdisIP) DRV - [2008.04.13 20:46:20 | 000,048,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\61883.sys -- (61883) DRV - [2008.04.13 20:46:20 | 000,038,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\avc.sys -- (Avc) DRV - [2008.04.13 20:46:10 | 000,051,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\msdv.sys -- (MSDV) DRV - [2008.04.13 20:39:50 | 000,005,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\MSTEE.sys -- (MSTEE) DRV - [2008.04.13 20:28:39 | 000,175,744 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\DRIVERS\rdbss.sys -- (Rdbss) DRV - [2008.04.13 20:21:00 | 000,162,816 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\netbt.sys -- (NetBT) DRV - [2008.04.13 20:19:48 | 000,048,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\raspptp.sys -- (PptpMiniport) DRV - [2008.04.13 20:19:43 | 000,051,328 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\rasl2tp.sys -- (Rasl2tp) DRV - [2008.04.13 20:19:42 | 000,075,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\ipsec.sys -- (IPSec) DRV - [2008.04.13 20:17:18 | 000,083,072 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wdmaud.sys -- (wdmaud) DRV - [2008.04.13 20:15:55 | 000,060,800 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\sysaudio.sys -- (sysaudio) DRV - [2008.04.13 20:15:53 | 000,574,976 | ---- | M] () [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs) DRV - [2008.04.13 20:14:29 | 000,143,744 | ---- | M] () [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat) DRV - [2008.04.13 20:14:21 | 000,063,744 | ---- | M] () [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs) DRV - [2008.04.13 19:57:32 | 000,041,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\raspppoe.sys -- (RasPppoe) DRV - [2008.04.13 19:57:27 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\asyncmac.sys -- (AsyncMac) DRV - [2008.04.13 19:57:21 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\wanarp.sys -- (Wanarp) DRV - [2008.04.13 19:57:15 | 000,152,832 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\ipnat.sys -- (IpNat) DRV - [2008.04.13 19:57:07 | 000,020,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2008.04.13 19:56:49 | 000,012,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys -- (usb_rndisx) DRV - [2008.04.13 19:56:38 | 000,069,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\psched.sys -- (PSched) DRV - [2008.04.13 19:56:32 | 000,035,072 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\msgpc.sys -- (Gpc) DRV - [2008.04.13 19:56:02 | 000,034,688 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\DRIVERS\netbios.sys -- (NetBIOS) DRV - [2008.04.13 19:55:58 | 000,014,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\ndisuio.sys -- (Ndisuio) DRV - [2008.04.13 19:54:28 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\irenum.sys -- (IRENUM) DRV - [2008.04.13 19:53:34 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ip6fw.sys -- (Ip6Fw) DRV - [2008.04.13 19:51:25 | 000,061,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\nic1394.sys -- (NIC1394) DRV - [2008.04.13 19:51:25 | 000,060,800 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\arp1394.sys -- (Arp1394) DRV - [2008.04.13 19:51:25 | 000,059,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\atmarpc.sys -- (Atmarpc) DRV - [2008.04.13 19:47:38 | 000,025,856 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\usbprint.sys -- (usbprint) DRV - [2008.04.13 19:46:18 | 000,061,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ohci1394.sys -- (ohci1394) DRV - [2008.04.13 19:45:40 | 000,032,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\usbccgp.sys -- (usbccgp) DRV - [2008.04.13 19:45:38 | 000,026,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS -- (USBSTOR) DRV - [2008.04.13 19:45:37 | 000,059,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\usbhub.sys -- (usbhub) DRV - [2008.04.13 19:45:35 | 000,030,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\usbehci.sys -- (usbehci) DRV - [2008.04.13 19:45:35 | 000,020,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\usbuhci.sys -- (usbuhci) DRV - [2008.04.13 19:45:34 | 000,015,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\usbscan.sys -- (usbscan) DRV - [2008.04.13 19:45:13 | 000,002,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\drmkaud.sys -- (drmkaud) DRV - [2008.04.13 19:45:09 | 000,172,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\kmixer.sys -- (kmixer) DRV - [2008.04.13 19:45:09 | 000,056,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmidi.sys -- (swmidi) DRV - [2008.04.13 19:45:07 | 000,006,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\splitter.sys -- (splitter) DRV - [2008.04.13 19:45:01 | 000,052,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\DMusic.sys -- (DMusic) DRV - [2008.04.13 19:44:40 | 000,020,992 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave) DRV - [2008.04.13 19:40:58 | 000,042,112 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\imapi.sys -- (Imapi) DRV - [2008.04.13 19:40:49 | 000,019,712 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr) DRV - [2008.04.13 19:40:48 | 000,011,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\sfloppy.sys -- (Sfloppy) DRV - [2008.04.13 19:40:47 | 000,036,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\disk.sys -- (Disk) DRV - [2008.04.13 19:40:46 | 000,062,976 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\cdrom.sys -- (Cdrom) DRV - [2008.04.13 19:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi) DRV - [2008.04.13 19:40:25 | 000,027,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\fdc.sys -- (Fdc) DRV - [2008.04.13 19:40:25 | 000,020,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\flpydisk.sys -- (Flpydisk) DRV - [2008.04.13 19:40:12 | 000,015,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\serenum.sys -- (serenum) DRV - [2008.04.13 19:39:53 | 000,004,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\swenum.sys -- (swenum) DRV - [2008.04.13 19:39:52 | 000,007,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\MSKSSRV.sys -- (MSKSSRV) DRV - [2008.04.13 19:39:51 | 000,004,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\MSPQM.sys -- (MSPQM) DRV - [2008.04.13 19:39:50 | 000,005,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\MSPCLOCK.sys -- (MSPCLOCK) DRV - [2008.04.13 19:39:46 | 000,042,368 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr) DRV - [2008.04.13 19:36:46 | 000,015,488 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\mssmbios.sys -- (mssmbios) DRV - [2008.04.13 19:32:59 | 000,129,792 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\fltmgr.sys -- (FltMgr) DRV - [2008.04.13 19:32:51 | 000,196,224 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\rdpdr.sys -- (rdpdr) DRV - [2008.04.13 19:32:44 | 000,180,608 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\mrxdav.sys -- (MRxDAV) DRV - [2008.04.13 19:32:39 | 000,030,848 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs) DRV - [2008.04.13 19:32:39 | 000,019,072 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs) DRV - [2008.04.13 19:32:36 | 000,066,048 | ---- | M] () [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs) DRV - [2008.04.13 17:39:23 | 000,142,592 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aec.sys -- (aec) DRV - [2008.01.19 09:45:28 | 000,503,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\wdf01000.sys -- (Wdf01000) DRV - [2008.01.03 23:10:16 | 000,105,856 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007.11.06 18:23:56 | 004,622,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007.07.27 11:46:06 | 000,251,680 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\acehlp10.sys -- (acehlp10) DRV - [2007.07.27 09:13:08 | 000,330,144 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\acedrv10.sys -- (acedrv10) DRV - [2007.06.29 11:46:12 | 000,253,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\GrabsterSeries.X86.SYS -- (GrabsterSeries.X86) DRV - [2006.11.22 04:25:10 | 002,829,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag) DRV - [2006.09.28 19:00:34 | 000,082,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wudfrd.sys -- (WudfRd) DRV - [2006.09.28 18:55:50 | 000,077,568 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\WudfPf.sys -- (WudfPf) DRV - [2006.02.28 03:00:00 | 000,126,336 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ftdisk.sys -- (Ftdisk) DRV - [2006.02.28 03:00:00 | 000,032,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys -- (IpFilterDriver) DRV - [2006.02.28 03:00:00 | 000,032,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - [2006.02.28 03:00:00 | 000,018,688 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio) DRV - [2006.02.28 03:00:00 | 000,016,512 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\raspti.sys -- (Raspti) DRV - [2006.02.28 03:00:00 | 000,013,952 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k) DRV - [2006.02.28 03:00:00 | 000,012,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - [2006.02.28 03:00:00 | 000,012,160 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC) DRV - [2006.02.28 03:00:00 | 000,012,032 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL) DRV - [2006.02.28 03:00:00 | 000,008,832 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\rasacd.sys -- (RasAcd) DRV - [2006.02.28 03:00:00 | 000,007,936 | ---- | M] () [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec) DRV - [2006.02.28 03:00:00 | 000,007,040 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm) DRV - [2006.02.28 03:00:00 | 000,005,888 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload) DRV - [2006.02.28 03:00:00 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\RDPCDD.sys -- (RDPCDD) DRV - [2006.02.28 03:00:00 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd) DRV - [2006.02.28 03:00:00 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep) DRV - [2006.02.28 03:00:00 | 000,002,944 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\null.sys -- (Null) DRV - [2004.08.03 17:29:50 | 000,019,455 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -- (iAimFP4) DRV - [2004.08.03 17:29:48 | 000,012,063 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -- (iAimFP3) DRV - [2004.08.03 17:29:46 | 000,025,471 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV10nt.sys -- (iAimTV5) DRV - [2004.08.03 17:29:46 | 000,023,615 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -- (iAimTV4) DRV - [2004.08.03 17:29:46 | 000,022,271 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV06nt.sys -- (iAimTV6) DRV - [2004.08.03 17:29:44 | 000,033,599 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys -- (iAimTV3) DRV - [2004.08.03 17:29:44 | 000,019,551 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys -- (iAimTV1) DRV - [2004.08.03 17:29:42 | 000,029,311 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys -- (iAimTV0) DRV - [2004.08.03 17:29:42 | 000,011,871 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wADV09nt.sys -- (iAimFP7) DRV - [2004.08.03 17:29:40 | 000,011,807 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wADV07nt.sys -- (iAimFP5) DRV - [2004.08.03 17:29:40 | 000,011,295 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wADV08nt.sys -- (iAimFP6) DRV - [2004.08.03 17:29:38 | 000,161,020 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys -- (i81x) DRV - [2004.08.03 17:29:38 | 000,012,415 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys -- (iAimFP0) DRV - [2004.08.03 17:29:38 | 000,012,127 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys -- (iAimFP1) DRV - [2004.08.03 17:29:38 | 000,011,775 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys -- (iAimFP2) DRV - [2002.04.04 06:32:06 | 000,028,416 | R--- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symmpi.sys -- (Symmpi) DRV - [2001.08.18 04:30:42 | 000,003,328 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\pciide.sys -- (PCIIde) DRV - [2001.08.18 03:34:52 | 000,007,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\serscan.sys -- (StillCam) DRV - [2001.08.17 08:59:44 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\audstub.sys -- (audstub) DRV - [2001.08.17 08:07:44 | 000,020,192 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dpti2o.sys -- (dpti2o) DRV - [2001.08.17 08:07:38 | 000,056,960 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aic78xx.sys -- (aic78xx) DRV - [2001.08.17 08:07:36 | 000,055,168 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aic78u2.sys -- (aic78u2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz= IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box_im2_test_v2 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.3.4 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2013.02.17 19:33:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.04.20 20:56:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.20 20:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Alfred\Anwendungsdaten\Mozilla\Extensions [2012.12.19 16:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Alfred\Anwendungsdaten\Mozilla\Firefox\Profiles\f57uyh6m.default\extensions [2012.12.19 16:12:36 | 000,500,206 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Alfred\Anwendungsdaten\Mozilla\Firefox\Profiles\f57uyh6m.default\extensions\toolbar@gmx.net.xpi [2013.02.17 18:01:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.17 18:01:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2012.04.20 20:56:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2012.04.20 20:56:33 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net [2012.03.13 05:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.03.13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.13 06:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.03.13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Alfred\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Zylom Plugin (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U39 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Programme\McAfee Security Scan\3.0.318\npMcAfeeMss.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll CHR - plugin: Java Deployment Toolkit 6.0.390.4 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Docs = C:\Dokumente und Einstellungen\Alfred\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Dokumente und Einstellungen\Alfred\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Alfred\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Alfred\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\Alfred\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Alfred\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.10.06 18:04:22 | 000,000,850 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 192.168.2.104 HP0019BBEEC37E O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe () O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB) O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe () O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe () O4 - HKLM..\Run: [SetRefresh] C:\Programme\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [sfagent] C:\Programme\Fighters\SPAMfighter\sfagent.exe File not found O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\Trayserver.exe (MAGIX AG) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - Startup: C:\Dokumente und Einstellungen\Alfred\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Alfred\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_39.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1361122250093 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348472493337 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D31EAAD-9AEE-47D2-884A-A1A169760D1C}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.04.30 17:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ] O33 - MountPoints2\{3bf99ece-7f9e-11de-b1d1-00237d2bed5d}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe O33 - MountPoints2\{f123713c-572e-11de-b1ab-00237d2bed5d}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.17 19:55:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Alfred\Desktop\OTL.exe [2013.02.17 19:43:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42} [2013.02.17 19:43:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alfred\Lokale Einstellungen\Anwendungsdaten\PackageAware [2013.02.17 19:34:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus [2013.02.17 19:33:59 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2013.02.17 19:33:59 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2013.02.17 19:33:55 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2013.02.17 19:33:54 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2013.02.17 19:33:54 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2013.02.17 19:33:52 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2013.02.17 19:33:52 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2013.02.17 19:33:52 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2013.02.17 19:33:25 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2013.02.17 19:33:24 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2013.02.17 19:33:07 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software [2013.02.17 19:33:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2013.02.17 18:02:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2013.02.07 20:46:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\McAfee [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.17 19:55:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Alfred\Desktop\OTL.exe [2013.02.17 19:55:41 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Alfred\defogger_reenable [2013.02.17 19:40:27 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013.02.17 19:40:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.02.17 19:39:27 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.02.17 19:39:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.02.17 19:39:18 | 3488,862,208 | -HS- | M] () -- C:\hiberfil.sys [2013.02.17 19:34:00 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2013.02.17 19:33:53 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2013.02.17 19:10:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.02.17 19:04:37 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.02.17 18:43:50 | 000,000,139 | ---- | M] () -- C:\Dokumente und Einstellungen\Alfred\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2013.02.17 17:52:35 | 1084,900,352 | ---- | M] () -- C:\Eigene Dateien\090503_Outlook Datendatei.pst [2013.02.17 16:05:26 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C6622BC6-1194-4577-A417-65EC0B73B642}.job [2013.02.03 18:06:50 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2013.02.01 12:26:44 | 000,061,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\cb010bd02561def3.sys [2013.01.30 20:13:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.01.27 08:04:38 | 000,001,039 | ---- | M] () -- C:\Dokumente und Einstellungen\Alfred\Startmenü\Programme\Autostart\Dropbox.lnk [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.17 19:55:38 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Alfred\defogger_reenable [2013.02.17 19:34:00 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2013.02.17 19:33:53 | 000,000,308 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013.02.17 18:43:50 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Alfred\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2013.02.01 12:26:44 | 000,061,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\cb010bd02561def3.sys [2013.01.30 18:14:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.02.15 07:16:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.10.26 21:59:22 | 000,137,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\avipbb.sys [2011.10.26 21:59:22 | 000,036,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\avkmgr.sys [2011.10.02 01:58:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DbgOut.INI [2011.09.18 20:35:08 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\ANDROIDUSB.sys [2011.09.17 15:56:23 | 001,636,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Alfred\Anwendungsdaten\mdbu.bin ========== ZeroAccess Check ========== [2009.03.25 02:23:05 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009.03.03 00:10:15 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.10.26 07:47:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alfred\Anwendungsdaten\Acronis [2012.12.21 13:38:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alfred\Anwendungsdaten\Canon [2011.09.21 20:52:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alfred\Anwendungsdaten\Canon Easy-WebPrint EX [2010.11.26 11:40:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alfred\Anwendungsdaten\Common Toolkit Suite [2009.11.08 10:44:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alfred\Anwendungsdaten\DAEMON Tools Lite [2013.02.17 19:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alfred\Anwendungsdaten\Dropbox [2012.07.24 09:01:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alfred\Anwendungsdaten\Fighters [2012.09.21 15:42:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alfred\Anwendungsdaten\InterVideo [2009.05.04 20:48:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alfred\Anwendungsdaten\MAGIX [2009.05.01 03:24:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alfred\Anwendungsdaten\SampleView [2011.09.18 20:42:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alfred\Anwendungsdaten\Teleca [2009.12.26 18:13:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alfred\Anwendungsdaten\TerraTec [2011.10.26 19:05:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alfred\Anwendungsdaten\TuneUp Software [2009.06.19 23:39:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alfred\Anwendungsdaten\Zylom [2009.09.13 14:57:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2013.02.17 19:33:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2009.08.04 15:17:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avery [2009.05.08 17:53:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2011.09.21 20:59:47 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonEPP [2011.09.21 21:46:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJ [2012.08.11 09:50:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEGV [2011.09.21 21:55:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEPPEX [2011.09.21 20:59:47 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEPPEX2 [2011.09.21 20:52:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJMSetup [2011.09.21 20:59:46 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJMyPrinter [2013.02.07 21:13:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM [2011.09.21 21:44:53 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan [2011.09.21 20:59:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJSolutionMenuEX [2011.09.21 20:43:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJWSpt [2010.11.27 00:03:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Toolkit Suite [2009.11.08 10:43:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2012.07.24 09:01:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fighters [2011.09.17 14:10:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HappyFoto-Designer [2011.09.18 20:35:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HTC [2009.08.19 21:55:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IM [2009.08.19 21:54:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IncrediMail [2010.11.28 12:51:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2010.07.24 16:25:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhotoStitch [2011.09.18 20:35:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca [2009.12.26 18:13:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec [2011.10.26 19:05:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2009.06.19 23:39:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom [2011.10.26 19:04:23 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2013.02.17 19:43:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42} [2013.02.17 19:43:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~0 ========== Purity Check ========== < End of report > Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.02.2013 19:57:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Alfred\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 82,57% Memory free
4,58 Gb Paging File | 4,11 Gb Available in Paging File | 89,84% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 216,87 Gb Total Space | 23,74 Gb Free Space | 10,95% Space Free | Partition Type: NTFS
Drive D: | 16,00 Gb Total Space | 12,15 Gb Free Space | 75,90% Space Free | Partition Type: NTFS
Computer Name: HP1 | User Name: Alfred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Programme\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\IncrediMail\Bin\IncMail.exe" = C:\Programme\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\IncrediMail\Bin\ImApp.exe" = C:\Programme\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\IncrediMail\Bin\ImpCnt.exe" = C:\Programme\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Dokumente und Einstellungen\Alfred\Lokale Einstellungen\Temp\7zS4463\setup\HPZnet01.exe" = C:\Dokumente und Einstellungen\Alfred\Lokale Einstellungen\Temp\7zS4463\setup\HPZnet01.exe:*:Enabled:hpznet01.exe
"C:\Dokumente und Einstellungen\Alfred\Lokale Einstellungen\Temp\7zS4463\setup\hponicifs01.exe" = C:\Dokumente und Einstellungen\Alfred\Lokale Einstellungen\Temp\7zS4463\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe
"C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
"C:\WINDOWS\system32\spoolsv.exe" = C:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App -- (Microsoft Corporation)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe:*:Enabled:TerraTec Home Cinema Classic (Setup) -- (TerraTec Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema Classic -- (TerraTec Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:*:Enabled:TerraTec Home Cinema Classic (tvtv Setup) -- (TerraTec Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe:*:Enabled:TerraTec Home Cinema Classic (Auto Update) -- (TerraTec Electronic GmbH)
"C:\Dokumente und Einstellungen\Alfred\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Alfred\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{0742B739-DCA3-4A21-AADD-B7CBF49C2058}" = Adobe Premiere Pro CS3 Third Party Content
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A3D355B-4FCC-41AF-8C61-A2BA15D26237}" = Adobe After Effects CS3
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{185D0A67-E066-44AE-926D-F6305813301C}" = Adobe After Effects CS3 Presets
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216039FF}" = Java(TM) 6 Update 39
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Fotostory 3 für Windows
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5373C190-2C97-4086-B0F6-E7774B2CF25A}" = Adobe Encore CS3
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{580EC579-E476-469F-9EBF-F82D696FC67A}" = iClone SE
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{60B87ADA-167E-4239-AD64-40992C8D220F}" = Adobe After Effects CS3 Third Party Content
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6E46EDB6-E608-493B-AAE1-774DCDC524A8}" = ATI Catalyst Control Center
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7162AC2C-733F-4127-ACAD-C5F0F27D123D}" = Adobe Creative Suite 3 Master Collection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Altiris Software Virtualization Agent
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98B8052E-1E55-41D4-9A03-E2F718825D38}" = HTC Sync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B095F52-3E7C-4B90-9839-81C0C66177CA}" = IncrediMail
"{9BA4F9C5-7CB4-492C-9B97-89E36AFA0AB9}" = Adobe Setup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6CDBEB9-2DF5-4455-A647-F3DF0441D5C3}" = Adobe Premiere Pro CS3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_8bb24e071e5922899698c2105557bd2" = Add or Remove Adobe Creative Suite 3 Master Collection
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MG6100 series Benutzerregistrierung" = Canon MG6100 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CSCLIB" = Canon Camera Support Core Library
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DPP" = Canon Utilities Digital Photo Professional 3.3
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EOS Utility" = Canon Utilities EOS Utility
"Google Chrome" = Google Chrome
"HappyFoto-Designer_is1" = HappyFoto-Designer 2.7
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"IncrediMail" = IncrediMail 2.0
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA-Treiber
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"MAGIX Filme auf DVD TerraTec Edition D" = MAGIX Filme auf DVD TerraTec Edition 7.0.3.8 (D)
"MAGIX Foto Manager 2008 D" = MAGIX Foto Manager 2008 5.0.0.255 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.2
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX PC Visit D" = MAGIX PC Visit
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Video deluxe 2008 PLUS D" = MAGIX Video deluxe 2008 PLUS 7.5.0.20 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.22.0 (D)
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.0.1.229 (D)
"MyCamera" = Canon Utilities MyCamera
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PDF Complete" = PDF Complete
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Skype_is1" = Skype 3.0
"ToolBand.SkypeIEToolbarToolbar" = Skype add-on for IE
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.02.2013 13:54:59 | Computer Name = HP1 | Source = Avira Antivirus | ID = 4122
Description =
Error - 17.02.2013 13:55:29 | Computer Name = HP1 | Source = Avira Antivirus | ID = 4122
Description =
Error - 17.02.2013 13:57:41 | Computer Name = HP1 | Source = Avira Antivirus | ID = 4122
Description =
Error - 17.02.2013 14:03:48 | Computer Name = HP1 | Source = Avira Antivirus | ID = 4122
Description =
Error - 17.02.2013 14:19:35 | Computer Name = HP1 | Source = Avira Antivirus | ID = 4122
Description =
Error - 17.02.2013 14:19:54 | Computer Name = HP1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avguard.exe, Version 12.3.0.15, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x00019af2.
Error - 17.02.2013 14:23:32 | Computer Name = HP1 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 17.02.2013 14:23:50 | Computer Name = HP1 | Source = Avira Antivirus | ID = 4122
Description =
Error - 17.02.2013 14:28:00 | Computer Name = HP1 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 17.02.2013 14:39:47 | Computer Name = HP1 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
[ System Events ]
Error - 17.02.2013 14:41:33 | Computer Name = HP1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "aswMon2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 17.02.2013 14:41:33 | Computer Name = HP1 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "avast! Antivirus" ist vom Dienst "aswMon2" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 17.02.2013 14:42:11 | Computer Name = HP1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "aswMon2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 17.02.2013 14:42:11 | Computer Name = HP1 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "avast! Antivirus" ist vom Dienst "aswMon2" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 17.02.2013 14:45:57 | Computer Name = HP1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "aswMon2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 17.02.2013 14:45:57 | Computer Name = HP1 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "avast! Antivirus" ist vom Dienst "aswMon2" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 17.02.2013 14:46:23 | Computer Name = HP1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "aswMon2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 17.02.2013 14:46:23 | Computer Name = HP1 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "avast! Antivirus" ist vom Dienst "aswMon2" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 17.02.2013 14:46:34 | Computer Name = HP1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "aswMon2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 17.02.2013 14:46:34 | Computer Name = HP1 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "avast! Antivirus" ist vom Dienst "aswMon2" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%31
< End of report >
Gmer Errors: Beim Starten von Gmer:  In GMER noch während das Programm startet:   Geändert von kabuto1 (17.02.2013 um 21:40 Uhr) Grund: Link hatte nicht funktioniert |
| Themen zu TR.Necurs.A Drive-by Download. Virenscanner & Windows update & Firewall außer Funktion |
| adobe after effects, antivir, antivirus, avira, avira echtzeitscanner, bho, bonjour, canon, e-mail, error, februar 2013, firefox, flash player, fslx.sys, gmx.net, google, hijack, hijackthis, homepage, logfile, necurs, ntdll.dll, plug-in, problem, programm, realtek, refresh, scan, security, software, starten, system, third party, tr.necurs.a, trojan.necurs, updates, wichtige daten, win64, windows, windows internet, windows xp |
Baum-Darstellung