|
Plagegeister aller Art und deren Bekämpfung: Habe um meinen PC zu schützen VIELE Schutzprogramme incl. Viren runtergeladen :-(Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.05.2013, 21:39 | #1 |
| Habe um meinen PC zu schützen VIELE Schutzprogramme incl. Viren runtergeladen :-( Hallo! Erst mal möchte ich den Betreibern dieser HP herzlich danken, dass es sie gibt und dass sie tun, was sie hier tun. Ohne euch wäre ich jetzt wahrscheinlich völlig aufgeschmissen, also DANKE! Zu meinem Problem: Mein Laptop wurde immer langsamer und ich habe gelegentlich Fehlermeldungen bezgl. "System32" bekommen, mit denen ich nichts anfangen konnte. Ich habe das gegoogelt und bin auf diverse kostenlose Schutzprogramme gestoßen. Ich habe einige (4-5) davon herunter geladen und immer wurden zahlreiche Registry-Fehler gefunden. Aber jedesmal, wenn ich die bereinigen wollte, hätte ich bezahlen müssen. Soviel zu Freeware. Alle diese Programme habe ich inzwischen wieder deinstalliert. Was jedoch kostenfrei war, waren diverse Viren, Trojaner oder was weiß ich, denn inzwischen spinnt mein Rechner total: - er ist sehr langsam (auch bei World und Excel) - andauernd habe ich andere Suchmaschinen und Toolbars auf - sonst zuverlässige Programme funktionieren nicht mehr oder nur sehr schlecht - die Datenverbindung ist sehr oft sehr gestört oder nicht möglich Irgendwann bin ich auf diese Seite hier gestoßen, weil ich die Seriennummer für "Advanced System Protector" gesucht hab. Ich habe den Threat "http://www.trojaner-board.de/132944-...loeschen.html" gefunden und alle Schritte befolgt und am Ende gesehen, dass das falsch war. :-( Danach hab ich mich hier registriert und bin alle Schritte von eurer Checkliste durchgegangen. Dabei gab es aber diverse Probleme bzw. Abweichungen: - Schritt 1 (defogger) ging noch ohne Probleme - Schritt 2 (OTL) auch noch OTL.txt: OTL logfile created on: 29.05.2013 10:29:12 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\clk\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,42 Mb Total Physical Memory | 470,03 Mb Available Physical Memory | 45,93% Memory free 2,41 Gb Paging File | 1,88 Gb Available in Paging File | 78,04% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,33 Gb Total Space | 22,96 Gb Free Space | 30,90% Space Free | Partition Type: NTFS Computer Name: CK | User Name: clk | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.29 10:29:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\clk\Eigene Dateien\Downloads\OTL (1).exe PRC - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\HelperService.exe PRC - [2012.11.12 12:45:22 | 001,104,824 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.11.12 12:45:18 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.11.12 12:45:14 | 000,968,120 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe PRC - [2012.11.01 14:16:42 | 000,577,536 | ---- | M] (Samsung Electronics) -- C:\Programme\Samsung\Kies\KiesAirMessage.exe PRC - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.08.09 20:51:26 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.07.31 14:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe PRC - [2010.01.18 11:51:22 | 000,139,944 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\ezprint.exe PRC - [2010.01.18 11:51:20 | 000,770,728 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\lxeemon.exe PRC - [2010.01.15 12:53:35 | 000,308,688 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe PRC - [2010.01.07 16:20:28 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxeecoms.exe PRC - [2009.07.24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe PRC - [2009.05.25 11:18:04 | 000,040,960 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\DeviceHelper\DeviceManager.exe PRC - [2008.08.29 18:56:58 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe PRC - [2008.08.29 16:20:56 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.08.11 17:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe PRC - [2005.07.06 17:29:22 | 000,356,352 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe PRC - [2005.07.05 16:08:48 | 000,034,816 | ---- | M] (TOSHIBA Corp.) -- C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe PRC - [2005.05.13 11:01:30 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe PRC - [2005.04.12 10:05:26 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe PRC - [2005.04.05 16:25:34 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Tvs\TvsTray.exe PRC - [2005.01.18 01:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe PRC - [2004.11.17 10:56:10 | 001,077,327 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\Touch and Launch\PadExe.exe PRC - [2004.10.15 00:28:02 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe ========== Modules (No Company Name) ========== MOD - [2013.05.28 03:36:24 | 001,114,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Podcaster\58d56b6e5f2d64072a30a2e30836c48b\Podcaster.ni.dll MOD - [2013.05.28 03:36:03 | 001,008,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\7d49dbd67986f8d42121998b34f4c117\CPKTMusicPlugin.ni.dll MOD - [2013.05.28 03:35:57 | 000,941,568 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\MusicManager\ea6d01d8b7841d50fd4982c5a8de85c6\MusicManager.ni.dll MOD - [2013.05.28 03:35:53 | 002,196,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\1d3881e1208354c3eaf1ea547dbe6e57\Kies.Common.Multimedia.ni.dll MOD - [2013.05.28 03:35:21 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ce94bdcea014a8a68dcd79ba7bb1dc1d\System.Runtime.Remoting.ni.dll MOD - [2013.05.16 23:05:41 | 000,608,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePodcast\5fd169b743c851328f1ce54448cfc598\DevicePodcast.ni.dll MOD - [2013.05.16 23:05:39 | 000,293,888 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceVideo\cfa251d13148007a6933b966c042d0d6\DeviceVideo.ni.dll MOD - [2013.05.16 23:05:38 | 000,371,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePhoto\ce4b607c73d5580c9fc6bee40c7d78bd\DevicePhoto.ni.dll MOD - [2013.05.16 23:05:36 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceMusic\6ea65242122082eab20415e24c1ede0f\DeviceMusic.ni.dll MOD - [2013.05.16 23:05:35 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\VideoManager\9d7efff4973160fa60cdf0bea83af5e6\VideoManager.ni.dll MOD - [2013.05.16 23:05:31 | 001,491,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PodcastService\5a89adbbddd7f51ba595f1bd9e55e3b1\PodcastService.ni.dll MOD - [2013.05.16 23:05:29 | 000,621,568 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PhotoManager\57a9a4a0c4b8ac9e8b320f503c7edd79\PhotoManager.ni.dll MOD - [2013.05.16 23:05:13 | 006,242,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceHost\9d108adf5c109f98d4facbe7732dacff\DeviceHost.ni.dll MOD - [2013.05.16 23:04:52 | 001,879,040 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Phonebook\eba357cabe6a4322466c4849723f3f3d\Phonebook.ni.dll MOD - [2013.05.16 23:04:32 | 000,396,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BATPlugin\b9e8a3df0aabceb08b98d721af9c3c95\BATPlugin.ni.dll MOD - [2013.05.16 23:04:25 | 000,507,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\ceebedcdfa2c2594e97e5b0b06edf53c\Kies.Common.MediaDB.ni.dll MOD - [2013.05.16 23:04:22 | 000,064,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\c16d6291f2ba4824d3432098bb5a1a0a\Kies.Common.AllShare.ni.dll MOD - [2013.05.16 23:04:21 | 000,283,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c660385ceb5c4e62e1735ee758921b77\Kies.Common.DeviceServiceLib.FirmwareUpdate.Commo n.ni.dll MOD - [2013.05.16 23:04:19 | 000,569,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f40c49bba92f7ad114be62ad99956d4e\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2013.05.16 23:04:17 | 000,621,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\cac3a4d93b07ea5ffaf37934cd72fad9\Kies.Common.DeviceServiceLib.DeviceDataService.ni .dll MOD - [2013.05.16 23:04:15 | 000,915,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\912fbcd57dc29ab59d795937985d2067\Kies.Common.DeviceServiceLib.DeviceManagement.ni. dll MOD - [2013.05.16 23:04:12 | 001,057,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7f814507d38f722ea12668601eccdef2\Kies.Common.DeviceService.ni.dll MOD - [2013.05.16 23:04:02 | 000,200,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\90d7bfef054a7714225ec62fb1b5bf0e\Kies.Common.MainUI.ni.dll MOD - [2013.05.16 23:04:01 | 000,066,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\b2642b48602b96bf37257e96637cb2c1\Kies.Common.DBManager.ni.dll MOD - [2013.05.16 23:04:00 | 000,273,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\a2e0f8e4559020b73813922ec9e1b490\Kies.Common.Util.ni.dll MOD - [2013.05.16 23:03:58 | 001,874,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.UI\957ef902c5e03f29b3f2c3c243e8f8e6\Kies.UI.ni.dll MOD - [2013.05.16 23:03:55 | 000,119,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\8c3eb2c5125c85b57c7b136e488a277f\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2013.05.16 23:03:54 | 001,211,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Interface\da94c8d8cd1b08607102ff4d783da070\Kies.Interface.ni.dll MOD - [2013.05.16 23:03:12 | 001,692,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies\8e2a077381fe98ea660ba46f5dd5075a\Kies.ni.exe MOD - [2013.05.16 21:16:42 | 018,019,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\03a2c7d0e26886bf966276d441290257\PresentationFramework.ni.dll MOD - [2013.05.16 21:15:52 | 011,522,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\921404b7803bda0cb1cba2ee458e4c9f\PresentationCore.ni.dll MOD - [2013.05.16 21:15:33 | 003,880,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\0268fc0c7a4db1850c1c6ba33d980b29\WindowsBase.ni.dll MOD - [2013.05.16 21:15:11 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\88856f5f657eaa34828421b355a5fd76\System.Configuration.ni.dll MOD - [2013.05.16 21:15:07 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\56734db07bf2cb287a5f0cf662cc32ef\System.Core.ni.dll MOD - [2013.05.16 21:14:45 | 013,198,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\40730f817297bb5d791a7101ed9630fe\System.Windows.Forms.ni.dll MOD - [2013.02.16 01:53:42 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\81c0ff81b2ad570ee85d6cd7ce751bba\System.ServiceProcess.ni.dll MOD - [2013.01.10 11:45:49 | 012,621,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Theme\ac8efe59a037ffeb38513bdea352da28\Kies.Theme.ni.dll MOD - [2013.01.10 11:44:59 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\0a9aa8a20cf2f935e03e948e5fe7a476\Kies.Common.DeviceServiceLib.FirmwareUpdate.Firmw areUpdateAgentHelper.ni.dll MOD - [2013.01.10 11:43:15 | 000,029,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\34da4bec626fd6331c6702365be50f28\Kies.Common.StoreManager.ni.dll MOD - [2013.01.10 11:43:11 | 000,232,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\779a065e9d217d3a3aeeb354f9fce387\ASF_cSharpAPI.ni.dll MOD - [2013.01.10 11:43:08 | 000,043,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.FUSCryptLib\7296ee8d41eeb2bcc543df81eea19ebe\Interop.FUSCryptLib.ni.dll MOD - [2013.01.10 11:43:04 | 000,189,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7504b4d1e0c4f84827a869844fa75ffd\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downl oader.ni.dll MOD - [2013.01.10 11:43:00 | 000,175,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\9a9a70b72df9ca4a018ffeb43208fac0\Interop.DevFileServiceLib.ni.dll MOD - [2013.01.10 11:42:52 | 000,018,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.DeviceServi#\d89293c7be2f75ca92ddd2efac0dcfad\Interop.DeviceServiceModelDBLib.ni.dll MOD - [2013.01.10 11:42:50 | 000,184,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c35f66934441c52d7c6f60347751059f\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2013.01.10 11:42:02 | 000,052,224 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll MOD - [2013.01.10 11:42:02 | 000,032,256 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll MOD - [2013.01.10 11:42:01 | 000,171,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll MOD - [2013.01.10 11:42:01 | 000,030,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\0e99d29839b75154cac69d87c6857da7\Interop.PRPLAYERCORELib.ni.dll MOD - [2013.01.10 10:55:41 | 000,395,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll MOD - [2013.01.10 10:55:33 | 000,743,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\78c73ae3f99d95d788e3690a561a7701\ICSharpCode.SharpZipLib.ni.dll MOD - [2013.01.10 10:55:28 | 000,052,224 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll MOD - [2013.01.10 10:55:27 | 001,499,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Locale\570e33cc3bc3f82ffc64c06efd1e90d6\Kies.Locale.ni.dll MOD - [2013.01.10 10:55:26 | 000,078,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\495e94c8e04436b65dcb695c969d0d4e\Kies.MVVM.ni.dll MOD - [2013.01.10 00:08:18 | 001,812,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\25732130189e8f468a7d98647edffe8e\System.Xaml.ni.dll MOD - [2013.01.09 17:29:33 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\a23c39d504467a0024e5f20c0f962f3f\System.Xml.ni.dll MOD - [2013.01.09 17:26:37 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\307bb964c6b7dbc20676e8905ec99df9\System.Drawing.ni.dll MOD - [2013.01.09 17:26:31 | 009,094,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\5f79b00e1aaeafcc07907aa61fd3599e\System.ni.dll MOD - [2013.01.09 17:26:10 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2012.04.16 23:11:02 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2010.01.18 11:51:22 | 000,139,944 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\ezprint.exe MOD - [2010.01.18 11:51:20 | 000,770,728 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\lxeemon.exe MOD - [2010.01.15 12:53:35 | 000,308,688 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe MOD - [2009.12.16 13:07:29 | 001,159,168 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\lxeedrs.dll MOD - [2009.12.16 13:04:21 | 000,389,120 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\lxeescw.dll MOD - [2009.11.04 09:14:19 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxeedrpp.dll MOD - [2009.06.23 07:11:04 | 000,102,400 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\epoemdll.dll MOD - [2009.06.23 07:10:29 | 000,045,056 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\epstring.dll MOD - [2009.06.23 07:09:11 | 002,203,648 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\epwizres.dll MOD - [2009.05.27 08:16:50 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxeedatr.dll MOD - [2009.05.25 11:18:04 | 000,040,960 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\DeviceHelper\DeviceManager.exe MOD - [2009.04.28 09:56:29 | 000,024,064 | ---- | M] () -- C:\WINDOWS\system32\LXEEsmr.dll MOD - [2009.04.07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\iptk.dll MOD - [2009.03.30 08:37:28 | 000,708,608 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\epwizard.dll MOD - [2009.03.30 08:35:40 | 000,159,744 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\customui.dll MOD - [2009.03.30 08:35:22 | 000,061,440 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\epfunct.dll MOD - [2009.03.30 08:35:17 | 000,118,784 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\eputil.dll MOD - [2009.03.30 08:35:05 | 000,139,264 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\imagutil.dll MOD - [2009.03.10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\lxeecaps.dll MOD - [2009.03.02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\lxeeptp.dll MOD - [2009.02.20 10:48:03 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\LXEEsm.dll MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2004.07.20 17:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013.05.15 21:11:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Stopped] -- C:\Programme\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.01.15 12:53:35 | 000,308,688 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService) SRV - [2010.01.07 16:20:28 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxeecoms.exe -- (lxee_device) SRV - [2010.01.07 16:20:23 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeeserv.exe -- (lxeeCATSCustConnectService) SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2009.07.24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2009.05.25 11:18:04 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\DeviceHelper\DeviceManager.exe -- (DeviceManager) SRV - [2008.08.29 18:56:58 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) SRV - [2008.08.29 16:20:56 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.07.05 16:08:48 | 000,034,816 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV) SRV - [2005.01.18 01:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.09.20 06:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.09.20 06:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2012.06.27 10:37:56 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2012.06.27 10:37:56 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) DRV - [2012.06.27 10:37:56 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.08.01 15:57:30 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d) DRV - [2010.11.22 14:25:54 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2010.11.22 14:24:53 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc) DRV - [2010.11.22 14:24:53 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.04 13:09:32 | 000,763,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UDXTTM6010.sys -- (UDXTTM6010) DRV - [2009.11.04 13:09:32 | 000,023,104 | ---- | M] (DTV-DVB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Cinergy_Hybrid-Stick_HID.sys -- (TTHID) DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2009.07.24 16:05:24 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo) DRV - [2009.06.19 16:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2009.05.25 11:18:02 | 000,103,552 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcusbser.sys -- (qcusbser) DRV - [2008.07.24 12:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.04.13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2005.07.04 15:54:08 | 000,098,176 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd) DRV - [2005.06.27 18:48:08 | 000,053,504 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid) DRV - [2005.05.30 18:28:38 | 000,008,576 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec) DRV - [2005.05.10 17:50:00 | 000,029,056 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs) DRV - [2005.04.15 07:14:58 | 001,130,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.04.13 00:30:12 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2005.03.31 02:18:40 | 000,230,400 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2005.03.30 12:42:54 | 000,047,230 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte) DRV - [2005.03.02 08:45:24 | 000,004,864 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD) DRV - [2004.12.21 11:38:12 | 000,034,816 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2004.10.29 18:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) DRV - [2004.10.04 10:33:02 | 000,062,799 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2004.08.04 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004.08.04 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2003.01.29 23:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{E649DC79-BD07-46CD-85E1-6D561DA45348}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8080;https=127.0.0.1:8080 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Programme\PDF Architect\FFPDFArchitectExt [2013.02.05 01:26:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lrcfan@fansoft.br: C:\Programme\LyricsFan\FF\ [2013.05.24 01:02:06 | 000,000,000 | ---D | M] [2012.05.28 21:11:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Mozilla\Extensions [2012.05.28 21:11:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Mozilla\Extensions\ideskbrowser@haufe.de [2011.03.09 18:58:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.01.15 10:36:52 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.10.14 20:03:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.18 21:59:45 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.10.14 20:01:57 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll [2009.03.24 12:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Programme\mozilla firefox\plugins\npzylomgamesplayer.dll ========== Chrome ========== CHR - default_search_provider: WebSearch (Enabled) CHR - default_search_provider: search_url = hxxp://websearch.searchrocket.info/?l=1&q={searchTerms}&pid=658&r=2013/05/27&hid=542167775&lg=EN&cc=DE&unqvl=16 CHR - default_search_provider: suggest_url = hxxp://localhost CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: Picasa (Enabled) = C:\Programme\Google\Picasa3\npPicasa3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: FileConverter 1.3 = C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\engeblojhfeingnjnfpiceofljnjpldp\10.15.2.523_0\ CHR - Extension: FileConverter 1.3 = C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\engeblojhfeingnjnfpiceofljnjpldp\10.15.2.523_0\ O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (Lyrics Fan) - {A8720491-9558-4C0D-9E35-30EED15DFB2B} - C:\Programme\LyricsFan\lrcfan.dll (FAN Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (&TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\THCDeskBand.dll (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EzPrint] C:\Programme\Lexmark Pro700 Series\ezprint.exe () O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [lxeemon.exe] C:\Programme\Lexmark Pro700 Series\lxeemon.exe () O4 - HKLM..\Run: [PadTouch] C:\Programme\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA) O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [THotkey] C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA) O4 - HKLM..\Run: [Tvs] C:\Programme\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [KiesAirMessage] C:\Programme\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPreload] C:\Programme\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\NPJPI150_02.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE8F664F-9C4B-483B-A8DB-622FC4AD8803}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\wincert\win32c~1.dll) - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wincert\win32cert.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.08.17 14:44:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{1b98acd0-01f1-11df-9878-0013ce2957d0}\Shell - "" = AutoRun O33 - MountPoints2\{1b98acd0-01f1-11df-9878-0013ce2957d0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1b98acd0-01f1-11df-9878-0013ce2957d0}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{1b98acd1-01f1-11df-9878-0013ce2957d0}\Shell - "" = AutoRun O33 - MountPoints2\{1b98acd1-01f1-11df-9878-0013ce2957d0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1b98acd1-01f1-11df-9878-0013ce2957d0}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{73bb7cd3-01bd-11df-9874-0013ce2957d0}\Shell - "" = AutoRun O33 - MountPoints2\{73bb7cd3-01bd-11df-9874-0013ce2957d0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{73bb7cd3-01bd-11df-9874-0013ce2957d0}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{73bb7cd6-01bd-11df-9874-000000000000}\Shell - "" = AutoRun O33 - MountPoints2\{73bb7cd6-01bd-11df-9874-000000000000}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{73bb7cd6-01bd-11df-9874-000000000000}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{8df95eb0-0cc0-11df-9899-0013ce2957d0}\Shell - "" = AutoRun O33 - MountPoints2\{8df95eb0-0cc0-11df-9899-0013ce2957d0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{8df95eb0-0cc0-11df-9899-0013ce2957d0}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c008a570-081d-11df-988e-0013ce2957d0}\Shell - "" = AutoRun O33 - MountPoints2\{c008a570-081d-11df-988e-0013ce2957d0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c008a570-081d-11df-988e-0013ce2957d0}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c008a571-081d-11df-988e-0013ce2957d0}\Shell - "" = AutoRun O33 - MountPoints2\{c008a571-081d-11df-988e-0013ce2957d0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c008a571-081d-11df-988e-0013ce2957d0}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.27 23:54:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StarApp [2013.05.26 20:54:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\GoforFiles [2013.05.26 20:38:36 | 000,000,000 | ---D | C] -- C:\Programme\Uninstaller [2013.05.26 20:34:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\player [2013.05.25 21:21:13 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\clk\Recent [2013.05.24 01:02:06 | 000,000,000 | ---D | C] -- C:\Programme\LyricsFan [2013.05.24 01:01:31 | 000,000,000 | ---D | C] -- C:\Programme\FindLyrics [2013.05.23 23:49:17 | 000,000,000 | ---D | C] -- C:\Programme\SystemRequirementsLab [2013.05.13 23:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Lhsp [2013.05.13 23:09:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech [2013.05.13 23:09:24 | 000,000,000 | ---D | C] -- C:\Programme\MWS Reader 4 [2013.05.08 23:18:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\clk\AppData [2012.06.15 22:11:23 | 000,894,448 | ---- | C] (Oracle Corporation) -- C:\Programme\chromeinstall-7u5.exe [2 C:\Dokumente und Einstellungen\All Users\*.tmp files -> C:\Dokumente und Einstellungen\All Users\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.29 10:25:19 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\clk\defogger_reenable [2013.05.29 10:09:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.05.29 10:02:36 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Lyrics Fan Update.job [2013.05.29 10:02:28 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\GoforFilesUpdate.job [2013.05.29 10:00:54 | 000,556,544 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.05.29 10:00:54 | 000,506,084 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.05.29 10:00:54 | 000,116,942 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.05.29 10:00:54 | 000,089,548 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.05.29 09:51:00 | 000,001,202 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2044978897-1172690549-42215457-1007UA.job [2013.05.29 09:51:00 | 000,001,150 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2044978897-1172690549-42215457-1007Core.job [2013.05.29 09:48:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.05.29 09:48:08 | 1073,201,152 | -HS- | M] () -- C:\hiberfil.sys [2013.05.28 10:05:31 | 000,632,031 | ---- | M] () -- C:\Dokumente und Einstellungen\clk\Desktop\adwcleaner.exe [2013.05.28 02:00:13 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-CK-clk.job [2013.05.20 20:45:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.16 23:19:41 | 003,622,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.05.16 21:06:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2 C:\Dokumente und Einstellungen\All Users\*.tmp files -> C:\Dokumente und Einstellungen\All Users\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.29 10:25:19 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\clk\defogger_reenable [2013.05.28 10:05:22 | 000,632,031 | ---- | C] () -- C:\Dokumente und Einstellungen\clk\Desktop\adwcleaner.exe [2013.05.26 20:54:39 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\GoforFilesUpdate.job [2013.05.24 01:02:08 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\Lyrics Fan Update.job [2013.03.11 14:25:04 | 000,002,482 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin [2012.11.27 22:49:46 | 000,774,826 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2044978897-1172690549-42215457-1007-0.dat [2012.11.27 22:49:31 | 000,275,386 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.10.29 13:09:28 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2012.10.29 13:09:28 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2012.10.29 13:09:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2012.10.29 13:09:28 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2012.10.29 13:09:28 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2012.02.15 14:43:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.08.28 22:05:55 | 000,001,474 | ---- | C] () -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\CountdownProPrefs.cdp [2011.08.28 21:57:18 | 000,123,172 | ---- | C] () -- C:\Programme\countdown.sis [2010.12.31 14:38:46 | 000,036,072 | ---- | C] () -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\mdbu.bin [2010.01.16 15:55:23 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt [2010.01.14 14:04:33 | 000,007,168 | ---- | C] () -- C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.14 14:04:33 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2005.08.17 14:51:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.01.16 00:16:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2013.01.13 18:15:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2013.05.28 10:06:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Datamngr [2012.11.16 12:31:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FMBackup2 [2012.05.28 18:27:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2011.02.24 12:29:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IM [2011.02.24 12:26:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IncrediMail [2010.12.22 19:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kestrel [2010.06.27 22:41:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexmark Pro700 Series [2012.05.28 18:31:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2012.09.24 22:37:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2012.12.15 00:35:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe [2012.11.19 01:30:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2013.05.27 23:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StarApp [2013.05.28 09:22:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Systweak [2013.05.27 11:48:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.01.15 15:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec [2013.04.15 20:51:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TVgenial [2013.04.15 22:36:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wincert [2010.02.14 18:21:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom [2011.02.18 19:33:01 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2012.12.14 22:21:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.04.13 21:17:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\DriverTurbo [2013.02.16 23:08:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\DVDVideoSoft [2013.03.28 15:07:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\GlarySoft [2013.05.26 20:55:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\GoforFiles [2012.05.28 21:10:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Haufe Mediengruppe [2010.07.25 19:27:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\InterVideo [2010.03.18 11:58:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\IrfanView [2010.12.22 19:46:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Kestrel [2010.01.15 23:57:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Lexware [2012.01.18 05:09:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\MAGIX [2010.01.16 00:45:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Marine Aquarium 3 [2012.12.15 00:48:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\PDAppFlex [2013.02.17 19:01:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\PDF Architect [2013.01.11 15:39:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\PhotoScape [2013.05.28 09:18:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\player [2013.01.23 22:15:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Samsung [2012.10.14 18:41:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Smilebox [2010.11.20 00:37:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Sony [2013.05.28 09:22:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Systweak [2010.01.15 15:12:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\TerraTec [2005.08.18 10:13:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\toshiba [2010.01.31 01:17:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Verbindungsassistent [2010.01.16 01:44:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Windows Desktop Search [2010.01.16 01:45:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Windows Search ========== Purity Check ========== ========== Files - Unicode (All) ========== (C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft ??) -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft 鼠标 ========== Alternate Data Streams ========== @Alternate Data Stream - 134 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:373E1720 < End of report > OTL Extra.txt: OTL Extras logfile created on: 29.05.2013 10:29:12 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\clk\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,42 Mb Total Physical Memory | 470,03 Mb Available Physical Memory | 45,93% Memory free 2,41 Gb Paging File | 1,88 Gb Available in Paging File | 78,04% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,33 Gb Total Space | 22,96 Gb Free Space | 30,90% Space Free | Partition Type: NTFS Computer Name: CK | User Name: clk | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .hta [@ = htafile] -- Reg Error: Key error. File not found .html [@ = ChromeHTML] -- Reg Error: Key error. File not found .url [@ = InternetShortcut] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Dokumente und Einstellungen\clk\Anwendungsdaten\File Scout\filescout.exe" /open "%1" Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "C:\Programme\Microsoft LifeCam\LifeCam.exe" = C:\Programme\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation) "C:\Programme\Microsoft LifeCam\LifeEnC2.exe" = C:\Programme\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation) "C:\Programme\Microsoft LifeCam\LifeExp.exe" = C:\Programme\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation) "C:\Programme\Microsoft LifeCam\LifeTray.exe" = C:\Programme\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation) "C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema Classic -- (TerraTec Electronic GmbH) "C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:*:Enabled:TerraTec Home Cinema Classic (tvtv Setup) -- (TerraTec Electronic GmbH) "C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe:*:Enabled:TerraTec Home Cinema Classic (Auto Update) -- (TerraTec Electronic GmbH) "C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe:*:Enabled:TerraTec Home Cinema Classic (Setup) -- (TerraTec Electronic GmbH) "C:\Programme\TerraTec\TerraTec Home Cinema\TTDvrServer.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\TTDvrServer.exe:*:Enabled:NOXON Home Server -- (TerraTec Electronic GmbH) "C:\WINDOWS\system32\lxeecoms.exe" = C:\WINDOWS\system32\lxeecoms.exe:*:Enabled:Pro700 Series Server -- ( ) "C:\Programme\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe" = C:\Programme\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader "C:\Programme\Sony Ericsson\Update Service\Update Service.exe" = C:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service "D:\DVD-Start.exe" = D:\DVD-Start.exe:*:Enabled:Schnellstart-DVD "C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe" = C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine "C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Smilebox\sbtb_install.exe" = C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Smilebox\sbtb_install.exe:*:Enabled:Smilebox Installer -- () "C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation) "C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager "C:\Programme\GoforFiles\goforfilesdl.exe" = C:\Programme\GoforFiles\goforfilesdl.exe:*:Enabled:GoforFiles "C:\Programme\GoforFiles\GoforFiles.exe" = C:\Programme\GoforFiles\GoforFiles.exe:*:Enabled:GoforFiles ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help "{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste "{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office "{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool "{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM "{122879BD-2614-4AAB-9988-13C0719843D4}" = QuickSteuer 2012 COMPUTERBILD Edition "{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights "{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR "{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21 "{26d7e6f7-ec35-414f-9a3f-110a055af0dc}" = Nero BackItUp 4 "{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart "{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax "{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EB6332B-AF02-457C-A31C-835458C5B48B}" = TOSHIBA Benutzerhandbücher "{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help "{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD-Speicherkarten-Formatierung "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter "{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav "{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap "{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision "{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help "{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help "{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live "{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch "{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3 "{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema "{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zoom-Dienstprogramm "{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility "{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6 "{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed "{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed "{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7ED0C3C2-6A3B-4FD1-97C8-20613D7D9ACF}" = TIxx21/x515 "{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound "{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2 "{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express "{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer "{995A7F95-907E-4C25-8A2A-39CDCB7EC69C}" = Nero BackItUp "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{a3f81d11-fb74-4433-8df4-143df715746d}" = Nero 9 "{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls "{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress "{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool "{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed "{AB5C4115-57A5-4B30-B103-3DDF65FB5034}" = Nero BackItUp "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch "{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module "{C4A6EBB9-8030-45F0-808F-C7B076DABBA6}_is1" = Kestrel GX "{C61B2B59-75D2-4203-B589-E0102C3A6F32}" = QuickSteuer Wissens-Center 2012 "{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel "{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant "{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA "{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit "{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark "{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help "{DEE03A90-C723-4E3D-A661-86651D6F0668}" = QuickSteuer Deluxe 2010 "{E3CDAAD3-F806-4F2A-BACF-487AD2E5B3EB}" = QuickSteuer 2011 "{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help "{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision "0D1EC8C098410CAFE85D1071184DB179AA0C5B30" = Windows-Treiberpaket - Intel USB (10/05/2012 9.1.9.1002) "2DA959FE3D6F0F5BC313481E72071D510DD786FB" = Windows-Treiberpaket - Intel (w29n51) net (12/19/2007 9.0.4.39) "43BC439F70814058C8C4D8445214560BA562954E" = Windows-Treiberpaket - Intel System (10/05/2012 9.1.9.1002) "5394CDFA2BDA136A47E0AD3B0649491E4BF0775C" = Windows-Treiberpaket - Intel System (10/05/2012 9.1.9.1002) "64A4C14F7BE3030FF4E9D0D18265D36EA120B146" = Windows-Treiberpaket - Intel hdc (10/05/2012 9.1.9.1002) "7B31B8054391F9C7EF590728F991F590BB07F0D7" = Windows-Treiberpaket - Texas Instruments Inc (tifm21) MTD (05/25/2009 2.0.0.10) "99384DC7A73D4A1912DFD6CEF0D996D685137527" = Windows-Treiberpaket - Intel hdc (10/05/2012 9.1.9.1002) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software "ATI Display Driver" = ATI Display Driver "Avira AntiVir Desktop" = Avira Free Antivirus "Cinergy Hybrid Stick" = Cinergy Hybrid Stick V1.00.08.06a "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "ENTERPRISE" = Microsoft Office Enterprise 2007 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128 "HSPA USB MODEM ALCATEL_is1" = HSPA USB MODEM "ie8" = Windows Internet Explorer 8 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{7ED0C3C2-6A3B-4FD1-97C8-20613D7D9ACF}" = Texas Instruments PCIxx21/x515 drivers. "IrfanView" = IrfanView (remove only) "Lexmark Pro700 Series" = Lexmark Pro700 Series "LHTTSGED" = L&H TTS3000 Deutsch "lrcfan@fansoft.br" = Lyrics Fan "Marvell Miniport Driver" = Marvell Miniport Driver "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "MUSTEK 1200 CU v2.0a" = MUSTEK 1200 CU v2.0a "PC-Diagnose-Tool" = TOSHIBA PC-Diagnose-Tool "PhotoScape" = PhotoScape "Picasa 3" = Picasa 3 "SP_08b196fe" = ContinueToSave 1.74 "SP_d2639597" = Search Assistant WebSearch 1.74 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TOSHIBA Software Modem" = TOSHIBA Software Modem "Verbindungsassistent" = Verbindungsassistent "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinPcapInst" = WinPcap 4.1.1 "WinRAR archiver" = WinRAR "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16.05.2013 17:20:14 | Computer Name = CK | Source = .NET Runtime Optimization Service | ID = 1103 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error - 20.05.2013 16:39:07 | Computer Name = CK | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung chrome.exe, Version 26.0.1410.64, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 21.05.2013 14:48:44 | Computer Name = CK | Source = MsiInstaller | ID = 11609 Description = Error - 23.05.2013 17:48:31 | Computer Name = CK | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 23.05.2013 17:48:31 | Computer Name = CK | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 23.05.2013 17:56:10 | Computer Name = CK | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung msiexec.exe, Version 4.5.6001.22159, fehlgeschlagenes Modul MSI2C7.tmp, Version 1.0.0.0, Fehleradresse 0x00015505. Error - 27.05.2013 15:57:45 | Computer Name = CK | Source = Microsoft Office 12 | ID = 1000 Description = Faulting application outlook.exe, version 12.0.6668.5000, stamp 508314b2, faulting module urlmon.dll, version 8.0.6001.23486, stamp 516dcdd1, debug? 0, fault address 0x000059e4. Error - 28.05.2013 13:28:33 | Computer Name = CK | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung adwcleaner.exe, Version 2.3.0.1, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 28.05.2013 15:35:41 | Computer Name = CK | Source = MsiInstaller | ID = 11609 Description = Error - 28.05.2013 18:17:08 | Computer Name = CK | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung rundll32.exe, Version 5.1.2600.5512, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ OSession Events ] Error - 08.01.2013 18:10:54 | Computer Name = CK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 38859 seconds with 300 seconds of active time. This session ended with a crash. Error - 10.01.2013 06:20:29 | Computer Name = CK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 53745 seconds with 480 seconds of active time. This session ended with a crash. Error - 17.01.2013 17:18:45 | Computer Name = CK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2841 seconds with 360 seconds of active time. This session ended with a crash. Error - 21.01.2013 15:34:04 | Computer Name = CK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 34139 seconds with 600 seconds of active time. This session ended with a crash. Error - 23.01.2013 18:14:04 | Computer Name = CK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 7459 seconds with 240 seconds of active time. This session ended with a crash. Error - 25.01.2013 07:37:27 | Computer Name = CK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 542 seconds with 420 seconds of active time. This session ended with a crash. Error - 05.03.2013 16:23:48 | Computer Name = CK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 37439 seconds with 900 seconds of active time. This session ended with a crash. Error - 08.03.2013 20:25:25 | Computer Name = CK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 47 seconds with 0 seconds of active time. This session ended with a crash. Error - 06.05.2013 16:35:11 | Computer Name = CK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 50993 seconds with 840 seconds of active time. This session ended with a crash. Error - 27.05.2013 15:57:22 | Computer Name = CK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 38895 seconds with 1560 seconds of active time. This session ended with a crash. [ System Events ] Error - 29.05.2013 04:06:07 | Computer Name = CK | Source = Service Control Manager | ID = 7023 Description = Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet: %%2147500037 Error - 29.05.2013 04:06:37 | Computer Name = CK | Source = DCOM | ID = 10010 Description = Der Server "{B12468C9-5B13-40D9-B74B-1815B776F1FB}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 29.05.2013 04:06:46 | Computer Name = CK | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "WSearch" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error - 29.05.2013 04:09:44 | Computer Name = CK | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "WSearch" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error - 29.05.2013 04:10:38 | Computer Name = CK | Source = Service Control Manager | ID = 7023 Description = Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet: %%2147500037 Error - 29.05.2013 04:11:07 | Computer Name = CK | Source = DCOM | ID = 10010 Description = Der Server "{B12468C9-5B13-40D9-B74B-1815B776F1FB}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 29.05.2013 04:25:50 | Computer Name = CK | Source = Service Control Manager | ID = 7023 Description = Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet: %%2147500037 Error - 29.05.2013 04:26:20 | Computer Name = CK | Source = DCOM | ID = 10010 Description = Der Server "{B12468C9-5B13-40D9-B74B-1815B776F1FB}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 29.05.2013 04:26:21 | Computer Name = CK | Source = Service Control Manager | ID = 7023 Description = Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet: %%2147500037 Error - 29.05.2013 04:26:50 | Computer Name = CK | Source = DCOM | ID = 10010 Description = Der Server "{B12468C9-5B13-40D9-B74B-1815B776F1FB}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. [ TuneUp Events ] Error - 02.10.2011 12:44:17 | Computer Name = CK | Source = TuneUp.UtilitiesSvc | ID = 300 Description = < End of report > - Schritt 3 (Gmer) funktionierte nicht mehr richtig. Nach dem Scan hatte ich den berühmten "blauen Bildschirm" mit langem Fehlertext (nicht kopierbar). Nach dem Neustart, den ich manuell durchführen musste, bekam ich wieder eine "System 32-Fehlermeldung", hierzu konnte ich wenigstens einen Screenprint machen, den ich auch als World-Dokument schicken könnte. Die technischen Informationen zu dem Problembericht lauteten: C:\DOKUME~1\clk\LOKALE~1\Temp\WERe788.dir00\Mini052913-01.dmp C:\DOKUME~1\clk\LOKALE~1\Temp\WERe788.dir00\sysdata.xml Ich benötige also bitte dringend Hilfe, weil ich offensichtlich alle Fehler gemacht habe, die man nur machen kann. Was kann/soll ich als nächstes tun, um meinen Rechner wieder "sauber" zu bekommen? Herzlichen Dank schon mal vorab für euer Feedback! Liebe Grüße Claudia |
29.05.2013, 21:50 | #2 |
/// the machine /// TB-Ausbilder | Habe um meinen PC zu schützen VIELE Schutzprogramme incl. Viren runtergeladen :-( Hi,
__________________bei mir gibt's nur eine regel: es wird nur das gemacht was ich sage, also keine anderen tools mehr laufen lassen Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
__________________ |
29.05.2013, 23:06 | #3 |
| Habe um meinen PC zu schützen VIELE Schutzprogramme incl. Viren runtergeladen :-( Hi, hier die ComboFix-Log-Datei:
__________________Combofix Logfile: Code:
ATTFilter ComboFix 13-05-30.01 - clk 29.05.2013 23:44:17.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1023.622 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\clk\Eigene Dateien\Downloads\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP c:\dokumente und einstellungen\All Users\Anwendungsdaten\Wincert\WIN32C~1.DLL c:\dokumente und einstellungen\All Users\SPL2F9.tmp c:\dokumente und einstellungen\All Users\SPL428.tmp c:\dokumente und einstellungen\clk\WINDOWS c:\dokumente und einstellungen\Default User\WINDOWS c:\windows\IsUn0407.exe c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\muzapp.exe c:\windows\system32\roboot.exe c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe c:\windows\wininit.ini . . ((((((((((((((((((((((( Dateien erstellt von 2013-04-28 bis 2013-05-29 )))))))))))))))))))))))))))))) . . 2013-05-27 21:54 . 2013-05-27 21:54 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\StarApp 2013-05-26 18:38 . 2013-05-26 18:38 -------- d-----w- c:\programme\Uninstaller 2013-05-23 23:02 . 2013-05-23 23:02 -------- d-----w- c:\programme\LyricsFan 2013-05-23 23:01 . 2013-05-23 23:02 -------- d-----w- c:\programme\FindLyrics 2013-05-23 21:49 . 2013-05-23 21:49 -------- d-----w- c:\programme\SystemRequirementsLab 2013-05-13 21:10 . 2013-05-22 11:02 -------- d-----w- c:\windows\Lhsp 2013-05-13 21:09 . 2013-05-13 21:10 -------- d-----w- c:\windows\speech 2013-05-13 21:09 . 2013-05-22 08:10 -------- d-----w- c:\programme\MWS Reader 4 2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\programme\Internet Explorer\PLUGINS\nppdf32.dll 2013-05-08 21:18 . 2013-05-08 21:18 -------- d-----w- c:\dokumente und einstellungen\clk\AppData . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-15 19:11 . 2013-02-05 20:32 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-15 19:11 . 2013-02-05 20:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-16 22:16 . 2005-08-17 12:30 920064 ----a-w- c:\windows\system32\wininet.dll 2013-04-16 22:16 . 2005-08-17 12:29 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-04-16 22:16 . 2005-08-17 12:29 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-04-12 23:28 . 2005-08-17 12:29 385024 ----a-w- c:\windows\system32\html.iec 2013-04-12 14:00 . 2005-08-17 12:30 1876480 ----a-w- c:\windows\system32\win32k.sys 2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr 2013-03-08 08:36 . 2005-08-17 12:30 293888 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 15:56 . 2005-08-17 12:30 2195712 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 15:56 . 2004-08-04 00:50 2072320 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-06-15 20:10 . 2012-06-15 20:11 894448 -c--a-w- c:\programme\chromeinstall-7u5.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{A8720491-9558-4C0D-9E35-30EED15DFB2B}] 2013-05-20 09:10 127488 ----a-w- c:\programme\LyricsFan\lrcfan.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\programme\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536] "KiesPreload"="c:\programme\Samsung\Kies\Kies.exe" [2012-11-12 968120] "KiesAirMessage"="c:\programme\Samsung\Kies\KiesAirMessage.exe" [2012-11-01 577536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394] "SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218] "THotkey"="c:\programme\Toshiba\Toshiba Applet\thotkey.exe" [2005-07-06 356352] "PadTouch"="c:\programme\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327] "Tvs"="c:\programme\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 73728] "SmoothView"="c:\programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2005-05-13 118784] "GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "ISUSPM Startup"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "lxeemon.exe"="c:\programme\Lexmark Pro700 Series\lxeemon.exe" [2010-01-18 770728] "EzPrint"="c:\programme\Lexmark Pro700 Series\ezprint.exe" [2010-01-18 139944] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664] "LexwareInfoService"="c:\programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808] "QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2011-10-24 421888] "KiesTrayAgent"="c:\programme\Samsung\Kies\KiesTrayAgent.exe" [2012-11-12 309688] "AdobeAAMUpdater-1.0"="c:\programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] "Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "IntelliPoint"="c:\programme\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576] "SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\ Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] 2005-04-14 19:05 344064 -c--a-w- c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam] 2009-07-24 14:05 118640 ----a-w- c:\programme\Microsoft LifeCam\LifeExp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote Control Editor] 2009-09-22 17:29 1528320 -c--a-w- c:\programme\Gemeinsame Dateien\TerraTec\Remote\TTTvRc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] 2004-08-06 06:27 860160 -c--a-w- c:\programme\Analog Devices\SoundMAX\SMax4.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2004-07-27 11:48 1388544 -c--a-w- c:\programme\Analog Devices\SoundMAX\SMax4PNP.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2013-03-12 05:32 253816 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2010-07-12 16:32 74752 -c--a-w- c:\programme\Winamp\winampa.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Acrobat Speed Launcher"="c:\programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 10.0\Reader\Reader_sl.exe" "QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime "NBKeyScan"="c:\programme\Nero\Nero BackItUp 4\NBKeyScan.exe" "LexwareInfoService"=c:\programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Programme\\Microsoft LifeCam\\LifeEnC2.exe"= "c:\\Programme\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Programme\\Microsoft LifeCam\\LifeTray.exe"= "c:\\Programme\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"= "c:\\Programme\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe"= "c:\\Programme\\TerraTec\\TerraTec Home Cinema\\VersionCheck\\VersionCheck.exe"= "c:\\Programme\\TerraTec\\TerraTec Home Cinema\\InstTool.exe"= "c:\\Programme\\TerraTec\\TerraTec Home Cinema\\TTDvrServer.exe"= "c:\\WINDOWS\\system32\\lxeecoms.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= "c:\\Dokumente und Einstellungen\\clk\\Anwendungsdaten\\Smilebox\\sbtb_install.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [28.05.2012 17:51 36000] R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [28.05.2012 17:51 86224] R2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 20:19 50704] R2 PDF Architect Helper Service;PDF Architect Helper Service;c:\programme\PDF Architect\HelperService.exe [09.01.2013 18:34 1324104] R2 WTGService;WTGService;c:\programme\Verbindungsassistent\WTGService.exe [15.01.2010 12:49 308688] R3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\drivers\dc3d.sys [13.04.2013 22:44 45288] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [19.11.2012 01:33 83168] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [19.11.2012 01:33 181344] S2 DeviceManager;DeviceManager;c:\programme\Gemeinsame Dateien\DeviceHelper\DeviceManager.exe -start --> c:\programme\Gemeinsame Dateien\DeviceHelper\DeviceManager.exe -start [?] S2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [07.03.2010 22:43 98984] S2 PDF Architect Service;PDF Architect Service;c:\programme\PDF Architect\ConversionService.exe [09.01.2013 18:36 795208] S2 Skype C2C Service;Skype C2C Service;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe [02.10.2012 13:13 3064000] S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [13.07.2012 13:28 160944] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [22.11.2010 14:24 13224] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [15.01.2010 12:04 30560] S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [07.08.2010 19:53 103552] S3 S6U12Scanner;MUSTEK 1200 CU Still Image Device Service;c:\windows\system32\drivers\UsbScan.sys [16.01.2010 02:52 15104] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [22.11.2010 14:25 27632] S3 TTHID;Cinergy Hybrid-Stick HID service;c:\windows\system32\drivers\Cinergy_Hybrid-Stick_HID.sys [15.01.2010 13:24 23104] S3 UDXTTM6010;Cinergy Hybrid-Stick BDA service;c:\windows\system32\drivers\UDXTTM6010.sys [15.01.2010 13:24 763584] . Inhalt des "geplante Tasks" Ordners . 2013-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-05 19:11] . 2013-05-28 c:\windows\Tasks\AdobeAAMUpdater-1.0-CK-clk.job - c:\programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-12-14 05:09] . 2013-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2044978897-1172690549-42215457-1007Core.job - c:\dokumente und einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2011-09-07 11:03] . 2013-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2044978897-1172690549-42215457-1007UA.job - c:\dokumente und einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2011-09-07 11:03] . 2013-05-29 c:\windows\Tasks\Lyrics Fan Update.job - c:\programme\LyricsFan\LyricsFanUpdater.exe [2013-05-20 09:10] . 2013-04-13 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\programme\Microsoft IntelliPoint\ipoint.exe [2011-08-01 13:57] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:8080;https=127.0.0.1:8080 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: DhcpNameServer = 192.168.1.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) MSConfigStartUp-EPSON Stylus C82 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe AddRemove-PC-Diagnose-Tool - c:\windows\IsUn0407.exe AddRemove-SP_08b196fe - c:\programme\ContinueToSave\uninstall.exe AddRemove-SP_d2639597 - c:\programme\WebSearch\uninstall.exe AddRemove-{3D49617F-AA81-495D-1361-3D236B61E35B} - c:\dokume~1\ALLUSE~1\ANWEND~1\INSTAL~2\{EA9E5~1\Setup.exe AddRemove-01_Simmental - c:\programme\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\programme\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\programme\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\programme\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-07_Schorl - c:\programme\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-09_Hsp - c:\programme\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\programme\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\programme\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-20_NXP_Driver - c:\programme\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-24_flashusbdriver - c:\programme\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\programme\Samsung\USB Drivers\25_escape\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-05-29 23:58 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'winlogon.exe'(924) c:\windows\system32\Ati2evxx.dll . Zeit der Fertigstellung: 2013-05-30 00:04:16 ComboFix-quarantined-files.txt 2013-05-29 22:04 . Vor Suchlauf: 16 Verzeichnis(se), 24.588.226.560 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 24.848.969.728 Bytes frei . WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn . - - End Of File - - 9BCA8D4D113EA3AFCC2059D0FF81013E Und nun? LG Claudia |
29.05.2013, 23:09 | #4 |
/// the machine /// TB-Ausbilder | Habe um meinen PC zu schützen VIELE Schutzprogramme incl. Viren runtergeladen :-( Bleibt noch einiges an Arbeit Downloade dir bitte Rogue Killer von hier.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches OTL log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.05.2013, 23:20 | #5 |
| Habe um meinen PC zu schützen VIELE Schutzprogramme incl. Viren runtergeladen :-( OKI, hier erst mal die RK-Log-Datei: RogueKiller V8.5.4 [Mar 18 2013] durch Tigzy mail: tigzyRK<at>gmail<dot>com mail : tigzyRK<at>gmail<dot>com Kommentare : RogueKiller - Geeks to Go Forums Webseite : Download RogueKiller (Official website) Blog : tigzy-RK Betriebssystem : Windows XP (5.1.2600 Service Pack 3) 32 bits version Gestartet in : Normaler Modus Benutzer : clk [Admin Rechte] Funktion : Scannen -- Datum : 05/30/2013 00:15:41 | ARK || FAK || MBR | ¤¤¤ Böswillige Prozesse : 0 ¤¤¤ ¤¤¤ Registry-Einträge : 5 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:8080;hxxps=127.0.0.1:8080) -> GEFUNDEN [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> GEFUNDEN [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> GEFUNDEN [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> GEFUNDEN [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN ¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤ ¤¤¤ Treiber : [GELADEN] ¤¤¤ SSDT[25] : NtClose @ 0x80567C07 -> HOOKED (Unknown @ 0xF7CAE9BC) SSDT[41] : NtCreateKey @ 0x80573887 -> HOOKED (Unknown @ 0xF7CAE976) SSDT[50] : NtCreateSection @ 0x80565433 -> HOOKED (Unknown @ 0xF7CAE9C6) SSDT[53] : NtCreateThread @ 0x80578925 -> HOOKED (Unknown @ 0xF7CAE96C) SSDT[63] : NtDeleteKey @ 0x80595ABA -> HOOKED (Unknown @ 0xF7CAE97B) SSDT[65] : NtDeleteValueKey @ 0x805936DA -> HOOKED (Unknown @ 0xF7CAE985) SSDT[68] : NtDuplicateObject @ 0x805749DA -> HOOKED (Unknown @ 0xF7CAE9B7) SSDT[98] : NtLoadKey @ 0x805ADCBB -> HOOKED (Unknown @ 0xF7CAE98A) SSDT[122] : NtOpenProcess @ 0x80574BC1 -> HOOKED (Unknown @ 0xF7CAE958) SSDT[128] : NtOpenThread @ 0x80590CFC -> HOOKED (Unknown @ 0xF7CAE95D) SSDT[177] : NtQueryValueKey @ 0x8056A531 -> HOOKED (Unknown @ 0xF7CAE9DF) SSDT[193] : NtReplaceKey @ 0x8065012A -> HOOKED (Unknown @ 0xF7CAE994) SSDT[200] : NtRequestWaitReplyPort @ 0x8056DD9E -> HOOKED (Unknown @ 0xF7CAE9D0) SSDT[204] : NtRestoreKey @ 0x8064FCC1 -> HOOKED (Unknown @ 0xF7CAE98F) SSDT[213] : NtSetContextThread @ 0x8062E8FB -> HOOKED (Unknown @ 0xF7CAE9CB) SSDT[237] : NtSetSecurityObject @ 0x80598227 -> HOOKED (Unknown @ 0xF7CAE9D5) SSDT[247] : NtSetValueKey @ 0x8057DAF3 -> HOOKED (Unknown @ 0xF7CAE980) SSDT[255] : NtSystemDebugControl @ 0x8064AD09 -> HOOKED (Unknown @ 0xF7CAE9DA) SSDT[257] : NtTerminateProcess @ 0x80585851 -> HOOKED (Unknown @ 0xF7CAE967) S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7CAE9EE) S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7CAE9F3) ¤¤¤ Hosts-Datei: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR überprüfen: ¤¤¤ +++++ PhysicalDrive0: FUJITSU MHV2080BH +++++ --- User --- [MBR] 734e3e3266d18b4a2a96f5324795e50b [BSP] 11a7810e0250fcb50b0c0d5abe648c91 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76112 Mo 3 - [XXXXXX] UNKNOWN (0x88) [VISIBLE] Offset (sectors): 155878695 | Size: 203 Mo User = LL1 ... OK! User = LL2 ... OK! Abgeschlossen : << RKreport[1]_S_05302013_02d0015.txt >> RKreport[1]_S_05302013_02d0015.txt Den Adw-Cleaner hatte ich mir vorher schon mal auf mein Desktop geladen. Kann ich den nehmen, oder muss ich den neu runterladen? LG Claudia |
29.05.2013, 23:21 | #6 |
/// the machine /// TB-Ausbilder | Habe um meinen PC zu schützen VIELE Schutzprogramme incl. Viren runtergeladen :-( Neu laden, aber bitte vorher noch einmal RogueKiller und Löschen klicken nach dem Scan. Und warte bis Du alle Scans durch hast und poste alle Logs euf einmal, ich bekomm sonst keine Benachrichtigung
__________________ --> Habe um meinen PC zu schützen VIELE Schutzprogramme incl. Viren runtergeladen :-( |
30.05.2013, 00:16 | #7 |
| Habe um meinen PC zu schützen VIELE Schutzprogramme incl. Viren runtergeladen :-( OK, hier alle Logfiles: RogueKiller V8.5.4 [Mar 18 2013] durch Tigzy mail: tigzyRK<at>gmail<dot>com mail : tigzyRK<at>gmail<dot>com Kommentare : RogueKiller - Geeks to Go Forums Webseite : Download RogueKiller (Official website) Blog : tigzy-RK Betriebssystem : Windows XP (5.1.2600 Service Pack 3) 32 bits version Gestartet in : Normaler Modus Benutzer : clk [Admin Rechte] Funktion : Entfernen -- Datum : 05/30/2013 00:46:15 | ARK || FAK || MBR | ¤¤¤ Böswillige Prozesse : 0 ¤¤¤ ¤¤¤ Registry-Einträge : 5 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:8080;hxxps=127.0.0.1:8080) -> NICHT ENTFERNT, PROXY REPARIEREN BENUTZEN [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> GELÖSCHT [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> ERSETZT (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> ERSETZT (1) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ERSETZT (0) ¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤ ¤¤¤ Treiber : [GELADEN] ¤¤¤ SSDT[25] : NtClose @ 0x80567C07 -> HOOKED (Unknown @ 0xF7D3AC44) SSDT[41] : NtCreateKey @ 0x80573887 -> HOOKED (Unknown @ 0xF7D3ABFE) SSDT[50] : NtCreateSection @ 0x80565433 -> HOOKED (Unknown @ 0xF7D3AC4E) SSDT[53] : NtCreateThread @ 0x80578925 -> HOOKED (Unknown @ 0xF7D3ABF4) SSDT[63] : NtDeleteKey @ 0x80595ABA -> HOOKED (Unknown @ 0xF7D3AC03) SSDT[65] : NtDeleteValueKey @ 0x805936DA -> HOOKED (Unknown @ 0xF7D3AC0D) SSDT[68] : NtDuplicateObject @ 0x805749DA -> HOOKED (Unknown @ 0xF7D3AC3F) SSDT[98] : NtLoadKey @ 0x805ADCBB -> HOOKED (Unknown @ 0xF7D3AC12) SSDT[122] : NtOpenProcess @ 0x80574BC1 -> HOOKED (Unknown @ 0xF7D3ABE0) SSDT[128] : NtOpenThread @ 0x80590CFC -> HOOKED (Unknown @ 0xF7D3ABE5) SSDT[177] : NtQueryValueKey @ 0x8056A531 -> HOOKED (Unknown @ 0xF7D3AC67) SSDT[193] : NtReplaceKey @ 0x8065012A -> HOOKED (Unknown @ 0xF7D3AC1C) SSDT[200] : NtRequestWaitReplyPort @ 0x8056DD9E -> HOOKED (Unknown @ 0xF7D3AC58) SSDT[204] : NtRestoreKey @ 0x8064FCC1 -> HOOKED (Unknown @ 0xF7D3AC17) SSDT[213] : NtSetContextThread @ 0x8062E8FB -> HOOKED (Unknown @ 0xF7D3AC53) SSDT[237] : NtSetSecurityObject @ 0x80598227 -> HOOKED (Unknown @ 0xF7D3AC5D) SSDT[247] : NtSetValueKey @ 0x8057DAF3 -> HOOKED (Unknown @ 0xF7D3AC08) SSDT[255] : NtSystemDebugControl @ 0x8064AD09 -> HOOKED (Unknown @ 0xF7D3AC62) SSDT[257] : NtTerminateProcess @ 0x80585851 -> HOOKED (Unknown @ 0xF7D3ABEF) S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7D3AC76) S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7D3AC7B) ¤¤¤ Hosts-Datei: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR überprüfen: ¤¤¤ +++++ PhysicalDrive0: FUJITSU MHV2080BH +++++ --- User --- [MBR] 734e3e3266d18b4a2a96f5324795e50b [BSP] 11a7810e0250fcb50b0c0d5abe648c91 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76112 Mo 3 - [XXXXXX] UNKNOWN (0x88) [VISIBLE] Offset (sectors): 155878695 | Size: 203 Mo User = LL1 ... OK! User = LL2 ... OK! Abgeschlossen : << RKreport[3]_D_05302013_02d0046.txt >> RKreport[1]_S_05302013_02d0015.txt ; RKreport[2]_S_05302013_02d0043.txt ; RKreport[3]_D_05302013_02d0046.txtAdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.301 - Datei am 30/05/2013 um 00:49:12 erstellt # Aktualisiert am 16/05/2013 von Xplode # Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits) # Benutzer : clk - CK # Bootmodus : Normal # Ausgeführt unter : C:\Dokumente und Einstellungen\clk\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Die Registrierungsdatenbank ist sauber. -\\ Google Chrome v27.0.1453.94 Datei : C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Preferences Gelöscht [l.37] : icon_url = "hxxp://websearch.searchrocket.info/favicon.ico", Gelöscht [l.40] : keyword = "websearch", Gelöscht [l.44] : search_url = "hxxp://websearch.searchrocket.info/?l=1&q={searchTerms}&pid=658&r=2013/05/27&hi[...] ************************* AdwCleaner[S1].txt - [2884 octets] - [28/05/2013 10:06:43] AdwCleaner[S2].txt - [13045 octets] - [29/05/2013 00:17:38] AdwCleaner[S3].txt - [1764 octets] - [30/05/2013 00:21:20] AdwCleaner[S4].txt - [1161 octets] - [30/05/2013 00:49:12] ########## EOF - C:\AdwCleaner[S4].txt - [1221 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Microsoft Windows XP x86 Ran by clk on 30.05.2013 at 1:13:00,60 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\filescout Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\clk\Anwendungsdaten\goforfiles" Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\clk\Anwendungsdaten\systweak" Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\clk\appdata\locallow\datamngr" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 30.05.2013 at 1:14:59,72 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ LG Claudia Sollen wir morgen weiter machen??? Okay, du bist offline. Also danngute Nacht und bis morgen (gleich). ;-) LG Claudia |
30.05.2013, 06:32 | #8 |
/// the machine /// TB-Ausbilder | Habe um meinen PC zu schützen VIELE Schutzprogramme incl. Viren runtergeladen :-( Also ich wär da, Kaffe is da, wo bleibt das frische OTL Logfile?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.05.2013, 14:35 | #9 |
| Habe um meinen PC zu schützen VIELE Schutzprogramme incl. Viren runtergeladen :-( Hier ist er, aber das hat über eine Stunde gedauert. Der PC wird gerade NOCH langsamer als vorher... :-(OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.05.2013 14:37:09 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\clk\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,42 Mb Total Physical Memory | 293,11 Mb Available Physical Memory | 28,64% Memory free 2,41 Gb Paging File | 1,72 Gb Available in Paging File | 71,41% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,33 Gb Total Space | 22,93 Gb Free Space | 30,86% Space Free | Partition Type: NTFS Computer Name: CK | User Name: clk | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.29 10:28:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\clk\Desktop\OTL.exe PRC - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\HelperService.exe PRC - [2012.11.12 12:45:18 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.11.12 12:45:14 | 000,968,120 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe PRC - [2012.11.01 14:16:42 | 000,577,536 | ---- | M] (Samsung Electronics) -- C:\Programme\Samsung\Kies\KiesAirMessage.exe PRC - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.08.09 20:51:26 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.12.28 09:55:12 | 005,579,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\Install\NDP40-KB2656351-x86.exe PRC - [2011.12.26 03:51:18 | 000,079,112 | ---- | M] (Microsoft Corporation) -- c:\f57786df4e16d3a798d97a2428dd\Setup.exe PRC - [2011.07.31 14:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe PRC - [2010.01.18 11:51:22 | 000,139,944 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\ezprint.exe PRC - [2010.01.18 11:51:20 | 000,770,728 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\lxeemon.exe PRC - [2010.01.15 12:53:35 | 000,308,688 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe PRC - [2010.01.07 16:20:28 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxeecoms.exe PRC - [2009.07.24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe PRC - [2009.05.25 11:18:04 | 000,040,960 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\DeviceHelper\DeviceManager.exe PRC - [2008.08.29 18:56:58 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe PRC - [2008.08.29 16:20:56 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.08.11 17:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe PRC - [2005.07.06 17:29:22 | 000,356,352 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe PRC - [2005.07.05 16:08:48 | 000,034,816 | ---- | M] (TOSHIBA Corp.) -- C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe PRC - [2005.05.13 11:01:30 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe PRC - [2005.04.12 10:05:26 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe PRC - [2005.04.05 16:25:34 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Tvs\TvsTray.exe PRC - [2005.01.18 01:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe PRC - [2004.11.17 10:56:10 | 001,077,327 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\Touch and Launch\PadExe.exe PRC - [2004.10.15 00:28:02 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe ========== Modules (No Company Name) ========== MOD - [2013.05.28 03:36:24 | 001,114,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Podcaster\58d56b6e5f2d64072a30a2e30836c48b\Podcaster.ni.dll MOD - [2013.05.28 03:36:03 | 001,008,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\7d49dbd67986f8d42121998b34f4c117\CPKTMusicPlugin.ni.dll MOD - [2013.05.28 03:35:57 | 000,941,568 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\MusicManager\ea6d01d8b7841d50fd4982c5a8de85c6\MusicManager.ni.dll MOD - [2013.05.28 03:35:53 | 002,196,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\1d3881e1208354c3eaf1ea547dbe6e57\Kies.Common.Multimedia.ni.dll MOD - [2013.05.16 23:05:41 | 000,608,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePodcast\5fd169b743c851328f1ce54448cfc598\DevicePodcast.ni.dll MOD - [2013.05.16 23:05:39 | 000,293,888 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceVideo\cfa251d13148007a6933b966c042d0d6\DeviceVideo.ni.dll MOD - [2013.05.16 23:05:38 | 000,371,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePhoto\ce4b607c73d5580c9fc6bee40c7d78bd\DevicePhoto.ni.dll MOD - [2013.05.16 23:05:36 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceMusic\6ea65242122082eab20415e24c1ede0f\DeviceMusic.ni.dll MOD - [2013.05.16 23:05:35 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\VideoManager\9d7efff4973160fa60cdf0bea83af5e6\VideoManager.ni.dll MOD - [2013.05.16 23:05:31 | 001,491,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PodcastService\5a89adbbddd7f51ba595f1bd9e55e3b1\PodcastService.ni.dll MOD - [2013.05.16 23:05:29 | 000,621,568 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PhotoManager\57a9a4a0c4b8ac9e8b320f503c7edd79\PhotoManager.ni.dll MOD - [2013.05.16 23:05:13 | 006,242,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceHost\9d108adf5c109f98d4facbe7732dacff\DeviceHost.ni.dll MOD - [2013.05.16 23:04:52 | 001,879,040 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Phonebook\eba357cabe6a4322466c4849723f3f3d\Phonebook.ni.dll MOD - [2013.05.16 23:04:32 | 000,396,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BATPlugin\b9e8a3df0aabceb08b98d721af9c3c95\BATPlugin.ni.dll MOD - [2013.05.16 23:04:25 | 000,507,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\ceebedcdfa2c2594e97e5b0b06edf53c\Kies.Common.MediaDB.ni.dll MOD - [2013.05.16 23:04:22 | 000,064,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\c16d6291f2ba4824d3432098bb5a1a0a\Kies.Common.AllShare.ni.dll MOD - [2013.05.16 23:04:21 | 000,283,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c660385ceb5c4e62e1735ee758921b77\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll MOD - [2013.05.16 23:04:19 | 000,569,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f40c49bba92f7ad114be62ad99956d4e\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2013.05.16 23:04:17 | 000,621,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\cac3a4d93b07ea5ffaf37934cd72fad9\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll MOD - [2013.05.16 23:04:15 | 000,915,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\912fbcd57dc29ab59d795937985d2067\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll MOD - [2013.05.16 23:04:12 | 001,057,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7f814507d38f722ea12668601eccdef2\Kies.Common.DeviceService.ni.dll MOD - [2013.05.16 23:04:02 | 000,200,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\90d7bfef054a7714225ec62fb1b5bf0e\Kies.Common.MainUI.ni.dll MOD - [2013.05.16 23:04:01 | 000,066,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\b2642b48602b96bf37257e96637cb2c1\Kies.Common.DBManager.ni.dll MOD - [2013.05.16 23:04:00 | 000,273,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\a2e0f8e4559020b73813922ec9e1b490\Kies.Common.Util.ni.dll MOD - [2013.05.16 23:03:58 | 001,874,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.UI\957ef902c5e03f29b3f2c3c243e8f8e6\Kies.UI.ni.dll MOD - [2013.05.16 23:03:55 | 000,119,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\8c3eb2c5125c85b57c7b136e488a277f\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2013.05.16 23:03:54 | 001,211,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Interface\da94c8d8cd1b08607102ff4d783da070\Kies.Interface.ni.dll MOD - [2013.05.16 23:03:12 | 001,692,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies\8e2a077381fe98ea660ba46f5dd5075a\Kies.ni.exe MOD - [2013.05.16 21:16:42 | 018,019,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\03a2c7d0e26886bf966276d441290257\PresentationFramework.ni.dll MOD - [2013.05.16 21:15:52 | 011,522,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\921404b7803bda0cb1cba2ee458e4c9f\PresentationCore.ni.dll MOD - [2013.05.16 21:15:33 | 003,880,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\0268fc0c7a4db1850c1c6ba33d980b29\WindowsBase.ni.dll MOD - [2013.05.16 21:15:11 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\88856f5f657eaa34828421b355a5fd76\System.Configuration.ni.dll MOD - [2013.05.16 21:15:07 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\56734db07bf2cb287a5f0cf662cc32ef\System.Core.ni.dll MOD - [2013.05.16 21:14:45 | 013,198,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\40730f817297bb5d791a7101ed9630fe\System.Windows.Forms.ni.dll MOD - [2013.01.10 11:45:49 | 012,621,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Theme\ac8efe59a037ffeb38513bdea352da28\Kies.Theme.ni.dll MOD - [2013.01.10 11:44:59 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\0a9aa8a20cf2f935e03e948e5fe7a476\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll MOD - [2013.01.10 11:43:15 | 000,029,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\34da4bec626fd6331c6702365be50f28\Kies.Common.StoreManager.ni.dll MOD - [2013.01.10 11:43:11 | 000,232,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\779a065e9d217d3a3aeeb354f9fce387\ASF_cSharpAPI.ni.dll MOD - [2013.01.10 11:43:08 | 000,043,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.FUSCryptLib\7296ee8d41eeb2bcc543df81eea19ebe\Interop.FUSCryptLib.ni.dll MOD - [2013.01.10 11:43:04 | 000,189,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7504b4d1e0c4f84827a869844fa75ffd\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll MOD - [2013.01.10 11:43:00 | 000,175,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\9a9a70b72df9ca4a018ffeb43208fac0\Interop.DevFileServiceLib.ni.dll MOD - [2013.01.10 11:42:52 | 000,018,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.DeviceServi#\d89293c7be2f75ca92ddd2efac0dcfad\Interop.DeviceServiceModelDBLib.ni.dll MOD - [2013.01.10 11:42:50 | 000,184,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c35f66934441c52d7c6f60347751059f\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2013.01.10 10:55:41 | 000,395,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll MOD - [2013.01.10 10:55:33 | 000,743,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\78c73ae3f99d95d788e3690a561a7701\ICSharpCode.SharpZipLib.ni.dll MOD - [2013.01.10 10:55:28 | 000,052,224 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll MOD - [2013.01.10 10:55:27 | 001,499,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Locale\570e33cc3bc3f82ffc64c06efd1e90d6\Kies.Locale.ni.dll MOD - [2013.01.10 10:55:26 | 000,078,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\495e94c8e04436b65dcb695c969d0d4e\Kies.MVVM.ni.dll MOD - [2013.01.10 00:08:18 | 001,812,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\25732130189e8f468a7d98647edffe8e\System.Xaml.ni.dll MOD - [2013.01.09 17:29:33 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\a23c39d504467a0024e5f20c0f962f3f\System.Xml.ni.dll MOD - [2013.01.09 17:26:37 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\307bb964c6b7dbc20676e8905ec99df9\System.Drawing.ni.dll MOD - [2013.01.09 17:26:31 | 009,094,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\5f79b00e1aaeafcc07907aa61fd3599e\System.ni.dll MOD - [2013.01.09 17:26:10 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2012.04.16 23:11:02 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2010.01.18 11:51:22 | 000,139,944 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\ezprint.exe MOD - [2010.01.18 11:51:20 | 000,770,728 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\lxeemon.exe MOD - [2010.01.15 12:53:35 | 000,308,688 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe MOD - [2009.12.16 13:07:29 | 001,159,168 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\lxeedrs.dll MOD - [2009.12.16 13:04:21 | 000,389,120 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\lxeescw.dll MOD - [2009.12.12 16:12:03 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.11.04 09:14:19 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxeedrpp.dll MOD - [2009.06.23 07:11:04 | 000,102,400 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\epoemdll.dll MOD - [2009.06.23 07:10:29 | 000,045,056 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\epstring.dll MOD - [2009.06.23 07:09:11 | 002,203,648 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\epwizres.dll MOD - [2009.05.27 08:16:50 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxeedatr.dll MOD - [2009.05.25 11:18:04 | 000,040,960 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\DeviceHelper\DeviceManager.exe MOD - [2009.04.28 09:56:29 | 000,024,064 | ---- | M] () -- C:\WINDOWS\system32\LXEEsmr.dll MOD - [2009.04.07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\iptk.dll MOD - [2009.03.30 08:37:28 | 000,708,608 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\epwizard.dll MOD - [2009.03.30 08:35:40 | 000,159,744 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\customui.dll MOD - [2009.03.30 08:35:22 | 000,061,440 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\epfunct.dll MOD - [2009.03.30 08:35:17 | 000,118,784 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\eputil.dll MOD - [2009.03.30 08:35:05 | 000,139,264 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\imagutil.dll MOD - [2009.03.10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\lxeecaps.dll MOD - [2009.03.02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Programme\Lexmark Pro700 Series\lxeeptp.dll MOD - [2009.02.20 10:48:03 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\LXEEsm.dll MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2004.07.20 17:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013.05.15 21:11:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Stopped] -- C:\Programme\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.01.15 12:53:35 | 000,308,688 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService) SRV - [2010.01.07 16:20:28 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxeecoms.exe -- (lxee_device) SRV - [2010.01.07 16:20:23 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeeserv.exe -- (lxeeCATSCustConnectService) SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2009.07.24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2009.05.25 11:18:04 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\DeviceHelper\DeviceManager.exe -- (DeviceManager) SRV - [2008.08.29 18:56:58 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) SRV - [2008.08.29 16:20:56 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.07.05 16:08:48 | 000,034,816 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV) SRV - [2005.01.18 01:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\clk\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - [2012.09.20 06:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.09.20 06:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2012.06.27 10:37:56 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2012.06.27 10:37:56 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) DRV - [2012.06.27 10:37:56 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.08.01 15:57:30 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d) DRV - [2010.11.22 14:25:54 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2010.11.22 14:24:53 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc) DRV - [2010.11.22 14:24:53 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.04 13:09:32 | 000,763,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UDXTTM6010.sys -- (UDXTTM6010) DRV - [2009.11.04 13:09:32 | 000,023,104 | ---- | M] (DTV-DVB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Cinergy_Hybrid-Stick_HID.sys -- (TTHID) DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2009.07.24 16:05:24 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo) DRV - [2009.06.19 16:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2009.05.25 11:18:02 | 000,103,552 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcusbser.sys -- (qcusbser) DRV - [2008.07.24 12:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.04.13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2005.07.04 15:54:08 | 000,098,176 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd) DRV - [2005.06.27 18:48:08 | 000,053,504 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid) DRV - [2005.05.30 18:28:38 | 000,008,576 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec) DRV - [2005.05.10 17:50:00 | 000,029,056 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs) DRV - [2005.04.15 07:14:58 | 001,130,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.04.13 00:30:12 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2005.03.31 02:18:40 | 000,230,400 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2005.03.30 12:42:54 | 000,047,230 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte) DRV - [2005.03.02 08:45:24 | 000,004,864 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD) DRV - [2004.12.21 11:38:12 | 000,034,816 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2004.10.29 18:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) DRV - [2004.10.04 10:33:02 | 000,062,799 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2004.08.04 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004.08.04 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2003.01.29 23:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Bing IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{E649DC79-BD07-46CD-85E1-6D561DA45348}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8080;https=127.0.0.1:8080 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Programme\PDF Architect\FFPDFArchitectExt [2013.02.05 01:26:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lrcfan@fansoft.br: C:\Programme\LyricsFan\FF\ [2013.05.24 01:02:06 | 000,000,000 | ---D | M] [2012.05.28 21:11:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Mozilla\Extensions [2012.05.28 21:11:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Mozilla\Extensions\ideskbrowser@haufe.de [2011.03.09 18:58:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.01.15 10:36:52 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.10.14 20:03:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.18 21:59:45 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.10.14 20:01:57 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll [2009.03.24 12:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Programme\mozilla firefox\plugins\npzylomgamesplayer.dll ========== Chrome ========== CHR - default_search_provider: WebSearch (Enabled) CHR - default_search_provider: search_url = hxxp://websearch.searchrocket.info/?l=1&q={searchTerms}&pid=658&r=2013/05/27&hid=542167775&lg=EN&cc=DE&unqvl=16 CHR - default_search_provider: suggest_url = hxxp://localhost CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: Picasa (Enabled) = C:\Programme\Google\Picasa3\npPicasa3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll O1 HOSTS File: ([2013.05.29 23:58:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (Lyrics Fan) - {A8720491-9558-4C0D-9E35-30EED15DFB2B} - C:\Programme\LyricsFan\lrcfan.dll (FAN Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (&TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\THCDeskBand.dll (TerraTec Electronic GmbH) O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EzPrint] C:\Programme\Lexmark Pro700 Series\ezprint.exe () O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [lxeemon.exe] C:\Programme\Lexmark Pro700 Series\lxeemon.exe () O4 - HKLM..\Run: [PadTouch] C:\Programme\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA) O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [THotkey] C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA) O4 - HKLM..\Run: [Tvs] C:\Programme\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [KiesAirMessage] C:\Programme\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPreload] C:\Programme\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\NPJPI150_02.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE8F664F-9C4B-483B-A8DB-622FC4AD8803}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.08.17 14:44:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.30 14:31:11 | 000,000,000 | ---D | C] -- C:\f57786df4e16d3a798d97a2428dd [2013.05.30 01:12:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013.05.30 01:12:24 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.30 01:11:57 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\clk\Desktop\JRT.exe [2013.05.30 00:16:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.05.30 00:12:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\clk\Desktop\RK_Quarantine [2013.05.29 23:41:04 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.05.29 23:37:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.05.29 23:37:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.05.29 23:37:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.05.29 23:37:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.05.29 23:36:57 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.29 23:34:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.05.29 10:28:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\clk\Desktop\OTL.exe [2013.05.27 23:54:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StarApp [2013.05.26 20:38:36 | 000,000,000 | ---D | C] -- C:\Programme\Uninstaller [2013.05.26 20:34:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\player [2013.05.25 21:21:13 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\clk\Recent [2013.05.24 01:02:06 | 000,000,000 | ---D | C] -- C:\Programme\LyricsFan [2013.05.24 01:01:31 | 000,000,000 | ---D | C] -- C:\Programme\FindLyrics [2013.05.23 23:49:17 | 000,000,000 | ---D | C] -- C:\Programme\SystemRequirementsLab [2013.05.13 23:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Lhsp [2013.05.13 23:09:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech [2013.05.13 23:09:24 | 000,000,000 | ---D | C] -- C:\Programme\MWS Reader 4 [2013.05.08 23:18:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\clk\AppData [2012.06.15 22:11:23 | 000,894,448 | ---- | C] (Oracle Corporation) -- C:\Programme\chromeinstall-7u5.exe ========== Files - Modified Within 30 Days ========== [2013.05.30 15:23:18 | 000,556,544 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.05.30 15:23:18 | 000,506,084 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.05.30 15:23:18 | 000,089,548 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.05.30 15:23:17 | 000,116,942 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.05.30 15:09:19 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.05.30 14:51:30 | 000,001,202 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2044978897-1172690549-42215457-1007UA.job [2013.05.30 14:32:15 | 000,000,444 | ---- | M] () -- C:\Dokumente und Einstellungen\clk\Desktop\Verknüpfung mit Downloads.lnk [2013.05.30 14:23:36 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Lyrics Fan Update.job [2013.05.30 14:18:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.05.30 14:18:05 | 1073,201,152 | -HS- | M] () -- C:\hiberfil.sys [2013.05.30 01:11:53 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\clk\Desktop\JRT.exe [2013.05.30 00:20:34 | 000,632,031 | ---- | M] () -- C:\Dokumente und Einstellungen\clk\Desktop\adwcleaner.exe [2013.05.30 00:12:37 | 000,816,128 | ---- | M] () -- C:\Dokumente und Einstellungen\clk\Desktop\RogueKiller_8.5.4.exe [2013.05.29 23:58:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.05.29 23:41:16 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013.05.29 10:28:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\clk\Desktop\OTL.exe [2013.05.29 10:25:19 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\clk\defogger_reenable [2013.05.29 09:51:00 | 000,001,150 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2044978897-1172690549-42215457-1007Core.job [2013.05.28 02:00:13 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-CK-clk.job [2013.05.20 20:45:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.16 23:19:41 | 003,622,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.05.16 21:06:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK ========== Files Created - No Company Name ========== [2013.05.30 14:32:11 | 000,000,444 | ---- | C] () -- C:\Dokumente und Einstellungen\clk\Desktop\Verknüpfung mit Downloads.lnk [2013.05.30 00:12:46 | 000,816,128 | ---- | C] () -- C:\Dokumente und Einstellungen\clk\Desktop\RogueKiller_8.5.4.exe [2013.05.29 23:41:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2013.05.29 23:41:13 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.05.29 23:37:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.05.29 23:37:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.05.29 23:37:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.05.29 23:37:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.05.29 23:37:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.05.29 10:25:19 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\clk\defogger_reenable [2013.05.28 10:05:22 | 000,632,031 | ---- | C] () -- C:\Dokumente und Einstellungen\clk\Desktop\adwcleaner.exe [2013.05.24 01:02:08 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\Lyrics Fan Update.job [2013.03.11 14:25:04 | 000,002,482 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin [2012.11.27 22:49:46 | 000,774,826 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2044978897-1172690549-42215457-1007-0.dat [2012.11.27 22:49:31 | 000,275,386 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.10.29 13:09:28 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2012.10.29 13:09:28 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2012.10.29 13:09:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2012.10.29 13:09:28 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2012.10.29 13:09:28 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2012.02.15 14:43:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.08.28 22:05:55 | 000,001,474 | ---- | C] () -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\CountdownProPrefs.cdp [2011.08.28 21:57:18 | 000,123,172 | ---- | C] () -- C:\Programme\countdown.sis [2010.12.31 14:38:46 | 000,036,072 | ---- | C] () -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\mdbu.bin [2010.01.16 15:55:23 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt [2010.01.14 14:04:33 | 000,007,168 | ---- | C] () -- C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.14 14:04:33 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2005.08.17 14:51:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.01.16 00:16:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2013.01.13 18:15:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2013.05.28 10:06:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Datamngr [2012.11.16 12:31:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FMBackup2 [2012.05.28 18:27:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2011.02.24 12:29:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IM [2011.02.24 12:26:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IncrediMail [2010.12.22 19:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kestrel [2010.06.27 22:41:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexmark Pro700 Series [2012.05.28 18:31:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2012.09.24 22:37:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2012.12.15 00:35:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe [2012.11.19 01:30:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2013.05.27 23:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StarApp [2013.05.28 09:22:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Systweak [2010.01.15 15:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec [2013.04.15 20:51:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TVgenial [2013.05.29 23:56:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wincert [2010.02.14 18:21:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom [2011.02.18 19:33:01 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2012.12.14 22:21:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.04.13 21:17:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\DriverTurbo [2013.02.16 23:08:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\DVDVideoSoft [2013.03.28 15:07:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\GlarySoft [2012.05.28 21:10:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Haufe Mediengruppe [2010.07.25 19:27:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\InterVideo [2010.03.18 11:58:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\IrfanView [2010.12.22 19:46:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Kestrel [2010.01.15 23:57:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Lexware [2012.01.18 05:09:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\MAGIX [2010.01.16 00:45:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Marine Aquarium 3 [2012.12.15 00:48:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\PDAppFlex [2013.02.17 19:01:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\PDF Architect [2013.01.11 15:39:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\PhotoScape [2013.05.28 09:18:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\player [2013.01.23 22:15:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Samsung [2012.10.14 18:41:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Smilebox [2010.11.20 00:37:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Sony [2010.01.15 15:12:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\TerraTec [2005.08.18 10:13:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\toshiba [2010.01.31 01:17:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Verbindungsassistent [2010.01.16 01:44:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Windows Desktop Search [2010.01.16 01:45:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\clk\Anwendungsdaten\Windows Search ========== Purity Check ========== ========== Files - Unicode (All) ========== (C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft ??) -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft 鼠标 < End of report > LG Claudia Geändert von Claudia Kl. (30.05.2013 um 14:40 Uhr) |
30.05.2013, 14:43 | #10 |
/// the machine /// TB-Ausbilder | Habe um meinen PC zu schützen VIELE Schutzprogramme incl. Viren runtergeladen :-( Das bekommen wir schon hin Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32bit oder FRST 64bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.05.2013, 14:50 | #11 |
| Habe um meinen PC zu schützen VIELE Schutzprogramme incl. Viren runtergeladen :-( Okay, hier sind sie: --------------------------- Farbar Recovery Scan Tool --------------------------- The Addition.txt is saved in the same location FRST tool is run. --------------------------- OK --------------------------- Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-05-2013 Ran by clk at 2013-05-30 15:49:18 Run: Running from C:\Dokumente und Einstellungen\clk\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= "Nero SoundTrax Help (Version: 4.0.11.0) Adobe AIR (Version: 3.5.0.880) Adobe Download Assistant (Version: 1.2.3) Adobe Flash Player 11 ActiveX (Version: 11.7.700.202) Adobe Flash Player 11 Plugin (Version: 11.7.700.202) Adobe Photoshop CS6 (Version: 13.0) Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03) Advertising Center (Version: 0.0.0.1) ATI - Dienstprogramm zur Deinstallation der Software (Version: 6.14.10.1012) ATI Control Panel (Version: 6.14.10.5150) ATI Display Driver (Version: 8.13-050414a2-024375C) Avira Free Antivirus (Version: 12.1.9.1236) Bluetooth Stack for Windows by Toshiba (Version: v3.20.04) CD/DVD Drive Acoustic Silencer (Version: 1.00.008) Cinergy Hybrid Stick V1.00.08.06a (Version: 1.00.08.06a) CorelDRAW Graphics Suite X3 (Version: 13.0) DE (Version: 13.0) DolbyFiles (Version: 2.0) FontNav (Version: 5.0) Free YouTube to MP3 Converter version 3.12.0.128 (Version: 3.12.0.128) Google Chrome (Version: 27.0.1453.94) Hotfix für Windows XP (KB2633952) (Version: 1) Hotfix für Windows XP (KB2756822) (Version: 1) Hotfix für Windows XP (KB2779562) (Version: 1) HSPA USB MODEM ImagXpress (Version: 7.0.74.0) IrfanView (remove only) (Version: 4.35) J2SE Runtime Environment 5.0 Update 2 (Version: 1.5.0.20) Java 7 Update 21 (Version: 7.0.210) Java Auto Updater (Version: 2.1.9.5) Kestrel GX (Version: 1.0) L&H TTS3000 Deutsch Lexmark (Version: 1.0.0.0) Lexmark Pro700 Series Lexmark Symbolleiste (Version: 4.63.37.0) Lexmark Tools for Office (Version: 1.29.0.0) Lexware Info Service (Version: 2.80.00.0007) Lyrics Fan Macromedia Flash Player (Version: 7.0.19.0) Marvell Miniport Driver (Version: 11.45.3.3) Menu Templates - Starter Kit (Version: 9.0.4.0) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729) Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU (Version: 2.2.30729) Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729) Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU (Version: 3.2.30729) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Corporation (Version: 9.0.30729.1) Microsoft IntelliPoint 8.2 (Version: 8.20.468.0) Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft LifeCam (Version: 3.0.215.0) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Software Update for Web Folders (German) 12 (Version: 12.0.6612.1000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053) Microsoft_VC90_CRT_x86 (Version: 1.00.0000) Movie Templates - Starter Kit (Version: 9.0.4.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 6.0 Parser (KB925673) (Version: 6.00.3888.0) MUSTEK 1200 CU v2.0a Nero 9 Nero BackItUp (Version: 4.0.0.0) Nero BackItUp 4 Nero BurningROM (Version: 9.0.0.0) Nero BurnRights (Version: 2.99.6.100) Nero ControlCenter (Version: 9.0.0.1) Nero CoverDesigner (Version: 4.0.3.100) Nero CoverDesigner Help (Version: 4.0.0.0) Nero Disc Copy Gadget (Version: 1.53.0.0) Nero Disc Copy Gadget Help (Version: 2.0.0.0) Nero DiscSpeed (Version: 4.99.5.105) Nero DriveSpeed (Version: 3.99.5.105) Nero Express (Version: 9.0.0.0) Nero InfoTool (Version: 5.99.5.105) Nero Installer (Version: 2.0.0.1) Nero Live (Version: 1.0.160.0) Nero Live Help (Version: 1.0.160.0) Nero PhotoSnap (Version: 1.53.2.0) Nero PhotoSnap Help (Version: 1.53.2.0) Nero Recode (Version: 3.53.0.0) Nero Recode Help (Version: 3.53.0.0) Nero Rescue Agent (Version: 1.99.0.1) Nero RescueAgent Help (Version: 1.99.0.1) Nero ShowTime (Version: 4.99.0.0) Nero StartSmart (Version: 9.0.6.100) Nero StartSmart Help (Version: 9.0.0.0) Nero Vision (Version: 6.0.0.100) Nero Vision (Version: 6.0.3.100) Nero WaveEditor (Version: 5.0.10.0) Nero WaveEditor Help (Version: 5.0.10.0) NeroBurningROM (Version: 9.0.6.100) NeroExpress (Version: 9.0.6.100) neroxml (Version: 1.0.0) PDF Architect (Version: 1.0.52.8917) PDF Settings CS6 (Version: 11.0) PDFCreator (Version: 1.6.2) PhotoScape Picasa 3 (Version: 3.9) PlayStation(R)Network Downloader (Version: 2.03.00126) PlayStation(R)Store (Version: 3.2.11.09227) QuickSteuer 2011 (Version: 17.00.00.0055) QuickSteuer 2012 COMPUTERBILD Edition (Version: 18.07.00.0008) QuickSteuer Deluxe 2010 (Version: 16.12.00.0002) QuickSteuer Wissens-Center 2012 (Version: 18.0.0.0) QuickTime (Version: 7.71.80.42) Samsung Kies (Version: 2.5.0.12104_15) Samsung PC Studio 3 USB Driver Installer (Version: 3.2.0.70701) SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0) SD Secure Module (Version: 1.0.2) Servicepack Datumsaktualisierung (Version: 1.00.00.0005) Sicherheitsupdate für Windows Internet Explorer 8 (KB2183461) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2360131) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2416400) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2482017) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2497640) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2530548) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2544521) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2559049) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2586448) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2647516) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2675157) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2699988) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2722913) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2744842) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2761465) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2792100) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2797052) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2799329) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2809289) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2817183) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2829530) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2847204) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB971961) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB976325) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB978207) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB981332) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB982381) (Version: 1) Sicherheitsupdate für Windows XP (KB2584146) (Version: 1) Sicherheitsupdate für Windows XP (KB2585542) (Version: 1) Sicherheitsupdate für Windows XP (KB2598479) (Version: 1) Sicherheitsupdate für Windows XP (KB2603381) (Version: 1) Sicherheitsupdate für Windows XP (KB2618451) (Version: 1) Sicherheitsupdate für Windows XP (KB2619339) (Version: 1) Sicherheitsupdate für Windows XP (KB2620712) (Version: 1) Sicherheitsupdate für Windows XP (KB2621440) (Version: 1) Sicherheitsupdate für Windows XP (KB2624667) (Version: 1) Sicherheitsupdate für Windows XP (KB2631813) (Version: 1) Sicherheitsupdate für Windows XP (KB2633171) (Version: 1) Sicherheitsupdate für Windows XP (KB2639417) (Version: 1) Sicherheitsupdate für Windows XP (KB2641653) (Version: 1) Sicherheitsupdate für Windows XP (KB2646524) (Version: 1) Sicherheitsupdate für Windows XP (KB2647518) (Version: 1) Sicherheitsupdate für Windows XP (KB2653956) (Version: 1) Sicherheitsupdate für Windows XP (KB2655992) (Version: 1) Sicherheitsupdate für Windows XP (KB2659262) (Version: 1) Sicherheitsupdate für Windows XP (KB2660465) (Version: 1) Sicherheitsupdate für Windows XP (KB2661637) (Version: 1) Sicherheitsupdate für Windows XP (KB2676562) (Version: 1) Sicherheitsupdate für Windows XP (KB2685939) (Version: 1) Sicherheitsupdate für Windows XP (KB2686509) (Version: 1) Sicherheitsupdate für Windows XP (KB2691442) (Version: 1) Sicherheitsupdate für Windows XP (KB2695962) (Version: 1) Sicherheitsupdate für Windows XP (KB2698365) (Version: 1) Sicherheitsupdate für Windows XP (KB2705219) (Version: 1) Sicherheitsupdate für Windows XP (KB2707511) (Version: 1) Sicherheitsupdate für Windows XP (KB2709162) (Version: 1) Sicherheitsupdate für Windows XP (KB2712808) (Version: 1) Sicherheitsupdate für Windows XP (KB2718523) (Version: 1) Sicherheitsupdate für Windows XP (KB2719985) (Version: 1) Sicherheitsupdate für Windows XP (KB2723135) (Version: 1) Sicherheitsupdate für Windows XP (KB2724197) (Version: 1) Sicherheitsupdate für Windows XP (KB2727528) (Version: 1) Sicherheitsupdate für Windows XP (KB2731847) (Version: 1) Sicherheitsupdate für Windows XP (KB2753842) (Version: 1) Sicherheitsupdate für Windows XP (KB2753842-v2) (Version: 2) Sicherheitsupdate für Windows XP (KB2757638) (Version: 1) Sicherheitsupdate für Windows XP (KB2758857) (Version: 1) Sicherheitsupdate für Windows XP (KB2761226) (Version: 1) Sicherheitsupdate für Windows XP (KB2770660) (Version: 1) Sicherheitsupdate für Windows XP (KB2778344) (Version: 1) Sicherheitsupdate für Windows XP (KB2779030) (Version: 1) Sicherheitsupdate für Windows XP (KB2780091) (Version: 1) Sicherheitsupdate für Windows XP (KB2799494) (Version: 1) Sicherheitsupdate für Windows XP (KB2802968) (Version: 1) Sicherheitsupdate für Windows XP (KB2807986) (Version: 1) Sicherheitsupdate für Windows XP (KB2808735) (Version: 1) Sicherheitsupdate für Windows XP (KB2813170) (Version: 1) Sicherheitsupdate für Windows XP (KB2813345) (Version: 1) Sicherheitsupdate für Windows XP (KB2820197) (Version: 1) Sicherheitsupdate für Windows XP (KB2820917) (Version: 1) Sicherheitsupdate für Windows XP (KB2829361) (Version: 1) Skype Click to Call (Version: 6.3.11079) Skype™ 5.10 (Version: 5.10.116) SoundMAX (Version: 5.12.01.5240) SoundTrax (Version: 4.0.11.0) Synaptics Pointing Device Driver (Version: 7.12.4.0) System Requirements Lab for Intel (Version: 4.5.13.0) TerraTec Home Cinema (Version: 6.11.5) Texas Instruments PCIxx21/x515 drivers. (Version: 1.21.0000) TIxx21/x515 (Version: 1.21.0000) TOSHIBA Benutzerhandbücher (Version: 7.01) TOSHIBA ConfigFree (Version: 5.50.13) TOSHIBA Controls TOSHIBA Hotkey Utility (Version: 1.00.04K) TOSHIBA SD-Speicherkarten-Formatierung TOSHIBA Software Modem TOSHIBA TouchPad ON/Off Utility (Version: 1.00.09K) TOSHIBA Utilities (Version: 1.00.17K) TOSHIBA Virtual Sound TOSHIBA Zoom-Dienstprogramm Touch and Launch Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition Update für Windows Internet Explorer 8 (KB975364) (Version: 1) Update für Windows Internet Explorer 8 (KB976662) (Version: 1) Update für Windows Internet Explorer 8 (KB980182) (Version: 1) Update für Windows XP (KB2661254-v2) (Version: 2) Update für Windows XP (KB2718704) (Version: 1) Update für Windows XP (KB2736233) (Version: 1) Update für Windows XP (KB2749655) (Version: 1) Update Manager (Version: 4.60) VBA (Version: 6.2) Verbindungsassistent (Version: 2.1) WebFldrs XP (Version: 9.50.7523) Winamp (Version: 5.581 ) Winamp Erkennungs-Plug-in (Version: 1.0.0.1) Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0) Windows Internet Explorer 8 (Version: 20090308.140743) Windows Media Format 11 runtime Windows Media Player 11 Windows Presentation Foundation (Version: 3.0.6920.0) Windows-Treiberpaket - Intel (w29n51) net (12/19/2007 9.0.4.39) (Version: 12/19/2007 9.0.4.39) Windows-Treiberpaket - Intel hdc (10/05/2012 9.1.9.1002) (Version: 10/05/2012 9.1.9.1002) Windows-Treiberpaket - Intel System (10/05/2012 9.1.9.1002) (Version: 10/05/2012 9.1.9.1002) Windows-Treiberpaket - Intel USB (10/05/2012 9.1.9.1002) (Version: 10/05/2012 9.1.9.1002) Windows-Treiberpaket - Texas Instruments Inc (tifm21) MTD (05/25/2009 2.0.0.10) (Version: 05/25/2009 2.0.0.10) WinPcap 4.1.1 (Version: 4.1.0.1753) WinRAR XML Paper Specification Shared Components Pack 1.0 ==================== Restore Points ========================= 28-02-2013 19:29:43 Systemprüfpunkt 01-03-2013 21:53:51 Systemprüfpunkt 03-03-2013 12:13:18 Systemprüfpunkt 04-03-2013 19:00:52 Systemprüfpunkt 05-03-2013 19:54:40 Systemprüfpunkt 07-03-2013 10:41:16 Systemprüfpunkt 08-03-2013 15:25:59 Systemprüfpunkt 09-03-2013 15:40:44 Installed Windows XP -- Software Updates KB952011. 10-03-2013 15:58:31 Systemprüfpunkt 11-03-2013 12:24:20 RegClean Pro Mo, Mrz 11, 13 13:23 13-03-2013 12:35:08 Systemprüfpunkt 13-03-2013 22:15:23 Software Distribution Service 3.0 14-03-2013 08:56:47 Software Distribution Service 3.0 15-03-2013 11:16:49 Systemprüfpunkt 16-03-2013 16:07:32 Systemprüfpunkt 17-03-2013 19:10:01 Systemprüfpunkt 19-03-2013 09:12:46 Systemprüfpunkt 20-03-2013 10:47:20 Systemprüfpunkt 22-03-2013 18:19:50 Systemprüfpunkt 24-03-2013 19:56:26 Systemprüfpunkt 25-03-2013 22:59:48 Systemprüfpunkt 27-03-2013 21:23:57 Systemprüfpunkt 08-04-2013 19:59:05 Systemprüfpunkt 10-04-2013 07:07:16 Systemprüfpunkt 11-04-2013 01:01:02 Software Distribution Service 3.0 12-04-2013 06:48:48 Systemprüfpunkt 13-04-2013 10:07:28 Systemprüfpunkt 13-04-2013 19:27:15 Uniblue Powersuite installation 13-04-2013 19:45:01 PC Performer Sa, Apr 13, 13 21:44 13-04-2013 20:35:36 Konfiguriert SoundMAX 13-04-2013 20:46:03 Installed Windows XP Wdf01009. 15-04-2013 18:46:32 Removed Haufe iDesk-Browser. 15-04-2013 18:48:27 Haufe iDesk-Service wird entfernt 15-04-2013 19:42:19 Uniblue Powersuite installation 16-04-2013 21:13:25 Systemprüfpunkt 17-04-2013 23:25:03 Systemprüfpunkt 19-04-2013 04:16:46 Systemprüfpunkt 20-04-2013 19:55:21 Systemprüfpunkt 22-04-2013 10:31:02 Systemprüfpunkt 23-04-2013 14:18:20 Systemprüfpunkt 24-04-2013 17:56:01 Systemprüfpunkt 25-04-2013 21:18:50 Systemprüfpunkt 27-04-2013 15:07:28 Systemprüfpunkt 28-04-2013 16:56:18 Systemprüfpunkt 29-04-2013 17:48:00 Systemprüfpunkt 30-04-2013 20:22:12 Systemprüfpunkt 02-05-2013 06:34:35 Systemprüfpunkt 03-05-2013 20:13:51 Systemprüfpunkt 05-05-2013 12:02:19 Systemprüfpunkt 06-05-2013 14:25:12 Systemprüfpunkt 07-05-2013 18:42:36 Systemprüfpunkt 09-05-2013 18:15:27 Systemprüfpunkt 10-05-2013 18:59:38 Systemprüfpunkt 11-05-2013 20:27:04 Systemprüfpunkt 13-05-2013 01:46:24 Systemprüfpunkt 14-05-2013 04:27:28 Systemprüfpunkt 15-05-2013 18:43:26 Systemprüfpunkt 16-05-2013 18:49:34 Software Distribution Service 3.0 20-05-2013 19:04:42 Systemprüfpunkt 21-05-2013 20:13:00 Systemprüfpunkt 23-05-2013 06:48:22 Systemprüfpunkt 23-05-2013 21:49:15 Installed System Requirements Lab for Intel 23-05-2013 21:55:01 Removed Java 7 Update 9 25-05-2013 17:24:10 Systemprüfpunkt 26-05-2013 17:57:23 Systemprüfpunkt 26-05-2013 23:21:33 Software Distribution Service 3.0 27-05-2013 19:37:59 Uniblue SpeedUpMyPC installation 28-05-2013 01:00:37 Software Distribution Service 3.0 28-05-2013 07:16:42 Entfernt SMSC IrCC V5.1.3600.5 28-05-2013 07:17:56 Quitado VAFPlayer 29-05-2013 07:50:31 Software Distribution Service 3.0 30-05-2013 12:24:41 Software Distribution Service 3.0 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/30/2013 02:36:12 PM) (Source: Application Hang) (User: ) Description: Stillstehende Anwendung OUTLOOK.EXE, Version 12.0.6668.5000, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error: (05/30/2013 02:36:12 PM) (Source: Application Hang) (User: ) Description: Stillstehende Anwendung OUTLOOK.EXE, Version 12.0.6668.5000, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error: (05/30/2013 02:36:11 PM) (Source: Application Hang) (User: ) Description: Stillstehende Anwendung OUTLOOK.EXE, Version 12.0.6668.5000, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error: (05/29/2013 00:17:08 AM) (Source: Application Hang) (User: ) Description: Stillstehende Anwendung rundll32.exe, Version 5.1.2600.5512, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error: (05/28/2013 09:35:41 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL) Error: (05/28/2013 07:28:33 PM) (Source: Application Hang) (User: ) Description: Stillstehende Anwendung adwcleaner.exe, Version 2.3.0.1, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error: (05/27/2013 09:57:45 PM) (Source: Microsoft Office 12) (User: ) Description: Faulting application outlook.exe, version 12.0.6668.5000, stamp 508314b2, faulting module urlmon.dll, version 8.0.6001.23486, stamp 516dcdd1, debug? 0, fault address 0x000059e4. Error: (05/23/2013 11:56:10 PM) (Source: Application Error) (User: ) Description: Fehlgeschlagene Anwendung msiexec.exe, Version 4.5.6001.22159, fehlgeschlagenes Modul MSI2C7.tmp, Version 1.0.0.0, Fehleradresse 0x00015505. Das medienspezifische Ereignis für [msiexec.exe!ws!] wird verarbeitet. Error: (05/23/2013 11:48:31 PM) (Source: crypt32) (User: ) Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (05/23/2013 11:48:31 PM) (Source: crypt32) (User: ) Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . System errors: ============= Error: (05/30/2013 02:35:22 PM) (Source: DCOM) (User: CK) Description: Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "WSearch" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (05/30/2013 02:30:21 PM) (Source: DCOM) (User: CK) Description: Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "WSearch" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (05/30/2013 02:29:24 PM) (Source: DCOM) (User: CK) Description: Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "WSearch" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (05/30/2013 02:23:26 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/30/2013 02:23:26 PM) (Source: Service Control Manager) (User: ) Description: Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Gatewaydienst auf Anwendungsebene. Error: (05/30/2013 02:20:03 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet: %%2147500037 Error: (05/30/2013 02:20:03 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "lxeeCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/30/2013 02:20:02 PM) (Source: Service Control Manager) (User: ) Description: Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst lxeeCATSCustConnectService. Error: (05/30/2013 02:18:20 PM) (Source: Dhcp) (User: ) Description: Die IP-Adresslease 192.168.1.6 für die Netzwerkkarte mit der Netzwerkadresse 00A0D1256548 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error: (05/30/2013 01:29:09 AM) (Source: DCOM) (User: CK) Description: Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "WSearch" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Microsoft Office Sessions: ========================= Error: (05/27/2013 09:57:22 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 38895 seconds with 1560 seconds of active time. This session ended with a crash. Error: (05/06/2013 10:35:11 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 50993 seconds with 840 seconds of active time. This session ended with a crash. Error: (03/09/2013 02:25:25 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 47 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/05/2013 10:23:48 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 37439 seconds with 900 seconds of active time. This session ended with a crash. Error: (01/25/2013 01:37:27 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 542 seconds with 420 seconds of active time. This session ended with a crash. Error: (01/24/2013 00:14:04 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 7459 seconds with 240 seconds of active time. This session ended with a crash. Error: (01/21/2013 09:34:04 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 34139 seconds with 600 seconds of active time. This session ended with a crash. Error: (01/17/2013 11:18:45 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2841 seconds with 360 seconds of active time. This session ended with a crash. Error: (01/10/2013 00:20:29 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 53745 seconds with 480 seconds of active time. This session ended with a crash. Error: (01/09/2013 00:10:54 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 38859 seconds with 300 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 80% Total physical RAM: 1023.42 MB Available physical RAM: 196.43 MB Total Pagefile: 2463.79 MB Available Pagefile: 1695.78 MB Total Virtual: 2047.88 MB Available Virtual: 1950.57 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.33 GB) (Free:22.81 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 75 GB) (Disk ID: 4F6DE2FA) Partition 1: (Active) - (Size=74 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=204 MB) - (Type=88) ==================== End Of Log ============================ Das ging wenigstens schnell! ;-) LG Claudia |
30.05.2013, 14:52 | #12 |
/// the machine /// TB-Ausbilder | Habe um meinen PC zu schützen VIELE Schutzprogramme incl. Viren runtergeladen :-( fehlt noch ein log
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.05.2013, 14:55 | #13 |
| Habe um meinen PC zu schützen VIELE Schutzprogramme incl. Viren runtergeladen :-( Ähem, du wolltest 2 haben und ich habe 2 geschickt. Was genau meinst du denn mit "(#-Symbol im Eingabefenster der Webseite anklicken)"? Welches logfile fehlt denn? LG, Claudia |
30.05.2013, 14:58 | #14 |
/// the machine /// TB-Ausbilder | Habe um meinen PC zu schützen VIELE Schutzprogramme incl. Viren runtergeladen :-( wenn du unten in der Antwortbox # drückst kommen Code-Boxen, dazwischen das Logfile stecken. Du hast Additional.txt gepostet, FRST.txt fehlt noch.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.05.2013, 15:00 | #15 |
| Habe um meinen PC zu schützen VIELE Schutzprogramme incl. Viren runtergeladen :-( Aaaaaah, jetzt seh ichs. Sorry, ich bin ein Mädchen... ;-) Okay, dann hier jetzt nochmal das fehlende Log: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-05-2013 Ran by clk (administrator) on 30-05-2013 15:48:19 Running from C:\Dokumente und Einstellungen\clk\Desktop Microsoft Windows XP Service Pack 3 (X86) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avguard.exe (TOSHIBA CORPORATION) C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe () C:\Programme\Gemeinsame Dateien\DeviceHelper\DeviceManager.exe ( ) C:\WINDOWS\system32\lxeecoms.exe (Microsoft Corporation) C:\Programme\Microsoft LifeCam\MSCamS32.exe (Nero AG) C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (pdfforge GbR) C:\Programme\PDF Architect\HelperService.exe (Prolific Technology Inc.) C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe (Skype Technologies S.A.) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Microsoft Corporation) C:\WINDOWS\System32\snmp.exe (Analog Devices, Inc.) C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (TOSHIBA Corp.) C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe () C:\Programme\Verbindungsassistent\wtgservice.exe (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Synaptics, Inc.) C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) C:\Programme\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA) C:\Programme\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA) C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA Corporation) C:\Programme\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation) C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (Microsoft Corporation) C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Macrovision Corporation) C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe () C:\Programme\Lexmark Pro700 Series\lxeemon.exe () C:\Programme\Lexmark Pro700 Series\ezprint.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Haufe-Lexware GmbH & Co. KG) C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Samsung Electronics Co., Ltd.) C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Microsoft Corporation) C:\Programme\Microsoft IntelliPoint\ipoint.exe (TOSHIBA) C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe (Samsung) C:\Programme\Samsung\Kies\Kies.exe (Samsung Electronics) C:\Programme\Samsung\Kies\KiesAirMessage.exe (Microsoft Corporation) C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Google Inc.) C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Dokumente und Einstellungen\clk\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Farbar) C:\Dokumente und Einstellungen\clk\Desktop\FRST.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe [98394 2004-10-15] (Synaptics, Inc.) HKLM\...\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe [688218 2004-10-15] (Synaptics, Inc.) HKLM\...\Run: [THotkey] C:\Programme\Toshiba\Toshiba Applet\thotkey.exe [356352 2005-07-06] (TOSHIBA) HKLM\...\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe [1077327 2004-11-17] (TOSHIBA) HKLM\...\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe [73728 2005-04-05] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe [118784 2005-05-13] (TOSHIBA Corporation) HKLM\...\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup [249856 2005-08-11] (Macrovision Corporation) HKLM\...\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start [81920 2005-08-11] (Macrovision Corporation) HKLM\...\Run: [lxeemon.exe] "C:\Programme\Lexmark Pro700 Series\lxeemon.exe" [770728 2010-01-18] () HKLM\...\Run: [EzPrint] "C:\Programme\Lexmark Pro700 Series\ezprint.exe" [139944 2010-01-18] () HKLM\...\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-09] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG) HKLM\...\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKLM\...\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe [309688 2012-11-12] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [IntelliPoint] "c:\Programme\Microsoft IntelliPoint\ipoint.exe" [1821576 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM\...\Winlogon: [System] Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.) HKCU\...\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2005-04-12] (TOSHIBA) HKCU\...\Run: [KiesPreload] C:\Programme\Samsung\Kies\Kies.exe /preload [968120 2012-11-12] (Samsung) HKCU\...\Run: [KiesAirMessage] C:\Programme\Samsung\Kies\KiesAirMessage.exe -startup [577536 2012-11-01] (Samsung Electronics) SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== ProxyServer: http=127.0.0.1:8080;https=127.0.0.1:8080 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com SearchScopes: HKCU - {E649DC79-BD07-46CD-85E1-6D561DA45348} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de BHO: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Lyrics Fan - {A8720491-9558-4C0D-9E35-30EED15DFB2B} - C:\Programme\LyricsFan\lrcfan.dll (FAN Software) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File Toolbar: HKLM - &TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH) Toolbar: HKLM - Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU -No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File Toolbar: HKCU -No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKCU -Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab PDF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab PDF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL (Skype Technologies) ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll [146432] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG) R2 CFSvcs; C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-18] (TOSHIBA CORPORATION) R2 DeviceManager; C:\Programme\Gemeinsame Dateien\DeviceHelper\DeviceManager.exe [40960 2009-05-25] () S3 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [136120 2011-05-10] (Google) S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) S2 lxeeCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeeserv.exe [98984 2010-01-07] (Lexmark International, Inc.) R2 lxee_device; C:\WINDOWS\system32\lxeecoms.exe [598696 2010-01-07] ( ) S3 Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation) R2 MSCamSvc; C:\Programme\Microsoft LifeCam\MSCamS32.exe [139120 2009-07-24] (Microsoft Corporation) R2 Nero BackItUp Scheduler 4.0; C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe [935208 2008-08-29] (Nero AG) R2 NwSapAgent; C:\Windows\System32\ipxsap.dll [66560 2004-08-04] (Microsoft Corporation) S3 odserv; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation) S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation) R2 PDF Architect Helper Service; C:\Programme\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR) S2 PDF Architect Service; C:\Programme\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR) R2 PLFlash DeviceIoControl Service; C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe [81920 2008-08-29] (Prolific Technology Inc.) R2 Skype C2C Service; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.) S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [160944 2012-07-13] (Skype Technologies) R2 SoundMAX Agent Service (default); C:\Programme\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.) R2 TAPPSRV; C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe [34816 2005-07-05] (TOSHIBA Corp.) S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation) R2 WTGService; C:\Programme\Verbindungsassistent\wtgservice.exe [308688 2010-01-15] () S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x] S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x] ==================== Drivers (Whitelisted) ==================== R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [1130496 2005-04-15] (ATI Technologies Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-04-25] (Avira GmbH) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-04-27] (Avira GmbH) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2012-04-16] (Avira GmbH) S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation) S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R2 Netdevio; C:\Windows\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.) S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.) R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation) R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation) R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation) S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [103552 2009-05-25] (TCT International Mobile Ltd) S3 S6U12Scanner; C:\Windows\System32\drivers\usbscan.sys [15104 2008-04-13] (Microsoft Corporation) S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH) R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] () S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) S3 TTHID; C:\Windows\System32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [23104 2009-11-04] (DTV-DVB) R3 TVALD; C:\Windows\System32\DRIVERS\NBSMI.sys [4864 2005-03-02] (Toshiba Corporation) R3 Tvs; C:\Windows\System32\DRIVERS\Tvs.sys [29056 2005-05-10] (TOSHIBA Corporation) S3 UDXTTM6010; C:\Windows\System32\DRIVERS\UDXTTM6010.sys [763584 2009-11-04] () R3 w29n51; C:\Windows\System32\DRIVERS\w29n51.sys [3222784 2004-10-29] (Intel® Corporation) S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) R3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [230400 2005-03-31] (Marvell) S4 Abiosdsk; No ImagePath S4 abp480n5; No ImagePath S4 adpu160m; No ImagePath S4 Aha154x; No ImagePath S4 aic78u2; No ImagePath S4 aic78xx; No ImagePath S4 AliIde; No ImagePath S4 amsint; No ImagePath S4 asc; No ImagePath S4 asc3350p; No ImagePath S4 asc3550; No ImagePath S4 Atdisk; No ImagePath S3 catchme; \??\C:\DOKUME~1\clk\LOKALE~1\Temp\catchme.sys [x] S4 cd20xrnt; No ImagePath S1 Changer; No ImagePath S4 CmdIde; No ImagePath S4 Cpqarray; No ImagePath U4 dac2w2k; No ImagePath S4 dac960nt; No ImagePath S4 dpti2o; No ImagePath S4 hpn; No ImagePath S1 i2omgmt; No ImagePath S4 i2omp; No ImagePath S4 ini910u; No ImagePath S1 lbrtfdc; No ImagePath S4 mraid35x; No ImagePath S1 PCIDump; No ImagePath S3 PDCOMP; No ImagePath S3 PDFRAME; No ImagePath S3 PDRELI; No ImagePath S3 PDRFRAME; No ImagePath S4 perc2; No ImagePath S4 perc2hib; No ImagePath S4 ql1080; No ImagePath S4 Ql10wnt; No ImagePath S4 ql12160; No ImagePath S4 ql1240; No ImagePath S4 ql1280; No ImagePath S4 Simbad; No ImagePath S4 Sparrow; No ImagePath S4 symc810; No ImagePath S4 symc8xx; No ImagePath S4 sym_hi; No ImagePath S4 sym_u3; No ImagePath U3 TlntSvr; S4 TosIde; No ImagePath S4 ultra; No ImagePath S4 ViaIde; No ImagePath S3 WDICA; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-30 15:47 - 2013-05-30 15:47 - 00000000 ___DC C:\FRST 2013-05-30 01:12 - 2013-05-30 01:12 - 00000000 ___DC C:\JRT 2013-05-30 01:12 - 2013-05-30 01:12 - 00000000 ____D C:\Windows\ERUNT 2013-05-30 00:49 - 2013-05-30 00:49 - 00001290 ___AC C:\AdwCleaner[S4].txt 2013-05-30 00:21 - 2013-05-30 00:21 - 00001764 ___AC C:\AdwCleaner[S3].txt 2013-05-30 00:04 - 2013-05-30 00:04 - 00017445 ___AC C:\ComboFix.txt 2013-05-29 23:41 - 2013-05-29 23:41 - 00000000 RASHDC C:\cmdcons 2013-05-29 23:41 - 2010-01-14 19:14 - 00000211 ___AC C:\Boot.bak 2013-05-29 23:41 - 2004-08-03 23:00 - 00262448 RASHC C:\cmldr 2013-05-29 23:37 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe 2013-05-29 23:37 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe 2013-05-29 23:37 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-05-29 23:37 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-05-29 23:37 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-05-29 23:37 - 2000-08-31 02:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe 2013-05-29 23:37 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe 2013-05-29 23:37 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe 2013-05-29 23:37 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe 2013-05-29 23:36 - 2013-05-30 00:04 - 00000000 ___DC C:\Qoobox 2013-05-29 23:34 - 2013-05-30 00:01 - 00000000 ____D C:\Windows\erdnt 2013-05-29 14:50 - 2013-05-29 14:50 - 00106496 ____A C:\Windows\Minidump\Mini052913-01.dmp 2013-05-29 00:17 - 2013-05-29 00:19 - 00013045 ___AC C:\AdwCleaner[S2].txt 2013-05-28 10:06 - 2013-05-28 10:07 - 00002884 ___AC C:\AdwCleaner[S1].txt 2013-05-26 20:24 - 2013-05-26 20:24 - 00000681 ____A C:\Windows\KB893803v2.log 2013-05-24 12:58 - 2013-05-24 13:58 - 00000470 ____A C:\Windows\nsw.log 2013-05-24 01:02 - 2013-05-30 14:23 - 00000350 ____A C:\Windows\Tasks\Lyrics Fan Update.job 2013-05-16 21:23 - 2013-05-27 01:23 - 00026139 ____A C:\Windows\KB2829530-IE8.log 2013-05-16 21:06 - 2013-05-27 01:23 - 00020448 ____A C:\Windows\KB2847204-IE8.log 2013-05-16 21:04 - 2013-05-16 21:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$ 2013-05-16 21:02 - 2013-05-16 21:04 - 00006526 ____A C:\Windows\KB2820197.log 2013-05-16 20:51 - 2013-05-16 20:51 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$ 2013-05-15 20:12 - 2013-05-16 20:51 - 00009772 ____A C:\Windows\KB2829361.log 2013-05-13 23:10 - 2013-05-22 13:02 - 00000000 ____D C:\Windows\Lhsp 2013-05-13 23:09 - 2013-05-13 23:10 - 00000000 ____D C:\Windows\speech ==================== One Month Modified Files and Folders ======== 2013-05-30 15:47 - 2013-05-30 15:47 - 00000000 ___DC C:\FRST 2013-05-30 15:32 - 2005-08-17 14:43 - 01055833 ____A C:\Windows\WindowsUpdate.log 2013-05-30 15:29 - 2005-08-17 14:51 - 00000000 ____D C:\Windows\Microsoft.NET 2013-05-30 15:23 - 2005-08-17 15:37 - 01239268 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-30 15:09 - 2013-02-05 22:32 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-30 14:51 - 2011-09-07 13:03 - 00001202 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2044978897-1172690549-42215457-1007UA.job 2013-05-30 14:23 - 2013-05-24 01:02 - 00000350 ____A C:\Windows\Tasks\Lyrics Fan Update.job 2013-05-30 14:20 - 2005-08-17 15:39 - 00000159 ____A C:\Windows\wiadebug.log 2013-05-30 14:20 - 2005-08-17 15:39 - 00000050 ____A C:\Windows\wiaservc.log 2013-05-30 14:18 - 2005-08-17 14:47 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-30 01:50 - 2005-08-17 14:47 - 00032548 ____A C:\Windows\SchedLgU.Txt 2013-05-30 01:12 - 2013-05-30 01:12 - 00000000 ___DC C:\JRT 2013-05-30 01:12 - 2013-05-30 01:12 - 00000000 ____D C:\Windows\ERUNT 2013-05-30 00:49 - 2013-05-30 00:49 - 00001290 ___AC C:\AdwCleaner[S4].txt 2013-05-30 00:21 - 2013-05-30 00:21 - 00001764 ___AC C:\AdwCleaner[S3].txt 2013-05-30 00:04 - 2013-05-30 00:04 - 00017445 ___AC C:\ComboFix.txt 2013-05-30 00:04 - 2013-05-29 23:36 - 00000000 ___DC C:\Qoobox 2013-05-30 00:01 - 2013-05-29 23:34 - 00000000 ____D C:\Windows\erdnt 2013-05-29 23:59 - 2005-08-17 14:30 - 00000227 ___AC C:\Windows\system.ini 2013-05-29 23:41 - 2013-05-29 23:41 - 00000000 RASHDC C:\cmdcons 2013-05-29 23:41 - 2005-08-17 14:30 - 00000327 _RASH C:\boot.ini 2013-05-29 15:22 - 2013-02-25 17:56 - 00447373 ____A C:\Windows\setupapi.log 2013-05-29 14:50 - 2013-05-29 14:50 - 00106496 ____A C:\Windows\Minidump\Mini052913-01.dmp 2013-05-29 14:50 - 2010-01-17 21:44 - 00000000 ____D C:\Windows\Minidump 2013-05-29 09:51 - 2011-09-07 13:03 - 00001150 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2044978897-1172690549-42215457-1007Core.job 2013-05-29 00:24 - 2005-08-17 15:37 - 00000000 ____D C:\Programme 2013-05-29 00:19 - 2013-05-29 00:17 - 00013045 ___AC C:\AdwCleaner[S2].txt 2013-05-28 10:07 - 2013-05-28 10:06 - 00002884 ___AC C:\AdwCleaner[S1].txt 2013-05-28 09:31 - 2010-01-14 18:52 - 00065536 ____A C:\Windows\System32\config\ODiag.evt 2013-05-28 02:00 - 2012-12-15 00:51 - 00000342 ____A C:\Windows\Tasks\AdobeAAMUpdater-1.0-CK-clk.job 2013-05-27 01:23 - 2013-05-16 21:23 - 00026139 ____A C:\Windows\KB2829530-IE8.log 2013-05-27 01:23 - 2013-05-16 21:06 - 00020448 ____A C:\Windows\KB2847204-IE8.log 2013-05-26 20:24 - 2013-05-26 20:24 - 00000681 ____A C:\Windows\KB893803v2.log 2013-05-24 14:12 - 2005-08-18 06:30 - 00000000 ____D C:\Windows\System32\ReinstallBackups 2013-05-24 13:58 - 2013-05-24 12:58 - 00000470 ____A C:\Windows\nsw.log 2013-05-24 12:55 - 2005-08-17 16:31 - 00000000 ____D C:\Windows\System32\ias 2013-05-22 13:02 - 2013-05-13 23:10 - 00000000 ____D C:\Windows\Lhsp 2013-05-20 20:45 - 2005-08-17 14:30 - 00001158 ____A C:\Windows\System32\wpa.dbl 2013-05-16 23:19 - 2005-08-17 15:36 - 03622528 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-16 21:24 - 2013-03-14 00:17 - 00008344 ____A C:\Windows\updspapi.log 2013-05-16 21:24 - 2013-03-09 17:40 - 00080374 ____A C:\Windows\FaxSetup.log 2013-05-16 21:24 - 2013-03-09 17:40 - 00038428 ____A C:\Windows\ocgen.log 2013-05-16 21:24 - 2013-03-09 17:40 - 00030667 ____A C:\Windows\tsoc.log 2013-05-16 21:24 - 2013-03-09 17:40 - 00026579 ____A C:\Windows\comsetup.log 2013-05-16 21:24 - 2013-03-09 17:40 - 00016121 ____A C:\Windows\ntdtcsetup.log 2013-05-16 21:24 - 2013-03-09 17:40 - 00012735 ____A C:\Windows\iis6.log 2013-05-16 21:24 - 2013-03-09 17:40 - 00004446 ____A C:\Windows\ocmsn.log 2013-05-16 21:24 - 2013-03-09 17:40 - 00003939 ____A C:\Windows\msgsocm.log 2013-05-16 21:24 - 2013-03-09 17:40 - 00001374 ____A C:\Windows\imsins.log 2013-05-16 21:24 - 2010-01-14 23:24 - 00000000 ____D C:\Windows\ie8updates 2013-05-16 21:06 - 2013-03-09 17:40 - 00001374 ____A C:\Windows\imsins.BAK 2013-05-16 21:04 - 2013-05-16 21:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$ 2013-05-16 21:04 - 2013-05-16 21:02 - 00006526 ____A C:\Windows\KB2820197.log 2013-05-16 21:02 - 2005-08-17 14:53 - 00000000 ___HD C:\Windows\$hf_mig$ 2013-05-16 20:51 - 2013-05-16 20:51 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$ 2013-05-16 20:51 - 2013-05-15 20:12 - 00009772 ____A C:\Windows\KB2829361.log 2013-05-16 20:51 - 2010-01-14 22:45 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-15 21:11 - 2013-02-05 22:32 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-05-15 21:11 - 2013-02-05 22:32 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-05-15 09:21 - 2013-04-14 21:51 - 00072968 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT 2013-05-13 23:10 - 2013-05-13 23:09 - 00000000 ____D C:\Windows\speech 2013-05-07 06:27 - 2009-10-29 07:44 - 06015488 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll 2013-05-07 06:27 - 2005-08-17 14:30 - 06015488 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2005-08-17 14:29] - [2008-04-14 04:22] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e C:\Windows\System32\winlogon.exe [2005-08-17 14:30] - [2008-04-14 04:23] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a C:\Windows\System32\svchost.exe [2005-08-17 14:30] - [2008-04-14 04:23] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366 C:\Windows\System32\services.exe [2005-08-17 14:30] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc C:\Windows\System32\User32.dll [2005-08-17 14:30] - [2008-04-14 04:22] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd C:\Windows\System32\userinit.exe [2005-08-17 14:30] - [2008-04-14 04:23] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106 C:\Windows\System32\Drivers\volsnap.sys [2005-08-17 14:30] - [2008-04-14 03:52] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d ==================== End Of Log ============================ LG Claudia |
Themen zu Habe um meinen PC zu schützen VIELE Schutzprogramme incl. Viren runtergeladen :-( |
adobe reader xi, advanced system protector, alcatel, antivir, avira, bho, bildschirm, checkliste, continue, converter, desktop, dringend, error, excel, feedback, filescout.exe, firefox, flash player, home, homepage, install.exe, kaspersky, launch, logfile, msiexec.exe, msiinstaller, plug-in, problem, registry cleaner, rundll, scan, security, sehr langsam, seriennummer, software, suchmaschine, system, trojaner, viren, windows internet, wsearch |