| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mozilla öffnet ständig selbst neue Seiten, seit paar Tagen >> PC langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.06.2013, 12:21
| #1 |
 |  Mozilla öffnet ständig selbst neue Seiten, seit paar Tagen >> PC langsam Hallo freue mich, dieses Forum gefunden zu haben und hoffe, dass mir jemand helfen kann (bin blonde Frau  Seit ein paar Tagen öffnet Mozilla selbstständig neue Seiten (Frauen bekommen oder so..), der PC hängt und ist langsam. Ich glaube, dass es ein Trojaner ist  Virusprogramm: Microsoft Essential Security >> hat nichts erkannt Malwarebytes: kostenlose version schon einmal genutzt und deshalb nicht mehr möglich (0 Tage Probezeit, dieser hat 3 infizierte Datein gefunden. Betriebssystem: Windows EX Home Edtion ich sage jetzt schon mal danke und hoffe, dass einer von euch mit PC Niete helfen kann. LG |
|
12.06.2013, 12:33
| #2 |
| /// Malware-holic   |  Mozilla öffnet ständig selbst neue Seiten, seit paar Tagen >> PC langsam hi,
__________________http://www.trojaner-board.de/125889-...en-posten.html malwarebytes logs mit Funden posten bitte. 2. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
12.06.2013, 13:37
| #3 |
| | Mozilla öffnet ständig selbst neue Seiten, seit paar Tagen >> PC langsam wow , danke für die schnelle Antwort und sorry, habe das OTL Programm ewig ned gefunden..
__________________ Extras.Txt - Editor :OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.06.2013 14:30:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Christiane\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 70,48% Memory free
3,60 Gb Paging File | 3,09 Gb Available in Paging File | 85,83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 42,65 Gb Total Space | 18,26 Gb Free Space | 42,82% Space Free | Partition Type: NTFS
Drive D: | 31,87 Gb Total Space | 5,86 Gb Free Space | 18,38% Space Free | Partition Type: NTFS
Computer Name: LAPTOP | User Name: Christiane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-682003330-1767777339-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\File Scout\filescout.exe" /open "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Google\Google Talk\googletalk.exe" = C:\Programme\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Programme\TeamViewer\Version8\TeamViewer.exe" = C:\Programme\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\TV-Browser\tvbrowser.exe" = C:\Programme\TV-Browser\tvbrowser.exe:*:Enabled:TV-Browser -- ()
"C:\Programme\TV-Browser\tvbrowser_noDD.exe" = C:\Programme\TV-Browser\tvbrowser_noDD.exe:*:Enabled:TV-Browser (ohne DirectX) -- ()
"C:\Programme\Java\jre7\bin\java.exe" = C:\Programme\Java\jre7\bin\java.exe:*:Enabled:Java -- (Oracle Corporation)
"C:\Programme\Java\jre7\bin\javaw.exe" = C:\Programme\Java\jre7\bin\javaw.exe:*:Enabled:Java -- (Oracle Corporation)
"C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe" = C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine -- ()
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2A231800-A7CF-4223-B8A3-1FD9057BAE96}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37569A10-CB38-4615-8B32-0BF9FF5D887D}_is1" = concept/design Video Jukebox
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{539A0EAA-E1BB-4163-9C1E-6C8BF4A17FA2}" = Microsoft SQL Server 2008 Native Client
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0FE0292-D3BE-3447-80F2-72E032A54875}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{BA8B8ADA-084F-4F79-A0CA-6E58A0808794}" = FlashPlayer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C83CD843-260E-3BD0-86BC-4E613BFDDE0A}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E21D6DB6-6DAB-3A63-8C09-CB6606D7403B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}" = VAFPlayer
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Canon MP495 series Benutzerregistrierung" = Canon MP495 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045&SUBSYS_15091E40" = Soft Data Fax Modem with SmartCP
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Keyboard Express 3" = Keyboard Express 3
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Notepad++" = Notepad++
"TeamViewer 8" = TeamViewer 8
"tvbrowser" = TV-Browser 3.0.2
"ULTIMATER" = Microsoft Office Ultimate 2007
"Unlocker" = Unlocker 1.9.1
"Update Engine" = Sony Ericsson Update Engine
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.05.2013 03:15:37 | Computer Name = LAPTOP | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
Error - 23.05.2013 07:01:59 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Skype.exe, Version 6.3.0.107, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 02.06.2013 19:27:56 | Computer Name = LAPTOP | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 02.06.2013 19:27:57 | Computer Name = LAPTOP | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 03.06.2013 08:53:38 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung RegMech.exe, Version 11.1.0.214, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 05.06.2013 13:21:52 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung RegMech.exe, Version 11.1.0.222, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 07.06.2013 16:27:52 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Skype.exe, Version 6.3.0.107, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 09.06.2013 12:35:13 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung RegMech.exe, Version 11.1.0.222, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ OSession Events ]
Error - 04.06.2012 20:37:40 | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 6009 seconds with 360 seconds of active time. This session ended with a
crash.
[ System Events ]
Error - 10.06.2013 03:45:58 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%53
Error - 10.06.2013 16:35:02 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%53
Error - 11.06.2013 02:54:33 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%53
Error - 12.06.2013 02:32:38 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%53
Error - 12.06.2013 05:27:24 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = Dienst "Hotspot Shield Routing Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 12.06.2013 05:27:27 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = Dienst "Hotspot Shield Monitoring Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 12.06.2013 05:58:54 | Computer Name = LAPTOP | Source = Microsoft Antimalware | ID = 2004
Description = Beim Laden der Signaturen wurde von %%860 ein Fehler festgestellt.
Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Versuchte
Signaturen: %%824 Fehlercode: 0x80070002 Fehlerbeschreibung: Das System kann die
angegebene Datei nicht finden. Signaturversion: 0.0.0.0;0.0.0.0 Modulversion: 0.0.0.0
Error - 12.06.2013 05:59:18 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%53
Error - 12.06.2013 07:03:50 | Computer Name = LAPTOP | Source = Microsoft Antimalware | ID = 2004
Description = Beim Laden der Signaturen wurde von %%860 ein Fehler festgestellt.
Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Versuchte
Signaturen: %%824 Fehlercode: 0x80070002 Fehlerbeschreibung: Das System kann die
angegebene Datei nicht finden. Signaturversion: 0.0.0.0;0.0.0.0 Modulversion: 0.0.0.0
Error - 12.06.2013 07:04:18 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%53
< End of report >
_____________________________________________________________________________ OTL.Txt - Editor :OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.06.2013 14:30:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Christiane\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 70,48% Memory free
3,60 Gb Paging File | 3,09 Gb Available in Paging File | 85,83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 42,65 Gb Total Space | 18,26 Gb Free Space | 42,82% Space Free | Partition Type: NTFS
Drive D: | 31,87 Gb Total Space | 5,86 Gb Free Space | 18,38% Space Free | Partition Type: NTFS
Computer Name: LAPTOP | User Name: Christiane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\Christiane\Eigene Dateien\Downloads\OTL.com (OldTimer Tools)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
========== Services (SafeList) ==========
SRV - (HitmanPro37CrusaderBoot) -- \nas\Updates\HitmanPro35.exe /crusader:boot File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MpKslb0c7b687) -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9335AAAA-85B5-4C34-AA16-DF2CCA9DE6B3}\MpKslb0c7b687.sys (Microsoft Corporation)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (RsFx0105) -- C:\WINDOWS\system32\drivers\RsFx0105.sys (Microsoft Corporation)
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (S3GIGP) -- C:\WINDOWS\system32\drivers\S3gIGPm.sys (S3 Graphics Co., Ltd.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (UIUSys) -- C:\WINDOWS\system32\drivers\UIUSYS.SYS (Conexant Systems, Inc)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682003330-1767777339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-682003330-1767777339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=91b2e479-89ef-4e57-aa4b-434f5d5bf786&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-682003330-1767777339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=91b2e479-89ef-4e57-aa4b-434f5d5bf786&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-682003330-1767777339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=91b2e479-89ef-4e57-aa4b-434f5d5bf786&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-682003330-1767777339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=91b2e479-89ef-4e57-aa4b-434f5d5bf786&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-682003330-1767777339-725345543-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-682003330-1767777339-725345543-1004\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-682003330-1767777339-725345543-1004\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=91b2e479-89ef-4e57-aa4b-434f5d5bf786&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-682003330-1767777339-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: statuswinks%40StatusWinks:1.0.0.5
FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:17.0.0
FF - prefs.js..extensions.enabledAddons: remember-passwords%40stanimir-stamenkov.addons.mozilla.org:1.1
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2012.04.09 01:51:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis@SpeedAnalysis.com: C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com [2013.03.15 20:28:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Mozilla\Extensions\statuswinks@StatusWinks [2013.03.16 23:55:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis@SpeedAnalysis.com: C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com [2013.03.15 20:28:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Mozilla\Extensions\statuswinks@StatusWinks [2013.03.16 23:55:34 | 000,000,000 | ---D | M]
[2013.03.16 23:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Mozilla\Extensions
[2013.03.15 20:28:39 | 000,000,000 | ---D | M] (SpeedAnalysis.com) -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
[2013.03.16 23:55:34 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Mozilla\Extensions\statuswinks@StatusWinks
[2013.05.24 08:45:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Mozilla\Firefox\Profiles\pe343bpa.default\extensions
[2013.05.21 15:42:34 | 000,015,177 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Mozilla\Firefox\Profiles\pe343bpa.default\extensions\remember-passwords@stanimir-stamenkov.addons.mozilla.org.xpi
[2013.05.21 03:30:52 | 000,030,502 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Mozilla\Firefox\Profiles\pe343bpa.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2013.05.21 02:47:53 | 000,870,680 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Mozilla\Firefox\Profiles\pe343bpa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.24 08:45:26 | 000,269,448 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Mozilla\Firefox\Profiles\pe343bpa.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.06.12 13:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.05.20 19:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\11\extensions
[2013.05.21 03:30:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.21 03:30:47 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.05.20 19:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated(2)\browser(2)\extensions(2)
[2013.05.20 18:39:09 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\updated(2)\browser(2)\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
========== Chrome ==========
CHR - default_search_provider: Delta Search (Enabled)
CHR - default_search_provider: search_url = hxxp://www.delta-search.com/?q={searchTerms}&affID=119649&tt=130313_80nocr&babsrc=SP_ss&mntrId=B49C00C0A8E02A2A
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.delta-search.com/?affID=119649&tt=130313_80nocr&babsrc=HP_ss&mntrId=B49C00C0A8E02A2A
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: SpeedAnalysis.com = C:\Dokumente und Einstellungen\Christiane\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon\1.0.0.1\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Christiane\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Smiley Bar for Facebook = C:\Dokumente und Einstellungen\Christiane\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih\1.0.0.5\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Christiane\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Watch for Browser Events) - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - C:\Programme\Keyboard Express 3\kie.dll (Insight Software Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\S-1-5-21-682003330-1767777339-725345543-1004\..\Toolbar\ShellBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-682003330-1767777339-725345543-1004\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-682003330-1767777339-725345543-1004..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-682003330-1767777339-725345543-1004..\Run: [Skype] C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-1767777339-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347626029890 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B253A9E9-CA1A-454A-AF9D-6032A707B0F0}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.03.28 16:16:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{145597a7-c466-11e1-a520-00140b301d17}\Shell - "" = AutoRun
O33 - MountPoints2\{145597a7-c466-11e1-a520-00140b301d17}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{145597a7-c466-11e1-a520-00140b301d17}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{24e28a01-93ba-11e2-a6ae-00140b301d17}\Shell - "" = AutoRun
O33 - MountPoints2\{24e28a01-93ba-11e2-a6ae-00140b301d17}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{24e28a01-93ba-11e2-a6ae-00140b301d17}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{e2abf893-cf5c-11e1-a536-00140b301d17}\Shell - "" = AutoRun
O33 - MountPoints2\{e2abf893-cf5c-11e1-a536-00140b301d17}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2abf893-cf5c-11e1-a536-00140b301d17}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.06.12 13:01:38 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Christiane\Recent
[2013.06.12 13:01:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Panda Security
[2013.06.12 12:57:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
[2013.06.12 11:37:13 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security
[2013.06.12 11:15:37 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Christiane\Desktop\mbam-setup-1-75-0-1300.exe
[2013.06.03 01:30:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2013.05.20 19:10:50 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2013.05.20 19:10:11 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service
[2013.05.20 18:40:56 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox(2).bak
[2013.05.13 22:17:02 | 000,000,000 | ---D | C] -- C:\Programme\Zylom Games
[2013.05.13 22:17:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2004.06.17 16:27:36 | 000,086,016 | ---- | C] (RichiStudios) -- C:\Programme\ServiceSetup.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.06.12 14:09:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.06.12 13:58:13 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.12 13:58:10 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.12 13:18:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.06.12 13:03:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.06.12 11:37:33 | 000,000,907 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Panda Cloud Cleaner.lnk
[2013.06.12 11:16:08 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Christiane\Desktop\mbam-setup-1-75-0-1300.exe
[2013.06.09 22:31:29 | 000,002,545 | ---- | M] () -- C:\Dokumente und Einstellungen\Christiane\Desktop\Microsoft Office PowerPoint 2007.lnk
[2013.06.09 19:50:40 | 000,002,505 | ---- | M] () -- C:\Dokumente und Einstellungen\Christiane\Desktop\Microsoft Office Excel 2007.lnk
[2013.06.07 09:51:21 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2013.06.03 01:12:03 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.06.03 01:12:02 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.05.27 14:19:58 | 000,124,227 | ---- | M] () -- C:\Dokumente und Einstellungen\Christiane\Desktop\Wurlitzer OMT Singles4.jpg
[2013.05.23 17:03:53 | 000,141,464 | ---- | M] () -- C:\Dokumente und Einstellungen\Christiane\Desktop\bookmarks-2013-05-23_Lesezichen Mozilla
[2013.05.16 09:13:20 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.05.16 03:27:48 | 000,586,710 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.05.16 03:27:48 | 000,562,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.05.16 03:27:48 | 000,127,512 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.05.16 03:27:48 | 000,110,426 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.06.12 11:37:33 | 000,000,907 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Panda Cloud Cleaner.lnk
[2013.05.27 14:19:55 | 000,124,227 | ---- | C] () -- C:\Dokumente und Einstellungen\Christiane\Desktop\Wurlitzer OMT Singles4.jpg
[2013.05.23 17:03:53 | 000,141,464 | ---- | C] () -- C:\Dokumente und Einstellungen\Christiane\Desktop\bookmarks-2013-05-23_Lesezichen Mozilla
[2013.03.18 22:29:13 | 000,002,510 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2013.02.07 19:44:04 | 000,000,036 | ---- | C] () -- C:\WINDOWS\avgui.INI
[2013.01.23 01:43:35 | 000,159,720 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.11.16 14:44:04 | 000,000,234 | ---- | C] () -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Alltag16.ini
[2012.10.16 09:14:03 | 000,056,004 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012.05.06 10:55:14 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\advd.dll
[2012.05.06 10:55:14 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll
[2012.05.06 10:55:12 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2012.03.30 11:05:05 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2012.03.30 08:07:23 | 000,000,196 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2012.03.28 22:16:49 | 000,211,439 | ---- | C] () -- C:\Dokumente und Einstellungen\Christiane\Lokale Einstellungen\Anwendungsdaten\census.cache
[2012.03.28 22:10:53 | 000,158,515 | ---- | C] () -- C:\Dokumente und Einstellungen\Christiane\Lokale Einstellungen\Anwendungsdaten\ars.cache
[2012.03.28 21:57:12 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\Christiane\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2012.03.28 21:24:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.03.28 16:58:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.03.28 16:56:56 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.28 16:18:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.03.28 16:13:46 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.03.28 09:42:03 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Christiane\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2012.03.28 09:02:56 | 000,006,656 | ---- | C] () -- C:\Dokumente und Einstellungen\Christiane\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.28 08:51:57 | 002,706,432 | R--- | C] () -- C:\WINDOWS\System32\s3gcil_inv.dll
[2004.06.17 16:26:52 | 000,000,511 | ---- | C] () -- C:\Programme\ServiceSetup.dat
========== ZeroAccess Check ==========
[2012.04.07 16:02:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.01.07 18:20:26 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.03.15 23:29:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\APN
[2012.03.28 20:49:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
[2013.01.12 12:12:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG
[2013.04.22 21:37:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
[2012.04.05 13:01:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2012.04.05 13:20:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonEPP
[2012.04.05 13:52:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJ
[2012.05.28 21:29:05 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEGV
[2012.04.06 09:20:17 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEPPEX
[2012.04.05 13:20:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEPPEX2
[2012.04.05 13:13:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJMSetup
[2012.04.05 13:20:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJMyPrinter
[2013.06.11 15:58:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM
[2012.04.05 13:51:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan
[2012.04.05 13:21:02 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJSolutionMenuEX
[2012.04.05 13:05:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJWSpt
[2012.04.27 01:13:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2013.02.20 19:34:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2013.03.15 23:34:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Disk Cleaner
[2013.04.11 17:32:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro
[2012.09.28 15:15:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Insight Software
[2012.09.27 20:18:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Insight Software Solutions
[2013.03.15 23:43:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Optimizer Pro
[2012.07.02 22:18:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2013.03.16 00:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
[2013.06.09 18:35:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012.09.14 14:42:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VS
[2013.05.13 22:17:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2012.11.03 13:25:28 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.11.03 13:24:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.12 12:10:12 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013.01.12 12:11:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\AVG
[2012.04.05 13:51:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Canon
[2012.04.05 13:13:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Canon Easy-WebPrint EX
[2012.06.08 20:03:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\concept design
[2012.03.28 09:26:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\DRPSu
[2013.02.19 15:06:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\FantasyHelper
[2012.09.16 19:19:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\FarmHelper
[2013.03.15 20:28:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\File Scout
[2013.01.30 19:19:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\FunnyGames
[2012.04.27 19:36:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\HTML Executable
[2012.10.10 17:34:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Notepad++
[2012.09.03 09:32:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\OpenCandy
[2013.03.06 20:58:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Optimizer Pro
[2012.07.15 16:36:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Oracle
[2013.03.16 23:57:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\PerformerSoft
[2013.04.19 19:40:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\player
[2012.07.16 18:09:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Sony
[2013.03.16 23:54:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\SpeedanAlysis
[2013.03.16 23:55:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\StatusWinks
[2013.03.18 22:30:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Systweak
[2012.12.20 14:16:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\TeamViewer
[2012.04.05 18:30:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\ts3overlay
[2012.11.01 17:27:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\TuneUp Software
[2013.05.15 20:04:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christiane\Anwendungsdaten\TV-Browser
[2012.10.13 09:23:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\TuneUp Software
[2013.01.12 12:13:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\AVG
[2012.03.28 09:26:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
[2013.01.15 16:32:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\AVG
[2012.11.04 19:34:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\TuneUp Software
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 144 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:373E1720
@Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1
< End of report >
geöffnete Seite: als ich diesen Beitrag jetzt schrieb, hat sich wieder diese komische Seite von Mozilla geöffnet: "Jetzt Frauen zum Abschleppen finden - Mozilla Firefox" (hxxp://2b58182ca41330ea1a9a-7fbfe669cd0755ad6937729bcfb1f7fe.r62.cf2.rackcdn.com/page1_de_fixed3.html?subid=0018332033568695287) |
|
12.06.2013, 14:02
| #4 |
| /// Malware-holic | Mozilla öffnet ständig selbst neue Seiten, seit paar Tagen >> PC langsam hi die Malwarebytes logs mit Funden fehlen.b
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2013, 14:25
| #5 | |
| | Mozilla öffnet ständig selbst neue Seiten, seit paar Tagen >> PC langsamZitat:
sagte: Testversion abgelaufen (hat aber 3 infizierte Datein gefunden), dann hat alles gehakt und ich habe mit Taskmanager, das Programm Malwarebytes beendet und den cc-cleaner laufen lassen |
|
12.06.2013, 14:30
| #6 |
| /// Malware-holic | Mozilla öffnet ständig selbst neue Seiten, seit paar Tagen >> PC langsam ok. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Mozilla öffnet ständig selbst neue Seiten, seit paar Tagen >> PC langsam |
|
12.06.2013, 14:57
| #7 |
| | Mozilla öffnet ständig selbst neue Seiten, seit paar Tagen >> PC langsam 17:24:16.0031 2672 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 17:24:16.0328 2672 ============================================================ 17:24:16.0328 2672 Current date / time: 2013/04/11 17:24:16.0328 17:24:16.0328 2672 SystemInfo: 17:24:16.0328 2672 17:24:16.0328 2672 OS Version: 5.1.2600 ServicePack: 3.0 17:24:16.0328 2672 Product type: Workstation 17:24:16.0328 2672 ComputerName: LAPTOP 17:24:16.0328 2672 UserName: Christiane 17:24:16.0328 2672 Windows directory: C:\WINDOWS 17:24:16.0328 2672 System windows directory: C:\WINDOWS 17:24:16.0328 2672 Processor architecture: Intel x86 17:24:16.0328 2672 Number of processors: 1 17:24:16.0328 2672 Page size: 0x1000 17:24:16.0328 2672 Boot type: Normal boot 17:24:16.0328 2672 ============================================================ 17:24:18.0125 2672 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 17:24:18.0140 2672 ============================================================ 17:24:18.0140 2672 \Device\Harddisk0\DR0: 17:24:18.0140 2672 MBR partitions: 17:24:18.0140 2672 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x554A6C0 17:24:18.0156 2672 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x554E5FC, BlocksNum 0x3FBFEC5 17:24:18.0156 2672 ============================================================ 17:24:18.0187 2672 C: <-> \Device\Harddisk0\DR0\Partition1 17:24:18.0234 2672 D: <-> \Device\Harddisk0\DR0\Partition2 17:24:18.0234 2672 ============================================================ 17:24:18.0234 2672 Initialize success 17:24:18.0234 2672 ============================================================ 17:24:20.0953 2940 ============================================================ 17:24:20.0953 2940 Scan started 17:24:20.0953 2940 Mode: Manual; 17:24:20.0953 2940 ============================================================ 17:24:22.0828 2940 ================ Scan system memory ======================== 17:24:22.0828 2940 System memory - ok 17:24:22.0843 2940 ================ Scan services ============================= 17:24:23.0671 2940 Abiosdsk - ok 17:24:23.0687 2940 abp480n5 - ok 17:24:23.0828 2940 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 17:24:23.0828 2940 ACPI - ok 17:24:23.0953 2940 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 17:24:23.0984 2940 ACPIEC - ok 17:24:24.0093 2940 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 17:24:24.0156 2940 AdobeFlashPlayerUpdateSvc - ok 17:24:24.0187 2940 adpu160m - ok 17:24:24.0312 2940 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 17:24:24.0328 2940 aec - ok 17:24:24.0375 2940 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 17:24:24.0390 2940 AFD - ok 17:24:24.0406 2940 Aha154x - ok 17:24:24.0437 2940 aic78u2 - ok 17:24:24.0468 2940 aic78xx - ok 17:24:24.0531 2940 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll 17:24:24.0531 2940 Alerter - ok 17:24:24.0578 2940 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe 17:24:24.0578 2940 ALG - ok 17:24:24.0609 2940 AliIde - ok 17:24:24.0625 2940 amsint - ok 17:24:24.0656 2940 AppMgmt - ok 17:24:24.0750 2940 [ D07CCC37476034EBF5DE4608A8AF4386 ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys 17:24:24.0812 2940 AR5211 - ok 17:24:24.0843 2940 asc - ok 17:24:24.0875 2940 asc3350p - ok 17:24:24.0890 2940 asc3550 - ok 17:24:25.0078 2940 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 17:24:25.0156 2940 aspnet_state - ok 17:24:25.0234 2940 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 17:24:25.0250 2940 AsyncMac - ok 17:24:25.0296 2940 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 17:24:25.0296 2940 atapi - ok 17:24:25.0328 2940 Atdisk - ok 17:24:25.0390 2940 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 17:24:25.0421 2940 Atmarpc - ok 17:24:25.0484 2940 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 17:24:25.0484 2940 AudioSrv - ok 17:24:25.0578 2940 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 17:24:25.0609 2940 audstub - ok 17:24:25.0687 2940 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 17:24:25.0718 2940 Beep - ok 17:24:25.0796 2940 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll 17:24:25.0906 2940 BITS - ok 17:24:25.0968 2940 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll 17:24:25.0968 2940 Browser - ok 17:24:26.0031 2940 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 17:24:26.0062 2940 cbidf2k - ok 17:24:26.0093 2940 cd20xrnt - ok 17:24:26.0156 2940 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 17:24:26.0187 2940 Cdaudio - ok 17:24:26.0250 2940 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 17:24:26.0265 2940 Cdfs - ok 17:24:26.0328 2940 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 17:24:26.0343 2940 Cdrom - ok 17:24:26.0359 2940 Changer - ok 17:24:26.0468 2940 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe 17:24:26.0500 2940 CiSvc - ok 17:24:26.0546 2940 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 17:24:26.0578 2940 ClipSrv - ok 17:24:26.0750 2940 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:24:26.0812 2940 clr_optimization_v2.0.50727_32 - ok 17:24:26.0906 2940 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:24:27.0125 2940 clr_optimization_v4.0.30319_32 - ok 17:24:27.0156 2940 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 17:24:27.0171 2940 CmBatt - ok 17:24:27.0187 2940 CmdIde - ok 17:24:27.0250 2940 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 17:24:27.0375 2940 Compbatt - ok 17:24:27.0406 2940 COMSysApp - ok 17:24:27.0468 2940 Cpqarray - ok 17:24:27.0625 2940 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 17:24:27.0625 2940 CryptSvc - ok 17:24:27.0687 2940 dac2w2k - ok 17:24:27.0703 2940 dac960nt - ok 17:24:27.0828 2940 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 17:24:27.0968 2940 DcomLaunch - ok 17:24:28.0062 2940 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 17:24:28.0062 2940 Dhcp - ok 17:24:28.0109 2940 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 17:24:28.0125 2940 Disk - ok 17:24:28.0171 2940 dmadmin - ok 17:24:28.0375 2940 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 17:24:28.0765 2940 dmboot - ok 17:24:28.0843 2940 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys 17:24:28.0859 2940 dmio - ok 17:24:28.0937 2940 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 17:24:28.0984 2940 dmload - ok 17:24:29.0062 2940 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll 17:24:29.0078 2940 dmserver - ok 17:24:29.0140 2940 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 17:24:29.0156 2940 DMusic - ok 17:24:29.0203 2940 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 17:24:29.0218 2940 Dnscache - ok 17:24:29.0296 2940 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 17:24:29.0312 2940 Dot3svc - ok 17:24:29.0328 2940 dpti2o - ok 17:24:29.0406 2940 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 17:24:29.0406 2940 drmkaud - ok 17:24:29.0468 2940 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll 17:24:29.0500 2940 EapHost - ok 17:24:29.0546 2940 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll 17:24:29.0562 2940 ERSvc - ok 17:24:29.0625 2940 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe 17:24:29.0625 2940 Eventlog - ok 17:24:29.0750 2940 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll 17:24:29.0765 2940 EventSystem - ok 17:24:29.0828 2940 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 17:24:29.0843 2940 Fastfat - ok 17:24:29.0937 2940 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 17:24:29.0953 2940 FastUserSwitchingCompatibility - ok 17:24:30.0031 2940 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 17:24:30.0046 2940 Fdc - ok 17:24:30.0140 2940 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys 17:24:30.0156 2940 FETNDIS - ok 17:24:30.0218 2940 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 17:24:30.0218 2940 Fips - ok 17:24:30.0265 2940 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 17:24:30.0281 2940 Flpydisk - ok 17:24:30.0359 2940 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 17:24:30.0375 2940 FltMgr - ok 17:24:30.0484 2940 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 17:24:30.0484 2940 FontCache3.0.0.0 - ok 17:24:30.0531 2940 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 17:24:30.0546 2940 Fs_Rec - ok 17:24:30.0578 2940 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 17:24:30.0593 2940 Ftdisk - ok 17:24:30.0656 2940 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 17:24:30.0671 2940 Gpc - ok 17:24:30.0937 2940 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe 17:24:30.0953 2940 gupdate - ok 17:24:31.0031 2940 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe 17:24:31.0031 2940 gupdatem - ok 17:24:31.0156 2940 [ 08F0F83FDB49CDBCACF546971A660524 ] HdAudAddService C:\WINDOWS\system32\drivers\CHDAud.sys 17:24:31.0296 2940 HdAudAddService - ok 17:24:31.0390 2940 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 17:24:31.0390 2940 HDAudBus - ok 17:24:31.0500 2940 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 17:24:31.0500 2940 helpsvc - ok 17:24:31.0562 2940 HidServ - ok 17:24:31.0609 2940 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 17:24:31.0609 2940 HidUsb - ok 17:24:31.0671 2940 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 17:24:31.0671 2940 hkmsvc - ok 17:24:31.0703 2940 hpn - ok 17:24:31.0765 2940 [ D8D9DED6DCC4E3AEE633E6BA462B75C4 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 17:24:31.0781 2940 HSFHWAZL - ok 17:24:31.0843 2940 [ 2DF42CF7300B14B15953218A2B32217C ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 17:24:31.0921 2940 HSF_DPV - ok 17:24:32.0015 2940 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 17:24:32.0015 2940 HTTP - ok 17:24:32.0125 2940 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 17:24:32.0140 2940 HTTPFilter - ok 17:24:32.0156 2940 i2omgmt - ok 17:24:32.0187 2940 i2omp - ok 17:24:32.0250 2940 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 17:24:32.0281 2940 i8042prt - ok 17:24:32.0390 2940 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 17:24:32.0484 2940 idsvc - ok 17:24:32.0578 2940 [ AD5DF6F4FBBC798636EDC66BFEC7D0DE ] IJPLMSVC C:\Programme\Canon\IJPLM\IJPLMSVC.EXE 17:24:32.0578 2940 IJPLMSVC - ok 17:24:33.0250 2940 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 17:24:33.0296 2940 Imapi - ok 17:24:33.0343 2940 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe 17:24:33.0390 2940 ImapiService - ok 17:24:33.0437 2940 ini910u - ok 17:24:33.0531 2940 IntelIde - ok 17:24:33.0609 2940 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 17:24:33.0625 2940 intelppm - ok 17:24:33.0671 2940 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 17:24:33.0687 2940 Ip6Fw - ok 17:24:33.0765 2940 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 17:24:33.0765 2940 IpFilterDriver - ok 17:24:33.0812 2940 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 17:24:33.0843 2940 IpInIp - ok 17:24:33.0953 2940 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 17:24:34.0000 2940 IpNat - ok 17:24:34.0046 2940 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 17:24:34.0125 2940 IPSec - ok 17:24:34.0187 2940 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 17:24:34.0203 2940 IRENUM - ok 17:24:34.0296 2940 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 17:24:34.0359 2940 isapnp - ok 17:24:34.0515 2940 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe 17:24:34.0531 2940 JavaQuickStarterService - ok 17:24:34.0578 2940 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 17:24:34.0625 2940 Kbdclass - ok 17:24:34.0687 2940 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 17:24:34.0687 2940 kmixer - ok 17:24:34.0750 2940 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 17:24:34.0750 2940 KSecDD - ok 17:24:34.0828 2940 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 17:24:34.0828 2940 lanmanserver - ok 17:24:34.0890 2940 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 17:24:34.0906 2940 lanmanworkstation - ok 17:24:34.0937 2940 lbrtfdc - ok 17:24:35.0046 2940 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 17:24:35.0046 2940 LmHosts - ok 17:24:35.0125 2940 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 17:24:35.0156 2940 mdmxsdk - ok 17:24:35.0203 2940 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll 17:24:35.0265 2940 Messenger - ok 17:24:35.0421 2940 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe 17:24:35.0500 2940 Microsoft Office Groove Audit Service - ok 17:24:35.0562 2940 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 17:24:35.0625 2940 mnmdd - ok 17:24:35.0687 2940 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 17:24:35.0750 2940 mnmsrvc - ok 17:24:35.0796 2940 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 17:24:35.0796 2940 Modem - ok 17:24:35.0859 2940 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 17:24:35.0906 2940 Mouclass - ok 17:24:35.0953 2940 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 17:24:35.0984 2940 mouhid - ok 17:24:36.0046 2940 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 17:24:36.0062 2940 MountMgr - ok 17:24:36.0140 2940 [ 1C9B83F6A2D1F414F0ACD28D75605607 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 17:24:36.0187 2940 MozillaMaintenance - ok 17:24:36.0296 2940 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys 17:24:36.0359 2940 MpFilter - ok 17:24:36.0531 2940 MpKsl08f29f24 - ok 17:24:36.0562 2940 mraid35x - ok 17:24:36.0609 2940 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 17:24:36.0640 2940 MRxDAV - ok 17:24:36.0703 2940 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 17:24:36.0734 2940 MRxSmb - ok 17:24:36.0781 2940 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe 17:24:36.0796 2940 MSDTC - ok 17:24:36.0890 2940 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 17:24:36.0921 2940 Msfs - ok 17:24:36.0953 2940 MSIServer - ok 17:24:37.0015 2940 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 17:24:37.0046 2940 MSKSSRV - ok 17:24:37.0140 2940 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Programme\Microsoft Security Client\MsMpEng.exe 17:24:37.0140 2940 MsMpSvc - ok 17:24:37.0218 2940 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 17:24:37.0234 2940 MSPCLOCK - ok 17:24:37.0265 2940 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 17:24:37.0281 2940 MSPQM - ok 17:24:37.0343 2940 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 17:24:37.0343 2940 mssmbios - ok 17:24:37.0437 2940 MSSQL$SQLEXPRESS - ok 17:24:37.0500 2940 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Programme\Microsoft SQL Server\100\Shared\SQLADHLP.EXE 17:24:37.0531 2940 MSSQLServerADHelper100 - ok 17:24:37.0578 2940 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 17:24:37.0593 2940 Mup - ok 17:24:37.0656 2940 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll 17:24:37.0671 2940 napagent - ok 17:24:37.0734 2940 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 17:24:37.0765 2940 NDIS - ok 17:24:37.0828 2940 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 17:24:37.0828 2940 NdisTapi - ok 17:24:37.0875 2940 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 17:24:37.0906 2940 Ndisuio - ok 17:24:37.0953 2940 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 17:24:37.0984 2940 NdisWan - ok 17:24:38.0046 2940 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 17:24:38.0078 2940 NDProxy - ok 17:24:38.0125 2940 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 17:24:38.0171 2940 NetBIOS - ok 17:24:38.0218 2940 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 17:24:38.0281 2940 NetBT - ok 17:24:38.0343 2940 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe 17:24:38.0406 2940 NetDDE - ok 17:24:38.0468 2940 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 17:24:38.0468 2940 NetDDEdsdm - ok 17:24:38.0546 2940 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe 17:24:38.0546 2940 Netlogon - ok 17:24:38.0593 2940 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll 17:24:38.0609 2940 Netman - ok 17:24:38.0656 2940 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 17:24:38.0765 2940 NetTcpPortSharing - ok 17:24:38.0828 2940 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll 17:24:38.0828 2940 Nla - ok 17:24:38.0906 2940 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 17:24:38.0968 2940 Npfs - ok 17:24:39.0000 2940 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 17:24:39.0062 2940 Ntfs - ok 17:24:39.0109 2940 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 17:24:39.0109 2940 NtLmSsp - ok 17:24:39.0187 2940 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 17:24:39.0203 2940 NtmsSvc - ok 17:24:39.0250 2940 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 17:24:39.0250 2940 Null - ok 17:24:39.0296 2940 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 17:24:39.0312 2940 NwlnkFlt - ok 17:24:39.0343 2940 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 17:24:39.0359 2940 NwlnkFwd - ok 17:24:39.0500 2940 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE 17:24:39.0531 2940 odserv - ok 17:24:39.0578 2940 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 17:24:39.0640 2940 ose - ok 17:24:39.0703 2940 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 17:24:39.0734 2940 Parport - ok 17:24:39.0796 2940 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 17:24:39.0812 2940 PartMgr - ok 17:24:39.0875 2940 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 17:24:39.0937 2940 ParVdm - ok 17:24:39.0968 2940 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 17:24:40.0015 2940 PCI - ok 17:24:40.0031 2940 PCIDump - ok 17:24:40.0062 2940 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 17:24:40.0093 2940 PCIIde - ok 17:24:40.0171 2940 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 17:24:40.0296 2940 Pcmcia - ok 17:24:40.0312 2940 PDCOMP - ok 17:24:40.0343 2940 PDFRAME - ok 17:24:40.0390 2940 PDRELI - ok 17:24:40.0484 2940 PDRFRAME - ok 17:24:40.0578 2940 perc2 - ok 17:24:40.0625 2940 perc2hib - ok 17:24:40.0843 2940 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe 17:24:40.0843 2940 PlugPlay - ok 17:24:40.0890 2940 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 17:24:40.0906 2940 PolicyAgent - ok 17:24:40.0953 2940 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 17:24:40.0953 2940 PptpMiniport - ok 17:24:41.0000 2940 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 17:24:41.0000 2940 ProtectedStorage - ok 17:24:41.0062 2940 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 17:24:41.0109 2940 PSched - ok 17:24:41.0156 2940 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 17:24:41.0187 2940 Ptilink - ok 17:24:41.0218 2940 ql1080 - ok 17:24:41.0250 2940 Ql10wnt - ok 17:24:41.0281 2940 ql12160 - ok 17:24:41.0312 2940 ql1240 - ok 17:24:41.0343 2940 ql1280 - ok 17:24:41.0453 2940 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 17:24:41.0468 2940 RasAcd - ok 17:24:41.0515 2940 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll 17:24:41.0546 2940 RasAuto - ok 17:24:41.0609 2940 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 17:24:41.0625 2940 Rasl2tp - ok 17:24:41.0734 2940 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll 17:24:41.0750 2940 RasMan - ok 17:24:41.0781 2940 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 17:24:41.0812 2940 RasPppoe - ok 17:24:41.0828 2940 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 17:24:41.0890 2940 Raspti - ok 17:24:41.0921 2940 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 17:24:41.0953 2940 Rdbss - ok 17:24:42.0031 2940 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 17:24:42.0078 2940 RDPCDD - ok 17:24:42.0156 2940 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 17:24:42.0171 2940 RDPWD - ok 17:24:42.0281 2940 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 17:24:42.0312 2940 RDSessMgr - ok 17:24:42.0390 2940 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 17:24:42.0390 2940 redbook - ok 17:24:42.0453 2940 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 17:24:42.0468 2940 RemoteAccess - ok 17:24:42.0515 2940 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe 17:24:42.0546 2940 RpcLocator - ok 17:24:42.0687 2940 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll 17:24:42.0703 2940 RpcSs - ok 17:24:42.0796 2940 [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103 C:\WINDOWS\system32\DRIVERS\RsFx0103.sys 17:24:42.0890 2940 RsFx0103 - ok 17:24:42.0968 2940 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe 17:24:43.0000 2940 RSVP - ok 17:24:43.0156 2940 [ 0C963B81C842B49CC87123F165224E5A ] S3GIGP C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys 17:24:43.0171 2940 S3GIGP - ok 17:24:43.0218 2940 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe 17:24:43.0218 2940 SamSs - ok 17:24:43.0296 2940 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 17:24:43.0296 2940 SCardSvr - ok 17:24:43.0359 2940 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll 17:24:43.0375 2940 Schedule - ok 17:24:43.0437 2940 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 17:24:43.0468 2940 Secdrv - ok 17:24:43.0500 2940 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll 17:24:43.0515 2940 seclogon - ok 17:24:43.0562 2940 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll 17:24:43.0578 2940 SENS - ok 17:24:43.0640 2940 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys 17:24:43.0656 2940 Serial - ok 17:24:43.0781 2940 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 17:24:43.0796 2940 Sfloppy - ok 17:24:43.0953 2940 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 17:24:43.0953 2940 SharedAccess - ok 17:24:44.0078 2940 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 17:24:44.0078 2940 ShellHWDetection - ok 17:24:44.0109 2940 Simbad - ok 17:24:44.0234 2940 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe 17:24:44.0250 2940 SkypeUpdate - ok 17:24:44.0437 2940 [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion C:\Programme\Sony\Sony PC Companion\PCCService.exe 17:24:44.0609 2940 Sony PC Companion - ok 17:24:44.0625 2940 Sparrow - ok 17:24:44.0687 2940 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 17:24:44.0703 2940 splitter - ok 17:24:44.0750 2940 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 17:24:44.0750 2940 Spooler - ok 17:24:44.0828 2940 [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$SQLEXPRESS c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE 17:24:44.0859 2940 SQLAgent$SQLEXPRESS - ok 17:24:44.0953 2940 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe 17:24:44.0953 2940 SQLBrowser - ok 17:24:45.0000 2940 [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe 17:24:45.0000 2940 SQLWriter - ok 17:24:45.0078 2940 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 17:24:45.0078 2940 sr - ok 17:24:45.0140 2940 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll 17:24:45.0171 2940 srservice - ok 17:24:45.0218 2940 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 17:24:45.0250 2940 Srv - ok 17:24:45.0312 2940 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 17:24:45.0312 2940 SSDPSRV - ok 17:24:45.0375 2940 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll 17:24:45.0375 2940 stisvc - ok 17:24:45.0500 2940 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 17:24:45.0546 2940 swenum - ok 17:24:45.0609 2940 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 17:24:45.0625 2940 swmidi - ok 17:24:45.0640 2940 SwPrv - ok 17:24:45.0687 2940 symc810 - ok 17:24:45.0718 2940 symc8xx - ok 17:24:45.0750 2940 sym_hi - ok 17:24:45.0781 2940 sym_u3 - ok 17:24:45.0890 2940 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 17:24:45.0890 2940 sysaudio - ok 17:24:45.0968 2940 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 17:24:45.0984 2940 SysmonLog - ok 17:24:46.0046 2940 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 17:24:46.0046 2940 TapiSrv - ok 17:24:46.0140 2940 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 17:24:46.0156 2940 Tcpip - ok 17:24:46.0234 2940 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 17:24:46.0234 2940 TDPIPE - ok 17:24:46.0281 2940 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 17:24:46.0312 2940 TDTCP - ok 17:24:46.0609 2940 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe 17:24:46.0687 2940 TeamViewer8 - ok 17:24:46.0718 2940 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 17:24:46.0750 2940 TermDD - ok 17:24:46.0812 2940 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll 17:24:46.0843 2940 TermService - ok 17:24:46.0890 2940 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll 17:24:46.0890 2940 Themes - ok 17:24:46.0937 2940 TosIde - ok 17:24:47.0000 2940 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll 17:24:47.0000 2940 TrkWks - ok 17:24:47.0046 2940 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys 17:24:47.0062 2940 uagp35 - ok 17:24:47.0109 2940 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 17:24:47.0109 2940 Udfs - ok 17:24:47.0187 2940 [ 7020C64A20709B39CBE4A1CF371A9CD5 ] UIUSys C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS 17:24:47.0203 2940 UIUSys - ok 17:24:47.0234 2940 ultra - ok 17:24:47.0328 2940 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Programme\Unlocker\UnlockerDriver5.sys 17:24:47.0375 2940 UnlockerDriver5 - ok 17:24:47.0437 2940 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 17:24:47.0453 2940 Update - ok 17:24:47.0531 2940 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll 17:24:47.0546 2940 upnphost - ok 17:24:47.0593 2940 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe 17:24:47.0593 2940 UPS - ok 17:24:47.0656 2940 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 17:24:47.0656 2940 usbccgp - ok 17:24:47.0703 2940 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 17:24:47.0718 2940 usbehci - ok 17:24:47.0796 2940 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 17:24:47.0796 2940 usbhub - ok 17:24:47.0859 2940 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 17:24:47.0875 2940 usbprint - ok 17:24:47.0937 2940 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 17:24:47.0937 2940 usbscan - ok 17:24:48.0000 2940 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 17:24:48.0015 2940 USBSTOR - ok 17:24:48.0078 2940 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 17:24:48.0078 2940 usbuhci - ok 17:24:48.0109 2940 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 17:24:48.0125 2940 VgaSave - ok 17:24:48.0156 2940 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys 17:24:48.0171 2940 ViaIde - ok 17:24:48.0187 2940 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 17:24:48.0218 2940 VolSnap - ok 17:24:48.0296 2940 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe 17:24:48.0359 2940 VSS - ok 17:24:48.0437 2940 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll 17:24:48.0453 2940 W32Time - ok 17:24:48.0531 2940 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 17:24:48.0546 2940 Wanarp - ok 17:24:48.0593 2940 WDICA - ok 17:24:48.0640 2940 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 17:24:48.0671 2940 wdmaud - ok 17:24:48.0703 2940 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll 17:24:48.0718 2940 WebClient - ok 17:24:48.0796 2940 [ 86723EA860346FBE5490835344CAD939 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 17:24:48.0890 2940 winachsf - ok 17:24:49.0031 2940 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 17:24:49.0031 2940 winmgmt - ok 17:24:49.0140 2940 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 17:24:49.0140 2940 WmdmPmSN - ok 17:24:49.0218 2940 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 17:24:49.0218 2940 WmiApSrv - ok 17:24:49.0343 2940 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe 17:24:49.0390 2940 WMPNetworkSvc - ok 17:24:49.0437 2940 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys 17:24:49.0468 2940 WpdUsb - ok 17:24:49.0609 2940 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 17:24:49.0687 2940 WPFFontCache_v0400 - ok 17:24:49.0765 2940 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll 17:24:49.0828 2940 wscsvc - ok 17:24:49.0859 2940 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 17:24:49.0875 2940 wuauserv - ok 17:24:49.0937 2940 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 17:24:50.0046 2940 WudfPf - ok 17:24:50.0140 2940 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 17:24:50.0156 2940 WudfRd - ok 17:24:50.0187 2940 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 17:24:50.0203 2940 WudfSvc - ok 17:24:50.0281 2940 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 17:24:50.0328 2940 WZCSVC - ok 17:24:50.0437 2940 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 17:24:50.0468 2940 xmlprov - ok 17:24:50.0515 2940 ================ Scan global =============================== 17:24:50.0562 2940 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll 17:24:50.0640 2940 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll 17:24:50.0671 2940 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll 17:24:50.0718 2940 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe 17:24:50.0718 2940 [Global] - ok 17:24:50.0734 2940 ================ Scan MBR ================================== 17:24:50.0765 2940 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0 17:24:51.0875 2940 \Device\Harddisk0\DR0 - ok 17:24:51.0890 2940 ================ Scan VBR ================================== 17:24:51.0906 2940 [ CEAAB3B38AE22DA666D63EE43AC10A3C ] \Device\Harddisk0\DR0\Partition1 17:24:51.0921 2940 \Device\Harddisk0\DR0\Partition1 - ok 17:24:51.0968 2940 [ 9F5E7F849A968CADDD993FCCE8D44F6D ] \Device\Harddisk0\DR0\Partition2 17:24:52.0000 2940 \Device\Harddisk0\DR0\Partition2 - ok 17:24:52.0015 2940 ============================================================ 17:24:52.0031 2940 Scan finished 17:24:52.0031 2940 ============================================================ 17:24:52.0093 3016 Detected object count: 0 17:24:52.0093 3016 Actual detected object count: 0 17:24:56.0250 2328 Deinitialize success _____________________________________________________________________________ 2. log: 15:51:11.0750 2880 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 15:51:12.0578 2880 ============================================================ 15:51:12.0578 2880 Current date / time: 2013/06/12 15:51:12.0578 15:51:12.0578 2880 SystemInfo: 15:51:12.0578 2880 15:51:12.0578 2880 OS Version: 5.1.2600 ServicePack: 3.0 15:51:12.0578 2880 Product type: Workstation 15:51:12.0578 2880 ComputerName: LAPTOP 15:51:12.0578 2880 UserName: Christiane 15:51:12.0578 2880 Windows directory: C:\WINDOWS 15:51:12.0578 2880 System windows directory: C:\WINDOWS 15:51:12.0578 2880 Processor architecture: Intel x86 15:51:12.0578 2880 Number of processors: 1 15:51:12.0578 2880 Page size: 0x1000 15:51:12.0578 2880 Boot type: Normal boot 15:51:12.0578 2880 ============================================================ 15:51:14.0109 2880 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 15:51:14.0109 2880 ============================================================ 15:51:14.0109 2880 \Device\Harddisk0\DR0: 15:51:14.0109 2880 MBR partitions: 15:51:14.0109 2880 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x554A6C0 15:51:14.0125 2880 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x554E5FC, BlocksNum 0x3FBFEC5 15:51:14.0125 2880 ============================================================ 15:51:14.0156 2880 C: <-> \Device\Harddisk0\DR0\Partition1 15:51:14.0203 2880 D: <-> \Device\Harddisk0\DR0\Partition2 15:51:14.0203 2880 ============================================================ 15:51:14.0203 2880 Initialize success 15:51:14.0203 2880 ============================================================ 15:52:25.0375 2088 ============================================================ 15:52:25.0375 2088 Scan started 15:52:25.0375 2088 Mode: Manual; SigCheck; TDLFS; 15:52:25.0375 2088 ============================================================ 15:52:25.0671 2088 ================ Scan system memory ======================== 15:52:25.0671 2088 System memory - ok 15:52:25.0671 2088 ================ Scan services ============================= 15:52:25.0921 2088 Abiosdsk - ok 15:52:25.0937 2088 abp480n5 - ok 15:52:25.0984 2088 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 15:52:26.0328 2088 ACPI - ok 15:52:26.0437 2088 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 15:52:26.0640 2088 ACPIEC - ok 15:52:26.0718 2088 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 15:52:26.0750 2088 AdobeFlashPlayerUpdateSvc - ok 15:52:26.0781 2088 adpu160m - ok 15:52:26.0828 2088 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 15:52:27.0000 2088 aec - ok 15:52:27.0343 2088 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 15:52:27.0515 2088 AFD - ok 15:52:27.0531 2088 Aha154x - ok 15:52:27.0546 2088 aic78u2 - ok 15:52:27.0546 2088 aic78xx - ok 15:52:27.0593 2088 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll 15:52:27.0875 2088 Alerter - ok 15:52:27.0906 2088 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe 15:52:28.0015 2088 ALG - ok 15:52:28.0015 2088 AliIde - ok 15:52:28.0031 2088 amsint - ok 15:52:28.0031 2088 AppMgmt - ok 15:52:28.0078 2088 [ D07CCC37476034EBF5DE4608A8AF4386 ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys 15:52:28.0171 2088 AR5211 - ok 15:52:28.0171 2088 asc - ok 15:52:28.0187 2088 asc3350p - ok 15:52:28.0187 2088 asc3550 - ok 15:52:28.0296 2088 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 15:52:28.0312 2088 aspnet_state - ok 15:52:28.0343 2088 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 15:52:28.0593 2088 AsyncMac - ok 15:52:28.0656 2088 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 15:52:28.0843 2088 atapi - ok 15:52:28.0859 2088 Atdisk - ok 15:52:28.0906 2088 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 15:52:29.0203 2088 Atmarpc - ok 15:52:29.0281 2088 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 15:52:29.0437 2088 AudioSrv - ok 15:52:29.0484 2088 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 15:52:29.0765 2088 audstub - ok 15:52:29.0875 2088 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 15:52:30.0062 2088 Beep - ok 15:52:30.0109 2088 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll 15:52:30.0343 2088 BITS - ok 15:52:30.0437 2088 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll 15:52:30.0515 2088 Browser - ok 15:52:30.0546 2088 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 15:52:30.0781 2088 cbidf2k - ok 15:52:30.0796 2088 cd20xrnt - ok 15:52:30.0953 2088 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 15:52:31.0203 2088 Cdaudio - ok 15:52:31.0250 2088 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 15:52:31.0531 2088 Cdfs - ok 15:52:31.0593 2088 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 15:52:31.0781 2088 Cdrom - ok 15:52:31.0796 2088 Changer - ok 15:52:31.0875 2088 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe 15:52:32.0109 2088 CiSvc - ok 15:52:32.0140 2088 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 15:52:32.0484 2088 ClipSrv - ok 15:52:32.0656 2088 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:52:32.0687 2088 clr_optimization_v2.0.50727_32 - ok 15:52:32.0734 2088 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:52:32.0750 2088 clr_optimization_v4.0.30319_32 - ok 15:52:32.0765 2088 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 15:52:32.0937 2088 CmBatt - ok 15:52:32.0937 2088 CmdIde - ok 15:52:32.0984 2088 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 15:52:33.0281 2088 Compbatt - ok 15:52:33.0296 2088 COMSysApp - ok 15:52:33.0328 2088 Cpqarray - ok 15:52:33.0406 2088 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 15:52:33.0593 2088 CryptSvc - ok 15:52:33.0593 2088 dac2w2k - ok 15:52:33.0609 2088 dac960nt - ok 15:52:33.0703 2088 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 15:52:33.0859 2088 DcomLaunch - ok 15:52:33.0906 2088 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 15:52:34.0140 2088 Dhcp - ok 15:52:34.0171 2088 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 15:52:34.0406 2088 Disk - ok 15:52:34.0421 2088 dmadmin - ok 15:52:34.0515 2088 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 15:52:34.0718 2088 dmboot - ok 15:52:34.0765 2088 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys 15:52:35.0015 2088 dmio - ok 15:52:35.0062 2088 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 15:52:35.0250 2088 dmload - ok 15:52:35.0281 2088 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll 15:52:35.0515 2088 dmserver - ok 15:52:35.0593 2088 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 15:52:35.0781 2088 DMusic - ok 15:52:35.0859 2088 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 15:52:35.0921 2088 Dnscache - ok 15:52:35.0968 2088 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 15:52:36.0203 2088 Dot3svc - ok 15:52:36.0203 2088 dpti2o - ok 15:52:36.0250 2088 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 15:52:36.0406 2088 drmkaud - ok 15:52:36.0468 2088 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll 15:52:36.0671 2088 EapHost - ok 15:52:36.0765 2088 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll 15:52:36.0953 2088 ERSvc - ok 15:52:36.0984 2088 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe 15:52:37.0078 2088 Eventlog - ok 15:52:37.0140 2088 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll 15:52:37.0234 2088 EventSystem - ok 15:52:37.0265 2088 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 15:52:37.0453 2088 Fastfat - ok 15:52:37.0468 2088 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 15:52:37.0546 2088 FastUserSwitchingCompatibility - ok 15:52:37.0578 2088 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 15:52:37.0812 2088 Fdc - ok 15:52:37.0890 2088 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys 15:52:38.0078 2088 FETNDIS - ok 15:52:38.0109 2088 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 15:52:38.0250 2088 Fips - ok 15:52:38.0328 2088 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 15:52:38.0500 2088 Flpydisk - ok 15:52:38.0578 2088 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 15:52:38.0765 2088 FltMgr - ok 15:52:38.0906 2088 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 15:52:38.0921 2088 FontCache3.0.0.0 - ok 15:52:38.0937 2088 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 15:52:39.0109 2088 Fs_Rec - ok 15:52:39.0140 2088 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 15:52:39.0359 2088 Ftdisk - ok 15:52:39.0437 2088 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 15:52:39.0640 2088 Gpc - ok 15:52:39.0812 2088 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe 15:52:39.0828 2088 gupdate - ok 15:52:39.0843 2088 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe 15:52:39.0859 2088 gupdatem - ok 15:52:39.0921 2088 [ 08F0F83FDB49CDBCACF546971A660524 ] HdAudAddService C:\WINDOWS\system32\drivers\CHDAud.sys 15:52:40.0031 2088 HdAudAddService - ok 15:52:40.0078 2088 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 15:52:40.0250 2088 HDAudBus - ok 15:52:40.0375 2088 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 15:52:40.0625 2088 helpsvc - ok 15:52:40.0625 2088 HidServ - ok 15:52:40.0671 2088 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 15:52:40.0828 2088 HidUsb - ok 15:52:40.0828 2088 HitmanPro37CrusaderBoot - ok 15:52:40.0890 2088 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 15:52:41.0078 2088 hkmsvc - ok 15:52:41.0140 2088 hpn - ok 15:52:41.0171 2088 [ D8D9DED6DCC4E3AEE633E6BA462B75C4 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 15:52:41.0218 2088 HSFHWAZL - ok 15:52:41.0281 2088 [ 2DF42CF7300B14B15953218A2B32217C ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 15:52:41.0375 2088 HSF_DPV - ok 15:52:41.0437 2088 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 15:52:41.0484 2088 HTTP - ok 15:52:41.0515 2088 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 15:52:41.0734 2088 HTTPFilter - ok 15:52:41.0734 2088 i2omgmt - ok 15:52:41.0750 2088 i2omp - ok 15:52:41.0828 2088 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 15:52:42.0000 2088 i8042prt - ok 15:52:42.0093 2088 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:52:42.0171 2088 idsvc - ok 15:52:42.0312 2088 [ AD5DF6F4FBBC798636EDC66BFEC7D0DE ] IJPLMSVC C:\Programme\Canon\IJPLM\IJPLMSVC.EXE 15:52:42.0328 2088 IJPLMSVC - ok 15:52:42.0343 2088 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 15:52:42.0515 2088 Imapi - ok 15:52:42.0562 2088 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe 15:52:42.0734 2088 ImapiService - ok 15:52:42.0734 2088 ini910u - ok 15:52:42.0859 2088 IntelIde - ok 15:52:42.0937 2088 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 15:52:43.0093 2088 intelppm - ok 15:52:43.0109 2088 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 15:52:43.0281 2088 Ip6Fw - ok 15:52:43.0359 2088 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 15:52:43.0578 2088 IpFilterDriver - ok 15:52:43.0656 2088 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 15:52:43.0812 2088 IpInIp - ok 15:52:43.0859 2088 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 15:52:44.0078 2088 IpNat - ok 15:52:44.0109 2088 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 15:52:44.0265 2088 IPSec - ok 15:52:44.0281 2088 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 15:52:44.0375 2088 IRENUM - ok 15:52:44.0406 2088 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 15:52:44.0671 2088 isapnp - ok 15:52:44.0812 2088 [ 5739F2821D49975CEDE6BF0153D0CF01 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe 15:52:44.0828 2088 JavaQuickStarterService - ok 15:52:44.0859 2088 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 15:52:45.0031 2088 Kbdclass - ok 15:52:45.0250 2088 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 15:52:45.0421 2088 kmixer - ok 15:52:45.0468 2088 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 15:52:45.0531 2088 KSecDD - ok 15:52:45.0562 2088 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 15:52:45.0609 2088 lanmanserver - ok 15:52:45.0640 2088 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 15:52:45.0718 2088 lanmanworkstation - ok 15:52:45.0734 2088 lbrtfdc - ok 15:52:45.0765 2088 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 15:52:45.0937 2088 LmHosts - ok 15:52:46.0031 2088 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 15:52:46.0062 2088 mdmxsdk - ok 15:52:46.0078 2088 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll 15:52:46.0359 2088 Messenger - ok 15:52:46.0468 2088 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe 15:52:46.0484 2088 Microsoft Office Groove Audit Service - ok 15:52:46.0515 2088 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 15:52:46.0687 2088 mnmdd - ok 15:52:46.0718 2088 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 15:52:46.0937 2088 mnmsrvc - ok 15:52:47.0015 2088 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 15:52:47.0187 2088 Modem - ok 15:52:47.0203 2088 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 15:52:47.0375 2088 Mouclass - ok 15:52:47.0406 2088 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 15:52:47.0593 2088 mouhid - ok 15:52:47.0609 2088 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 15:52:47.0781 2088 MountMgr - ok 15:52:47.0828 2088 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 15:52:47.0875 2088 MozillaMaintenance - ok 15:52:47.0921 2088 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys 15:52:47.0953 2088 MpFilter - ok 15:52:48.0109 2088 [ A69630D039C38018689190234F866D77 ] MpKslb0c7b687 c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9335AAAA-85B5-4C34-AA16-DF2CCA9DE6B3}\MpKslb0c7b687.sys 15:52:48.0125 2088 MpKslb0c7b687 - ok 15:52:48.0125 2088 mraid35x - ok 15:52:48.0156 2088 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 15:52:48.0343 2088 MRxDAV - ok 15:52:48.0390 2088 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 15:52:48.0453 2088 MRxSmb - ok 15:52:48.0500 2088 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe 15:52:48.0734 2088 MSDTC - ok 15:52:48.0750 2088 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 15:52:48.0968 2088 Msfs - ok 15:52:48.0968 2088 MSIServer - ok 15:52:49.0062 2088 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 15:52:49.0281 2088 MSKSSRV - ok 15:52:49.0343 2088 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Programme\Microsoft Security Client\MsMpEng.exe 15:52:49.0375 2088 MsMpSvc - ok 15:52:49.0390 2088 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 15:52:49.0562 2088 MSPCLOCK - ok 15:52:49.0578 2088 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 15:52:49.0812 2088 MSPQM - ok 15:52:49.0875 2088 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 15:52:50.0031 2088 mssmbios - ok 15:52:50.0109 2088 MSSQL$SQLEXPRESS - ok 15:52:50.0156 2088 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Programme\Microsoft SQL Server\100\Shared\SQLADHLP.EXE 15:52:50.0171 2088 MSSQLServerADHelper100 - ok 15:52:50.0203 2088 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 15:52:50.0328 2088 Mup - ok 15:52:50.0375 2088 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll 15:52:50.0546 2088 napagent - ok 15:52:50.0578 2088 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 15:52:50.0734 2088 NDIS - ok 15:52:50.0781 2088 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 15:52:50.0875 2088 NdisTapi - ok 15:52:50.0906 2088 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 15:52:51.0062 2088 Ndisuio - ok 15:52:51.0109 2088 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 15:52:51.0265 2088 NdisWan - ok 15:52:51.0312 2088 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 15:52:51.0343 2088 NDProxy - ok 15:52:51.0421 2088 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 15:52:51.0593 2088 NetBIOS - ok 15:52:51.0609 2088 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 15:52:51.0765 2088 NetBT - ok 15:52:51.0812 2088 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe 15:52:52.0031 2088 NetDDE - ok 15:52:52.0031 2088 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 15:52:52.0203 2088 NetDDEdsdm - ok 15:52:52.0281 2088 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe 15:52:52.0453 2088 Netlogon - ok 15:52:52.0531 2088 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll 15:52:52.0687 2088 Netman - ok 15:52:52.0718 2088 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 15:52:52.0734 2088 NetTcpPortSharing - ok 15:52:52.0781 2088 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll 15:52:52.0828 2088 Nla - ok 15:52:52.0875 2088 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 15:52:53.0171 2088 Npfs - ok 15:52:53.0218 2088 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 15:52:53.0421 2088 Ntfs - ok 15:52:53.0453 2088 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 15:52:53.0609 2088 NtLmSsp - ok 15:52:53.0765 2088 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 15:52:53.0968 2088 NtmsSvc - ok 15:52:54.0000 2088 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 15:52:54.0156 2088 Null - ok 15:52:54.0187 2088 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 15:52:54.0421 2088 NwlnkFlt - ok 15:52:54.0484 2088 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 15:52:54.0703 2088 NwlnkFwd - ok 15:52:54.0875 2088 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE 15:52:54.0906 2088 odserv - ok 15:52:55.0078 2088 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 15:52:55.0109 2088 ose - ok 15:52:55.0187 2088 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 15:52:55.0390 2088 Parport - ok 15:52:55.0468 2088 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 15:52:55.0625 2088 PartMgr - ok 15:52:55.0765 2088 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 15:52:55.0921 2088 ParVdm - ok 15:52:55.0968 2088 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 15:52:56.0140 2088 PCI - ok 15:52:56.0156 2088 PCIDump - ok 15:52:56.0203 2088 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 15:52:56.0421 2088 PCIIde - ok 15:52:56.0515 2088 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 15:52:56.0687 2088 Pcmcia - ok 15:52:56.0718 2088 PDCOMP - ok 15:52:56.0734 2088 PDFRAME - ok 15:52:56.0812 2088 PDRELI - ok 15:52:56.0843 2088 PDRFRAME - ok 15:52:56.0859 2088 perc2 - ok 15:52:56.0890 2088 perc2hib - ok 15:52:57.0015 2088 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe 15:52:57.0078 2088 PlugPlay - ok 15:52:57.0125 2088 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 15:52:57.0281 2088 PolicyAgent - ok 15:52:57.0328 2088 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 15:52:57.0546 2088 PptpMiniport - ok 15:52:57.0562 2088 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 15:52:57.0718 2088 ProtectedStorage - ok 15:52:57.0734 2088 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 15:52:58.0031 2088 PSched - ok 15:52:58.0078 2088 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 15:52:58.0234 2088 Ptilink - ok 15:52:58.0265 2088 ql1080 - ok 15:52:58.0296 2088 Ql10wnt - ok 15:52:58.0328 2088 ql12160 - ok 15:52:58.0359 2088 ql1240 - ok 15:52:58.0375 2088 ql1280 - ok 15:52:58.0468 2088 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 15:52:58.0828 2088 RasAcd - ok 15:52:58.0937 2088 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll 15:52:59.0093 2088 RasAuto - ok 15:52:59.0125 2088 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 15:52:59.0390 2088 Rasl2tp - ok 15:52:59.0468 2088 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll 15:52:59.0640 2088 RasMan - ok 15:52:59.0671 2088 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 15:52:59.0843 2088 RasPppoe - ok 15:52:59.0875 2088 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 15:53:00.0140 2088 Raspti - ok 15:53:00.0203 2088 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 15:53:00.0359 2088 Rdbss - ok 15:53:00.0437 2088 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 15:53:00.0703 2088 RDPCDD - ok 15:53:00.0812 2088 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 15:53:00.0859 2088 RDPWD - ok 15:53:00.0906 2088 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 15:53:01.0093 2088 RDSessMgr - ok 15:53:01.0140 2088 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 15:53:01.0359 2088 redbook - ok 15:53:01.0453 2088 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 15:53:01.0625 2088 RemoteAccess - ok 15:53:01.0656 2088 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe 15:53:01.0875 2088 RpcLocator - ok 15:53:01.0968 2088 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll 15:53:02.0062 2088 RpcSs - ok 15:53:02.0125 2088 [ 6A7360E36CBD636972AEEF0DD292A946 ] RsFx0105 C:\WINDOWS\system32\DRIVERS\RsFx0105.sys 15:53:02.0156 2088 RsFx0105 - ok 15:53:02.0218 2088 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe 15:53:02.0359 2088 RSVP - ok 15:53:02.0468 2088 [ 0C963B81C842B49CC87123F165224E5A ] S3GIGP C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys 15:53:02.0562 2088 S3GIGP - ok 15:53:02.0593 2088 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe 15:53:02.0750 2088 SamSs - ok 15:53:02.0843 2088 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 15:53:03.0015 2088 SCardSvr - ok 15:53:03.0109 2088 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll 15:53:03.0296 2088 Schedule - ok 15:53:03.0406 2088 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 15:53:03.0500 2088 Secdrv - ok 15:53:03.0562 2088 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll 15:53:03.0781 2088 seclogon - ok 15:53:03.0859 2088 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll 15:53:04.0015 2088 SENS - ok 15:53:04.0078 2088 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys 15:53:04.0312 2088 Serial - ok 15:53:04.0453 2088 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 15:53:04.0625 2088 Sfloppy - ok 15:53:04.0750 2088 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 15:53:05.0000 2088 SharedAccess - ok 15:53:05.0046 2088 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 15:53:05.0078 2088 ShellHWDetection - ok 15:53:05.0109 2088 Simbad - ok 15:53:05.0187 2088 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe 15:53:05.0218 2088 SkypeUpdate - ok 15:53:05.0312 2088 [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion C:\Programme\Sony\Sony PC Companion\PCCService.exe 15:53:05.0390 2088 Sony PC Companion - ok 15:53:05.0421 2088 Sparrow - ok 15:53:05.0484 2088 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 15:53:05.0656 2088 splitter - ok 15:53:05.0750 2088 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 15:53:05.0781 2088 Spooler - ok 15:53:05.0859 2088 [ A892134C28777978ECDE8283DC57AC0F ] SQLAgent$SQLEXPRESS c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE 15:53:05.0953 2088 SQLAgent$SQLEXPRESS - ok 15:53:06.0031 2088 [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe 15:53:06.0046 2088 SQLBrowser - ok 15:53:06.0109 2088 [ 135CDCCC167EF0C250125BBD3ABE18D5 ] SQLWriter c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe 15:53:06.0125 2088 SQLWriter - ok 15:53:06.0140 2088 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 15:53:06.0265 2088 sr - ok 15:53:06.0312 2088 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll 15:53:06.0390 2088 srservice - ok 15:53:06.0453 2088 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 15:53:06.0609 2088 Srv - ok 15:53:06.0671 2088 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 15:53:06.0796 2088 SSDPSRV - ok 15:53:06.0859 2088 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll 15:53:07.0031 2088 stisvc - ok 15:53:07.0109 2088 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 15:53:07.0265 2088 swenum - ok 15:53:07.0328 2088 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 15:53:07.0484 2088 swmidi - ok 15:53:07.0500 2088 SwPrv - ok 15:53:07.0531 2088 symc810 - ok 15:53:07.0562 2088 symc8xx - ok 15:53:07.0593 2088 sym_hi - ok 15:53:07.0625 2088 sym_u3 - ok 15:53:07.0812 2088 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 15:53:08.0000 2088 sysaudio - ok 15:53:08.0062 2088 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 15:53:08.0218 2088 SysmonLog - ok 15:53:08.0281 2088 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 15:53:08.0593 2088 TapiSrv - ok 15:53:08.0687 2088 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 15:53:08.0718 2088 Tcpip - ok 15:53:08.0765 2088 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 15:53:08.0921 2088 TDPIPE - ok 15:53:08.0968 2088 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 15:53:09.0187 2088 TDTCP - ok 15:53:09.0390 2088 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe 15:53:09.0625 2088 TeamViewer8 - ok 15:53:09.0687 2088 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 15:53:09.0890 2088 TermDD - ok 15:53:10.0000 2088 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll 15:53:10.0171 2088 TermService - ok 15:53:10.0203 2088 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll 15:53:10.0281 2088 Themes - ok 15:53:10.0296 2088 TosIde - ok 15:53:10.0359 2088 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll 15:53:10.0515 2088 TrkWks - ok 15:53:10.0625 2088 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys 15:53:10.0765 2088 uagp35 - ok 15:53:10.0890 2088 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 15:53:11.0078 2088 Udfs - ok 15:53:11.0125 2088 [ 7020C64A20709B39CBE4A1CF371A9CD5 ] UIUSys C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS 15:53:11.0156 2088 UIUSys ( UnsignedFile.Multi.Generic ) - warning 15:53:11.0156 2088 UIUSys - detected UnsignedFile.Multi.Generic (1) 15:53:11.0171 2088 ultra - ok 15:53:11.0234 2088 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Programme\Unlocker\UnlockerDriver5.sys 15:53:11.0250 2088 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning 15:53:11.0250 2088 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1) 15:53:11.0328 2088 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 15:53:11.0578 2088 Update - ok 15:53:11.0640 2088 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll 15:53:11.0750 2088 upnphost - ok 15:53:11.0796 2088 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe 15:53:12.0015 2088 UPS - ok 15:53:12.0062 2088 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 15:53:12.0203 2088 usbccgp - ok 15:53:12.0218 2088 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 15:53:12.0375 2088 usbehci - ok 15:53:12.0421 2088 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 15:53:12.0656 2088 usbhub - ok 15:53:12.0718 2088 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 15:53:12.0875 2088 usbprint - ok 15:53:12.0906 2088 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 15:53:13.0187 2088 usbscan - ok 15:53:13.0296 2088 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:53:13.0468 2088 USBSTOR - ok 15:53:13.0562 2088 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 15:53:13.0765 2088 usbuhci - ok 15:53:13.0843 2088 [ B4D7B7AD8A9F7C063C5CC3E2C1A0724E ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys 15:53:13.0890 2088 usb_rndisx - ok 15:53:13.0953 2088 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 15:53:14.0125 2088 VgaSave - ok 15:53:14.0156 2088 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys 15:53:14.0421 2088 ViaIde - ok 15:53:14.0500 2088 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 15:53:14.0656 2088 VolSnap - ok 15:53:14.0734 2088 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe 15:53:14.0828 2088 VSS - ok 15:53:14.0875 2088 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll 15:53:15.0109 2088 W32Time - ok 15:53:15.0171 2088 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 15:53:15.0312 2088 Wanarp - ok 15:53:15.0343 2088 WDICA - ok 15:53:15.0437 2088 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 15:53:15.0734 2088 wdmaud - ok 15:53:15.0843 2088 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll 15:53:16.0000 2088 WebClient - ok 15:53:16.0062 2088 [ 86723EA860346FBE5490835344CAD939 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 15:53:16.0140 2088 winachsf - ok 15:53:16.0281 2088 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 15:53:16.0484 2088 winmgmt - ok 15:53:16.0625 2088 [ F10075C2EC96D2EB118012E78ECE2FC2 ] WinRM C:\WINDOWS\system32\WsmSvc.dll 15:53:16.0796 2088 WinRM - ok 15:53:16.0937 2088 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 15:53:16.0984 2088 WmdmPmSN - ok 15:53:17.0062 2088 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 15:53:17.0234 2088 WmiApSrv - ok 15:53:17.0359 2088 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe 15:53:17.0484 2088 WMPNetworkSvc - ok 15:53:17.0546 2088 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys 15:53:17.0562 2088 WpdUsb - ok 15:53:17.0671 2088 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 15:53:17.0734 2088 WPFFontCache_v0400 - ok 15:53:17.0812 2088 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll 15:53:18.0046 2088 wscsvc - ok 15:53:18.0109 2088 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 15:53:18.0265 2088 wuauserv - ok 15:53:18.0328 2088 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 15:53:18.0359 2088 WudfPf - ok 15:53:18.0421 2088 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 15:53:18.0437 2088 WudfRd - ok 15:53:18.0453 2088 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 15:53:18.0500 2088 WudfSvc - ok 15:53:18.0578 2088 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 15:53:18.0781 2088 WZCSVC - ok 15:53:18.0843 2088 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 15:53:19.0000 2088 xmlprov - ok 15:53:19.0062 2088 ================ Scan global =============================== 15:53:19.0093 2088 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll 15:53:19.0156 2088 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll 15:53:19.0218 2088 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll 15:53:19.0234 2088 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe 15:53:19.0234 2088 [Global] - ok 15:53:19.0250 2088 ================ Scan MBR ================================== 15:53:19.0281 2088 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0 15:53:19.0562 2088 \Device\Harddisk0\DR0 - ok 15:53:19.0578 2088 ================ Scan VBR ================================== 15:53:19.0625 2088 [ CEAAB3B38AE22DA666D63EE43AC10A3C ] \Device\Harddisk0\DR0\Partition1 15:53:19.0625 2088 \Device\Harddisk0\DR0\Partition1 - ok 15:53:19.0671 2088 [ 9F5E7F849A968CADDD993FCCE8D44F6D ] \Device\Harddisk0\DR0\Partition2 15:53:19.0671 2088 \Device\Harddisk0\DR0\Partition2 - ok 15:53:19.0671 2088 ============================================================ 15:53:19.0671 2088 Scan finished 15:53:19.0671 2088 ============================================================ 15:53:19.0828 3752 Detected object count: 2 15:53:19.0828 3752 Actual detected object count: 2 15:54:29.0531 3752 UIUSys ( UnsignedFile.Multi.Generic ) - skipped by user 15:54:29.0531 3752 UIUSys ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:54:29.0531 3752 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user 15:54:29.0531 3752 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
12.06.2013, 15:20
| #8 |
| /// Malware-holic | Mozilla öffnet ständig selbst neue Seiten, seit paar Tagen >> PC langsam Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2013, 16:17
| #9 |
| | Mozilla öffnet ständig selbst neue Seiten, seit paar Tagen >> PC langsam alles geklappt , juhu  - dank deiner guten Anweisungen und Anleitungen !Leider hab ich keine Ahnung, wie ich die txt datei in Code Tags darstellen kann, sorry ___________________________________________________________________ Combofix Logfile: Code:
ATTFilter ComboFix 13-06-08.02 - Christiane 12.06.2013 17:04:07.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1790.902 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Christiane\Eigene Dateien\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\Christiane\WINDOWS
C:\install.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2a71f487ff979aea.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\45bbaad290140044.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\5e5d1e5b541052df.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\7d05c63eb8bb8848.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\99378a0843924e8e.fb
c:\windows\system32\Cache\a43476c28a259d86.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e14768fdb0d4fb0b.fb
c:\windows\system32\Cache\e7e16c87f6ff0129.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\roboot.exe
c:\windows\system32\scrrun.dll.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-12 bis 2013-06-12 ))))))))))))))))))))))))))))))
.
.
2013-06-12 12:26 . 2013-06-12 12:26 60872 -c--a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9335AAAA-85B5-4C34-AA16-DF2CCA9DE6B3}\offreg.dll
2013-06-12 12:26 . 2013-06-12 12:26 29904 -c--a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9335AAAA-85B5-4C34-AA16-DF2CCA9DE6B3}\MpKslb0c7b687.sys
2013-06-12 11:03 . 2013-05-13 06:19 7016152 -c--a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9335AAAA-85B5-4C34-AA16-DF2CCA9DE6B3}\mpengine.dll
2013-06-12 11:02 . 2013-06-12 11:02 -------- d-----w- c:\windows\system32\wbem\Repository
2013-06-12 10:57 . 2013-06-12 10:57 -------- dc----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\McAfee
2013-06-12 09:37 . 2013-06-12 09:37 -------- d-----w- c:\programme\Panda Security
2013-06-10 08:12 . 2013-05-13 06:19 7016152 -c--a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-02 23:30 . 2013-06-12 09:56 -------- d-----w- c:\windows\system32\Adobe
2013-05-20 17:10 . 2013-05-21 07:29 -------- d-----w- c:\programme\Mozilla Maintenance Service
2013-05-13 20:17 . 2013-05-13 20:17 -------- dc----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Zylom
2013-05-13 20:17 . 2013-05-13 20:17 -------- d-----w- c:\programme\Zylom Games
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 14:11 . 2013-02-20 14:35 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 14:10 . 2013-02-20 14:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28 . 2013-04-11 14:56 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-26 20:36 . 2013-04-26 20:37 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-26 20:36 . 2013-04-26 20:37 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-26 20:36 . 2012-07-15 14:36 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-26 20:35 . 2012-03-28 18:48 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-16 22:16 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:16 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-04-16 22:16 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2013-04-12 14:00 . 2004-08-04 12:00 1876480 ----a-w- c:\windows\system32\win32k.sys
2013-04-11 15:32 . 2013-04-11 15:32 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-03-16 21:51 . 2013-03-16 21:51 69632 -c--a-r- c:\dokumente und einstellungen\Christiane\Anwendungsdaten\Microsoft\Installer\{2D5BEFA3-889A-4AD5-8771-310BAEB0E2FC}\ARPPRODUCTICON.exe
2013-03-16 21:51 . 2013-03-16 21:51 49152 -c--a-r- c:\dokumente und einstellungen\Christiane\Anwendungsdaten\Microsoft\Installer\{2D5BEFA3-889A-4AD5-8771-310BAEB0E2FC}\UNINST_Uninstall_Q_336D8C9DB2424DE5BC518E574B25652F.exe
2004-06-17 14:27 . 2004-06-17 14:27 86016 ----a-w- c:\programme\ServiceSetup.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\programme\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Keyboard Express 3.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Keyboard Express 3.lnk
backup=c:\windows\pss\Keyboard Express 3.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-05-11 10:37 958576 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-25 02:50 2516296 ----a-w- c:\programme\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-04-02 08:18 1185112 ----a-w- c:\programme\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-04-19 13:19 18678376 ----a-r- c:\programme\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2013-03-18 15:47 448736 ----a-w- c:\programme\Sony\Sony PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\programme\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avgwd"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Broadcom Wireless Manager UI"=c:\windows\system32\WLTRAY
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe"
"S3Trayp"=S3trayp.exe
"vProt"="c:\programme\AVG Secure Search\vprot.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Google\\Google Talk\\googletalk.exe"=
"c:\\Programme\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Programme\\TV-Browser\\tvbrowser.exe"=
"c:\\Programme\\TV-Browser\\tvbrowser_noDD.exe"=
"c:\\Programme\\Java\\jre7\\bin\\java.exe"=
"c:\\Programme\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Programme\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung
.
R1 MpKslb0c7b687;MpKslb0c7b687;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9335AAAA-85B5-4C34-AA16-DF2CCA9DE6B3}\MpKslb0c7b687.sys [12.06.2013 14:26 29904]
R2 TeamViewer8;TeamViewer 8;c:\programme\TeamViewer\Version8\TeamViewer_Service.exe [20.12.2012 14:15 3467768]
S2 HitmanPro37CrusaderBoot;HitmanPro 3.7 Crusader (Boot);"\\nas\Updates\HitmanPro35.exe" /crusader:boot --> \\nas\Updates\HitmanPro35.exe [?]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [28.02.2013 19:45 161384]
S3 Sony PC Companion;Sony PC Companion;c:\programme\Sony\Sony PC Companion\PCCService.exe [02.07.2012 22:18 155824]
S4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\programme\Microsoft SQL Server\100\Shared\sqladhlp.exe [21.07.2009 04:04 47128]
S4 RsFx0105;RsFx0105 Driver;c:\windows\system32\drivers\RsFx0105.sys [22.09.2011 17:10 238696]
S4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [22.09.2011 17:17 370024]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 28435608
*NewlyCreated* - MPKSLB0C7B687
*Deregistered* - 28435608
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-07 07:50 1165776 ----a-w- c:\programme\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-20 14:11]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-05-12 18:27]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-05-12 18:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=91b2e479-89ef-4e57-aa4b-434f5d5bf786&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Christiane\Anwendungsdaten\Mozilla\Firefox\Profiles\pe343bpa.default\
FF - ExtSQL: 2013-05-20 19:22; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\dokumente und einstellungen\Christiane\Anwendungsdaten\Mozilla\Firefox\Profiles\pe343bpa.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: 2013-05-21 02:47; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\dokumente und einstellungen\Christiane\Anwendungsdaten\Mozilla\Firefox\Profiles\pe343bpa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-21 03:30; {888d99e7-e8b5-46a3-851e-1ec45da1e644}; c:\dokumente und einstellungen\Christiane\Anwendungsdaten\Mozilla\Firefox\Profiles\pe343bpa.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
FF - ExtSQL: 2013-05-21 15:42; remember-passwords@stanimir-stamenkov.addons.mozilla.org; c:\dokumente und einstellungen\Christiane\Anwendungsdaten\Mozilla\Firefox\Profiles\pe343bpa.default\extensions\remember-passwords@stanimir-stamenkov.addons.mozilla.org.xpi
FF - ExtSQL: !HIDDEN! 2013-03-16 22:54; speedanalysis@SpeedAnalysis.com; c:\dokumente und einstellungen\Christiane\Anwendungsdaten\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF - ExtSQL: !HIDDEN! 2013-03-16 22:55; statuswinks@StatusWinks; c:\dokumente und einstellungen\Christiane\Anwendungsdaten\Mozilla\Extensions\statuswinks@StatusWinks
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-AVG_UI - c:\programme\AVG\AVG2013\avgui.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-06-12 17:08
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HitmanPro37CrusaderBoot]
"ImagePath"="\"\\nas\Updates\HitmanPro35.exe\" /crusader:boot"
.
Zeit der Fertigstellung: 2013-06-12 17:10:40
ComboFix-quarantined-files.txt 2013-06-12 15:10
.
Vor Suchlauf: 6 Verzeichnis(se), 19.467.350.016 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 19.832.483.840 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 5F9308A7E5C22EA8FC0F6A141FA817C4
72B8CE41AF0DE751C946802B3ED844B4 |
|
12.06.2013, 17:57
| #10 |
| /// Malware-holic | Mozilla öffnet ständig selbst neue Seiten, seit paar Tagen >> PC langsam is schon ok so lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2013, 18:23
| #11 |
| | Mozilla öffnet ständig selbst neue Seiten, seit paar Tagen >> PC langsam Anweisung von dir: öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten. _____________________________ bei Extras finde ich diese uninstall list nicht , dort gibt es folgende Buttons zur Auswahl : Programme deinstallieren Autostart File Finder Systemwiederherstellung Festplatten Wiper also eine Liste, wo ich die benötigten Programme usw markieren bzw benötigt, unnötig, unbekannt dahinter schreiben kann... die finde ich nicht, sorry ... k. a. wo das sein soll und DANKE, dass du mir so hilfst und Verständnis für ein Blondinchen hast |
|
12.06.2013, 18:41
| #12 |
| /// Malware-holic | Mozilla öffnet ständig selbst neue Seiten, seit paar Tagen >> PC langsam deinstalieren und uninstall, ist halt nur die englische bezeichnung da einige es auf englisch instaliert haben, also, programme deinstalieren wählen :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2013, 19:08
| #13 |
| | Mozilla öffnet ständig selbst neue Seiten, seit paar Tagen >> PC langsam Programme : 7-Zip 9.20 27.04.2012 Benötigt Adobe AIR Adobe Systems Incorporated 15.03.2013 3.6.0.6090 Benötigt Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.06.2013 11.7.700.224 Benötigt Adobe Reader XI (11.0.03) - Deutsch Adobe Systems Incorporated 03.06.2013 134,00MB 11.0.03 Benötigt Adobe Shockwave Player 12.0 Adobe Systems, Inc. 12.06.2013 12.0.2.122 Benötigt Apple Software Update Apple Inc. 16.10.2012 2,38MB 2.1.3.127 keine ahnung , fürs handy ? Canon Easy-PhotoPrint EX 27.04.2012 Canon Easy-WebPrint EX 27.04.2012 Canon Inkjet Printer/Scanner/Fax Extended Survey Program 27.04.2012 Canon MP Navigator EX 4.0 27.04.2012 Canon MP495 series Benutzerregistrierung 27.04.2012 Canon MP495 series MP Drivers 27.04.2012 Canon My Printer 27.04.2012 Canon Solution Menu EX 27.04.2012 Canon alle benötigt CCleaner Piriform 24.05.2013 4.02 Benötigt concept/design Video Jukebox concept/design GmbH 06.05.2012 Video Jukebox unbekannt Conexant HD Audio 28.03.2012 Benötigt FlashPlayer Tuguu SL 06.03.2013 17,32MB 1.6.8 unbekannt Google Chrome Google Inc. 12.05.2012 27.0.1453.110 google chrom ja, aber Inc. ??? Google Talk (remove only) 05.08.2012 nicht mehr benötigt Java 7 Update 21 Oracle 26.04.2013 129,00MB 7.0.210 benötigt Keyboard Express 3 Insight Software Solutions, Inc. 10.06.2013 3.0 benötigt Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 16.05.2013 2.055,00MB 2.2.30729 Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU Microsoft Corporation 07.04.2012 6,30MB 2.2.30729 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 12.01.2013 372,00MB 3.2.30729 Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU Microsoft Corporation 07.04.2012 17,47MB 3.2.30729 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 07.04.2012 Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 12.01.2013 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 16.05.2013 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 06.04.2012 4.0.30319 Microsoft .NET Framework 4 Extended Microsoft Corporation 11.04.2013 4.0.30319 Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 05.04.2012 4.0.30319 Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Corporation 05.04.2012 83,46MB 4.0.30319 Microsoft Help Viewer 1.1 Microsoft Corporation 14.09.2012 1.1.40219 Microsoft Help Viewer 1.1 Language Pack - DEU Microsoft Corporation 14.09.2012 1.1.40219 Microsoft Office File Validation Add-In Microsoft Corporation 08.04.2012 7,95MB 14.0.5130.5003 Microsoft Office Live Add-in 1.5 Microsoft Corporation 19.04.2012 0,49MB 2.0.4024.1 Microsoft Office Ultimate 2007 Microsoft Corporation 16.05.2013 12.0.6612.1000 Microsoft Security Essentials Microsoft Corporation 11.04.2013 4.2.223.1 Microsoft Silverlight Microsoft Corporation 05.09.2012 76,47MB 5.1.10411.0 Microsoft SQL Server 2008 Microsoft Corporation 11.04.2013 Microsoft SQL Server 2008 Browser Microsoft Corporation 11.04.2013 8,03MB 10.3.5500.0 Microsoft SQL Server 2008 Native Client Microsoft Corporation 11.04.2013 4,95MB 10.3.5500.0 Microsoft SQL Server Compact 3.5 SP2 DEU Microsoft Corporation 05.04.2012 5,35MB 3.5.8080.0 Microsoft SQL Server VSS Writer Microsoft Corporation 11.04.2013 6,89MB 10.3.5500.0 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.07.2012 5,28MB 8.0.61001 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 15.03.2013 4,44MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 29.03.2012 10,29MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 06.07.2012 9,64MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 27.04.2012 9,55MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 05.04.2012 10,20MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 13.01.2013 16,54MB 10.0.40219 Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 Microsoft Corporation 14.09.2012 26,34MB 10.0.40219 Microsoft Visual C++ 2010 Express - DEU Microsoft Corporation 14.09.2012 10.0.40219 Microsoft Visual Studio 2010 Service Pack 1 Microsoft Corporation 14.09.2012 10.0.40219 Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Microsoft Corporation 13.01.2013 10.0.40303 Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU Microsoft Corporation 13.01.2013 10.0.40303 Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket Microsoft Corporation 11.04.2013 bei bei microsoft weiß ich nicht genau, was man alles braucht… Mozilla Firefox 20.0.1 (x86 de) Mozilla 12.06.2013 20.0.1 benötigt Mozilla Maintenance Service Mozilla 21.05.2013 21.0 weiß nicht, was das ist NAVIGON Fresh 3.4.1 NAVIGON 05.08.2012 3.4.1 benötigt Notepad++ 01.11.2012 6.2 benötigt Panda Cloud Cleaner Panda Security 12.06.2013 1.0.45 heute runter geladen für Trojanersuche, nicht mehr notwendig danach Skype™ 6.3 Skype Technologies S.A. 19.05.2013 38,83MB 6.3.107 benötigt Soft Data Fax Modem with SmartCP 28.03.2012 kenn/ weiß ich nicht Sony Ericsson Update Engine Sony Ericsson Communications AB 30.04.2013 2.13.5.201304180917 benötigt Sony PC Companion 2.10.155 Sony 30.04.2013 2.10.155 benötigt TeamViewer 8 TeamViewer 10.05.2013 8.0.16642 benötigt TV-Browser 3.0.2 TV-Browser Team 10.03.2013 3.0.2 nicht mehr benötigt unbedingt Unlocker 1.9.1 Cedrick Collomb 20.02.2013 1.9.1 benötigt Unterstützungsdateien für Microsoft SQL Server 2008-Setup Microsoft Corporation 11.04.2013 34,79MB 10.3.5500.0 weiß ich nicht, ob notwendig (denk schon) VAFPlayer Tuguu SL 19.04.2013 18,00MB 1.6.8 weiß/ kenn ich nicht VIA Plattform-Geräte-Manager VIA Technologies, Inc. 28.03.2012 1.15 Windows Internet Explorer 8 Microsoft Corporation 26.04.2013 20090308.140743 Windows Management Framework Core Microsoft Corporation 11.04.2013 Windows Media Format 11 runtime 27.04.2012 Windows Media Player 11 27.04.2012 diese 5 seh ich als notwendig an Zylom Games Player Plugin Zylom Games 13.05.2013 glaube nicht, dass notwendig __________________________________ seit über 3 Stunden läuft das Virusprogramm ausführlich.... nun weiß ich nicht, ob die gefundene Datei noch "relevant" ist, da ich heute morgen eine Systemwiederherstellung auf den 01.06. gemacht habe und dieser Trojaner am 01.06. gefunden wurde... und nun ist mir unklar, ob er noch aktiv war oder nicht, da ich Systemwiederherstellung gemacht hatte, aber nachdem sich dann immernoch bei Mozilla dieses Fenster "frauen... " öffnete, habe ich die Systemwiederherstellung rückgängig gemacht. Trojan:Win32/Alureon (?) Encyclopedia entry Updated: Sep 07, 2011 | Published: May 17, 2007 Aliases Win-Trojan/Tdss.174080.BM (AhnLab) Trojan.Win32.Alureon (Ikarus) Mal/Rorpian-C (Sophos) Gen:Variant.Kazy.34946 (BitDefender) BackDoor.Tdss.5070 (Dr.Web) Trojan.Win32.Menti.hvdp (Kaspersky) Backdoor.Tidserv (Symantec) Geändert von Mausi_2011 (12.06.2013 um 19:34 Uhr) Grund: Trojaner gefunden bei laufendem Virusscan |
|
12.06.2013, 20:15
| #14 |
| /// Malware-holic | Mozilla öffnet ständig selbst neue Seiten, seit paar Tagen >> PC langsam hab ich irgendwas von ner systemwiederherstellung gesagt? warum will man irgendwo hilfe, wenn man dann eh tut was man will? fundort fehlt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2013, 20:46
| #15 |
| | Mozilla öffnet ständig selbst neue Seiten, seit paar Tagen >> PC langsam die Systemwiederherstellung machte ich BEVOR ich dieses Forum fand.... dachte, vielleicht hilft das... danach gegoogelt habe und dieses Forum gefunden! Trojan: win32/ Alureon, warnstufe: Schwerwiegend, gefunden: 23.07 am 01.06 containerfile:C:\Dokumente und Einstellungen\Christiane\Eigene Dateien\Downloads\facebook_foto_21052013-jpg.zip file:C:\Dokumente und Einstellungen\Christiane\Eigene Dateien\Downloads\facebook_foto_21052013-jpg.zip->facebook_foto_21052013-jpg.exe PS: virenscan läuft immernoch , schon seit 17:00 Uhr |
|
| Themen zu Mozilla öffnet ständig selbst neue Seiten, seit paar Tagen >> PC langsam |
| datei, datein, essen, forum, hoffe, home, hängt, infizierte, kostenlose, langsam, microsoft, mozilla, neue, neue seite, nicht mehr, nichts, pc hängt, pc langsam, security, seite, seiten, troja, trojaner, version, windows, öffnet |
WARNUNG an die MITLESER: 
Linear-Darstellung
