Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: PC versendet SPAM mails im hintergrund

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 06.07.2012, 09:57   #1
nicom028
 
PC versendet SPAM mails im hintergrund - Standard

PC versendet SPAM mails im hintergrund



Hallo,

Mein PC versendet Spam mails im hintergrund.
Habe dies festgestellt da im verzeignis:
c:\inetpub\mailroot\queue immer wieder neue mails erscheinen und in
c:\inetpub\mailroot\badmail tausende von nicht versendete mails sind.

Ich verwende Norton Internet Security, aber der findet nichts :-(

Unterstehend mein HijackThis logfile, jeder hilfe werde ich dankend entgegen nehmen !!!!!!!!!
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:55:48, on 06.07.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\CNAB5RPK.EXE
C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Programme\VirtualCloneDrive\VCDDaemon.exe
C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet\Connect\11\ISUSPM.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAB5LAK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\mmc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.xxxxxxxxxxxx.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Programme\DIALux\DLXShellExtension.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programme\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Programme\COMPAQ\SetRefresh\\SetRefresh.exe
O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Programme\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nuance\PDF Reader\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programme\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Programme\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Verknüpfung mit Mail Postgasse -Hxxxxxxxxx.lnk = ? (User 'SYSTEM')
O4 - S-1-5-18 Startup: VPN Drucker-Internet.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: Verknüpfung mit Mail Postgasse -Höpflergasse.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: VPN Drucker-Internet.lnk = ? (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Verknüpfung mit Mail Postgasse -Höpflergasse.lnk = ?
O4 - Startup: VPN Drucker-Internet.lnk = ?
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon LBP3300 Statusfenster.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAB5LAK.EXE
O4 - Global Startup: VPN Drucker-Internet.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - hxxp://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - hxxp://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/dribnif/de/win/QuickTimeInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158794628677
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - hxxp://toolbar.google.com/data/de/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{656C01D1-A252-4CD2-953F-B3CD44F56750}: NameServer = 193.186.161.35,193.186.161.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{75BA237D-CD34-49E3-8345-D9EC827F3B6E}: NameServer = 193.186.161.66 193.186.161.35
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: DIAL Communication Service (DialComService) - Unknown owner - C:\Programme\DIAL GmbH\DIAL Communication Framework\DialComService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programme\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9dd17746cffd0) (gupdate1c9dd17746cffd0) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Programme\ReaConverter 5.5 Pro\rcp_scheduler.exe
O23 - Service: ServiceLayer - Nokia - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programme\Skype\Updater\Updater.exe

--
End of file - 16072 bytes
         
--- --- ---

Geändert von nicom028 (06.07.2012 um 10:54 Uhr)

Alt 06.07.2012, 11:02   #2
markusg
/// Malware-holic
 
PC versendet SPAM mails im hintergrund - Standard

PC versendet SPAM mails im hintergrund



hi
hjt logs wollen wir nicht mehr sehen :-)
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 06.07.2012, 11:25   #3
nicom028
 
PC versendet SPAM mails im hintergrund - Standard

PC versendet SPAM mails im hintergrund



Bin gerade drauf gekommen das wenn ich inetinfo.exe (in dienste) beende, kein weitere spam mails mehr verschickt werden.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.07.2012 11:33:48 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Dokumente und Einstellungen\thomas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 62,35% Memory free
3,32 Gb Paging File | 2,50 Gb Available in Paging File | 75,16% Paging File free
Paging file location(s): C:\pagefile.sys 1520 2500 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 148,87 Gb Total Space | 68,93 Gb Free Space | 46,30% Space Free | Partition Type: NTFS
Drive D: | 180,41 Mb Total Space | 106,84 Mb Free Space | 59,22% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 778,77 Gb Free Space | 83,60% Space Free | Partition Type: NTFS
 
Computer Name: THOMASRECHNER | User Name: thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.06 11:28:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\thomas\Desktop\OTL.exe
PRC - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
PRC - [2012.01.17 12:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.10.07 08:54:11 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011.03.07 15:33:08 | 000,089,456 | ---- | M] (Elaborate Bytes AG) -- C:\Programme\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009.05.05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2008.06.11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.04.17 14:03:52 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Programme\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007.03.06 08:10:22 | 000,050,848 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAB5LAK.EXE
PRC - [2007.01.15 02:53:24 | 000,063,168 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CNAB5RPK.EXE
PRC - [2006.12.23 19:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.12.23 19:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006.12.23 18:54:04 | 000,262,144 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
PRC - [2006.12.14 18:49:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2006.10.11 12:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Programme\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006.09.19 16:05:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2005.09.30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe
PRC - [2005.06.07 00:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2002.01.16 15:15:14 | 000,081,920 | ---- | M] (Matrox Graphics Inc.) -- C:\WINDOWS\system32\mgabg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
MOD - [2006.09.19 16:05:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
MOD - [2000.12.22 08:51:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\NavLogon.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.06.23 15:29:55 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.19 10:33:00 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe -- (NIS)
SRV - [2012.02.26 16:42:28 | 000,632,320 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Programme\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2012.02.15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.07 08:54:24 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Programme\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2011.10.07 08:54:11 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011.08.29 08:54:17 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Programme\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011.05.15 22:59:35 | 001,639,216 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\DIAL GmbH\DIAL Communication Framework\DialComService.exe -- (DialComService)
SRV - [2011.03.17 12:35:59 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.06.14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.08.27 16:32:45 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008.04.14 07:52:50 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008.04.14 07:52:50 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008.04.14 07:52:50 | 000,015,872 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007.11.30 13:27:22 | 000,558,592 | ---- | M] (ReaSoft) [On_Demand | Stopped] -- C:\Programme\ReaConverter 5.5 Pro\rcp_scheduler.exe -- (rcp_service)
SRV - [2006.12.23 18:54:04 | 000,262,144 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006.12.14 18:49:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005.09.30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2002.01.16 15:15:14 | 000,081,920 | ---- | M] (Matrox Graphics Inc.) [Auto | Running] -- C:\WINDOWS\system32\mgabg.exe -- (MGABGEXE)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS.SYS -- (SYMIDS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMDNS.SYS -- (SYMDNS)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\RTL8139.SYS -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.06.19 02:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120619.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.06.14 20:39:26 | 000,369,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120705.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012.05.31 14:38:23 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.05.31 04:11:15 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.05.31 04:11:14 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.05.30 01:00:00 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120705.018\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.05.30 01:00:00 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120705.018\NAVENG.SYS -- (NAVENG)
DRV - [2012.03.29 08:28:38 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\symtdi.sys -- (SYMTDI)
DRV - [2012.03.29 08:28:30 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\SymEFA.sys -- (SymEFA)
DRV - [2012.03.29 08:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\SymDS.sys -- (SymDS)
DRV - [2012.03.29 08:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\Ironx86.sys -- (SymIRON)
DRV - [2012.03.29 08:03:27 | 000,574,072 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\srtsp.sys -- (SRTSP)
DRV - [2012.03.29 08:03:27 | 000,032,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011.11.30 00:44:14 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011.10.07 08:54:13 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009.12.18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.24 18:46:08 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008.06.07 18:07:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Programme\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007.01.30 20:57:50 | 004,474,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.11.17 15:10:00 | 000,011,264 | R--- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FS20 IRP.sys -- (FS20 IRP)
DRV - [2006.11.07 04:32:00 | 000,046,976 | R--- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPKBCCID.sys -- (HPKBCCID)
DRV - [2005.02.16 07:43:20 | 000,028,800 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CyUsbNT.sys -- (CyUsbNT)
DRV - [2004.10.25 00:04:00 | 000,007,796 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Stc2Dfu.sys -- (STC2DFU)
DRV - [2004.10.15 17:49:00 | 000,029,292 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FTD2XX.sys -- (FTD2XX)
DRV - [2004.09.14 10:33:48 | 000,260,992 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\g200mini.sys -- (G200)
DRV - [2004.08.04 07:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004.08.04 07:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004.08.04 07:29:45 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv10nt.sys -- (iAimTV5)
DRV - [2004.08.04 07:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004.08.04 07:29:44 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv06nt.sys -- (iAimTV6)
DRV - [2004.08.04 07:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004.08.04 07:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004.08.04 07:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004.08.04 07:29:40 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv09nt.sys -- (iAimFP7)
DRV - [2004.08.04 07:29:39 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv08nt.sys -- (iAimFP6)
DRV - [2004.08.04 07:29:38 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv07nt.sys -- (iAimFP5)
DRV - [2004.08.04 07:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004.08.04 07:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004.08.04 07:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2004.08.04 07:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2003.03.14 13:18:30 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001.12.18 15:45:04 | 000,003,279 | ---- | M] (VIA Technologies. Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VIAPFD.SYS -- (VIAPFD)
DRV - [2001.08.17 12:19:56 | 000,063,360 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ess.sys -- (ess) ESS Audiotreiber (WDM)
DRV - [2001.08.17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.thomasleuchten.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6F6246AE-444E-494D-9180-99E91E3732CC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6F6246AE-444E-494D-9180-99E91E3732CC}: "URL" = hxxp://www.google.at/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLD_deAT310
IE - HKCU\..\SearchScopes\Live Search: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&mkt=de-at&FORM=MICPAT
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.thomasleuchten.at/"
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\npPDFXCviewNPPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Programme\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\npPDFXCviewNPPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.17 10:26:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\IPSFFPlgn\ [2012.05.31 14:44:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\coFFPlgn\ [2012.07.06 10:22:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.19 10:33:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.25 14:20:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.17 10:26:28 | 000,000,000 | ---D | M]
 
[2010.04.06 14:28:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\Mozilla\Extensions
[2010.04.06 14:28:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2012.05.22 08:41:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\onwfeoa8.default\extensions
[2010.06.29 08:13:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\onwfeoa8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.18 09:22:08 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\onwfeoa8.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2012.05.22 08:41:00 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\onwfeoa8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.09.08 08:17:45 | 000,000,000 | ---D | M] (SkyFex Remote Desktop) -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\onwfeoa8.default\extensions\skyfex@skyfex.com
[2011.06.20 11:52:18 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\onwfeoa8.default\extensions\support@predictad.com
[2012.06.04 15:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.13 15:16:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.19 10:33:01 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.01.09 09:04:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.09 09:04:37 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.01.09 09:04:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.09 09:04:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.09 09:04:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.09 09:04:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.05.10 08:33:50 | 000,001,842 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1				activate.adobe.com
O1 - Hosts: 127.0.0.1				practivate.adobe.com
O1 - Hosts: 127.0.0.1				ereg.adobe.com
O1 - Hosts: 127.0.0.1				activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1				wip3.adobe.com
O1 - Hosts: 127.0.0.1				3dns-3.adobe.com
O1 - Hosts: 127.0.0.1				3dns-2.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1				ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1				activate-sea.adobe.com
O1 - Hosts: 127.0.0.1				wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1				activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1                               adobe.activate.com
O1 - Hosts: 127.0.0.1                               adobeereg.com                        
O1 - Hosts: 127.0.0.1                               www.adobeereg.com                    
O1 - Hosts: 127.0.0.1                               wwis-dubc1-vip60.adobe.com           
O1 - Hosts: 127.0.0.1                               125.252.224.90                       
O1 - Hosts: 127.0.0.1                               125.252.224.91
O1 - Hosts: 127.0.0.1                               hl2rcv.adobe.com
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (DIALux 3.1 ULDBrowserHelper Class) - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Programme\DIALux\DLXShellExtension.dll (DIAL GmbH, Germany)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [FileZilla Server Interface] C:\Programme\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LayoutM] C:\WINDOWS\KLayMgr.exe (Chicony)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Programme\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Programme\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SetRefresh] C:\Programme\COMPAQ\SetRefresh\\SetRefresh.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Programme\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ISUSPM] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk =  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Canon LBP3300 Statusfenster.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAB5LAK.EXE (CANON INC.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Drucker-Internet.lnk =  File not found
O4 - Startup: C:\Dokumente und Einstellungen\thomas\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\thomas\Startmenü\Programme\Autostart\Verknüpfung mit Mail Postgasse -Höpflergasse.lnk =  File not found
O4 - Startup: C:\Dokumente und Einstellungen\thomas\Startmenü\Programme\Autostart\VPN Drucker-Internet.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} hxxp://www.cult3d.com/download/cult.cab (Cult3D ActiveX Player)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} hxxp://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/dribnif/de/win/QuickTimeInstaller.exe (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158794628677 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} hxxp://toolbar.google.com/data/de/big/1.1.62-big/GoogleNav.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37639.1924768519 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{656C01D1-A252-4CD2-953F-B3CD44F56750}: NameServer = 193.186.161.35,193.186.161.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75BA237D-CD34-49E3-8345-D9EC827F3B6E}: NameServer = 193.186.161.66 193.186.161.35
O18 - Protocol\Handler\dialux {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Programme\DIALux\DLXToolBox.dll (DIAL GmbH, Germany)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\System32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.03.17 12:15:52 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2003.01.07 13:21:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.12.15 11:52:18 | 000,000,080 | ---- | M] () - H:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{86e23e14-0ce3-11e0-b684-0019dbd59b92}\Shell\AutoRun\command - "" = H:\TranscendService(JF).exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.06 11:30:01 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\thomas\Desktop\OTL.exe
[2012.07.06 10:55:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\Malwarebytes
[2012.07.06 10:55:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.07.06 10:55:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.06 10:55:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.07.06 10:55:01 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.07.06 10:09:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\thomas\Desktop\RK_Quarantine
[2012.07.06 08:46:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HijackThis
[2012.07.06 08:46:25 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2012.06.20 12:37:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\ScanToPDF_4
[2012.06.20 12:35:29 | 000,000,000 | ---D | C] -- C:\Programme\ScanToPDF
[2012.06.13 15:25:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\thomas\Eigene Dateien\!!! FTP
[2012.06.13 09:15:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FileZilla Server
[2012.06.13 09:15:50 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla Server
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.06 11:29:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.07.06 11:28:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\thomas\Desktop\OTL.exe
[2012.07.06 11:06:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.06 10:55:04 | 000,000,770 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.06 10:24:14 | 000,012,676 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.06 10:24:06 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012.07.06 10:24:04 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.06 10:21:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.06 10:21:52 | 2137,509,888 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.06 08:46:26 | 000,001,712 | ---- | M] () -- C:\Dokumente und Einstellungen\thomas\Desktop\HijackThis.lnk
[2012.07.05 21:26:43 | 000,000,183 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2012.07.05 11:47:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012.07.04 08:06:27 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\dfrg.job
[2012.07.03 15:07:39 | 000,002,241 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.06.28 08:25:09 | 000,002,736 | ---- | M] () -- C:\WINDOWS\System32\NEWSOFT
[2012.06.22 13:06:08 | 000,014,848 | ---- | M] () -- C:\Dokumente und Einstellungen\thomas\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.22 13:06:08 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.06.20 16:27:06 | 003,660,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.20 16:22:41 | 000,549,688 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.20 16:22:41 | 000,516,262 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.20 16:22:41 | 000,117,596 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.20 16:22:41 | 000,100,664 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.20 16:15:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.06.13 15:50:00 | 000,000,764 | ---- | M] () -- C:\Dokumente und Einstellungen\thomas\Desktop\Verknüpfung mit FileZilla server.exe.lnk
[2012.06.13 09:15:58 | 000,001,724 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\FileZilla Server Interface.lnk
[2012.06.12 16:15:06 | 000,032,400 | ---- | M] () -- C:\{DCF18B38-ADA6-4F8B-AEA1-E8118964E4EC}
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.06 10:55:04 | 000,000,770 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.06 08:46:25 | 000,001,712 | ---- | C] () -- C:\Dokumente und Einstellungen\thomas\Desktop\HijackThis.lnk
[2012.06.13 15:50:00 | 000,000,764 | ---- | C] () -- C:\Dokumente und Einstellungen\thomas\Desktop\Verknüpfung mit FileZilla server.exe.lnk
[2012.06.13 09:15:58 | 000,001,724 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\FileZilla Server Interface.lnk
[2012.06.12 16:15:06 | 000,032,400 | ---- | C] () -- C:\{DCF18B38-ADA6-4F8B-AEA1-E8118964E4EC}
[2012.04.11 08:26:39 | 000,003,910 | ---- | C] () -- C:\WINDOWS\scad3.INI
[2012.02.22 14:12:04 | 000,000,806 | ---- | C] () -- C:\Dokumente und Einstellungen\thomas\.openerprc
[2012.02.15 07:17:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.14 12:11:14 | 000,000,873 | ---- | C] () -- C:\WINDOWS\CADSymbols.ini
[2011.11.08 16:21:23 | 000,032,706 | ---- | C] () -- C:\Dokumente und Einstellungen\thomas\Dokument-1
[2011.10.25 13:33:04 | 000,001,657 | ---- | C] () -- C:\Dokumente und Einstellungen\thomas\.recently-used.xbel
[2011.09.27 09:17:53 | 000,000,091 | ---- | C] () -- C:\WINDOWS\Dialux.ini
[2011.05.26 09:53:31 | 000,038,365 | ---- | C] () -- C:\Dokumente und Einstellungen\thomas\Expert2.lst
[2011.05.26 09:53:30 | 000,000,101 | ---- | C] () -- C:\Dokumente und Einstellungen\thomas\Expert2.prf
[2011.05.26 09:53:27 | 000,004,564 | ---- | C] () -- C:\Dokumente und Einstellungen\thomas\Expert2.dic
[2011.05.24 15:02:34 | 000,000,155 | ---- | C] () -- C:\Dokumente und Einstellungen\thomas\.copernicus.ini
[2011.04.07 13:47:39 | 000,000,166 | ---- | C] () -- C:\WINDOWS\LuminancesDlg.ini
[2010.10.27 15:03:21 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\thomas\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.10.27 14:58:13 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.09.17 10:06:38 | 000,225,211 | ---- | C] () -- C:\WINDOWS\hpoins40.dat
[2010.09.17 10:06:38 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat
[2008.10.20 09:47:04 | 000,000,099 | ---- | C] () -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\AVSDVDPlayer.m3u
[2004.02.10 20:09:37 | 000,014,848 | ---- | C] () -- C:\Dokumente und Einstellungen\thomas\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003.09.09 11:19:36 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\thomas\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== LOP Check ==========
 
[2008.07.04 21:35:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2011.03.21 15:20:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk
[2011.09.27 09:18:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DIAL GmbH
[2011.09.27 13:32:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DIALux
[2010.09.28 08:43:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
[2010.06.10 12:59:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GlobalSCAPE
[2012.02.29 14:34:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IMSIDesign
[2012.01.26 14:54:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\inFlow Inventory
[2010.12.13 14:31:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2011.09.30 08:57:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LDTeditor
[2009.01.12 14:07:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2011.12.09 08:54:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LogMeIn
[2010.12.13 13:28:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2010.12.13 09:29:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2011.10.12 12:47:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nuance
[2009.04.22 08:18:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Office-Kit.com
[2008.10.20 09:27:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2009.01.12 15:37:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings
[2009.04.08 14:29:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PixelPlanet
[2012.05.11 08:13:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2010.09.28 08:44:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2012.05.14 13:10:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.04.06 14:33:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2011.09.29 15:22:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ZEMAX
[2009.10.08 09:39:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.09.02 13:24:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012.03.22 15:05:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\Album Shaper
[2009.05.27 08:35:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\AMPSoft
[2006.12.19 15:11:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\Artweaver
[2011.03.21 15:20:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\Autodesk
[2009.04.20 15:00:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\Canon
[2010.06.09 14:32:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\DriveHQ
[2012.02.09 12:02:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\ElevatedDiagnostics
[2012.06.25 10:55:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\FileZilla
[2012.02.22 14:50:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\GetRightToGo
[2010.06.10 12:58:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\GlobalSCAPE
[2011.10.25 13:33:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\gtk-2.0
[2008.09.11 08:45:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\IMSIDesign
[2010.08.30 09:21:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\inFlow Inventory
[2011.06.20 09:22:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\InfraRecorder
[2009.01.14 14:21:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\Leadertech
[2011.06.29 08:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\NewSoft
[2012.01.19 15:10:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\Nokia
[2010.12.13 12:26:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\Nokia Ovi Suite
[2011.10.12 12:47:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\Nuance
[2009.04.22 08:18:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\Office-Kit.com
[2008.08.28 08:21:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\Opera
[2012.02.21 16:35:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\Oracle
[2010.12.13 15:42:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\PC Suite
[2009.04.08 14:29:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\PixelPlanet
[2012.02.22 14:17:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\postgresql
[2011.02.01 12:21:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\RCP 5
[2011.09.27 09:50:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\Relux Informatik AG
[2009.04.03 12:31:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\ScanSoft
[2012.06.20 12:37:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\ScanToPDF_4
[2012.01.23 10:55:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\Scribus
[2011.05.11 16:14:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\SendBlaster2
[2010.04.06 14:27:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\TomTom
[2011.05.23 10:41:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\TRIWORKS
[2011.05.24 15:07:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\XnView
[2010.10.12 11:43:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\thomas\Anwendungsdaten\Zeon
[2012.07.04 08:06:27 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\dfrg.job
[2012.07.06 10:24:06 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F34493AA
@Alternate Data Stream - 132 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:19F783D8

< End of report >
         
--- --- ---

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.07.2012 11:33:48 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Dokumente und Einstellungen\thomas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 62,35% Memory free
3,32 Gb Paging File | 2,50 Gb Available in Paging File | 75,16% Paging File free
Paging file location(s): C:\pagefile.sys 1520 2500 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 148,87 Gb Total Space | 68,93 Gb Free Space | 46,30% Space Free | Partition Type: NTFS
Drive D: | 180,41 Mb Total Space | 106,84 Mb Free Space | 59,22% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 778,77 Gb Free Space | 83,60% Space Free | Partition Type: NTFS
 
Computer Name: THOMASRECHNER | User Name: thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"FirstRunDisabled" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Software Update\hpwucli.exe" = C:\Programme\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\CNAB5RPK.EXE" = C:\WINDOWS\system32\CNAB5RPK.EXE:*:Enabled:Canon LBP3300 RPC Server Process -- (CANON INC.)
"C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Programme\Gemeinsame Dateien\XpressUpdate\XPressUpdate.exe" = C:\Programme\Gemeinsame Dateien\XpressUpdate\XPressUpdate.exe:*:Enabled:XPressUpdate -- (PixelPlanet GmbH)
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Software Update\hpwucli.exe" = C:\Programme\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{181EAEE6-AAE5-485B-8BAC-0FB564626781}" = Brava! Reader 3.1
"{1A9DEF19-760C-4e01-958F-D9B8E6C61B90}" = c5100_Help
"{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}" = PowerQuest PartitionMagic 7.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20F1FFAF-1BFF-450C-A8C7-03D1BE24B950}" = Microsoft .NET Framework (German)
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2222706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3 SDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{269DBC9C-CAFC-472d-B1F1-0D327C2FFA76}" = Canon MF3200 Series
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2BC3CCC0-1149-424F-AF73-4D0C5C053033}" = TurboCAD Professional 15
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{37603EBD-149D-4761-B86D-958A8AF6C3B1}" = FHZ 1300 PC
"{37B5CFDB-3BA5-4A63-AD7D-D6CFE8C00E85}" = FHZ 1xxx PC
"{3D6B5B20-7783-4984-948F-5EC6D94711D4}" = IESviewer 2.99n
"{3ED4A6E7-D452-455D-81F5-5DD2CDFE5931}" = System Requirements Lab for Intel
"{3FEC3A5B-60FF-4626-B425-08E09B121A15}" = LogMeIn
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{562D0D31-FBAF-4505-8B27-4EC92EEA91D6}" = DIAL Communication Framework
"{5783F2D7-8001-0409-0002-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf07
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D9B4C6B-7879-477A-B5EE-7DF068B91F34}" = PdfGrabber 5.0
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E576E0C-9609-4237-880F-6424DD70AC1A}" = TurboCAD Professional 17
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7EFA9E45-BC04-4613-B88F-079B01C9F862}" = HP USB Smart Card Keyboard
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8D840E74-A760-487F-AE4E-A1B2CFDB28E1}_is1" = Yet Another Duplicate File Remover 1.0.0
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{900A29A0-52BA-4a78-8E6C-5F4F821397CE}" = Canon MF4010-Serie
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9743AF47-B746-4324-B4C4-512E67D04370}" = Symantec Technical Support Web Controls
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe  1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B28B351F-1232-46EA-85EF-B8EA91641031}" = Nero 7 Essentials
"{B3B9BC18-2A09-4728-9B46-12E85FF3F628}" = C5100
"{B40DED06-B52E-4970-8689-578D162638ED}" = DWGSee DWG Viewer
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe® Photoshop® Album Starter Edition 3.0.1
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADECAEB-542D-4000-AB26-999BBAC67A46}" = LDT Editor
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DD098BF1-0FE2-413B-8E26-F87454306A27}_is1" = PhotoManager 1.2.0
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5242227-2051-4158-AC42-0F2BAA3CD3D6}" = HP SetRefresh
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"3308E613-328E-40EE-8023-C21070FB3CEC" = Heatsink Calculator
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AMP Font Viewer" = AMP Font Viewer
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"AutocompletePro3_is1" = AutocompletePro
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon LBP3300" = Canon LBP3300
"CCleaner" = CCleaner
"Color Calculator" = Radiant Imaging Color Calculator
"CSCLIB" = Canon Camera Support Core Library
"DIALux" = DIALux 4.9
"DigiBookShelf Light" = DigiBookShelf Light (V11.2)
"DPP" = Canon Utilities Digital Photo Professional 2.2
"Duplicate File Remover_is1" = Duplicate File Remover 2.4 build 545
"EOS Utility" = Canon Utilities EOS Utility
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.5.3
"FileZilla Server" = FileZilla Server
"Font Viewer_is1" = Font Viewer 2.0
"FPAdjust" = FPAdjust
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"FS20 IR Programmer_is1" = FS20 IR Programmer 1.0
"FS20 IRP&18EF&E007" = ELV FS20 IR Programmer Driver Set
"FTD2XX" = FTDI FTD2XX USB Drivers
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPLJ2100 Uninstaller" = HP LaserJet 2100-Software
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InfraRecorder" = InfraRecorder
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"LTspice IV" = LTspice IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Matrox Graphics Uninstaller" = Matrox Grafik Software (nur entfernen)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1031)" = Microsoft .NET Framework (German) v1.0.3705
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Paketomat_is1" = Paketomat 8.2.1
"PhotoStitch" = Canon Utilities PhotoStitch
"PHP Coder_is1" = PHP Coder Release R2 Final PreRelease 3
"Picasa 3" = Picasa 3
"PreDesigner_is1" = PreDesigner
"PROSet" = Intel(R) PRO Network Connections Drivers
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"ReaConverter 5.5 Pro_is1" = ReaConverter 5.5 Pro
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Replay Media Catcher 3.02" = Replay Media Catcher 3.02
"Scribus 1.4.0" = Scribus 1.4.0.rc6
"Shop for HP Supplies" = Shop for HP Supplies
"ShowMe2.0" = ShowMe2.0
"ST5UNST #1" = Paketomat
"ST5UNST #2" = Paketomat (C:\Programme\Paketomat\)
"ST6UNST #1" = dbOptic
"VirtualCloneDrive" = VirtualCloneDrive
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinAce Archiver" = WinAce Archiver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLens3D Basic_is1" = WinLens3D Basic
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XnView_is1" = XnView 1.95.3
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZEMAX Demo_is1" = ZEMAX Demo
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.06.2012 10:13:44 | Computer Name = THOMASRECHNER | Source = NativeWrapper | ID = 5000
Description = 
 
Error - 20.06.2012 10:15:34 | Computer Name = THOMASRECHNER | Source = MsiInstaller | ID = 10005
Description = Produkt: Microsoft .NET Framework 1.1 -- Interner Fehler 2705. Directory
 
Error - 20.06.2012 10:15:34 | Computer Name = THOMASRECHNER | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{0213C6AF-5562-4D09-884C-2ADCFC8C2F35}"
 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
 der Protokolldatei C:\DOKUME~1\thomas\LOKALE~1\Temp\NDP1.1sp1-KB2656353-X86\NDP1.1sp1-KB2656353-X86-msi.0.log
 enthalten.
 
Error - 20.06.2012 10:15:35 | Computer Name = THOMASRECHNER | Source = NativeWrapper | ID = 5000
Description = 
 
Error - 04.07.2012 08:59:27 | Computer Name = THOMASRECHNER | Source = MsiInstaller | ID = 10005
Description = Produkt: Microsoft .NET Framework 1.1 -- Interner Fehler 2705. Directory
 
Error - 04.07.2012 08:59:27 | Computer Name = THOMASRECHNER | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{A38B334A-A0A2-436D-BAA0-34FE5E517E44}"
 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
 der Protokolldatei C:\DOKUME~1\thomas\LOKALE~1\Temp\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log
 enthalten.
 
Error - 04.07.2012 08:59:27 | Computer Name = THOMASRECHNER | Source = NativeWrapper | ID = 5000
Description = 
 
Error - 04.07.2012 08:59:44 | Computer Name = THOMASRECHNER | Source = MsiInstaller | ID = 10005
Description = Produkt: Microsoft .NET Framework 1.1 -- Interner Fehler 2705. Directory
 
Error - 04.07.2012 08:59:44 | Computer Name = THOMASRECHNER | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{0213C6AF-5562-4D09-884C-2ADCFC8C2F35}"
 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
 der Protokolldatei C:\DOKUME~1\thomas\LOKALE~1\Temp\NDP1.1sp1-KB2656353-X86\NDP1.1sp1-KB2656353-X86-msi.0.log
 enthalten.
 
Error - 04.07.2012 08:59:44 | Computer Name = THOMASRECHNER | Source = NativeWrapper | ID = 5000
Description = 
 
[ System Events ]
Error - 06.07.2012 02:29:20 | Computer Name = THOMASRECHNER | Source = Service Control Manager | ID = 7031
Description = Der Dienst "IIS Admin" wurde unerwartet beendet. Dies ist bereits 
3 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1 Millisekunden durchgeführt:
 Führen Sie das konfigurierte Wiederherstellungspr.
 
Error - 06.07.2012 02:29:20 | Computer Name = THOMASRECHNER | Source = Service Control Manager | ID = 7034
Description = Dienst "Simple Mail Transfer Protocol (SMTP)" wurde unerwartet beendet.
 Dies ist bereits 3 Mal passiert.
 
Error - 06.07.2012 02:29:20 | Computer Name = THOMASRECHNER | Source = Service Control Manager | ID = 7034
Description = Dienst "WWW-Publishing" wurde unerwartet beendet. Dies ist bereits
 3 Mal passiert.
 
Error - 06.07.2012 02:36:38 | Computer Name = THOMASRECHNER | Source = Schannel | ID = 36871
Description = Ein schwerwiegender Fehler ist beim Erstellen der Referenz Server 
für SSL aufgetreten.
 
Error - 06.07.2012 04:09:47 | Computer Name = THOMASRECHNER | Source = Service Control Manager | ID = 7034
Description = Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 06.07.2012 04:22:34 | Computer Name = THOMASRECHNER | Source = smtpsvc | ID = 2013
Description = SMTP konnte keine Verbindung zu einem DNS-Server herstellen. Entweder
 sind keine Server konfiguriert, oder sie sind nicht verfügbar.
 
Error - 06.07.2012 04:23:20 | Computer Name = THOMASRECHNER | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Eingabegerätezugang" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 06.07.2012 04:23:34 | Computer Name = THOMASRECHNER | Source = smtpsvc | ID = 2013
Description = SMTP konnte keine Verbindung zu einem DNS-Server herstellen. Entweder
 sind keine Server konfiguriert, oder sie sind nicht verfügbar.
 
Error - 06.07.2012 04:24:34 | Computer Name = THOMASRECHNER | Source = smtpsvc | ID = 2013
Description = SMTP konnte keine Verbindung zu einem DNS-Server herstellen. Entweder
 sind keine Server konfiguriert, oder sie sind nicht verfügbar.
 
Error - 06.07.2012 04:37:22 | Computer Name = THOMASRECHNER | Source = Schannel | ID = 36871
Description = Ein schwerwiegender Fehler ist beim Erstellen der Referenz Server 
für SSL aufgetreten.
 
 
< End of report >
         
--- --- ---

Hier die erwünschte Log-files.....

Hoffe es hilft :-)
__________________

Alt 06.07.2012, 18:29   #4
markusg
/// Malware-holic
 
PC versendet SPAM mails im hintergrund - Standard

PC versendet SPAM mails im hintergrund



hör bitte auf, irgendwelche enderungen oder weiteren programme auszuführen
öffne malwarebytes, berichte, poste alle logs
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.07.2012, 08:14   #5
nicom028
 
PC versendet SPAM mails im hintergrund - Standard

PC versendet SPAM mails im hintergrund



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.06.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
thomas :: THOMASRECHNER [Administrator]

09.07.2012 08:22:07
mbam-log-2012-07-09 (08-22-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 566359
Laufzeit: 6 Stunde(n), 1 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\EGDHTML (Adware.EGDAccess) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Alt 11.07.2012, 02:38   #6
markusg
/// Malware-holic
 
PC versendet SPAM mails im hintergrund - Standard

PC versendet SPAM mails im hintergrund



das log ist nicht vollständig, poste es erneut
__________________
--> PC versendet SPAM mails im hintergrund

Alt 11.07.2012, 14:10   #7
nicom028
 
PC versendet SPAM mails im hintergrund - Standard

PC versendet SPAM mails im hintergrund



Leider bekomme ich wirklich nichts mehr im Logdatei, habe kein einstellungen in Malwarebytes geändert.


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.11.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
thomas :: THOMASRECHNER [Administrator]

11.07.2012 13:08:00
mbam-log-2012-07-11 (14-04-49).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 570417
Laufzeit: 48 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\EGDHTML (Adware.EGDAccess) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 11.07.2012, 17:19   #8
markusg
/// Malware-holic
 
PC versendet SPAM mails im hintergrund - Standard

PC versendet SPAM mails im hintergrund



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.07.2012, 09:02   #9
nicom028
 
PC versendet SPAM mails im hintergrund - Standard

PC versendet SPAM mails im hintergrund



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-11.03 - thomas 12.07.2012   8:29.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2038.839 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\thomas\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\thomas\WINDOWS
c:\programme\AutocompletePro
c:\programme\AutocompletePro\AutocompletePro.dll
c:\programme\AutocompletePro\chrome\autocompleteprochrome.crx
c:\programme\AutocompletePro\FireFoxExtension.exe
c:\programme\AutocompletePro\InstTracker.exe
c:\programme\AutocompletePro\support@predictad.com\chrome.manifest
c:\programme\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\programme\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\programme\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\programme\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\programme\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\programme\AutocompletePro\support@predictad.com\install.rdf
c:\programme\AutocompletePro\unins000.dat
c:\programme\AutocompletePro\unins000.exe
c:\windows\IsUn0407.exe
c:\windows\system32\Cache
c:\windows\system32\PowerToyReadme.htm
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-12 bis 2012-07-12  ))))))))))))))))))))))))))))))
.
.
2012-07-10 23:37 . 2012-07-10 23:37	--------	d-----w-	c:\windows\LastGood
2012-07-10 06:42 . 2012-07-10 06:42	83064	----a-w-	c:\windows\system32\drivers\SMR300.SYS
2012-07-10 06:42 . 2012-07-10 06:58	--------	d-----w-	c:\dokumente und einstellungen\thomas\Lokale Einstellungen\Anwendungsdaten\NPE
2012-07-09 12:42 . 2012-07-09 12:42	61440	----a-r-	c:\dokumente und einstellungen\thomas\Anwendungsdaten\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
2012-07-09 12:42 . 2012-07-09 12:42	61440	----a-r-	c:\dokumente und einstellungen\thomas\Anwendungsdaten\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\ARPPRODUCTICON.exe
2012-07-09 12:42 . 2012-07-09 12:42	106496	----a-r-	c:\dokumente und einstellungen\thomas\Anwendungsdaten\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2012-07-09 12:42 . 2012-07-09 12:42	106496	----a-r-	c:\dokumente und einstellungen\thomas\Anwendungsdaten\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2012-07-09 12:42 . 2012-07-09 12:42	106496	----a-r-	c:\dokumente und einstellungen\thomas\Anwendungsdaten\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2012-07-09 12:41 . 2012-07-09 12:42	--------	d-----w-	c:\programme\Gemeinsame Dateien\Tencent
2012-07-09 12:40 . 2012-07-09 12:40	--------	d-----w-	c:\programme\Tencent
2012-07-09 12:40 . 2012-07-09 12:42	--------	d-----w-	c:\dokumente und einstellungen\thomas\Anwendungsdaten\Tencent
2012-07-06 08:55 . 2012-07-06 08:55	--------	d-----w-	c:\dokumente und einstellungen\thomas\Anwendungsdaten\Malwarebytes
2012-07-06 08:55 . 2012-07-06 08:55	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-07-06 08:55 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-06 08:55 . 2012-07-06 08:55	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2012-07-06 06:46 . 2012-07-06 06:46	--------	d-----w-	c:\programme\Trend Micro
2012-06-23 13:29 . 2012-06-23 13:29	9815752	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2012-06-20 10:37 . 2012-06-20 10:37	--------	d-----w-	c:\dokumente und einstellungen\thomas\Anwendungsdaten\ScanToPDF_4
2012-06-20 10:35 . 2012-06-20 10:38	--------	d-----w-	c:\programme\ScanToPDF
2012-06-19 15:35 . 2012-06-19 15:35	4967624	----a-w-	c:\programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-13 13:31 . 2012-05-11 14:40	521728	-c----w-	c:\windows\system32\dllcache\jsdbgui.dll
2012-06-13 07:18 . 2012-06-13 07:17	143872	----a-w-	c:\windows\system32javacpl.cpl
2012-06-13 07:15 . 2012-06-13 13:41	--------	d-----w-	c:\programme\FileZilla Server
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 13:29 . 2012-04-26 10:29	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-06-23 13:29 . 2011-06-28 07:05	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2007-06-07 23:21	18456	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-06-07 23:21	15896	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2004-08-17 04:35	329240	----a-w-	c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2004-08-17 04:35	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2004-08-17 04:35	210968	----a-w-	c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2007-06-07 23:21	15896	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2006-02-28 12:00	97304	----a-w-	c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2005-05-26 02:16	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2004-08-17 04:35	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 13:19 . 2003-01-07 11:15	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2007-06-07 23:21	23576	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2004-08-17 04:35	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2003-01-07 11:15	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2008-05-07 06:41	214256	----a-w-	c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2008-05-07 06:41	18160	----a-w-	c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2008-05-07 06:40	275696	----a-w-	c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2006-02-28 12:00	604160	----a-w-	c:\windows\system32\crypt32.dll
2012-05-31 12:38 . 2009-01-12 14:04	60872	----a-w-	c:\windows\system32\S32EVNT1.DLL
2012-05-31 12:38 . 2009-01-12 14:04	141944	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2012-05-16 15:07 . 2006-02-28 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2006-02-28 12:00	1863296	----a-w-	c:\windows\system32\win32k.sys
2012-05-11 14:40 . 2006-02-28 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2006-02-28 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-02-28 12:00	385024	----a-w-	c:\windows\system32\html.iec
2012-05-05 03:14 . 2006-02-28 12:00	2194944	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2004-08-04 00:50	2071424	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-04 17:29 . 2007-04-20 12:28	143872	----a-w-	c:\windows\system32\javacpl.cpl
2012-05-04 17:29 . 2012-02-21 14:33	772504	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-05-04 17:29 . 2010-04-23 09:16	687504	----a-w-	c:\windows\system32\deployJava1.dll
2012-05-02 13:46 . 2003-01-07 11:15	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-19 08:33 . 2011-05-02 08:37	85472	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"ISUSPM"="c:\dokumente und einstellungen\All Users\Anwendungsdaten\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\programme\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-09-25 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-09-25 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-09-25 94208]
"SetRefresh"="c:\programme\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 525824]
"LayoutM"="KLayMgr.exe" [2004-08-26 45056]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"OpwareSE4"="c:\programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"VirtualCloneDrive"="c:\programme\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Acrobat Speed Launcher"="c:\programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\dokumente und einstellungen\thomas\Startmenü\Programme\Autostart\
Adobe Gamma.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Verknüpfung mit Mail Postgasse -Höpflergasse.lnk -  [N/A]
VPN Drucker-Internet.lnk -  [N/A]
.
c:\dokumente und einstellungen\thomas\Startmenü\Programme\Autostart\
Adobe Gamma.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Verknüpfung mit Mail Postgasse -Höpflergasse.lnk -  [N/A]
VPN Drucker-Internet.lnk -  [N/A]
.
c:\dokumente und einstellungen\thomas\Startmenü\Programme\Autostart\
Adobe Gamma.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Verknüpfung mit Mail Postgasse -Höpflergasse.lnk -  [N/A]
VPN Drucker-Internet.lnk -  [N/A]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A]
Canon LBP3300 Statusfenster.lnk - c:\windows\system32\spool\drivers\w32x86\3\CNAB5LAK.EXE [2008-10-10 50848]
VPN Drucker-Internet.lnk -  [N/A]
.
c:\dokumente und einstellungen\thomas\Startmenü\Programme\Autostart\
Adobe Gamma.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Verknüpfung mit Mail Postgasse -Höpflergasse.lnk -  [N/A]
VPN Drucker-Internet.lnk -  [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-10-07 06:54	87424	----a-w-	c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Photosmart Premier – Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Photosmart Premier – Schnellstart.lnk
backup=c:\windows\pss\HP Photosmart Premier – Schnellstart.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TradeManager]
c:\progra~1\Alibaba\TRADEM~1\TradeManager -hideframe [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 05:52	1695232	----a-w-	c:\programme\messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12	3872080	----a-w-	c:\programme\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 12:28	421888	----a-w-	c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\scheduler_monitor]
2007-06-15 10:17	27136	----a-w-	c:\programme\ReaConverter 5.5 Pro\init_scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 11:16	185896	----a-w-	c:\programme\Gemeinsame Dateien\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\CNAB5RPK.EXE"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programme\\Gemeinsame Dateien\\XpressUpdate\\XPressUpdate.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Programme\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Programme\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Tencent\\QQIntl\\Bin\\QQ.exe"=
"c:\\Programme\\Tencent\\QQIntl\\Bin\\auclt.exe"=
"c:\\Programme\\Tencent\\QQIntl\\Bin\\txupd.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 SMR300;Symantec SMR Utility Service 3.0.0;c:\windows\system32\drivers\SMR300.SYS [10.07.2012 08:42 83064]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1307010.005\SymDS.sys [31.05.2012 14:36 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1307010.005\SymEFA.sys [31.05.2012 14:36 905336]
R1 BHDrvx86;BHDrvx86;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120711.001\BHDrvx86.sys [12.07.2012 03:12 821920]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307010.005\ccSetx86.sys [31.05.2012 14:36 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1307010.005\Ironx86.sys [31.05.2012 14:36 149624]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\programme\LogMeIn\x86\LMIGuardianSvc.exe [29.08.2011 08:54 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programme\LogMeIn\x86\rainfo.sys [17.04.2007 14:00 12856]
R2 NIS;Norton Internet Security;c:\programme\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [31.05.2012 14:36 138232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [31.05.2012 11:55 106656]
R3 IDSxpx86;IDSxpx86;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120711.001\IDSXpx86.sys [12.07.2012 03:13 369632]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [15.02.2012 13:30 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [26.04.2012 12:29 250056]
S3 cpudrv;cpudrv;c:\programme\SystemRequirementsLab\cpudrv.sys [18.12.2009 11:58 11336]
S3 CyUsbNT;Cypress Manufacturing Driver;c:\windows\system32\drivers\CyUsbNT.sys [16.02.2005 07:43 28800]
S3 DialComService;DIAL Communication Service;c:\programme\DIAL GmbH\DIAL Communication Framework\DialComService.exe [15.05.2011 22:57 1639216]
S3 ess;ESS Audiotreiber (WDM);c:\windows\system32\drivers\ess.sys [20.09.2006 23:49 63360]
S3 FS20 IRP;FS20 IRP;c:\windows\system32\drivers\FS20 IRP.sys [25.03.2010 11:04 11264]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [25.03.2010 11:09 29292]
S3 G200;G200;c:\windows\system32\drivers\g200mini.sys [14.09.2004 10:33 260992]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [25.05.2009 11:01 133104]
S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [13.07.2008 15:31 46976]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [27.04.2012 08:18 113120]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
S3 rcp_service;ReaConverter scheduler service;c:\programme\ReaConverter 5.5 Pro\rcp_scheduler.exe [30.11.2007 13:27 558592]
S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [25.10.2004 00:04 7796]
S4 gupdate1c9dd17746cffd0;Google Update Service (gupdate1c9dd17746cffd0);c:\programme\Google\Update\GoogleUpdate.exe [25.05.2009 11:01 133104]
S4 Skype C2C Service;Skype C2C Service;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe [19.06.2012 17:32 3048136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService	REG_MULTI_SZ   	HPSLPSVC
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 13:29]
.
2012-07-04 c:\windows\Tasks\dfrg.job
- c:\windows\system32\dfrg.msc [2006-02-28 12:00]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-05-25 08:59]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-05-25 08:59]
.
2012-07-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.XXXXXXXXXX.at/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandene PDF-Datei anfügen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: Interfaces\{656C01D1-A252-4CD2-953F-B3CD44F56750}: NameServer = 193.186.161.35,193.186.161.66
TCP: Interfaces\{75BA237D-CD34-49E3-8345-D9EC827F3B6E}: NameServer = 193.186.161.66 193.186.161.35
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\dokumente und einstellungen\thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\onwfeoa8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.XXXXXXXXXX.at/
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-PC Suite Tray - c:\programme\Nokia\Nokia PC Suite 6\PCSuite.exe
AddRemove-AutocompletePro3_is1 - c:\programme\AutocompletePro\unins000.exe
AddRemove-ShowMe2.0 - c:\dokume~1\thomas\EIGENE~1\!INFOR~1\SOFTWARE\ShowMe\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-12 08:39
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIS]
"ImagePath"="\"c:\programme\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\programme\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1645522239-152049171-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{932C7C0C-5A25-9FEF-925E-EB3EF2F2AAC7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eabkfmcimo"=hex:66,61,68,6d,6f,68,6a,6a,70,67,68,6f,00,31
"daojkpic"=hex:64,62,6e,6c,6d,68,6b,6e,70,66,6c,65,69,62,6e,6b,64,65,61,65,68,
   6b,64,63,6e,62,6f,63,70,67,65,6c,6a,63,69,69,64,6c,6f,67,00,00
"iajpgfleeoplnkfckj"=hex:6b,61,65,69,61,6c,61,67,6c,6c,66,63,66,6c,63,6a,65,69,
   67,64,69,64,00,00
"haplahbecodeoaoe"=hex:69,61,65,69,65,6d,69,66,61,6e,70,6c,6e,70,66,67,68,64,
   00,00
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\LMIinit.dll
c:\windows\System32\NavLogon.dll
.
Zeit der Fertigstellung: 2012-07-12  08:42:53
ComboFix-quarantined-files.txt  2012-07-12 06:42
.
Vor Suchlauf: 18 Verzeichnis(se), 73.426.567.168 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 74.374.094.848 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin
.
- - End Of File - - 3A57923D01983EB20956AFA1F05C3132
         
--- --- ---

Alt 12.07.2012, 20:39   #10
markusg
/// Malware-holic
 
PC versendet SPAM mails im hintergrund - Standard

PC versendet SPAM mails im hintergrund



bisher alles unauffällig, sind neue spams hinzugekommen?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.07.2012, 08:40   #11
nicom028
 
PC versendet SPAM mails im hintergrund - Standard

PC versendet SPAM mails im hintergrund



Am moment werden kein Spam mails mehr verschickt.

Ich werde es im Auge behalten und falls es wieder anfangt mich melden, aber diesmal ohne selber was zu unternehmen ;-)

Vielen Dank !!!!!!

Alt 13.07.2012, 11:54   #12
markusg
/// Malware-holic
 
PC versendet SPAM mails im hintergrund - Standard

PC versendet SPAM mails im hintergrund



download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.07.2012, 14:41   #13
nicom028
 
PC versendet SPAM mails im hintergrund - Standard

PC versendet SPAM mails im hintergrund



14:36:40.0533 5980 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
14:36:41.0314 5980 ============================================================
14:36:41.0314 5980 Current date / time: 2012/07/13 14:36:41.0314
14:36:41.0314 5980 SystemInfo:
14:36:41.0314 5980
14:36:41.0314 5980 OS Version: 5.1.2600 ServicePack: 3.0
14:36:41.0314 5980 Product type: Workstation
14:36:41.0314 5980 ComputerName: THOMASRECHNER
14:36:41.0314 5980 UserName: thomas
14:36:41.0314 5980 Windows directory: C:\WINDOWS
14:36:41.0314 5980 System windows directory: C:\WINDOWS
14:36:41.0314 5980 Processor architecture: Intel x86
14:36:41.0314 5980 Number of processors: 1
14:36:41.0314 5980 Page size: 0x1000
14:36:41.0314 5980 Boot type: Normal boot
14:36:41.0314 5980 ============================================================
14:36:43.0087 5980 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:36:43.0097 5980 Drive \Device\Harddisk1\DR5 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:36:43.0117 5980 ============================================================
14:36:43.0117 5980 \Device\Harddisk0\DR0:
14:36:43.0117 5980 MBR partitions:
14:36:43.0117 5980 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x129BE72B
14:36:43.0117 5980 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x129BE76A, BlocksNum 0x5A357
14:36:43.0117 5980 \Device\Harddisk1\DR5:
14:36:43.0117 5980 MBR partitions:
14:36:43.0117 5980 \Device\Harddisk1\DR5\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1
14:36:43.0117 5980 ============================================================
14:36:43.0237 5980 C: <-> \Device\Harddisk0\DR0\Partition0
14:36:43.0267 5980 H: <-> \Device\Harddisk1\DR5\Partition0
14:36:43.0297 5980 D: <-> \Device\Harddisk0\DR0\Partition1
14:36:43.0297 5980 ============================================================
14:36:43.0297 5980 Initialize success
14:36:43.0297 5980 ============================================================
14:37:17.0756 5384 ============================================================
14:37:17.0756 5384 Scan started
14:37:17.0756 5384 Mode: Manual; SigCheck; TDLFS;
14:37:17.0756 5384 ============================================================
14:37:17.0977 5384 Abiosdsk - ok
14:37:17.0987 5384 abp480n5 - ok
14:37:18.0017 5384 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
14:37:20.0000 5384 ac97intc - ok
14:37:20.0070 5384 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:37:20.0260 5384 ACPI - ok
14:37:20.0310 5384 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:37:20.0430 5384 ACPIEC - ok
14:37:20.0520 5384 Adobe LM Service (c1eb9968ec89fba5f3a264e2e57923ab) C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
14:37:20.0550 5384 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
14:37:20.0550 5384 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
14:37:20.0630 5384 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:37:20.0661 5384 AdobeFlashPlayerUpdateSvc - ok
14:37:20.0661 5384 adpu160m - ok
14:37:20.0711 5384 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:37:20.0911 5384 aec - ok
14:37:20.0971 5384 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:37:21.0091 5384 AFD - ok
14:37:21.0141 5384 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:37:21.0281 5384 agp440 - ok
14:37:21.0291 5384 Aha154x - ok
14:37:21.0301 5384 aic78u2 - ok
14:37:21.0311 5384 aic78xx - ok
14:37:21.0352 5384 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
14:37:21.0502 5384 Alerter - ok
14:37:21.0572 5384 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
14:37:21.0662 5384 ALG - ok
14:37:21.0672 5384 AliIde - ok
14:37:21.0682 5384 amsint - ok
14:37:21.0732 5384 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
14:37:21.0822 5384 AppMgmt - ok
14:37:21.0832 5384 asc - ok
14:37:21.0842 5384 asc3350p - ok
14:37:21.0842 5384 asc3550 - ok
14:37:21.0952 5384 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:37:21.0992 5384 aspnet_state - ok
14:37:22.0012 5384 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:37:22.0163 5384 AsyncMac - ok
14:37:22.0193 5384 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:37:22.0333 5384 atapi - ok
14:37:22.0343 5384 Atdisk - ok
14:37:22.0393 5384 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:37:22.0533 5384 Atmarpc - ok
14:37:22.0583 5384 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
14:37:22.0744 5384 AudioSrv - ok
14:37:22.0804 5384 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:37:22.0964 5384 audstub - ok
14:37:23.0004 5384 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:37:23.0164 5384 Beep - ok
14:37:23.0384 5384 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
14:37:23.0455 5384 BHDrvx86 - ok
14:37:23.0535 5384 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
14:37:23.0885 5384 BITS - ok
14:37:23.0945 5384 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
14:37:24.0095 5384 Browser - ok
14:37:24.0206 5384 catchme - ok
14:37:24.0256 5384 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:37:24.0406 5384 cbidf2k - ok
14:37:24.0526 5384 CCALib8 (5753532c476b83119d85aa43b1b10ab3) C:\Programme\Canon\CAL\CALMAIN.exe
14:37:24.0556 5384 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
14:37:24.0556 5384 CCALib8 - detected UnsignedFile.Multi.Generic (1)
14:37:24.0666 5384 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NIS\1307010.005\ccSetx86.sys
14:37:24.0686 5384 ccSet_NIS - ok
14:37:24.0696 5384 cd20xrnt - ok
14:37:24.0756 5384 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:37:24.0907 5384 Cdaudio - ok
14:37:24.0967 5384 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:37:25.0127 5384 Cdfs - ok
14:37:25.0197 5384 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:37:25.0347 5384 Cdrom - ok
14:37:25.0357 5384 Changer - ok
14:37:25.0407 5384 cisvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
14:37:25.0528 5384 cisvc - ok
14:37:25.0578 5384 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
14:37:25.0738 5384 ClipSrv - ok
14:37:25.0818 5384 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:37:25.0898 5384 clr_optimization_v2.0.50727_32 - ok
14:37:25.0908 5384 CmdIde - ok
14:37:25.0918 5384 COMSysApp - ok
14:37:25.0928 5384 Cpqarray - ok
14:37:26.0028 5384 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Programme\SystemRequirementsLab\cpudrv.sys
14:37:26.0038 5384 cpudrv - ok
14:37:26.0118 5384 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
14:37:26.0279 5384 CryptSvc - ok
14:37:26.0329 5384 CyUsbNT (90a71fc40eade3d1789b0ed2ca80b1cf) C:\WINDOWS\system32\Drivers\CyUsbNT.sys
14:37:26.0349 5384 CyUsbNT ( UnsignedFile.Multi.Generic ) - warning
14:37:26.0349 5384 CyUsbNT - detected UnsignedFile.Multi.Generic (1)
14:37:26.0359 5384 dac2w2k - ok
14:37:26.0369 5384 dac960nt - ok
14:37:26.0419 5384 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
14:37:26.0539 5384 DcomLaunch - ok
14:37:26.0599 5384 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
14:37:26.0749 5384 Dhcp - ok
14:37:26.0910 5384 DialComService (3ccf97a963fa6ea21c215744480bf349) C:\Programme\DIAL GmbH\DIAL Communication Framework\DialComService.exe
14:37:27.0020 5384 DialComService - ok
14:37:27.0140 5384 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:27.0290 5384 Disk - ok
14:37:27.0300 5384 dmadmin - ok
14:37:27.0360 5384 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
14:37:27.0550 5384 dmboot - ok
14:37:27.0580 5384 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\DRIVERS\dmio.sys
14:37:27.0751 5384 dmio - ok
14:37:27.0791 5384 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:37:27.0921 5384 dmload - ok
14:37:27.0981 5384 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
14:37:28.0141 5384 dmserver - ok
14:37:28.0181 5384 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:37:28.0312 5384 DMusic - ok
14:37:28.0382 5384 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
14:37:28.0532 5384 Dnscache - ok
14:37:28.0582 5384 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
14:37:28.0722 5384 Dot3svc - ok
14:37:28.0732 5384 dpti2o - ok
14:37:28.0772 5384 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:37:28.0912 5384 drmkaud - ok
14:37:28.0983 5384 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:37:29.0013 5384 E100B - ok
14:37:29.0063 5384 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
14:37:29.0213 5384 EapHost - ok
14:37:29.0283 5384 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
14:37:29.0313 5384 eeCtrl - ok
14:37:29.0373 5384 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
14:37:29.0513 5384 EL90XBC - ok
14:37:29.0573 5384 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
14:37:29.0583 5384 ElbyCDIO - ok
14:37:29.0633 5384 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:37:29.0653 5384 EraserUtilRebootDrv - ok
14:37:29.0694 5384 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
14:37:29.0854 5384 ERSvc - ok
14:37:29.0894 5384 ess (ab570fb40832bee65f4d90a7f02792bf) C:\WINDOWS\system32\drivers\ess.sys
14:37:30.0034 5384 ess - ok
14:37:30.0074 5384 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
14:37:30.0094 5384 Eventlog - ok
14:37:30.0174 5384 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
14:37:30.0304 5384 EventSystem - ok
14:37:30.0344 5384 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:37:30.0495 5384 Fastfat - ok
14:37:30.0555 5384 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
14:37:30.0635 5384 FastUserSwitchingCompatibility - ok
14:37:30.0685 5384 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:37:30.0835 5384 Fdc - ok
14:37:30.0945 5384 FileZilla Server (7e76eed28b8b8696b7f7ed5f757aa304) C:\Programme\FileZilla Server\FileZilla Server.exe
14:37:31.0005 5384 FileZilla Server ( UnsignedFile.Multi.Generic ) - warning
14:37:31.0005 5384 FileZilla Server - detected UnsignedFile.Multi.Generic (1)
14:37:31.0065 5384 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
14:37:31.0216 5384 Fips - ok
14:37:31.0316 5384 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:37:31.0366 5384 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:37:31.0366 5384 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:37:31.0416 5384 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:37:31.0556 5384 Flpydisk - ok
14:37:31.0616 5384 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:37:31.0746 5384 FltMgr - ok
14:37:31.0847 5384 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:37:31.0867 5384 FontCache3.0.0.0 - ok
14:37:31.0917 5384 FS20 IRP (739b948c5c6ea11414e8bbb899c6c768) C:\WINDOWS\system32\drivers\FS20 IRP.sys
14:37:31.0947 5384 FS20 IRP ( UnsignedFile.Multi.Generic ) - warning
14:37:31.0947 5384 FS20 IRP - detected UnsignedFile.Multi.Generic (1)
14:37:32.0007 5384 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:37:32.0157 5384 Fs_Rec - ok
14:37:32.0187 5384 FTD2XX (ab40574f179b60be08fe87df70ecf9eb) C:\WINDOWS\system32\Drivers\FTD2XX.sys
14:37:32.0207 5384 FTD2XX ( UnsignedFile.Multi.Generic ) - warning
14:37:32.0207 5384 FTD2XX - detected UnsignedFile.Multi.Generic (1)
14:37:32.0247 5384 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:37:32.0397 5384 Ftdisk - ok
14:37:32.0457 5384 G200 (11ef4d6d08a926b037b72ca35f746607) C:\WINDOWS\system32\DRIVERS\g200mini.sys
14:37:32.0528 5384 G200 - ok
14:37:32.0568 5384 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:37:32.0578 5384 GEARAspiWDM - ok
14:37:32.0608 5384 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:37:32.0758 5384 Gpc - ok
14:37:32.0858 5384 gupdate1c9dd17746cffd0 (626a24ed1228580b9518c01930936df9) C:\Programme\Google\Update\GoogleUpdate.exe
14:37:32.0888 5384 gupdate1c9dd17746cffd0 - ok
14:37:32.0898 5384 gupdatem (626a24ed1228580b9518c01930936df9) C:\Programme\Google\Update\GoogleUpdate.exe
14:37:32.0918 5384 gupdatem - ok
14:37:32.0958 5384 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:37:33.0128 5384 HDAudBus - ok
14:37:33.0209 5384 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:37:33.0359 5384 helpsvc - ok
14:37:33.0369 5384 HidServ - ok
14:37:33.0409 5384 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:37:33.0529 5384 hidusb - ok
14:37:33.0569 5384 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
14:37:33.0709 5384 hkmsvc - ok
14:37:33.0789 5384 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
14:37:33.0870 5384 HP Port Resolver - ok
14:37:33.0910 5384 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
14:37:33.0980 5384 HP Status Server - ok
14:37:34.0030 5384 HPKBCCID (1ffda46b645473d56c72aae6e1002825) C:\WINDOWS\system32\DRIVERS\HPKBCCID.sys
14:37:34.0080 5384 HPKBCCID - ok
14:37:34.0090 5384 hpn - ok
14:37:34.0190 5384 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
14:37:34.0280 5384 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
14:37:34.0280 5384 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
14:37:34.0320 5384 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
14:37:34.0340 5384 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
14:37:34.0340 5384 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
14:37:34.0410 5384 HPSLPSVC (79737e0f7d25de8405cb34d4c9882253) C:\Programme\HP\Digital Imaging\bin\HPSLPSVC32.DLL
14:37:34.0470 5384 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
14:37:34.0470 5384 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
14:37:34.0611 5384 hpt3xx - ok
14:37:34.0641 5384 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:37:34.0951 5384 HPZid412 - ok
14:37:35.0001 5384 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:37:35.0041 5384 HPZipr12 - ok
14:37:35.0091 5384 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:37:35.0131 5384 HPZius12 - ok
14:37:35.0191 5384 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:37:35.0282 5384 HTTP - ok
14:37:35.0322 5384 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
14:37:35.0452 5384 HTTPFilter - ok
14:37:35.0462 5384 i2omgmt - ok
14:37:35.0472 5384 i2omp - ok
14:37:35.0512 5384 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:37:35.0662 5384 i8042prt - ok
14:37:35.0692 5384 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
14:37:35.0872 5384 i81x - ok
14:37:35.0922 5384 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
14:37:36.0043 5384 iAimFP0 - ok
14:37:36.0063 5384 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
14:37:36.0203 5384 iAimFP1 - ok
14:37:36.0223 5384 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
14:37:36.0363 5384 iAimFP2 - ok
14:37:36.0393 5384 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
14:37:36.0533 5384 iAimFP3 - ok
14:37:36.0573 5384 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
14:37:36.0714 5384 iAimFP4 - ok
14:37:36.0774 5384 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
14:37:36.0914 5384 iAimFP5 - ok
14:37:36.0944 5384 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
14:37:37.0094 5384 iAimFP6 - ok
14:37:37.0134 5384 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
14:37:37.0264 5384 iAimFP7 - ok
14:37:37.0294 5384 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
14:37:37.0425 5384 iAimTV0 - ok
14:37:37.0485 5384 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
14:37:37.0635 5384 iAimTV1 - ok
14:37:37.0645 5384 iAimTV2 - ok
14:37:37.0665 5384 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
14:37:37.0795 5384 iAimTV3 - ok
14:37:37.0845 5384 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
14:37:37.0965 5384 iAimTV4 - ok
14:37:38.0026 5384 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
14:37:38.0176 5384 iAimTV5 - ok
14:37:38.0186 5384 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
14:37:38.0356 5384 iAimTV6 - ok
14:37:38.0446 5384 ialm (85d42b7f0dd406adf5e3ec7659a279ec) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:37:38.0566 5384 ialm - ok
14:37:38.0706 5384 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:37:38.0787 5384 idsvc - ok
14:37:38.0977 5384 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120712.001\IDSxpx86.sys
14:37:39.0007 5384 IDSxpx86 - ok
14:37:39.0187 5384 IISADMIN (f8d14349fb28a8d8db21fd69bc0e102d) C:\WINDOWS\system32\inetsrv\inetinfo.exe
14:37:39.0267 5384 IISADMIN - ok
14:37:39.0337 5384 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:37:39.0478 5384 Imapi - ok
14:37:39.0508 5384 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
14:37:39.0648 5384 ImapiService - ok
14:37:39.0668 5384 ini910u - ok
14:37:39.0868 5384 IntcAzAudAddService (b29781b9a90cd55fc5d859c0b1c243bc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:37:40.0229 5384 IntcAzAudAddService - ok
14:37:40.0379 5384 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:37:40.0529 5384 IntelIde - ok
14:37:40.0559 5384 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:37:40.0699 5384 intelppm - ok
14:37:40.0739 5384 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:37:40.0870 5384 Ip6Fw - ok
14:37:40.0910 5384 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:37:41.0040 5384 IpFilterDriver - ok
14:37:41.0090 5384 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:37:41.0220 5384 IpInIp - ok
14:37:41.0260 5384 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:37:41.0400 5384 IpNat - ok
14:37:41.0440 5384 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:37:41.0581 5384 IPSec - ok
14:37:41.0631 5384 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:37:41.0701 5384 IRENUM - ok
14:37:41.0761 5384 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:37:41.0881 5384 isapnp - ok
14:37:41.0981 5384 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
14:37:42.0001 5384 JavaQuickStarterService - ok
14:37:42.0041 5384 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:37:42.0171 5384 Kbdclass - ok
14:37:42.0202 5384 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:37:42.0342 5384 kmixer - ok
14:37:42.0382 5384 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:37:42.0502 5384 KSecDD - ok
14:37:42.0542 5384 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
14:37:42.0632 5384 lanmanserver - ok
14:37:42.0672 5384 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
14:37:42.0752 5384 lanmanworkstation - ok
14:37:42.0762 5384 lbrtfdc - ok
14:37:42.0822 5384 LightScribeService (559c9b7800fac92fc515cd0003d7c631) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
14:37:42.0842 5384 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:37:42.0842 5384 LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:37:42.0882 5384 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
14:37:43.0033 5384 LmHosts - ok
14:37:43.0123 5384 LMIGuardianSvc (850cc3ee0507654c40e1971982f4b698) C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe
14:37:43.0153 5384 LMIGuardianSvc - ok
14:37:43.0183 5384 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Programme\LogMeIn\x86\RaInfo.sys
14:37:43.0203 5384 LMIInfo - ok
14:37:43.0263 5384 LMIMaint (47dc389d96a34debdf9c2c2555da2f01) C:\Programme\LogMeIn\x86\RaMaint.exe
14:37:43.0283 5384 LMIMaint - ok
14:37:43.0323 5384 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
14:37:43.0333 5384 lmimirr - ok
14:37:43.0343 5384 LMIRfsClientNP - ok
14:37:43.0383 5384 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
14:37:43.0393 5384 LMIRfsDriver - ok
14:37:43.0443 5384 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Programme\LogMeIn\x86\LogMeIn.exe
14:37:43.0493 5384 LogMeIn - ok
14:37:43.0533 5384 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
14:37:43.0674 5384 Messenger - ok
14:37:43.0714 5384 MGABGEXE (99950c81909d240d41308008e3b1d073) C:\WINDOWS\system32\mgabg.exe
14:37:43.0734 5384 MGABGEXE - ok
14:37:43.0774 5384 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:37:43.0924 5384 mnmdd - ok
14:37:43.0964 5384 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\System32\mnmsrvc.exe
14:37:44.0104 5384 mnmsrvc - ok
14:37:44.0154 5384 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
14:37:44.0274 5384 Modem - ok
14:37:44.0295 5384 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:37:44.0435 5384 Mouclass - ok
14:37:44.0475 5384 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:37:44.0605 5384 mouhid - ok
14:37:44.0645 5384 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:37:44.0805 5384 MountMgr - ok
14:37:44.0905 5384 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
14:37:44.0965 5384 MozillaMaintenance - ok
14:37:44.0975 5384 mraid35x - ok
14:37:45.0136 5384 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:37:45.0276 5384 MRxDAV - ok
14:37:45.0336 5384 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:37:45.0446 5384 MRxSmb - ok
14:37:45.0476 5384 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\System32\msdtc.exe
14:37:45.0606 5384 MSDTC - ok
14:37:45.0656 5384 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:37:45.0787 5384 Msfs - ok
14:37:45.0797 5384 MSIServer - ok
14:37:45.0827 5384 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:37:45.0967 5384 MSKSSRV - ok
14:37:46.0017 5384 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:37:46.0147 5384 MSPCLOCK - ok
14:37:46.0197 5384 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:37:46.0337 5384 MSPQM - ok
14:37:46.0378 5384 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:37:46.0498 5384 mssmbios - ok
14:37:46.0528 5384 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:37:46.0608 5384 Mup - ok
14:37:46.0648 5384 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
14:37:46.0798 5384 napagent - ok
14:37:47.0008 5384 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120712.034\NAVENG.SYS
14:37:47.0028 5384 NAVENG - ok
14:37:47.0109 5384 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120712.034\NAVEX15.SYS
14:37:47.0199 5384 NAVEX15 - ok
14:37:47.0339 5384 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:37:47.0489 5384 NDIS - ok
14:37:47.0529 5384 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:37:47.0589 5384 NdisTapi - ok
14:37:47.0619 5384 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:37:47.0760 5384 Ndisuio - ok
14:37:47.0790 5384 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:37:47.0930 5384 NdisWan - ok
14:37:47.0980 5384 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:37:48.0060 5384 NDProxy - ok
14:37:48.0120 5384 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\WINDOWS\system32\HPZinw12.dll
14:37:48.0140 5384 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:37:48.0140 5384 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:37:48.0180 5384 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:37:48.0320 5384 NetBIOS - ok
14:37:48.0350 5384 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:37:48.0501 5384 NetBT - ok
14:37:48.0541 5384 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
14:37:48.0701 5384 NetDDE - ok
14:37:48.0711 5384 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
14:37:48.0831 5384 NetDDEdsdm - ok
14:37:48.0871 5384 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:37:49.0021 5384 Netlogon - ok
14:37:49.0061 5384 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
14:37:49.0202 5384 Netman - ok
14:37:49.0322 5384 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:37:49.0372 5384 NetTcpPortSharing - ok
14:37:49.0462 5384 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
14:37:49.0482 5384 NIS - ok
14:37:49.0522 5384 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
14:37:49.0562 5384 Nla - ok
14:37:49.0672 5384 NMIndexingService (c4ebbbd7165be535f0bfd06b80601d91) C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
14:37:49.0712 5384 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
14:37:49.0712 5384 NMIndexingService - detected UnsignedFile.Multi.Generic (1)
14:37:49.0742 5384 nmwcd - ok
14:37:49.0752 5384 nmwcdc - ok
14:37:49.0762 5384 nmwcdnsu - ok
14:37:49.0772 5384 nmwcdnsuc - ok
14:37:49.0802 5384 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:37:49.0923 5384 Npfs - ok
14:37:49.0963 5384 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:37:50.0143 5384 Ntfs - ok
14:37:50.0183 5384 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:37:50.0303 5384 NtLmSsp - ok
14:37:50.0353 5384 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
14:37:50.0523 5384 NtmsSvc - ok
14:37:50.0564 5384 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:37:50.0674 5384 Null - ok
14:37:50.0714 5384 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:37:50.0844 5384 NwlnkFlt - ok
14:37:50.0874 5384 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:37:51.0004 5384 NwlnkFwd - ok
14:37:51.0034 5384 P3 (a7af0c0860f1c43fc6581ba8a99eabef) C:\WINDOWS\system32\DRIVERS\p3.sys
14:37:51.0174 5384 P3 - ok
14:37:51.0204 5384 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
14:37:51.0355 5384 Parport - ok
14:37:51.0385 5384 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:37:51.0505 5384 PartMgr - ok
14:37:51.0545 5384 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
14:37:51.0675 5384 ParVdm - ok
14:37:51.0725 5384 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
14:37:51.0795 5384 pccsmcfd - ok
14:37:51.0835 5384 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
14:37:51.0986 5384 PCI - ok
14:37:51.0996 5384 PCIDump - ok
14:37:52.0026 5384 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:37:52.0156 5384 PCIIde - ok
14:37:52.0186 5384 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:37:52.0326 5384 Pcmcia - ok
14:37:52.0326 5384 PDCOMP - ok
14:37:52.0336 5384 PDFRAME - ok
14:37:52.0346 5384 PDRELI - ok
14:37:52.0356 5384 PDRFRAME - ok
14:37:52.0366 5384 perc2 - ok
14:37:52.0376 5384 perc2hib - ok
14:37:52.0426 5384 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
14:37:52.0436 5384 PlugPlay - ok
14:37:52.0476 5384 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\WINDOWS\system32\HPZipm12.dll
14:37:52.0506 5384 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:37:52.0506 5384 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:37:52.0516 5384 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:37:52.0637 5384 PolicyAgent - ok
14:37:52.0677 5384 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:37:52.0817 5384 PptpMiniport - ok
14:37:52.0867 5384 PQNTDrv (b26019a686d36e22f954e67c8fec4297) C:\WINDOWS\system32\drivers\PQNTDrv.sys
14:37:52.0897 5384 PQNTDrv ( UnsignedFile.Multi.Generic ) - warning
14:37:52.0897 5384 PQNTDrv - detected UnsignedFile.Multi.Generic (1)
14:37:52.0937 5384 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
14:37:53.0067 5384 Processor - ok
14:37:53.0077 5384 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:37:53.0207 5384 ProtectedStorage - ok
14:37:53.0237 5384 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:37:53.0378 5384 PSched - ok
14:37:53.0418 5384 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:37:53.0558 5384 Ptilink - ok
14:37:53.0598 5384 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:37:53.0628 5384 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
14:37:53.0628 5384 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
14:37:53.0628 5384 ql1080 - ok
14:37:53.0638 5384 Ql10wnt - ok
14:37:53.0648 5384 ql12160 - ok
14:37:53.0658 5384 ql1240 - ok
14:37:53.0668 5384 ql1280 - ok
14:37:53.0708 5384 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:37:53.0848 5384 RasAcd - ok
14:37:53.0888 5384 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
14:37:54.0019 5384 RasAuto - ok
14:37:54.0069 5384 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:37:54.0189 5384 Rasl2tp - ok
14:37:54.0229 5384 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
14:37:54.0369 5384 RasMan - ok
14:37:54.0379 5384 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:37:54.0509 5384 RasPppoe - ok
14:37:54.0539 5384 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:37:54.0649 5384 Raspti - ok
14:37:54.0750 5384 rcp_service (b694467b0325267c8eabf04a71d53d99) C:\Programme\ReaConverter 5.5 Pro\rcp_scheduler.exe
14:37:54.0790 5384 rcp_service ( UnsignedFile.Multi.Generic ) - warning
14:37:54.0790 5384 rcp_service - detected UnsignedFile.Multi.Generic (1)
14:37:54.0840 5384 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:37:54.0970 5384 Rdbss - ok
14:37:55.0010 5384 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:37:55.0140 5384 RDPCDD - ok
14:37:55.0180 5384 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:37:55.0320 5384 rdpdr - ok
14:37:55.0370 5384 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
14:37:55.0421 5384 RDPWD - ok
14:37:55.0461 5384 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
14:37:55.0611 5384 RDSessMgr - ok
14:37:55.0651 5384 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:37:55.0781 5384 redbook - ok
14:37:55.0831 5384 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
14:37:55.0951 5384 RemoteAccess - ok
14:37:55.0991 5384 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
14:37:56.0132 5384 RemoteRegistry - ok
14:37:56.0172 5384 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
14:37:56.0292 5384 RpcLocator - ok
14:37:56.0332 5384 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
14:37:56.0382 5384 RpcSs - ok
14:37:56.0442 5384 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
14:37:56.0572 5384 RSVP - ok
14:37:56.0582 5384 rtl8139 - ok
14:37:56.0622 5384 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:37:56.0732 5384 SamSs - ok
14:37:56.0772 5384 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
14:37:56.0923 5384 SCardSvr - ok
14:37:56.0963 5384 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
14:37:57.0113 5384 Schedule - ok
14:37:57.0173 5384 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:37:57.0243 5384 Secdrv - ok
14:37:57.0273 5384 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
14:37:57.0413 5384 seclogon - ok
14:37:57.0453 5384 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
14:37:57.0584 5384 SENS - ok
14:37:57.0624 5384 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:37:57.0764 5384 serenum - ok
14:37:57.0774 5384 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
14:37:57.0924 5384 Serial - ok
14:37:58.0024 5384 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Programme\PC Connectivity Solution\ServiceLayer.exe
14:37:58.0054 5384 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
14:37:58.0054 5384 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
14:37:58.0104 5384 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:37:58.0235 5384 Sfloppy - ok
14:37:58.0285 5384 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
14:37:58.0455 5384 SharedAccess - ok
14:37:58.0495 5384 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
14:37:58.0505 5384 ShellHWDetection - ok
14:37:58.0515 5384 Simbad - ok
14:37:58.0735 5384 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
14:37:58.0875 5384 Skype C2C Service - ok
14:37:58.0936 5384 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Programme\Skype\Updater\Updater.exe
14:37:58.0956 5384 SkypeUpdate - ok
14:37:59.0076 5384 SMR300 (964c7e906079a61320bad4f992e7d777) C:\WINDOWS\system32\drivers\SMR300.SYS
14:37:59.0096 5384 SMR300 - ok
14:37:59.0166 5384 SMTPSVC (f8d14349fb28a8d8db21fd69bc0e102d) C:\WINDOWS\System32\inetsrv\inetinfo.exe
14:37:59.0256 5384 SMTPSVC - ok
14:37:59.0306 5384 smwdm (4931615ef9543728e0204973be27b350) C:\WINDOWS\system32\drivers\smwdm.sys
14:37:59.0426 5384 smwdm - ok
14:37:59.0466 5384 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:37:59.0607 5384 SONYPVU1 - ok
14:37:59.0617 5384 Sparrow - ok
14:37:59.0657 5384 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:37:59.0787 5384 splitter - ok
14:37:59.0837 5384 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:37:59.0887 5384 Spooler - ok
14:37:59.0907 5384 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
14:37:59.0987 5384 sr - ok
14:38:00.0037 5384 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
14:38:00.0127 5384 srservice - ok
14:38:00.0237 5384 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\NIS\1307010.005\SRTSP.SYS
14:38:00.0288 5384 SRTSP - ok
14:38:00.0338 5384 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\NIS\1307010.005\SRTSPX.SYS
14:38:00.0348 5384 SRTSPX - ok
14:38:00.0408 5384 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:38:00.0488 5384 Srv - ok
14:38:00.0538 5384 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
14:38:00.0648 5384 SSDPSRV - ok
14:38:00.0688 5384 STC2DFU (594898b175b8b7d2897a71227d4bbda1) C:\WINDOWS\system32\DRIVERS\Stc2Dfu.SYS
14:38:00.0728 5384 STC2DFU - ok
14:38:00.0778 5384 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
14:38:00.0918 5384 stisvc - ok
14:38:00.0958 5384 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:38:01.0099 5384 swenum - ok
14:38:01.0129 5384 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:38:01.0249 5384 swmidi - ok
14:38:01.0259 5384 SwPrv - ok
14:38:01.0269 5384 symc810 - ok
14:38:01.0279 5384 symc8xx - ok
14:38:01.0289 5384 SYMDNS - ok
14:38:01.0329 5384 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1307010.005\SYMDS.SYS
14:38:01.0359 5384 SymDS - ok
14:38:01.0439 5384 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NIS\1307010.005\SYMEFA.SYS
14:38:01.0489 5384 SymEFA - ok
14:38:01.0529 5384 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
14:38:01.0549 5384 SymEvent - ok
14:38:01.0559 5384 SYMFW - ok
14:38:01.0569 5384 SYMIDS - ok
14:38:01.0609 5384 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NIS\1307010.005\Ironx86.SYS
14:38:01.0629 5384 SymIRON - ok
14:38:01.0639 5384 SYMNDIS - ok
14:38:01.0649 5384 SYMREDRV - ok
14:38:01.0690 5384 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NIS\1307010.005\SYMTDI.SYS
14:38:01.0720 5384 SYMTDI - ok
14:38:01.0730 5384 sym_hi - ok
14:38:01.0740 5384 sym_u3 - ok
14:38:01.0780 5384 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:38:01.0920 5384 sysaudio - ok
14:38:01.0960 5384 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
14:38:02.0100 5384 SysmonLog - ok
14:38:02.0160 5384 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
14:38:02.0290 5384 TapiSrv - ok
14:38:02.0330 5384 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:38:02.0381 5384 Tcpip - ok
14:38:02.0431 5384 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:38:02.0551 5384 TDPIPE - ok
14:38:02.0591 5384 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:38:02.0721 5384 TDTCP - ok
14:38:02.0761 5384 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:38:02.0901 5384 TermDD - ok
14:38:02.0951 5384 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
14:38:03.0082 5384 TermService - ok
14:38:03.0132 5384 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
14:38:03.0152 5384 Themes - ok
14:38:03.0212 5384 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\System32\tlntsvr.exe
14:38:03.0302 5384 TlntSvr - ok
14:38:03.0312 5384 TosIde - ok
14:38:03.0342 5384 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
14:38:03.0482 5384 TrkWks - ok
14:38:03.0542 5384 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:38:03.0662 5384 Udfs - ok
14:38:03.0672 5384 ultra - ok
14:38:03.0722 5384 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:38:03.0863 5384 Update - ok
14:38:03.0913 5384 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
14:38:04.0023 5384 upnphost - ok
14:38:04.0033 5384 upperdev - ok
14:38:04.0063 5384 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
14:38:04.0193 5384 UPS - ok
14:38:04.0203 5384 USBAAPL - ok
14:38:04.0253 5384 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:38:04.0373 5384 usbaudio - ok
14:38:04.0393 5384 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:38:04.0534 5384 usbccgp - ok
14:38:04.0574 5384 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:38:04.0714 5384 usbehci - ok
14:38:04.0764 5384 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:38:04.0904 5384 usbhub - ok
14:38:04.0944 5384 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:38:05.0094 5384 usbprint - ok
14:38:05.0124 5384 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:38:05.0285 5384 usbscan - ok
14:38:05.0315 5384 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
14:38:05.0445 5384 usbser - ok
14:38:05.0455 5384 UsbserFilt - ok
14:38:05.0485 5384 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:38:05.0625 5384 USBSTOR - ok
14:38:05.0665 5384 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:38:05.0805 5384 usbuhci - ok
14:38:05.0846 5384 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\WINDOWS\system32\DRIVERS\VClone.sys
14:38:05.0866 5384 VClone ( UnsignedFile.Multi.Generic ) - warning
14:38:05.0866 5384 VClone - detected UnsignedFile.Multi.Generic (1)
14:38:05.0896 5384 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:38:06.0036 5384 VgaSave - ok
14:38:06.0046 5384 ViaIde - ok
14:38:06.0076 5384 VIAPFD (662626bccf060f2f4b6d5af7ac121ff5) C:\WINDOWS\System32\Drivers\VIAPFD.SYS
14:38:06.0076 5384 VIAPFD ( UnsignedFile.Multi.Generic ) - warning
14:38:06.0076 5384 VIAPFD - detected UnsignedFile.Multi.Generic (1)
14:38:06.0106 5384 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
14:38:06.0236 5384 VolSnap - ok
14:38:06.0266 5384 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
14:38:06.0356 5384 VSS - ok
14:38:06.0396 5384 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
14:38:06.0526 5384 W32Time - ok
14:38:06.0587 5384 W3SVC (f8d14349fb28a8d8db21fd69bc0e102d) C:\WINDOWS\system32\inetsrv\inetinfo.exe
14:38:06.0677 5384 W3SVC - ok
14:38:06.0727 5384 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:38:06.0867 5384 Wanarp - ok
14:38:06.0917 5384 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
14:38:06.0957 5384 Wdf01000 - ok
14:38:06.0967 5384 WDICA - ok
14:38:07.0007 5384 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:38:07.0137 5384 wdmaud - ok
14:38:07.0177 5384 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
14:38:07.0308 5384 WebClient - ok
14:38:07.0378 5384 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:38:07.0508 5384 winmgmt - ok
14:38:07.0588 5384 WinRM (f10075c2ec96d2eb118012e78ece2fc2) C:\WINDOWS\system32\WsmSvc.dll
14:38:07.0748 5384 WinRM - ok
14:38:07.0808 5384 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:38:07.0949 5384 WmdmPmSN - ok
14:38:08.0059 5384 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
14:38:08.0129 5384 Wmi - ok
14:38:08.0179 5384 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:38:08.0299 5384 WmiApSrv - ok
14:38:08.0399 5384 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
14:38:08.0489 5384 WMPNetworkSvc - ok
14:38:08.0549 5384 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:38:08.0579 5384 WpdUsb - ok
14:38:08.0609 5384 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:38:08.0740 5384 WS2IFSL - ok
14:38:08.0790 5384 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
14:38:08.0940 5384 wscsvc - ok
14:38:08.0960 5384 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
14:38:09.0080 5384 wuauserv - ok
14:38:09.0120 5384 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:38:09.0200 5384 WudfPf - ok
14:38:09.0250 5384 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:38:09.0270 5384 WudfRd - ok
14:38:09.0300 5384 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
14:38:09.0321 5384 WudfSvc - ok
14:38:09.0361 5384 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
14:38:09.0521 5384 WZCSVC - ok
14:38:09.0561 5384 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
14:38:09.0701 5384 xmlprov - ok
14:38:09.0721 5384 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
14:38:10.0152 5384 \Device\Harddisk0\DR0 - ok
14:38:10.0162 5384 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR5
14:38:10.0532 5384 \Device\Harddisk1\DR5 - ok
14:38:10.0542 5384 Boot (0x1200) (7aa8a8dc4eb530c5989cbbdbfc3eba72) \Device\Harddisk0\DR0\Partition0
14:38:10.0542 5384 \Device\Harddisk0\DR0\Partition0 - ok
14:38:10.0582 5384 Boot (0x1200) (dd11549d43e261653d88147850445739) \Device\Harddisk0\DR0\Partition1
14:38:10.0582 5384 \Device\Harddisk0\DR0\Partition1 - ok
14:38:10.0592 5384 Boot (0x1200) (aacb6b58daa0c5de4719b9d30bec1fd3) \Device\Harddisk1\DR5\Partition0
14:38:10.0592 5384 \Device\Harddisk1\DR5\Partition0 - ok
14:38:10.0602 5384 ============================================================
14:38:10.0602 5384 Scan finished
14:38:10.0602 5384 ============================================================
14:38:10.0723 4368 Detected object count: 20
14:38:10.0723 4368 Actual detected object count: 20
14:38:50.0570 4368 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:50.0570 4368 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:50.0570 4368 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:50.0570 4368 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:50.0570 4368 CyUsbNT ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:50.0570 4368 CyUsbNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:50.0570 4368 FileZilla Server ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:50.0570 4368 FileZilla Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:50.0570 4368 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:50.0570 4368 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:50.0570 4368 FS20 IRP ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:50.0570 4368 FS20 IRP ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:50.0580 4368 FTD2XX ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:50.0580 4368 FTD2XX ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:50.0580 4368 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:50.0580 4368 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:50.0580 4368 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:50.0580 4368 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:50.0580 4368 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:50.0580 4368 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:50.0590 4368 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:50.0590 4368 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:50.0590 4368 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:50.0590 4368 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:50.0590 4368 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:50.0590 4368 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:50.0590 4368 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:50.0590 4368 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:50.0590 4368 PQNTDrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:50.0590 4368 PQNTDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:50.0590 4368 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:50.0590 4368 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:50.0600 4368 rcp_service ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:50.0600 4368 rcp_service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:50.0600 4368 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:50.0600 4368 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:50.0600 4368 VClone ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:50.0600 4368 VClone ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:50.0600 4368 VIAPFD ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:50.0600 4368 VIAPFD ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 14.07.2012, 18:27   #14
markusg
/// Malware-holic
 
PC versendet SPAM mails im hintergrund - Standard

PC versendet SPAM mails im hintergrund



das sieht alles soweit io aus
machst du irgendwas wichtiges mit dem pc? banking, einkäufe etc?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.07.2012, 08:21   #15
nicom028
 
PC versendet SPAM mails im hintergrund - Standard

PC versendet SPAM mails im hintergrund



Also, ins wochenende ist es wieder los gegangen.

Ich mache jetzt nichts und lasse die spam mails weiterlaufen, bitte um anweisungen.......

Unterstehend mal ein mail:

From: postmaster@Thomasrechner
To: sloboz@muie.com
Date: Mon, 16 Jul 2012 05:49:24 +0200
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="9B095B5ADSN=_01CD5FF8CC8072C000000005Thomasrechner"
Message-ID: <FRaqbC8wS00000003@Thomasrechner>
Subject: Benachrichtung
zum
=?unicode-1-1-utf-7?Q?+ANw-bermittlungsstatus
(Fehlgeschlagen)?=

This is a MIME-formatted message.
Portions of this message may be unreadable without a MIME-capable mail program.

--9B095B5ADSN=_01CD5FF8CC8072C000000005Thomasrechner
Content-Type: text/plain; charset=unicode-1-1-utf-7

Dies ist eine automatisch erstellte Benachrichtigung +APw-ber den Zustellstatus.

Den folgenden Empf+AOQ-ngern konnte die Nachricht nicht zugestellt werden, weil keine Verbindung mit dem Zielserver hergestellt werden konnte.

daumuie4@libero.it




--9B095B5ADSN=_01CD5FF8CC8072C000000005Thomasrechner
Content-Type: message/delivery-status

Reporting-MTA: dns;Thomasrechner
Received-From-MTA: dns;cartasi
Arrival-Date: Sat, 14 Jul 2012 03:31:24 +0200

Final-Recipient: rfc822;daumuie4@libero.it
Action: failed
Status: 4.4.7

--9B095B5ADSN=_01CD5FF8CC8072C000000005Thomasrechner
Content-Type: message/rfc822

Received: from cartasi ([109.99.149.198]) by Thomasrechner with Microsoft SMTPSVC(6.0.2600.5949);
Sat, 14 Jul 2012 03:31:24 +0200
MIME-Version: 1.0
From: sloboz@muie.com
To: daumuie4@libero.it
Date: 14 Jul 2012 04:31:09 +0300
Subject: 194.112.246.13,spam@Vienna-RemoteB013.profinet.at,spam
Return-Path: sloboz@muie.com
Message-ID: <THOMASRECHNERKp3QGq00000001@Thomasrechner>
X-OriginalArrivalTime: 14 Jul 2012 01:31:24.0323 (UTC) FILETIME=[61720730:01CD6160]





--9B095B5ADSN=_01CD5FF8CC8072C000000005Thomasrechner--

Antwort

Themen zu PC versendet SPAM mails im hintergrund
bho, downloader, einstellungen, excel, firefox, flash player, ftp, google, hijack, hijackthis, hijackthis logfile, hkus\s-1-5-18, hängen, internet, internet explorer, logfile, mozilla, refresh, security, server, software, spam, spam mails, symantec, system, windows, windows xp



Ähnliche Themen: PC versendet SPAM mails im hintergrund


  1. PC versendet Spam Mails
    Log-Analyse und Auswertung - 05.11.2015 (9)
  2. Spam-Mails mit meiner Adresse versendet
    Plagegeister aller Art und deren Bekämpfung - 24.10.2015 (19)
  3. web.de versendet selbstständig Spam E-Mails an Kontakte
    Plagegeister aller Art und deren Bekämpfung - 12.10.2015 (10)
  4. Yahoo Konto versendet Spam Mails
    Log-Analyse und Auswertung - 07.09.2014 (3)
  5. Yahoo Konto versendet Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 25.06.2014 (15)
  6. Spam-Mails durch Email-Account versendet
    Plagegeister aller Art und deren Bekämpfung - 05.06.2014 (13)
  7. Spam-mails über T-online Acc versendet
    Überwachung, Datenschutz und Spam - 14.04.2014 (3)
  8. Mail Acc versendet Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 09.04.2014 (11)
  9. Web.de: Spam-Mails von meiner Adresse versendet
    Plagegeister aller Art und deren Bekämpfung - 15.10.2013 (5)
  10. E-Mail Account versendet Spam-Mails
    Log-Analyse und Auswertung - 15.08.2013 (11)
  11. Spam Mails - Mail delivery failed obwohl ich keine E-Mails versendet habe
    Plagegeister aller Art und deren Bekämpfung - 16.06.2013 (11)
  12. Rechner versendet SPAM Mails - Logfiles
    Plagegeister aller Art und deren Bekämpfung - 03.03.2013 (7)
  13. E-Mail Account versendet Spam E-Mails
    Plagegeister aller Art und deren Bekämpfung - 15.04.2012 (15)
  14. Web account auf ubuntu versendet spam mails
    Plagegeister aller Art und deren Bekämpfung - 02.12.2011 (1)
  15. GMX Account versendet selbstständig Spam-mails
    Plagegeister aller Art und deren Bekämpfung - 30.10.2011 (3)
  16. Trojaner? Yahoo versendet Spam-Mails
    Log-Analyse und Auswertung - 06.04.2011 (11)
  17. Problem: iexplore.exe versendet spam mails
    Log-Analyse und Auswertung - 27.03.2007 (1)

Zum Thema PC versendet SPAM mails im hintergrund - Hallo, Mein PC versendet Spam mails im hintergrund. Habe dies festgestellt da im verzeignis: c:\inetpub\mailroot\queue immer wieder neue mails erscheinen und in c:\inetpub\mailroot\badmail tausende von nicht versendete mails sind. Ich - PC versendet SPAM mails im hintergrund...
Archiv
Du betrachtest: PC versendet SPAM mails im hintergrund auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.