| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Vodafone PDF TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.11.2012, 16:27
| #1 | ||||||
| |  Vodafone PDF Trojaner Hallo, auch ich hab eine Fake-Vodafone-Rechnung per PDF bekommen. Die E-Mail war seriös gestaltet und da ich auch Vodafone Kunde bin habe ich das PDF-File geöffnet. Allerdings habe ich dann schnell gemerkt, dass es sich um ein Fake handelt. Mit Avira AntiVir habe ich bereits einen Scan gemacht, allerdings wurde nichts gefunden. Ich verwende Adobe Reader 10.1.4. Alle Windows Updates sind auf dem neuesten Stand. Während ich das PDF File geöffnet hatte war keine Internetverbindung vorhanden. Bis jetzt hab ich auch noch keine Auffälligkeiten bemerkt, allerdings nutze ich den Laptop für Onlinebanking und auch beruflich und möchte somit sicher gehen, dass mein System wirklich sauber ist (wenn möglich ohne Neuinstallation). Ich habe anschließend das Dokument bei https://joedd.joesecurity.org gescannt und dieser sagt, dass unter der Adobe Reader Version 10.1.3 (ich habe 10.1.4!) nichts gefunden wurde. Nur bei Version 8.1.2.
OTL Logfile OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.11.2012 15:18:00 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\******\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,90 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 43,01% Memory free
7,80 Gb Paging File | 5,61 Gb Available in Paging File | 71,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 51,74 Gb Free Space | 43,43% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 411,24 Gb Free Space | 88,29% Space Free | Partition Type: NTFS
Computer Name: LAPTOP****** | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D29E0D-0B94-4B41-96B1-46BBEC88AA9C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{035F7AC4-7EE6-4C0B-8D78-B4897DBC0869}" = lport=2869 | protocol=6 | dir=in | app=system |
"{050E517F-C680-47CD-91E5-8283DEBB45AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{195680FC-DBC1-4F8B-985B-72B774A53469}" = rport=10243 | protocol=6 | dir=out | app=system |
"{21C853BE-BB3E-475A-81EA-D962637C2D17}" = lport=137 | protocol=17 | dir=in | app=system |
"{31C0D989-A651-4A74-B5A7-8BDDD4321139}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4998C3FE-F183-4E54-9D01-93F0CEC435E6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{51D3A7A9-C5BC-418C-B83A-4D925E27F156}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6EA511FA-1665-47BF-8DD9-DF7277609F3A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7632894A-62EB-4B9A-AFC4-AD3CAE83BA1D}" = rport=137 | protocol=17 | dir=out | app=system |
"{A47B18BC-6772-4B0B-8531-54CC7885A482}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ACC34A52-8027-45AA-B0BA-FA747492EA4D}" = lport=139 | protocol=6 | dir=in | app=system |
"{AF73A3A4-7F05-46F9-BF8F-71A373CF45CA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B4DAD413-6611-42F0-849E-83D1F5F2A3E9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D0460A0C-9C66-4F48-BC55-6F91C8EE4E20}" = rport=139 | protocol=6 | dir=out | app=system |
"{DCFACAF6-4014-478F-AC69-7DBA45E24B22}" = rport=138 | protocol=17 | dir=out | app=system |
"{E4CE2EBE-3E1C-41A0-8379-9205555C4982}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E73D6544-5A83-4E0E-8F06-8DE03C949A70}" = lport=138 | protocol=17 | dir=in | app=system |
"{EEA6E78D-CBB6-402E-8001-BC73660E6E1C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1709317-B649-42F7-BCCF-1A8469F9D4A4}" = lport=445 | protocol=6 | dir=in | app=system |
"{F99F54E9-4894-43F4-BC33-E37FF35247DD}" = rport=445 | protocol=6 | dir=out | app=system |
"{FD521A32-FC86-495B-ADFE-5C29ECD415C2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AEC287-0789-4F98-998D-A1BD61F31027}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{0C02FE3E-08C5-4825-AAD6-F4298DBB12B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0C285DE7-7D42-4F66-9EBC-8F0F49E5A515}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CE0C961-DCDE-4937-B070-F8A0F8F3AEC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CE4A34C-906C-45CA-B0E3-1F8911F55382}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{129DD792-F3EE-43B9-90AD-E7D68D3C3788}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{13571462-6382-4F29-BDC4-BBC2F8216A99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{268B472B-A64E-4C2B-96F3-FCEF43D59247}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{349BD310-DA94-4067-8DAF-9268B526A23C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{38C52AF9-70F6-4723-B01C-5254A3632FC7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3973EA6E-FBFE-463C-83F3-61936F25B4AA}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\app\starmoney.exe |
"{3CF6F281-4AA9-477F-8625-8B7B985FF0B5}" = protocol=6 | dir=out | app=system |
"{429B5194-261E-4ABA-A783-C30B4EEC5CCC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{491979D5-E812-4CC3-9269-13AE221DE83E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{549BBECB-0FA5-4EA6-A031-AD36AFA84554}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{56E7C27F-30A6-47CD-AAFC-E13F9BE8A653}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{5C8003E2-DF61-4234-98BF-5EC6D2F122A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65DF79F5-9A54-4F6B-AE43-4426F3E25AC9}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{7A1AD692-E7AE-468A-861A-60AA05E6BAB7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{7A3B631A-6243-4B06-8C70-1B1B2EE33296}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C14087B-74D3-4536-92F3-F2A5EA61C0DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80EF4E06-B378-4F64-A565-578FE4CDA3AF}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\app\starmoney.exe |
"{819F5B25-2842-42A6-BFC0-3F3E7246882E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8CF28B38-B9E7-4B27-B422-9867CCA34EB8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8EAD63D9-731C-4DE0-A532-FCD4F8DFF13A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9120543E-92A5-4364-8029-E84A774F54CD}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{9B2CAF00-5E50-4D11-88A1-7E8CDE6ED45D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{AB2A318C-59A7-4D73-A209-D05507CB9E1F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AD46FF1E-3711-427A-B282-0B20948A5A81}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B24DDF93-B4A0-4598-9A0A-4FA06EDC9060}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{B3518DAC-BB34-4557-BBC3-2672533A5591}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{B789E219-FC23-4814-A311-EC6466D8961E}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{B8A7022A-46B3-4CFE-9A78-843732F905C9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B9BF1853-481E-445A-822D-03A3F035F29B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CD6EC559-2F02-48B8-91FC-2BF6F80842F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D41B96C5-6DE5-4C8F-ABB7-9F88D1F20BA9}" = protocol=6 | dir=in | app=c:\users\******\appdata\roaming\dropbox\bin\dropbox.exe |
"{D4626446-E530-40B3-83FF-9D7C98C8BB68}" = protocol=17 | dir=in | app=c:\users\******\appdata\roaming\dropbox\bin\dropbox.exe |
"{D4C47CDE-9758-4231-80B7-1FB59388305D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D737E85B-97E2-4DE7-B485-2DFBE3FC34CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DB68F748-BF84-4570-B091-7D136F266688}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DE43636E-6F8D-4B9F-AF88-9B6BD907ACB6}" = dir=in | app=c:\program files (x86)\pharossystems\core\ctskmstr.exe |
"{E099641B-7132-409A-A461-312AE8C26EFC}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{E1B069B0-C4D1-41E5-94F5-C23171C8BC49}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{E2F975B0-5DA4-4DBD-85EB-9D1A85E53BC5}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{E49776C7-FA3C-4DBE-ABC3-1C80C80DFE33}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E55A711D-E578-47E4-8743-8E213AB68F70}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{F491FBB5-EB66-4946-BCB6-93BCCF50C620}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7C8526A-C751-416C-955B-3F0F449BE1B7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F8A3EA9B-0E93-4879-A64E-E385D70EEFBE}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{FE80FF01-24B8-4966-B823-783FD9818C0B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FF9333E4-2DFD-4C0B-82DF-B20D3C0A28C0}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"TCP Query User{00F78F78-D498-42AC-B17B-86C954F88FD5}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{41F7B54E-41CC-4D10-B9CD-C809B3D56346}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe |
"TCP Query User{53471F84-7EB0-4920-8824-21EA6BB8ECCD}C:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe |
"TCP Query User{5AE4C19A-472D-427E-AC00-D53CB4AC52BA}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{73E5DE99-4A9B-4B77-AE53-E6564C351E10}C:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe |
"TCP Query User{A0E0DC51-0FBD-40C5-8D35-246749A00C1A}C:\program files (x86)\z-dbackup\zftpcopy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\z-dbackup\zftpcopy.exe |
"TCP Query User{ABC9FB14-91F3-41CC-901B-A0B0A4547956}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"TCP Query User{AE38CFAE-EF4A-4FF8-9AAF-945C6B2CE652}C:\users\******\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\******\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{F212A9F4-6224-4F28-BD08-C83E5B78B20A}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{F6662ECA-9282-4DE0-81DC-931A27308A53}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe |
"UDP Query User{13B0DCA3-B24D-4761-A3C3-BD3E3922B41F}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe |
"UDP Query User{1C40AF3B-8035-4DFA-AEFA-55D0F656B4A2}C:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe |
"UDP Query User{4FC2880A-B50F-4794-849B-870F4FEC3845}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe |
"UDP Query User{64CB9D8F-6F58-45B6-814F-1DA419B81763}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{76FE5F44-585C-4BDD-9608-8BA71ECAB45D}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{78D29BB1-4CF2-4628-8871-5543846785C6}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{A977C4DC-F94D-4891-B4C8-3FF1837C7B9C}C:\users\******\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\******\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{C6E771D9-756D-42C4-BF13-49DC4B7E654C}C:\program files (x86)\z-dbackup\zftpcopy.exe" = protocol=17 | dir=in | app=c:\program files (x86)\z-dbackup\zftpcopy.exe |
"UDP Query User{C786944C-9CA2-4CB3-B419-8FACAF405F49}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"UDP Query User{FF794A00-B962-4786-B754-437ECD288D15}C:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{31a52f2e-32e8-4c8f-9d99-6fd0c37c99ef}" = Gigaset QuickSync
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5001E5BC-C9BF-4598-AB89-E7318C76C5F4}" = FRITZ!Fernzugang
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86E45973-5352-439F-A115-2E8EE4D40140}" = ActivClient x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94198F92-0C11-40FB-ADAD-D033C85D4D74}" = Drive Encryption for HP ProtectTools
"{991A4895-3346-4980-990F-A1041B73C6F7}" = HP 3D DriveGuard
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{BBBE35B2-9349-3C48-BD3D-F574B17C7924}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218
"{BD7A7136-1E88-4EB8-985C-1326DCE5612A}" = AuthenTec Fingerprint System
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9)
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PDF-XChange 3_is1" = PDF-XChange 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04FE949D-172D-45B4-ACE6-6BCFAB5EC563}" = Mindjet MindManager 9
"{0F3A02CF-09B1-4B49-BE02-A70790F18B56}" = StarMoney
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{22B76906-5831-4052-9463-E13C5B7A5B40}" = HP ESU for Microsoft Windows 7
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{66D6C49D-B4F4-423A-85EA-3AF843115A91}" = StarMoney
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{8DF067D5-EAFB-4B93-AFF6-A6E33D9697C7}" = HP ProtectTools Security Manager
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A97F28B2-3BA1-49B7-AEF6-CC8956ED8CAA}" = Nokia PC Suite
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{B4814B84-AEEC-4647-90A4-67E2DF637544}" = StarMoney 8.0 S-Edition
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C42BB613-5079-41C3-8CD1-037B9FFD818F}" = HP JavaCard for HP ProtectTools
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{D1C42E76-0165-4542-95FD-5A9F75023573}" = Credential Manager for HP ProtectTools
"{D1E0E859-F46D-4708-A41D-ED90C0C1822A}" = Acronis True Image Home
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{E045FAC9-0B70-4796-AD3A-7035E89CE536}" = SCR3xxx Smart Card Reader
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"1&1 SoftPhone" = 1&1 SoftPhone
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.6.0.1
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Google Calendar Sync" = Google Calendar Sync
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KeePass Password Safe_is1" = KeePass Password Safe 1.22
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"Personal Backup 5_is1" = Personal Backup 5.3
"Pharos" = Pharos
"PhonerLite_is1" = PhonerLite 2.04
"TeamViewer 7" = TeamViewer 7
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.4
"WinPcapInst" = WinPcap 4.1.2
"winscp3_is1" = WinSCP 5.1
"Wireshark" = Wireshark 1.6.7 (64-bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.11.2012 09:15:02 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0. Ungültige
XML-Syntax.
Error - 17.11.2012 09:57:31 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0. Ungültige
XML-Syntax.
Error - 17.11.2012 11:46:28 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0. Ungültige
XML-Syntax.
Error - 17.11.2012 16:55:19 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0. Ungültige
XML-Syntax.
Error - 18.11.2012 00:54:40 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0. Ungültige
XML-Syntax.
Error - 18.11.2012 11:25:37 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.11.2012 13:16:24 | Computer Name = Laptop****** | Source = Application Hang | ID = 1002
Description = Programm vlc.exe, Version 2.0.1.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 19c8 Startzeit:
01cdc5b047798888 Endzeit: 10 Anwendungspfad: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Berichts-ID:
a366c8e5-31a3-11e2-a129-00247e766500
Error - 18.11.2012 20:30:27 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.11.2012 22:43:37 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0. Ungültige
XML-Syntax.
Error - 19.11.2012 07:34:10 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0. Ungültige
XML-Syntax.
[ Credential Manager Events ]
Error - 30.10.2012 00:42:54 | Computer Name = Laptop****** | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
******@LAPTOP****** Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 30.10.2012 00:42:54 | Computer Name = Laptop****** | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: ******@LAPTOP******
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 01.11.2012 15:57:24 | Computer Name = Laptop****** | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
******@LAPTOP****** Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 01.11.2012 15:57:24 | Computer Name = Laptop****** | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: ******@LAPTOP******
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 01.11.2012 15:57:27 | Computer Name = Laptop****** | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
******@LAPTOP****** Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 01.11.2012 15:57:27 | Computer Name = Laptop****** | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: ******@LAPTOP******
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 10.11.2012 18:23:20 | Computer Name = Laptop****** | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
******@LAPTOP****** Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 10.11.2012 18:23:20 | Computer Name = Laptop****** | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: ******@LAPTOP******
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 14.11.2012 08:55:38 | Computer Name = Laptop****** | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
******@LAPTOP****** Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 14.11.2012 08:55:38 | Computer Name = Laptop****** | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: ******@LAPTOP******
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
[ System Events ]
Error - 27.07.2012 19:11:49 | Computer Name = Laptop****** | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 28.07.2012 03:04:22 | Computer Name = Laptop****** | Source = DCOM | ID = 10010
Description =
Error - 28.07.2012 04:24:20 | Computer Name = Laptop****** | Source = DCOM | ID = 10010
Description =
Error - 28.07.2012 04:24:56 | Computer Name = Laptop****** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%14001
Error - 28.07.2012 21:46:12 | Computer Name = Laptop****** | Source = DCOM | ID = 10010
Description =
Error - 29.07.2012 08:30:18 | Computer Name = Laptop****** | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 31.07.2012 10:26:39 | Computer Name = Laptop****** | Source = DCOM | ID = 10010
Description =
Error - 31.07.2012 17:48:52 | Computer Name = Laptop****** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%14001
Error - 31.07.2012 19:01:32 | Computer Name = Laptop****** | Source = DCOM | ID = 10010
Description =
Error - 01.08.2012 04:47:29 | Computer Name = Laptop****** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%14001
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.11.2012 15:18:00 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\******\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 43,01% Memory free 7,80 Gb Paging File | 5,61 Gb Available in Paging File | 71,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 51,74 Gb Free Space | 43,43% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 411,24 Gb Free Space | 88,29% Space Free | Partition Type: NTFS Computer Name: LAPTOP****** | User Name: ****** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Users\******\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe () PRC - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) PRC - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\IAM\bin\AsGHost.exe (Bioscrypt Inc.) PRC - C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe (Pharos Systems International) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Mindjet\MindManager 9\zlib.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll () ========== Services (SafeList) ========== SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (BotkindSyncService) -- C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe () SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (avmike) -- C:\Programme\FRITZ!Fernzugang\avmike.exe (AVM Berlin) SRV - (nwtsrv) -- C:\Programme\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin) SRV - (certsrv) -- C:\Programme\FRITZ!Fernzugang\certsrv.exe (AVM Berlin) SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (HP ProtectTools Service) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (HpFkCryptService) -- C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.) SRV - (ASBroker) -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.) SRV - (ASChannel) -- C:\Program Files (x86)\Hewlett-Packard\IAM\bin\AsChnl.dll (Bioscrypt Inc.) SRV - (Pharos Systems ComTaskMaster) -- C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe (Pharos Systems International) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (ATService) -- C:\Programme\Fingerprint Sensor\ATService.exe (AuthenTec, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ac.sharedstore) -- C:\Programme\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity) SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (tdrpman251) -- C:\Windows\SysNative\drivers\tdrpm251.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (NWIM) -- C:\Windows\SysNative\drivers\avmnwim.sys (AVM Berlin) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (SbFsLock) -- C:\Windows\SysNative\drivers\SbFsLock.sys (SafeBoot International) DRV:64bit: - (RsvLock) -- C:\Windows\SysNative\drivers\RsvLock.sys (SafeBoot International) DRV:64bit: - (SafeBoot) -- C:\Windows\SysNative\drivers\SafeBoot.sys () DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\CPQBTTN.sys (Hewlett-Packard Company) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation) DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (SbAlg) -- C:\Windows\SysNative\drivers\SbAlg.sys (SafeBoot N.V.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 59 9A 67 9A C3 CD 01 [binary data] IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "PONS.eu : Englisch » Deutsch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7 FF - prefs.js..extensions.enabledAddons: {c666c018-6409-4479-afa3-68e4129e7eff}:1.1.0 FF - prefs.js..extensions.enabledAddons: contextMenuExtension@leo.org:0.3.1 FF - prefs.js..extensions.enabledAddons: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.9.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5FE7198A-5950-4068-9FBF-1A60395CC4E9}: C:\Program Files (x86)\1&1\1&1 SoftPhone\Firefox [2012.08.30 14:51:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 15:23:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 15:23:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.28 13:07:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Extensions [2012.10.23 22:27:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\o2h4a6uk.default\extensions [2012.09.20 00:08:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\o2h4a6uk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.09.16 18:04:09 | 000,018,789 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\contextMenuExtension@leo.org.xpi [2012.09.19 13:00:23 | 000,506,361 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2012.08.23 07:51:55 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012.09.16 18:03:30 | 000,013,268 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\{c666c018-6409-4479-afa3-68e4129e7eff}.xpi [2012.07.25 02:02:52 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.05.22 19:53:15 | 000,000,983 | ---- | M] () -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\searchplugins\ponseu--englisch--deutsch.xml [2012.05.09 14:39:32 | 000,002,057 | ---- | M] () -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\searchplugins\youtube-videosuche.xml [2012.11.18 17:33:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.29 15:23:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.29 15:23:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.29 15:23:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.21 01:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.05 22:06:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.21 01:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 01:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 01:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 01:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Credential Manager for HP ProtectTools) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\Hewlett-Packard\IAM\bin\ItIEAddIn64.dll (Bioscrypt Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~2\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule File not found O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: [] File not found O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CDC35AB-A692-4D64-884D-23F4B7A925A0}: DhcpNameServer = 89.101.160.4 89.101.160.5 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL (Bioscrypt Inc.) O20 - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll (Bioscrypt Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{403e1d86-9156-11e1-ba7a-00247e766500}\Shell - "" = AutoRun O33 - MountPoints2\{403e1d86-9156-11e1-ba7a-00247e766500}\Shell\AutoRun\command - "" = G:\SETUP.EXE O33 - MountPoints2\{403e1d86-9156-11e1-ba7a-00247e766500}\Shell\configure\command - "" = G:\SETUP.EXE O33 - MountPoints2\{403e1d86-9156-11e1-ba7a-00247e766500}\Shell\install\command - "" = G:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.18 17:42:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.11.18 17:42:24 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.11.18 17:42:20 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.11.18 17:42:20 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.11.18 17:42:20 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.11.18 17:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.11.18 17:30:00 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.11.18 17:30:00 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.11.18 17:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.11.16 15:05:17 | 000,000,000 | ---D | C] -- d:\Users\******\Documents\Outlook-Dateien [2012.11.16 13:33:44 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Clipboarder [2012.11.16 03:06:33 | 000,032,768 | ---- | C] (Analog Devices) -- C:\Windows\SysWow64\adidrm.dll [2012.11.16 03:06:32 | 000,060,928 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysWow64\SFFXComm.dll [2012.11.16 03:06:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundMAX [2012.11.16 03:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicFocus [2012.11.15 23:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2012.11.14 21:32:19 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.14 21:32:19 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.14 21:32:02 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2012.11.14 21:32:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012.11.14 21:32:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012.11.14 21:32:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2012.11.14 21:32:01 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2012.11.14 21:32:00 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012.11.14 21:32:00 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2012.11.14 21:32:00 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2012.11.14 21:32:00 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2012.11.14 21:32:00 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2012.11.14 21:32:00 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2012.11.14 21:32:00 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2012.11.14 21:32:00 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2012.11.14 21:32:00 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2012.11.14 21:32:00 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2012.11.14 21:32:00 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2012.11.14 21:32:00 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2012.11.14 21:32:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2012.11.14 21:32:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2012.11.14 21:32:00 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2012.11.14 21:32:00 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2012.11.14 21:32:00 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2012.11.14 21:31:59 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2012.11.14 21:31:59 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2012.11.14 21:26:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.14 21:26:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.14 21:26:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.14 21:26:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.14 21:26:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.14 21:26:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.14 21:26:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.14 21:26:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.14 21:26:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.14 21:26:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.14 21:26:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.14 21:26:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.14 21:26:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.14 21:26:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.14 21:26:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.14 21:22:04 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.14 21:22:03 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.14 21:22:03 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.14 21:22:03 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.14 21:21:05 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012.11.14 21:21:05 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.11.14 20:08:38 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.14 20:08:38 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.14 20:08:38 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.14 20:08:38 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.14 20:08:38 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.14 20:08:38 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.14 20:08:03 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.14 20:08:03 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.14 20:08:03 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.14 20:07:03 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.14 20:07:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.11 01:41:53 | 000,000,000 | ---D | C] -- d:\Users\******\Documents\Frisuren [2012.11.10 18:53:27 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\Niki [2012.11.10 15:36:29 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\S [2012.11.09 15:39:54 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Gigaset_Communications_Gm [2012.11.05 14:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.29 15:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.24 21:02:19 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Avira [2012.10.24 20:57:00 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.10.24 20:57:00 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.10.24 20:57:00 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.10.24 20:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.10.24 20:56:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.10.23 22:18:56 | 000,000,000 | ---D | C] -- d:\Users\******\Documents\Bluetooth-Exchange-Ordner [2012.10.22 15:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP [2012.10.22 14:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP [2012.10.22 11:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\DeltaCopy [2012.10.22 01:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\FtpSync [2012.10.22 01:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ISM [2012.10.22 01:29:01 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\Musik Sophie [2012.10.22 01:14:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2BrightSparks [2012.10.22 01:04:34 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Deployment [2012.10.22 01:04:34 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Apps [2012.10.22 00:44:26 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\topster.de [2012.10.22 00:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software [2012.10.21 23:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software [2012.10.21 23:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runtime Software ========== Files - Modified Within 30 Days ========== [2012.11.19 14:37:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.19 13:39:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.19 12:25:59 | 000,002,236 | -H-- | M] () -- d:\Users\******\Documents\Default.rdp [2012.11.19 12:15:16 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.19 12:15:16 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.19 11:38:55 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.19 11:38:55 | 000,657,850 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.19 11:38:55 | 000,619,086 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.19 11:38:55 | 000,131,190 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.19 11:38:55 | 000,107,406 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.19 11:34:01 | 3142,791,168 | -HS- | M] () -- C:\hiberfil.sys [2012.11.19 01:16:19 | 000,062,880 | ---- | M] () -- C:\Users\******\Desktop\Article.pdf [2012.11.18 17:42:15 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2012.11.18 17:42:15 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.11.18 17:42:15 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.11.18 17:42:15 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.11.18 17:42:15 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.11.18 17:42:15 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.11.18 17:29:52 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.11.18 17:29:52 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.11.17 20:55:13 | 474,311,708 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.11.16 02:53:29 | 000,007,607 | ---- | M] () -- C:\Users\******\AppData\Local\Resmon.ResmonCfg [2012.11.15 22:50:23 | 000,001,035 | ---- | M] () -- C:\Users\******\Desktop\PhonerLite.lnk [2012.11.14 21:38:36 | 000,420,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.14 19:13:38 | 000,113,967 | ---- | M] () -- C:\Users\******\Desktop\Edignburgh - Tour.pdf [2012.11.14 11:32:20 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.14 11:32:20 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.08 00:11:29 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.11.08 00:11:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.11.05 15:56:24 | 000,000,962 | ---- | M] () -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.10.26 23:03:33 | 000,020,428 | ---- | M] () -- d:\Users\******\Documents\KeePass_Database.kdb [2012.10.22 15:57:17 | 000,000,600 | ---- | M] () -- C:\Users\******\AppData\Roaming\winscp.rnd [2012.10.21 23:37:36 | 000,008,912 | ---- | M] () -- C:\Users\******\Desktop\FTP-BackUp.buj ========== Files Created - No Company Name ========== [2012.11.19 01:16:28 | 000,062,880 | ---- | C] () -- C:\Users\******\Desktop\Article.pdf [2012.11.14 21:32:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.14 21:22:03 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.14 19:13:38 | 000,113,967 | ---- | C] () -- C:\Users\******\Desktop\Edignburgh - Tour.pdf [2012.11.07 21:16:17 | 474,311,708 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.10.22 14:54:25 | 000,000,600 | ---- | C] () -- C:\Users\******\AppData\Roaming\winscp.rnd [2012.10.22 14:47:36 | 000,002,236 | -H-- | C] () -- d:\Users\******\Documents\Default.rdp [2012.08.06 11:37:50 | 000,000,028 | ---- | C] () -- C:\Users\******\AppData\Roaming\PhonerLitesettings.ini [2012.04.29 06:21:29 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.28 15:02:49 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI [2012.04.28 13:32:30 | 000,186,928 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll [2012.04.28 13:32:30 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2012.04.27 18:22:42 | 000,007,607 | ---- | C] () -- C:\Users\******\AppData\Local\Resmon.ResmonCfg [2012.03.28 20:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.03.28 20:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.03.28 20:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.03.28 20:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.03.28 20:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.06.03 11:32:40 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2011.06.03 11:32:40 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2011.06.03 11:32:40 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin ========== ZeroAccess Check ========== [2009.07.14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.31 12:45:06 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\1&1 [2012.09.06 19:50:33 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Acronis [2012.05.31 21:01:10 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Amazon [2012.04.28 18:17:23 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Canneverbe Limited [2012.04.28 19:57:43 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Credential Manager [2012.11.19 11:36:23 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Dropbox [2012.09.20 00:08:07 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoft [2012.09.20 00:08:01 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.09 14:17:41 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\e-academy Inc [2012.05.07 06:24:23 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\elsterformular [2012.11.19 02:42:56 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\FileZilla [2012.06.04 00:23:06 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\FTPbox [2012.10.22 14:56:42 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\KeePass [2012.10.17 23:33:40 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\MyPhoneExplorer [2012.07.17 13:07:57 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nokia [2012.07.17 13:07:58 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nokia Suite [2012.05.06 14:44:26 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PC Suite [2012.10.22 14:56:42 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PersBackup5 [2012.11.15 22:50:05 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PhonerLite [2012.04.28 18:39:07 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Samsung [2012.04.29 08:51:44 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TeamViewer [2012.10.22 00:46:58 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\topster.de [2012.09.06 14:12:52 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Wireshark ========== Purity Check ========== < End of report > Avira AntiVir Log File (nichts gefunden) Code:
ATTFilter
Avira Free Antivirus
Report file date: Montag, 19. November 2012 14:19
The program is running as an unrestricted full version.
Online services are available.
Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Professional
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : ******
Computer name : LAPTOP******
Version information:
BUILD.DAT : 13.0.0.2761 48279 Bytes 09.11.2012 16:45:00
AVSCAN.EXE : 13.4.0.262 638752 Bytes 14.11.2012 11:30:36
AVSCANRC.DLL : 13.4.0.219 54560 Bytes 09.10.2012 17:19:07
LUKE.DLL : 13.4.0.251 67360 Bytes 14.11.2012 11:32:05
AVSCPLR.DLL : 13.4.0.262 93984 Bytes 13.11.2012 00:16:55
AVREG.DLL : 13.4.0.244 245536 Bytes 13.11.2012 00:16:55
avlode.dll : 13.4.0.255 426272 Bytes 14.11.2012 11:32:21
avlode.rdf : 13.0.0.24 7196 Bytes 27.09.2012 10:30:38
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 14:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 14:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 14:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 14:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 14:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 14:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 14:42:40
VBASE007.VDF : 7.11.45.207 2363904 Bytes 11.10.2012 20:57:58
VBASE008.VDF : 7.11.45.208 2048 Bytes 11.10.2012 20:57:58
VBASE009.VDF : 7.11.45.209 2048 Bytes 11.10.2012 20:57:58
VBASE010.VDF : 7.11.45.210 2048 Bytes 11.10.2012 20:57:58
VBASE011.VDF : 7.11.45.211 2048 Bytes 11.10.2012 20:57:58
VBASE012.VDF : 7.11.45.212 2048 Bytes 11.10.2012 20:57:58
VBASE013.VDF : 7.11.45.213 2048 Bytes 11.10.2012 20:57:59
VBASE014.VDF : 7.11.46.65 220160 Bytes 16.10.2012 20:58:00
VBASE015.VDF : 7.11.46.153 173568 Bytes 18.10.2012 20:58:01
VBASE016.VDF : 7.11.46.223 162304 Bytes 19.10.2012 20:58:02
VBASE017.VDF : 7.11.47.35 126464 Bytes 22.10.2012 20:58:03
VBASE018.VDF : 7.11.47.95 175616 Bytes 24.10.2012 20:58:04
VBASE019.VDF : 7.11.47.177 164352 Bytes 26.10.2012 14:37:35
VBASE020.VDF : 7.11.47.229 143360 Bytes 28.10.2012 14:37:35
VBASE021.VDF : 7.11.48.47 138240 Bytes 30.10.2012 14:37:36
VBASE022.VDF : 7.11.48.135 122880 Bytes 01.11.2012 14:37:36
VBASE023.VDF : 7.11.48.209 142848 Bytes 05.11.2012 14:37:36
VBASE024.VDF : 7.11.48.243 119296 Bytes 05.11.2012 20:37:36
VBASE025.VDF : 7.11.49.47 136704 Bytes 07.11.2012 18:40:22
VBASE026.VDF : 7.11.49.135 194560 Bytes 09.11.2012 01:25:19
VBASE027.VDF : 7.11.49.209 188416 Bytes 12.11.2012 00:16:54
VBASE028.VDF : 7.11.50.27 212992 Bytes 14.11.2012 15:10:28
VBASE029.VDF : 7.11.50.105 200704 Bytes 18.11.2012 17:28:57
VBASE030.VDF : 7.11.50.106 2048 Bytes 18.11.2012 17:28:57
VBASE031.VDF : 7.11.50.122 53760 Bytes 19.11.2012 11:39:16
Engine version : 8.2.10.202
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 14:42:55
AESCRIPT.DLL : 8.1.4.66 463227 Bytes 12.11.2012 13:01:01
AESCN.DLL : 8.1.9.4 131445 Bytes 15.11.2012 15:10:38
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 16:58:06
AERDL.DLL : 8.2.0.74 643445 Bytes 07.11.2012 18:40:30
AEPACK.DLL : 8.3.0.40 815479 Bytes 12.11.2012 13:01:01
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 14:37:43
AEHEUR.DLL : 8.1.4.138 5542265 Bytes 15.11.2012 15:10:38
AEHELP.DLL : 8.1.25.2 258423 Bytes 24.10.2012 20:58:08
AEGEN.DLL : 8.1.6.10 438646 Bytes 15.11.2012 15:10:29
AEEXP.DLL : 8.2.0.10 119158 Bytes 05.11.2012 14:37:43
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 14:42:55
AECORE.DLL : 8.1.29.2 201079 Bytes 07.11.2012 18:40:23
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:37:37
AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 19:09:30
AVPREF.DLL : 13.4.0.163 50464 Bytes 19.09.2012 19:07:51
AVREP.DLL : 13.4.0.244 177952 Bytes 13.11.2012 00:16:55
AVARKT.DLL : 13.4.0.232 260384 Bytes 16.10.2012 17:55:29
AVEVTLOG.DLL : 13.4.0.232 167200 Bytes 16.10.2012 17:56:35
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 18:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 19:08:55
NETNT.DLL : 13.4.0.163 15648 Bytes 19.09.2012 19:16:26
RCIMAGE.DLL : 13.4.0.163 4782880 Bytes 19.09.2012 20:40:13
RCTEXT.DLL : 13.4.0.163 66336 Bytes 19.10.2012 12:56:26
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended
Start of the scan: Montag, 19. November 2012 14:19
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting search for hidden objects.
The scan of running processes will be started:
Scan process 'svchost.exe' - '60' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '100' Module(s) have been scanned
Scan process 'ATService.exe' - '49' Module(s) have been scanned
Scan process 'HpFkCrypt.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '91' Module(s) have been scanned
Scan process 'svchost.exe' - '104' Module(s) have been scanned
Scan process 'svchost.exe' - '165' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '79' Module(s) have been scanned
Scan process 'Hpservice.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '85' Module(s) have been scanned
Scan process 'spoolsv.exe' - '91' Module(s) have been scanned
Scan process 'ac.sharedstore.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '76' Module(s) have been scanned
Scan process 'acevents.exe' - '60' Module(s) have been scanned
Scan process 'sched.exe' - '48' Module(s) have been scanned
Scan process 'svchost.exe' - '67' Module(s) have been scanned
Scan process 'schedul2.exe' - '27' Module(s) have been scanned
Scan process 'armsvc.exe' - '30' Module(s) have been scanned
Scan process 'AEADISRV.EXE' - '18' Module(s) have been scanned
Scan process 'agr64svc.exe' - '17' Module(s) have been scanned
Scan process 'avguard.exe' - '78' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '70' Module(s) have been scanned
Scan process 'avmike.exe' - '44' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '37' Module(s) have been scanned
Scan process 'SyncService.exe' - '28' Module(s) have been scanned
Scan process 'certsrv.exe' - '26' Module(s) have been scanned
Scan process 'nwtsrv.exe' - '47' Module(s) have been scanned
Scan process 'CTskMstr.exe' - '49' Module(s) have been scanned
Scan process 'StarMoneyOnlineUpdate.exe' - '50' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'TeamViewer_Service.exe' - '89' Module(s) have been scanned
Scan process 'IAANTMon.exe' - '42' Module(s) have been scanned
Scan process 'avshadow.exe' - '29' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '35' Module(s) have been scanned
Scan process 'taskhost.exe' - '53' Module(s) have been scanned
Scan process 'Dwm.exe' - '33' Module(s) have been scanned
Scan process 'AsGHost.exe' - '136' Module(s) have been scanned
Scan process 'Explorer.EXE' - '247' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '45' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '48' Module(s) have been scanned
Scan process 'igfxtray.exe' - '30' Module(s) have been scanned
Scan process 'hkcmd.exe' - '49' Module(s) have been scanned
Scan process 'igfxpers.exe' - '34' Module(s) have been scanned
Scan process 'acevents.exe' - '62' Module(s) have been scanned
Scan process 'accrdsub.exe' - '70' Module(s) have been scanned
Scan process 'schedhlp.exe' - '32' Module(s) have been scanned
Scan process 'SoundMAX.exe' - '51' Module(s) have been scanned
Scan process 'StikyNot.exe' - '38' Module(s) have been scanned
Scan process 'Kies.exe' - '86' Module(s) have been scanned
Scan process 'sidebar.exe' - '108' Module(s) have been scanned
Scan process 'GoogleCalendarSync.exe' - '73' Module(s) have been scanned
Scan process 'Dropbox.exe' - '78' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '68' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '67' Module(s) have been scanned
Scan process 'VCDDaemon.exe' - '35' Module(s) have been scanned
Scan process 'KiesTrayAgent.exe' - '88' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '19' Module(s) have been scanned
Scan process 'pthosttr.exe' - '97' Module(s) have been scanned
Scan process 'TrueImageMonitor.exe' - '51' Module(s) have been scanned
Scan process 'TimounterMonitor.exe' - '41' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '75' Module(s) have been scanned
Scan process 'avgnt.exe' - '89' Module(s) have been scanned
Scan process 'pdf24.exe' - '38' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '43' Module(s) have been scanned
Scan process 'jusched.exe' - '32' Module(s) have been scanned
Scan process 'VolCtrl.exe' - '35' Module(s) have been scanned
Scan process 'iPodService.exe' - '35' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '108' Module(s) have been scanned
Scan process 'helppane.exe' - '85' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '112' Module(s) have been scanned
Scan process 'OSPPSVC.EXE' - '34' Module(s) have been scanned
Scan process 'splwow64.exe' - '28' Module(s) have been scanned
Scan process 'hpqToaster.exe' - '50' Module(s) have been scanned
Scan process 'firefox.exe' - '184' Module(s) have been scanned
Scan process 'avcenter.exe' - '126' Module(s) have been scanned
Scan process 'avscan.exe' - '109' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '43' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '30' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'wininit.exe' - '28' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'services.exe' - '35' Module(s) have been scanned
Scan process 'lsass.exe' - '81' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'winlogon.exe' - '34' Module(s) have been scanned
Starting to scan executable files (registry):
The registry was scanned ( '3457' files ).
Starting the file scan:
Begin scan in 'C:\'
Begin scan in 'D:\' <Volume>
End of the scan: Montag, 19. November 2012 14:50
Used time: 31:10 Minute(s)
The scan has been done completely.
36999 Scanned directories
595359 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
595359 Files not concerned
6223 Archives were scanned
0 Warnings
0 Notes
747974 Objects were scanned with rootkit scan
0 Hidden objects were found
Vielen Dank für eure Hilfe!!!   Malwarebytes Anti-Malware Logfile Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.20.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Thomas :: LAPTOP**** [Administrator] 20.11.2012 13:52:24 mbam-log-2012-11-20 (13-52-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 399082 Laufzeit: 42 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
| Themen zu Vodafone PDF Trojaner |
| 7-zip, antivir, avira, bho, bonjour, converter, desktop, e-mail, ebanking, error, excel, failed, flash player, focus, google, install.exe, kunde, launch, log file, logfile, mp3, msiexec.exe, myphoneexplorer, plug-in, richtlinie, scan, senden, software, starmoney, svchost.exe, system, taskhost.exe, trojaner, updates, windows, windows updates, wlansvc, wörter |
Baum-Darstellung