Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Java/CVE-2012-0507.CG und Windows Performanz

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.11.2012, 16:06   #1
gunnar_p
 
Java/CVE-2012-0507.CG und Windows Performanz - Standard

Java/CVE-2012-0507.CG und Windows Performanz



Hi,

Meine Windows Performanz ist seit etwa 14 Tagen total im Keller. Das äussert sich so: wenn ich den Windows Explorer öffne, dauert es 30-40 sec um die Verzeichnisstruktur aufzubauen. Um von einem Ordner in den nächsten zu springen ebensolange. Ebenfalls: wenn ich zB an eine Mail einen Anhang anfügen möchte, dauert es ebenso lange bis ich mich durch die Verzeichnisse bewegt habe, um die Datei zu finden.
Internet und Mail machen keine Probleme. Auch das Arbeiten mit Office ist ok.

Habe Defragmentiert. Hat nicht geholfen.
Habe einen Komplettcheck von Microsoft Security Essentials laufen lassen. Dabei wurde Java/CVE-2012-0507.CG gefunden (Pfade der Container Files siehe unten). Ich habe das von Microsoft Sec Ess entfernen lassen. An meiner Performanz hat sich aber nichts geändert.

Aufgetaucht ist das Problem vor etwa 14 Tagen. Was habe ich in diesem Zeitraum getan (ausser Surfen):
* neuen Drucker installiert
* ACRONIS Backup installiert
* CEWE Fotobuch installiert (Probleme bestanden bereits zuvor).
* Ausserdem habe ich mich in drei öffentliche Netze eingewählt (meine Office, ein dt. Ministerium, ein Hotel mit neuem Wireless-System, das eigentlich nicht funktiniert hat).

Nachdem die Veränderung am Rechner eher von heute auf morgen geschehen ist, habe ich keine Aktionen zu Windows XP Performanzsteigerung (wie in vielen Foren beschrieben) durchgeführt.
Können meine Performanzeinbussen durch einen Virus verursacht sein, oder kann eine defekte Festplatte genauso Grund dafür sein?
Hier mein 1) Info zu Containerfile des Java/CVE-2012-0507.CG
2) OTL.txt, 3) Extras.txt und 4) GMER.txt

Herzlichen Dank schonmal!
Gunnar

Code:
ATTFilter
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temp\jar_cache7850807490239257618.tmp
file:C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temp\jar_cache7850807490239257618.tmp->h/nxpPHC.class
file:C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temp\jar_cache7850807490239257618.tmp->h/Xbrt.class
         
OTL:
Code:
ATTFilter
OTL logfile created on: 21.11.2012 00:39:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 75,62% Memory free
4,84 Gb Paging File | 4,22 Gb Available in Paging File | 87,15% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 80,00 Gb Total Space | 27,07 Gb Free Space | 33,84% Space Free | Partition Type: NTFS
Drive D: | 142,88 Gb Total Space | 14,87 Gb Free Space | 10,41% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG-P560 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.21 00:35:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
PRC - [2012.11.11 14:18:29 | 003,729,400 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.09.24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.09.12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.08.23 03:50:28 | 000,813,576 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
PRC - [2012.08.23 03:50:22 | 000,403,888 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
PRC - [2012.08.23 03:49:48 | 006,049,096 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2012.08.18 21:22:02 | 007,027,752 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2012.07.24 15:13:58 | 000,943,856 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\TibMounterMonitor.exe
PRC - [2012.07.03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2012.05.24 12:28:56 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.10.17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\HPBDSService\HPBDSService.exe
PRC - [2011.10.14 13:27:46 | 000,304,696 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\StatusAlerts\bin\HPStatusAlerts.exe
PRC - [2011.08.04 00:12:46 | 000,164,352 | ---- | M] (HP) -- C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2010.04.06 00:41:46 | 000,116,224 | ---- | M] (Brio) -- C:\Programme\FolderSize\FolderSizeSvc.exe
PRC - [2009.01.09 19:14:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.01.09 19:14:42 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2008.10.07 16:13:44 | 002,772,992 | ---- | M] () -- C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
PRC - [2008.10.06 17:07:26 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008.09.08 12:20:18 | 000,031,248 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkCSrv.exe
PRC - [2008.08.13 12:57:52 | 002,670,592 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
PRC - [2008.08.13 12:54:16 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe
PRC - [2008.08.13 12:49:18 | 000,018,944 | ---- | M] () -- C:\Programme\Softex\OmniPass\OPXPApp.exe
PRC - [2008.05.21 15:44:30 | 000,299,008 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\MagicKBD\PerformanceManager.exe
PRC - [2008.05.20 19:02:08 | 000,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Programme\Samsung\MagicKBD\MagicKBD.exe
PRC - [2008.05.01 23:41:38 | 000,136,488 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2008.05.01 23:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.18 04:27:12 | 000,013,312 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2008.03.17 17:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2007.12.20 19:40:30 | 000,659,456 | ---- | M] (Samsung Electronics,.LTD) -- C:\Programme\Samsung\Samsung EDS\EDSAgent.exe
PRC - [2007.07.23 23:59:22 | 000,660,760 | ---- | M] (Infineon Technologies AG) -- C:\Programme\Infineon\Security Platform Software\SpTNA.exe
PRC - [2007.07.23 23:59:22 | 000,185,624 | ---- | M] (Infineon Technologies AG) -- C:\Programme\Infineon\Security Platform Software\PSDrt.exe
PRC - [2007.07.23 23:59:12 | 000,140,568 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IfxPsdSv.exe
PRC - [2006.10.30 13:29:28 | 000,036,864 | ---- | M] () -- C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe
PRC - [2006.03.14 06:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2004.03.08 13:26:30 | 000,548,864 | ---- | M] () -- C:\Programme\ESRI\License\arcgis9x\ARCGIS.EXE
PRC - [1999.12.01 12:38:28 | 000,467,968 | ---- | M] () -- C:\Programme\ESRI\License\arcgis9x\lmgrd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.16 15:32:14 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\b75ca75b9c2eb103f98a457ec9256ce7\System.Xml.Linq.ni.dll
MOD - [2012.11.16 15:31:44 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\b809681da85a58046cb39f268b6697ad\System.Web.ni.dll
MOD - [2012.11.16 15:31:35 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll
MOD - [2012.11.16 15:31:27 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\709bb78b419d5d5e30f2acfd722abb29\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2012.11.16 15:31:21 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\188d6391f7485a07e1218b5fc4ec2207\System.Deployment.ni.dll
MOD - [2012.11.16 15:30:21 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012.11.16 15:28:05 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012.11.16 15:27:59 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll
MOD - [2012.11.16 15:27:43 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll
MOD - [2012.11.16 15:27:18 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\3710da7b61c2c4ed10903487dbde1c35\System.Core.ni.dll
MOD - [2012.11.16 15:26:12 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012.11.16 15:26:00 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012.11.16 15:24:57 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.08.23 03:35:38 | 013,873,200 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\ti_managers.dll
MOD - [2012.08.23 03:31:22 | 001,590,656 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Acronis\Home\icudt38.dll
MOD - [2012.08.23 01:12:16 | 000,019,840 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
MOD - [2012.08.23 00:42:50 | 000,435,584 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Acronis\Home\ulxmlrpcpp.dll
MOD - [2012.07.27 21:51:38 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2012.07.24 14:48:28 | 000,012,160 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\icudt38.dll
MOD - [2011.10.14 13:25:02 | 000,111,160 | ---- | M] () -- C:\Programme\HP\StatusAlerts\bin\NativeUtils.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2009.09.21 13:10:41 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.09.21 13:10:37 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2009.09.21 13:10:35 | 000,413,696 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll
MOD - [2008.10.07 16:13:44 | 002,772,992 | ---- | M] () -- C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
MOD - [2008.08.13 12:58:48 | 000,047,056 | ---- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll
MOD - [2008.08.13 12:57:52 | 002,670,592 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
MOD - [2008.08.13 12:49:18 | 000,073,728 | ---- | M] () -- C:\Programme\Softex\OmniPass\OPXPGina.dll
MOD - [2008.08.13 12:49:18 | 000,018,944 | ---- | M] () -- C:\Programme\Softex\OmniPass\OPXPApp.exe
MOD - [2008.08.13 12:48:18 | 000,151,552 | ---- | M] () -- C:\Programme\Softex\OmniPass\ginastub.dll
MOD - [2008.08.13 12:48:04 | 000,061,440 | ---- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll
MOD - [2008.08.13 12:47:46 | 000,438,272 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll
MOD - [2008.08.13 12:47:34 | 001,101,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll
MOD - [2008.08.13 12:47:26 | 000,540,672 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll
MOD - [2008.08.13 12:47:26 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll
MOD - [2008.08.13 12:47:12 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll
MOD - [2008.07.29 12:55:14 | 000,969,728 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2008.05.14 14:13:00 | 001,486,848 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2008.05.14 14:13:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007.04.01 08:00:28 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2006.10.30 13:29:28 | 000,036,864 | ---- | M] () -- C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe
MOD - [2006.08.12 11:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll
MOD - [2005.07.12 15:34:22 | 000,045,056 | ---- | M] () -- C:\Programme\Samsung\MagicKBD\EasyBoxDll.dll
MOD - [2004.03.08 13:26:30 | 000,548,864 | ---- | M] () -- C:\Programme\ESRI\License\arcgis9x\ARCGIS.EXE
MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
MOD - [1999.12.01 12:38:28 | 000,467,968 | ---- | M] () -- C:\Programme\ESRI\License\arcgis9x\lmgrd.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.11 14:18:29 | 003,729,400 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012.11.11 09:45:01 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.30 19:50:32 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.08.23 03:50:28 | 000,813,576 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012.08.18 21:22:02 | 007,027,752 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.24 12:28:56 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.10.17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\HP\HPBDSService\HPBDSService.exe -- (HP DS Service)
SRV - [2011.08.04 00:12:46 | 000,164,352 | ---- | M] (HP) [Auto | Running] -- C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.03.07 22:50:03 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.09.01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010.04.06 00:41:46 | 000,116,224 | ---- | M] (Brio) [Auto | Running] -- C:\Programme\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009.04.30 21:43:01 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008.09.08 12:20:18 | 000,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\system32\StkCSrv.exe -- (StkSSrv)
SRV - [2008.08.13 12:54:16 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2008.05.13 07:44:00 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2008.05.01 23:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2008.03.18 04:27:12 | 000,013,312 | R--- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.03.17 17:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007.07.23 23:59:12 | 000,140,568 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2006.10.30 13:29:28 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe -- (SNM WLAN Service)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.03.27 16:45:52 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\RSI\IDL63\bin\bin.x86\idl_dicomexstorscp.exe -- (IDL DicomEx Storage SCP)
SRV - [2006.03.14 06:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2005.11.14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [1999.12.01 12:41:52 | 000,592,896 | ---- | M] () [Auto | Stopped] -- C:\Programme\ESRI\License\arcgis9x\lmtools.exe -- (27000@samsung-p560)
SRV - [1999.12.01 12:38:28 | 000,467,968 | ---- | M] () [Auto | Running] -- C:\Programme\ESRI\License\arcgis9x\lmgrd.exe -- (samsung-p560)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- system32\ZoneLabs\srescan.sys -- (srescan)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | Auto | Stopped] -- SYSTEM32\drivers\DS1410D.SYS -- (DS1410D)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.11.21 00:26:46 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{88EE135E-80A8-42C9-B822-239BF61F4495}\MpKslaa2966f6.sys -- (MpKslaa2966f6)
DRV - [2012.11.11 14:18:33 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2012.11.11 14:18:22 | 000,806,184 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2012.11.11 14:18:15 | 000,689,672 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tib_mounter.sys -- (tib_mounter)
DRV - [2012.11.11 14:18:08 | 000,139,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vididr.sys -- (vididr)
DRV - [2012.11.11 14:18:07 | 000,099,720 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vidsflt.sys -- (vidsflt)
DRV - [2012.11.11 14:18:04 | 000,192,904 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2012.11.11 14:17:56 | 000,093,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2012.03.16 13:55:26 | 000,102,784 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012.03.16 13:55:26 | 000,089,856 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012.03.16 13:55:26 | 000,073,984 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012.03.16 13:55:26 | 000,066,688 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2012.03.16 13:55:26 | 000,026,624 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2012.03.16 13:55:26 | 000,011,136 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2010.12.17 06:56:10 | 000,014,424 | ---- | M] (Ghisler Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\totalcmd\CGLPTNT.SYS -- (cglptnt)
DRV - [2009.10.26 14:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2008.09.12 19:30:08 | 001,374,736 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2008.09.05 20:20:22 | 000,041,376 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2008.05.30 12:44:42 | 000,146,944 | R--- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2008.05.20 09:53:00 | 004,800,000 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008.04.15 09:16:44 | 000,244,368 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress)
DRV - [2008.03.21 04:13:00 | 001,203,776 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.03.17 21:14:52 | 000,015,144 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008.02.15 17:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.01.15 21:11:46 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008.01.14 18:01:02 | 000,030,208 | ---- | M] (Samsung Electronics,.LTD) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS -- (DNSeFilter)
DRV - [2007.07.23 23:59:14 | 000,038,816 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2007.07.23 23:59:12 | 000,041,216 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007.03.31 05:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.03.23 02:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007.03.23 02:50:36 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007.03.23 02:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007.03.23 02:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007.03.23 02:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007.02.16 20:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007.02.16 01:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006.03.14 06:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)
DRV - [2000.08.24 00:19:38 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {EBDE5A0F-6BBF-459D-9B97-4C256F56BC3C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{EBDE5A0F-6BBF-459D-9B97-4C256F56BC3C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb}:1.5.3
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..keyword.URL: "hxxp://go.gmx.net/tb/mff_keyurl_search/?su="
FF - prefs.js..network.proxy.http: "31.7.56.72"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, fritz.box, 192.168.178.254, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Programme\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.9: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.29 20:38:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.29 00:23:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.10.30 19:49:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010.09.01 21:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.09.01 21:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.16 00:00:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions
[2010.04.28 09:07:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.10.03 10:45:31 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.05.12 00:02:37 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2012.09.26 20:53:48 | 000,000,000 | ---D | M] (Ghostery) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\firefox@ghostery.com
[2012.11.10 12:31:34 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\https-everywhere@eff.org
[2012.09.16 09:20:29 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\ich@maltegoetz.de
[2011.05.17 20:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\nostmp
[2012.02.08 23:18:14 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\piclens@cooliris.com
[2012.11.03 17:31:37 | 002,042,908 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\firebug@software.joehewitt.com.xpi
[2012.10.23 15:58:46 | 000,183,174 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\stealthyextension@gmail.com.xpi
[2012.11.16 00:00:18 | 000,530,679 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011.08.19 18:08:10 | 000,031,532 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}.xpi
[2012.07.25 20:25:19 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.02.09 22:12:13 | 000,138,614 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012.10.29 20:38:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.04 21:52:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.05.04 14:02:43 | 000,303,416 | ---- | M] (Cisco WebEx LLC) -- C:\Programme\mozilla firefox\plugins\ieatgpc.dll
[2012.05.04 14:02:27 | 000,215,864 | ---- | M] (Cisco WebEx LLC) -- C:\Programme\mozilla firefox\plugins\npatgpc.dll
[2009.11.18 15:49:42 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.06.27 19:57:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [DMHotKey] C:\Programme\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [StatusAlerts] C:\Programme\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [Power2GoExpress] NA File not found
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.71.128.11 80.71.128.27
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{486B557B-F110-4BF1-88D5-1D07F221CC27}: DhcpNameServer = 80.71.128.11 80.71.128.27
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Programme\Softex\OmniPass\opxpgina.dll) - C:\Programme\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.04.06 13:57:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.21 00:34:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2012.11.19 21:48:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\restore
[2012.11.19 21:00:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\dm-Fotowelt
[2012.11.19 20:44:28 | 000,000,000 | ---D | C] -- C:\Programme\dm
[2012.11.14 10:40:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2012.11.11 14:20:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Acronis
[2012.11.11 14:18:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012.11.11 14:17:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2012.11.11 14:17:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Acronis
[2012.11.11 14:17:20 | 000,000,000 | ---D | C] -- C:\Programme\Acronis
[2012.11.11 14:17:18 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Acronis
[2012.11.05 20:23:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\HP
[2012.11.05 20:22:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Hewlett-Packard Company
[2012.11.05 20:21:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\HpUpdate
[2012.11.05 20:21:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HP_LaserJet_Fax_0_6
[2012.11.05 20:20:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HP
[2012.11.05 20:20:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HP
[2012.11.05 20:20:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hewlett-Packard
[2012.11.05 20:20:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\HP
[2012.11.05 20:19:27 | 000,187,960 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\hppscancoins32.dll
[2012.11.05 20:16:29 | 000,000,000 | ---D | C] -- C:\Programme\HP
[2012.10.30 19:49:29 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird
[2012.10.29 20:37:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Downloads
[2012.10.29 00:22:54 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.21 00:41:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.11.21 00:36:55 | 000,003,938 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2012.11.21 00:35:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.11.21 00:35:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2012.11.21 00:34:41 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012.11.21 00:32:19 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2012.11.21 00:26:03 | 000,186,442 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.11.21 00:24:29 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.21 00:24:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.11.20 23:48:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.20 20:45:04 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012.11.20 20:21:16 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012.11.19 21:00:45 | 000,000,751 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\dm-Fotowelt.lnk
[2012.11.19 20:58:46 | 000,025,671 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Malena-Zeug PRIVAT BØRNEPASNING.pdf
[2012.11.19 20:28:53 | 000,130,048 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.18 14:30:04 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012.11.18 10:15:07 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012.11.16 20:29:05 | 000,325,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.11.16 15:36:08 | 000,517,730 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.11.16 15:36:08 | 000,494,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.11.16 15:36:08 | 000,101,838 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.11.16 15:36:08 | 000,084,902 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.11.16 15:26:58 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.11.11 14:17:53 | 000,000,836 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\True Image 2013.lnk
[2012.11.08 20:13:12 | 000,002,435 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Lexware buchhalter.lnk
[2012.11.08 15:51:10 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini
[2012.11.05 20:21:33 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LJ200 M276 Scan.lnk
[2012.11.05 20:21:23 | 000,000,608 | -HS- | M] () -- C:\WINDOWS\System32\winzvprt5.sys
[2012.11.05 20:21:23 | 000,000,222 | ---- | M] () -- C:\WINDOWS\System32\hppfaxprinter5.ini
[2012.11.05 20:20:35 | 000,001,008 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LaserJet 200 color MFP M276 - Hilfe- und Lern-Center.lnk
[2012.10.29 20:39:15 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2012.10.25 19:52:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
 
========== Files Created - No Company Name ==========
 
[2012.11.21 00:33:22 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2012.11.19 21:00:45 | 000,000,751 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\dm-Fotowelt.lnk
[2012.11.19 20:58:46 | 000,025,671 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Malena-Zeug PRIVAT BØRNEPASNING.pdf
[2012.11.11 14:17:53 | 000,000,836 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\True Image 2013.lnk
[2012.11.05 23:25:49 | 000,244,992 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.11.05 20:21:55 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2012.11.05 20:21:55 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2012.11.05 20:21:54 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2012.11.05 20:21:54 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2012.11.05 20:21:33 | 000,000,927 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LJ200 M276 Scan.lnk
[2012.11.05 20:21:23 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys
[2012.11.05 20:21:23 | 000,000,222 | ---- | C] () -- C:\WINDOWS\System32\hppfaxprinter5.ini
[2012.11.05 20:20:35 | 000,001,008 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LaserJet 200 color MFP M276 - Hilfe- und Lern-Center.lnk
[2012.10.29 20:39:15 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2012.10.29 20:39:15 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2012.04.17 14:58:12 | 000,138,608 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvmc100.dll
[2012.04.17 14:58:10 | 000,074,608 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvm100.dll
[2012.04.17 14:58:08 | 000,309,616 | ---- | C] () -- C:\WINDOWS\System32\LxDNT100.dll
[2012.02.27 09:41:52 | 000,202,240 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll
[2012.02.16 19:58:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.03 13:41:41 | 000,002,001 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.bash_history
[2012.02.03 09:30:24 | 000,000,113 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.grassrc6
[2012.01.16 19:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Import71.INI
[2012.01.14 23:55:23 | 000,000,089 | ---- | C] () -- C:\WINDOWS\NetworkAnalystLayerUI.INI
[2011.12.03 22:29:49 | 000,000,702 | ---- | C] () -- C:\WINDOWS\KmsTrans.ini
[2011.10.07 19:20:47 | 000,000,663 | ---- | C] () -- C:\Dokumente und Einstellungen\***\EditLiveForJava.ini
[2011.10.04 19:34:56 | 000,000,186 | ---- | C] () -- C:\WINDOWS\SHPTrans2006.INI
[2011.06.19 19:42:06 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2010.05.05 09:53:41 | 002,510,317 | ---- | C] () -- C:\Dokumente und Einstellungen\***\GeoMaker.CAB
[2010.05.05 09:53:41 | 000,004,253 | ---- | C] () -- C:\Dokumente und Einstellungen\***\SETUP.LST
[2010.05.02 14:31:18 | 000,037,641 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Untitled Gantt Project.png
[2010.05.01 22:43:28 | 000,003,414 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.ganttproject
[2010.03.16 10:49:13 | 000,000,653 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.openev
[2010.03.15 00:31:07 | 000,000,047 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\RegFree.ini
[2010.01.08 22:20:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\hostname
[2009.09.03 18:23:14 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel
[2009.08.18 18:50:13 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND
[2009.08.17 21:58:21 | 000,000,404 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\idl_assistantrc
[2009.06.19 08:05:42 | 000,000,503 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.jalbum-recent-projects.properties
[2009.06.19 07:55:43 | 000,000,038 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.jalbum-ftp-accounts.xml
[2009.06.19 07:40:19 | 000,000,828 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.jalbum-defaults.jap
[2009.06.14 11:53:59 | 000,130,048 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.09.21 13:07:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011.04.25 15:47:19 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.11.11 14:19:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2011.09.06 23:07:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Caphyon
[2011.11.12 09:53:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint
[2011.09.11 19:19:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2009.04.18 19:49:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESRI
[2009.04.06 14:29:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Infineon
[2010.03.15 00:32:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IsolatedStorage
[2012.11.08 20:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2009.04.06 20:51:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2012.07.02 21:31:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL
[2009.12.15 23:40:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PDF Writer
[2011.10.07 19:20:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PersonalBrain
[2012.10.29 20:34:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012.05.19 12:09:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TheBrain
[2012.11.20 20:14:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2012.10.13 20:06:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone
[2011.06.28 20:06:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.04.17 20:28:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010.10.29 20:43:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\.gephi07beta
[2012.11.11 14:20:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Acronis
[2010.08.23 20:47:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AnvSoft
[2010.03.15 00:32:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\BeGraphic
[2012.07.11 20:58:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint
[2012.07.02 21:51:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\com.esri.ags.AppBuilder
[2009.09.21 15:33:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DataEast
[2012.11.21 00:25:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox
[2012.04.15 12:02:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Elluminate
[2012.06.27 20:39:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\EndNote
[2009.09.03 20:40:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\EPSON
[2010.01.21 15:56:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ESRI
[2009.08.18 21:17:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FileZilla
[2009.08.17 20:34:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\fltk.org
[2009.08.02 22:53:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Focus Mp3 Recorder
[2009.07.16 21:07:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Foxit
[2009.09.04 07:46:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0
[2009.04.06 14:29:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Infineon
[2009.06.19 07:40:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\JAlbum
[2010.12.18 23:08:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\JOSM
[2011.03.16 23:00:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech
[2012.06.25 21:20:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Lexware
[2012.08.08 22:00:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Notepad++
[2009.04.06 21:09:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2009.12.27 10:42:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera
[2012.08.18 08:29:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Oracle
[2009.12.15 23:40:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PDF Writer
[2011.10.07 19:21:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PersonalBrain
[2012.01.15 20:15:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\QuteCom
[2012.05.20 21:51:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TheBrain
[2010.09.01 21:24:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Thunderbird
[2012.06.21 22:01:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Tracker Software
[2012.09.26 11:39:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Vodafone
[2012.05.04 14:02:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\webex
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C321E34

< End of report >
         
EXTRA.txt
Code:
ATTFilter
OTL Extras logfile created on: 21.11.2012 00:39:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 75,62% Memory free
4,84 Gb Paging File | 4,22 Gb Available in Paging File | 87,15% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 80,00 Gb Total Space | 27,07 Gb Free Space | 33,84% Space Free | Partition Type: NTFS
Drive D: | 142,88 Gb Total Space | 14,87 Gb Free Space | 10,41% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG-P560 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Programme\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [dm Fotowelt] -- "C:\Programme\Fotowelt\dm Fotowelt.exe" "%1"
Directory [dm-Fotowelt] -- "C:\Programme\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\CyberLink\PowerDVD\PowerDVD.exe" = C:\Programme\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\CyberLink\PowerDVD\PowerDVD.exe" = C:\Programme\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Programme\CyberLink\PowerDirector\PDR.exe" = C:\Programme\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector -- (CyberLink Corp.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\Google\Google Talk\googletalk.exe" = C:\Programme\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\FaxApplications.exe" = C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\FaxApplications.exe:LocalSubNet:Enabled:HP LaserJet 200 color MFP M276 FaxApplications -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\DigitalWizards.exe" = C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\DigitalWizards.exe:LocalSubNet:Enabled:HP LaserJet 200 color MFP M276 DigitalWizards -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\HPNetworkCommunicator.exe" = C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Netzwerkkommunikator (HP LaserJet 200 color MFP M276) -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\EWSProxy.exe" = C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\EWSProxy.exe:LocalSubNet:Enabled:HP LaserJet 200 color MFP M276 EWSProxy -- (Hewlett-Packard Co.)
"E:\Installer\hpbcsiInstaller.exe" = E:\Installer\hpbcsiInstaller.exe:*:Enabled:HP Networked Printer Installer
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{0197D136-598D-4968-BEEA-91C1B764F05D}" = Lexware buchhalter 2012
"{028BF8B5-9143-4A68-84F3-A1A6D2E17889}" = hppLaserJetService
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0535BC5C-33E8-44DB-AEFB-0EDE4EF88052}" = GeoRoverXT
"{08DE5881-1312-46B3-86C0-4001DAB786F0}" = PDF-XChange Viewer
"{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D26E238-B81A-4541-8CAC-5CA3D69C12A5}" = Jalbum
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}" = HPLaserJet200color-MFPM276_HelpLearnCenter_SI
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{138C06D2-CF8E-250A-48D1-7421E7F1A525}" = ArcGIS Viewer for Flex
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{14E82399-E221-43EE-B819-055A00E499C3}" = Infineon TPM Professional Package
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1AA8913B-0A5E-4B70-8A1C-878283EF0F66}" = RSI ENVI 4.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F34839E-4826-4B64-B1B3-42E5AE8DEC5A}" = ArcGIS Desktop
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31A5ED9F-E07B-4F6E-8179-27325BAAC502}" = AuthenTec Fingerprint Sensor Minimum Install
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine for Microtek
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3B701A5D-1F4B-4178-8F86-6EB0D6BB3286}" = Inst565a
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C45ED46-5475-4E88-9EA5-38B962A4B8CF}" = ColorTool 2.0
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{48FB7C81-0EF5-4857-8849-DD526BAC7A36}" = Java Advanced Imaging 1.1.3 for JRE
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B02D3CE-A011-4475-93A5-774E0DA4E27E}" = hpbM276DSService
"{4D667C80-C106-4A7F-984E-42CD19F18CC1}" = Time Slider
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{51722911-C391-4118-97BF-B50100D2AB15}_is1" = Gephi 0.7
"{54525107-4C4E-44AC-AC65-806084151057}" = hppSendFaxM276
"{568C5D3E-5B79-47EC-A34B-8D7C8AEF1F8F}" = HPLJUTCore
"{59F3D2AC-5F1F-4A93-8F23-6FD4F029D9A9}" = True Image 2013
"{59F3D2AC-5F1F-4A93-8F23-6FD4F029D9A9}Visible" = True Image 2013
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.06
"{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}" = hpbDSService
"{6553F4A8-B67F-49BA-A882-FF499C83CF4B}" = 32 Bit HP CIO Components Installer
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6A136292-02AB-428E-8E9A-2628A52FA98E}" = HP LaserJet 200 color MFP M276 Fax
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C0BB722-74DF-4D06-95AA-1D9D4C2E906B}" = KML Geocode
"{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{7C960641-0A27-45C6-96F8-BE4E04A4CC2C}" = hpStatusAlerts
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.22
"{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1
"{88B2E402-DE40-4422-9CCB-D285F8602C93}" = HP Product FWUpdater
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FC67FB0-5F99-4DBC-9B32-E0C027862220}" = MySQL Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9615709B-777E-4EF7-ADF6-45131FA64C1E}" = Easy ALS Manager
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA7C8031-C18D-42A9-8426-0DD1CBCC9E3A}" = hppM276LaserJetService
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B361ED10-259E-4B76-B35E-E47BB6DDDD74}" = hppFaxDrvM276
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7A20537-1A1F-47D4-8526-DC9BABB315FD}" = Lexware Elster
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C97E3F48-DE95-4E00-80AF-32D75C69302D}" = HPLJUTM276
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}" = HP LaserJet 200 color MFP M276
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0AA26A2-08B8-4858-BB69-E50A542DC6ED}" = HP LaserJet 200 color MFP M276 HP Device Toolbox
"{D58D3C8E-2B39-455C-AE79-878AEA3D38FC}" = HP Unified IO
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4289A7B-F94B-4CB5-A09A-96D3634E9669}" = Tableau Public 6.0
"{E6770DAF-AA6B-4875-9B99-16B8FAC70547}" = hpStatusAlertsM276
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA540E75-A545-4C9D-B42E-9C8FC09630C4}" = HP LJ200 M276 HP Scan
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF719B9F-2D42-4790-87E8-005B4088E951}" = KMLReport
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F156F43B-0335-49CE-AA04-8B3FD74BEDD5}" = ArcScripts Cartograms
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.01.25.A
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"1190-3857-8766-9166" = TheBrain 7
"7-Zip" = 7-Zip 4.65
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ArcGIS License Manager" = ArcGIS License Manager
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Banco de Dados Spring DF" = Banco de Dados Spring DF
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1007
"CDex" = CDex - Open Source Digital Audio CD Extractor
"com.esri.ags.AppBuilder" = ArcGIS Viewer for Flex
"dm-Fotowelt" = dm-Fotowelt
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON SX110 Series" = Druckerdeinstallation für EPSON SX110 Series
"ESET Online Scanner" = ESET Online Scanner v3
"ET GeoWizards 9.9" = ET GeoWizards 9.9
"FileZilla Client" = FileZilla Client 3.2.4.1
"Filzip 3.0.6.93_is1" = Filzip 3.06
"FWTools247" = FWTools 2.4.7
"GanttProject" = GanttProject
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"iDump" = iDump (Build: 28)
"ie8" = Windows Internet Explorer 8
"InstallShield_{1AA8913B-0A5E-4B70-8A1C-878283EF0F66}" = RSI ENVI 4.3
"InstallShield_{48FB7C81-0EF5-4857-8849-DD526BAC7A36}" = Java Advanced Imaging 1.1.3 for JRE
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"IrfanView" = IrfanView (remove only)
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Mendeley Desktop" = Mendeley Desktop 1.3.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Monteverdi" = Monteverdi-1.8
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"No23 Recorder" = No23 Recorder
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OTB-Applications" = OrfeoToolbox-Applications-3.10
"Pen Tablet Driver" = Stifttablett
"Prism" = Prism Videodatei-Konverter
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"Python 2.4.1" = Python 2.4.1
"Quantum GIS Wroclaw" = Quantum GIS Wroclaw 1.7.3 Wroclaw
"SpywareBlaster_is1" = SpywareBlaster 4.4
"ST6UNST #1" = GEGraph
"ST6UNST #2" = LIDAR Data Handler (8.1)
"Strassenverzeichnisse_is1" = R2009_V1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 0.9.9
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9C
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{BDE4805C-4A64-4C6D-8547-5B7DB885C65F}_is1" = Daniel's XL Toolbox 5.04
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.11.2012 13:44:48 | Computer Name = SAMSUNG-P560 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 20.11.2012 05:18:02 | Computer Name = SAMSUNG-P560 | Source = PerfNet | ID = 2005
Description = Die Leistungsinformationen vom Serverdienst konnten nicht gelesen 
werden.  Es werden keine Server-Leistungsinformationen zurückgegeben.  Der zurückgegebene
 Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und  die IOSB.Information
 ist DWORD 2.
 
Error - 20.11.2012 05:18:02 | Computer Name = SAMSUNG-P560 | Source = PerfNet | ID = 2006
Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden.
Es
 werden keine Server-Leistungsinformationen zurückgegeben.  Der zurückgegebene Fehlercode
 ist DWORD 0, der IOSB.Status ist DWORD 1 und  die IOSB.Information ist DWORD 2.
 
Error - 20.11.2012 12:51:41 | Computer Name = SAMSUNG-P560 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 20.11.2012 15:12:23 | Computer Name = SAMSUNG-P560 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung dm-fotowelt.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul dm-fotowelt.exe, Version 0.0.0.0, Fehleradresse 0x0000ea87.
 
Error - 20.11.2012 16:32:34 | Computer Name = SAMSUNG-P560 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application hplaserjetservice.exe, version 9.22.816.0, stamp
 4e3a385c, faulting module hpzjcd01.dll, version 7.0.13.0, stamp 48081c3a, debug?
 0, fault address 0x000131ae.
 
Error - 20.11.2012 19:22:49 | Computer Name = SAMSUNG-P560 | Source = nview_info | ID = 11141121
Description = 
 
Error - 20.11.2012 19:25:59 | Computer Name = SAMSUNG-P560 | Source = PerfNet | ID = 2005
Description = Die Leistungsinformationen vom Serverdienst konnten nicht gelesen 
werden.  Es werden keine Server-Leistungsinformationen zurückgegeben.  Der zurückgegebene
 Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und  die IOSB.Information
 ist DWORD 2.
 
Error - 20.11.2012 19:25:59 | Computer Name = SAMSUNG-P560 | Source = PerfNet | ID = 2006
Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden.
Es
 werden keine Server-Leistungsinformationen zurückgegeben.  Der zurückgegebene Fehlercode
 ist DWORD 0, der IOSB.Status ist DWORD 1 und  die IOSB.Information ist DWORD 2.
 
Error - 20.11.2012 19:27:37 | Computer Name = SAMSUNG-P560 | Source = FolderSize | ID = 0
Description = 
 
[ OSession Events ]
Error - 19.04.2010 09:38:43 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18225
 seconds with 4020 seconds of active time.  This session ended with a crash.
 
Error - 05.05.2010 16:14:12 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 05.05.2010 16:14:30 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 26.05.2011 16:08:23 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 26.05.2011 16:11:57 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 22.08.2011 12:13:10 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.08.2011 14:09:30 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.08.2011 14:09:45 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.11.2012 10:44:29 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 10959
 seconds with 2580 seconds of active time.  This session ended with a crash.
 
Error - 17.11.2012 10:44:48 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4020
 seconds with 600 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 20.11.2012 17:15:59 | Computer Name = SAMSUNG-P560 | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 20.11.2012 17:16:04 | Computer Name = SAMSUNG-P560 | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 20.11.2012 17:16:08 | Computer Name = SAMSUNG-P560 | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 20.11.2012 17:16:13 | Computer Name = SAMSUNG-P560 | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 20.11.2012 17:16:18 | Computer Name = SAMSUNG-P560 | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 20.11.2012 17:16:22 | Computer Name = SAMSUNG-P560 | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 20.11.2012 17:16:27 | Computer Name = SAMSUNG-P560 | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 20.11.2012 19:26:25 | Computer Name = SAMSUNG-P560 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DS1410D" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 20.11.2012 19:26:25 | Computer Name = SAMSUNG-P560 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst 27000@samsung-p560.
 
Error - 20.11.2012 19:26:25 | Computer Name = SAMSUNG-P560 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "27000@samsung-p560" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
 
< End of report >
         
GMER.txt
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-21 14:12:08
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHZ2250BH_G2 rev.00000009
Running: kyn4bn1d.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\pxddrfob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys  section is writeable [0xB8F6F360, 0x378C3D, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                    tdrpman.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0   SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device          \Driver\Ftdisk \Device\HarddiskVolume1    fltsrv.sys (Acronis Storage Filter Management Driver/Acronis)
Device          \Driver\Ftdisk \Device\HarddiskVolume2    fltsrv.sys (Acronis Storage Filter Management Driver/Acronis)
Device          \Driver\Ftdisk \Device\HarddiskVolume3    fltsrv.sys (Acronis Storage Filter Management Driver/Acronis)
Device          \Driver\Disk \Device\Harddisk0\DR0        fltsrv.sys (Acronis Storage Filter Management Driver/Acronis)
Device          \Driver\Ftdisk \Device\FtControl          fltsrv.sys (Acronis Storage Filter Management Driver/Acronis)

---- EOF - GMER 1.0.15 ----
         

Alt 22.11.2012, 13:53   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/CVE-2012-0507.CG und Windows Performanz - Standard

Java/CVE-2012-0507.CG und Windows Performanz



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________

__________________

Alt 22.11.2012, 16:29   #3
gunnar_p
 
Java/CVE-2012-0507.CG und Windows Performanz - Standard

Java/CVE-2012-0507.CG und Windows Performanz



Hallo,
danke für Deine Rückmeldung. Hier kommen aswMBR und TDS Killer logs.

aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-22 17:05:39
-----------------------------
17:05:39.718    OS Version: Windows 5.1.2600 Service Pack 3
17:05:39.718    Number of processors: 2 586 0x1706
17:05:39.718    ComputerName: SAMSUNG-P560  UserName: ***
17:05:40.406    Initialize success
17:06:20.734    AVAST engine defs: 12112200
17:06:52.781    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:06:52.781    Disk 0 Vendor: FUJITSU_MHZ2250BH_G2 00000009 Size: 238475MB BusType: 3
17:06:52.812    Disk 0 MBR read successfully
17:06:52.812    Disk 0 MBR scan
17:06:52.843    Disk 0 Windows XP default MBR code
17:06:52.859    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10240 MB offset 2048
17:06:52.859    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        81917 MB offset 20980890
17:06:52.890    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       146310 MB offset 188747685
17:06:52.890    Disk 0 scanning sectors +488392065
17:06:52.953    Disk 0 scanning C:\WINDOWS\system32\drivers
17:07:02.156    Service scanning
17:07:10.937    Service MpKsl42a0614a C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{1DCB9B1A-AE19-45F9-B71B-678FBCF09D10}\MpKsl42a0614a.sys **LOCKED** 32
17:07:22.328    Modules scanning
17:07:28.062    Disk 0 trace - called modules:
17:07:28.078    ntoskrnl.exe fltsrv.sys hal.dll tdrpman.sys CLASSPNP.SYS disk.sys vidsflt.sys atapi.sys pciide.sys PCIIDEX.SYS 
17:07:28.078    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac5dab8]
17:07:28.078    3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x8ac7d948]
17:07:28.078    5 vidsflt.sys[f74edd9b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ac6ed98]
17:07:28.734    AVAST engine scan C:\WINDOWS
17:07:44.703    AVAST engine scan C:\WINDOWS\system32
17:10:23.093    AVAST engine scan C:\WINDOWS\system32\drivers
17:10:36.484    AVAST engine scan C:\Dokumente und Einstellungen\***
17:19:07.218    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\MBR.dat"
17:19:07.218    The log file has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\aswMBR.txt"
         
TDSKiller:
Code:
ATTFilter
17:20:10.0250 3940  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:20:10.0328 3940  ============================================================
17:20:10.0328 3940  Current date / time: 2012/11/22 17:20:10.0328
17:20:10.0328 3940  SystemInfo:
17:20:10.0328 3940  
17:20:10.0328 3940  OS Version: 5.1.2600 ServicePack: 3.0
17:20:10.0328 3940  Product type: Workstation
17:20:10.0328 3940  ComputerName: SAMSUNG-P560
17:20:10.0328 3940  UserName: ***
17:20:10.0328 3940  Windows directory: C:\WINDOWS
17:20:10.0328 3940  System windows directory: C:\WINDOWS
17:20:10.0328 3940  Processor architecture: Intel x86
17:20:10.0328 3940  Number of processors: 2
17:20:10.0328 3940  Page size: 0x1000
17:20:10.0328 3940  Boot type: Normal boot
17:20:10.0328 3940  ============================================================
17:20:11.0578 3940  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:20:11.0578 3940  ============================================================
17:20:11.0578 3940  \Device\Harddisk0\DR0:
17:20:11.0578 3940  MBR partitions:
17:20:11.0578 3940  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x140249A, BlocksNum 0x9FFEB0B
17:20:11.0578 3940  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xB400FA5, BlocksNum 0x11DC35DC
17:20:11.0578 3940  ============================================================
17:20:11.0625 3940  C: <-> \Device\Harddisk0\DR0\Partition1
17:20:11.0718 3940  D: <-> \Device\Harddisk0\DR0\Partition2
17:20:11.0718 3940  ============================================================
17:20:11.0718 3940  Initialize success
17:20:11.0718 3940  ============================================================
17:21:47.0140 3252  ============================================================
17:21:47.0140 3252  Scan started
17:21:47.0140 3252  Mode: Manual; SigCheck; TDLFS; 
17:21:47.0140 3252  ============================================================
17:21:47.0765 3252  ================ Scan system memory ========================
17:21:47.0781 3252  System memory - ok
17:21:47.0781 3252  ================ Scan services =============================
17:21:47.0906 3252  [ EF788A8B277A8A93D34A16AEE17F71D8 ] 27000@samsung-p560 C:\Programme\ESRI\License\arcgis9x\lmtools.exe
17:21:48.0031 3252  27000@samsung-p560 ( UnsignedFile.Multi.Generic ) - warning
17:21:48.0031 3252  27000@samsung-p560 - detected UnsignedFile.Multi.Generic (1)
17:21:48.0125 3252  Abiosdsk - ok
17:21:48.0125 3252  abp480n5 - ok
17:21:48.0171 3252  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:21:48.0296 3252  ACPI - ok
17:21:48.0296 3252  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:21:48.0390 3252  ACPIEC - ok
17:21:48.0500 3252  [ 35BCB0F33FABA91F93C062FBE7EA1EAC ] AcrSch2Svc      C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
17:21:48.0546 3252  AcrSch2Svc - ok
17:21:48.0578 3252  [ C1EB9968EC89FBA5F3A264E2E57923AB ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
17:21:48.0593 3252  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
17:21:48.0593 3252  Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
17:21:48.0656 3252  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:21:48.0671 3252  AdobeFlashPlayerUpdateSvc - ok
17:21:48.0671 3252  adpu160m - ok
17:21:48.0718 3252  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
17:21:48.0812 3252  aec - ok
17:21:48.0859 3252  [ DF139E5866C19E0B3217EF210198D875 ] afcdp           C:\WINDOWS\system32\DRIVERS\afcdp.sys
17:21:48.0953 3252  afcdp - ok
17:21:49.0062 3252  [ 1AEA25F70F12ABB494A4E35E1D717414 ] afcdpsrv        C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
17:21:49.0296 3252  afcdpsrv - ok
17:21:49.0343 3252  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
17:21:49.0421 3252  AFD - ok
17:21:49.0453 3252  [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
17:21:49.0500 3252  AgereModemAudio - ok
17:21:49.0546 3252  [ 1CFEBA39FC613E45B49D3EDDFBCDA289 ] AgereSoftModem  C:\WINDOWS\system32\DRIVERS\AGRSM.sys
17:21:49.0640 3252  AgereSoftModem - ok
17:21:49.0656 3252  Aha154x - ok
17:21:49.0656 3252  aic78u2 - ok
17:21:49.0671 3252  aic78xx - ok
17:21:49.0703 3252  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
17:21:49.0796 3252  Alerter - ok
17:21:49.0812 3252  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
17:21:49.0906 3252  ALG - ok
17:21:49.0906 3252  AliIde - ok
17:21:49.0906 3252  amsint - ok
17:21:49.0984 3252  [ EB4E26AD3A0E681C2FAABBACB0691A34 ] Apache2.2       C:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe
17:21:49.0984 3252  Apache2.2 ( UnsignedFile.Multi.Generic ) - warning
17:21:49.0984 3252  Apache2.2 - detected UnsignedFile.Multi.Generic (1)
17:21:50.0062 3252  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:21:50.0062 3252  Apple Mobile Device - ok
17:21:50.0093 3252  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
17:21:50.0187 3252  AppMgmt - ok
17:21:50.0187 3252  asc - ok
17:21:50.0203 3252  asc3350p - ok
17:21:50.0203 3252  asc3550 - ok
17:21:50.0328 3252  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:21:50.0375 3252  aspnet_state - ok
17:21:50.0406 3252  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:21:50.0500 3252  AsyncMac - ok
17:21:50.0515 3252  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
17:21:50.0609 3252  atapi - ok
17:21:50.0609 3252  Atdisk - ok
17:21:50.0640 3252  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:21:50.0718 3252  Atmarpc - ok
17:21:50.0750 3252  [ 73742099982CF514512E1941F2862C33 ] ATSWPDRV        C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
17:21:50.0765 3252  ATSWPDRV - ok
17:21:50.0796 3252  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
17:21:50.0906 3252  AudioSrv - ok
17:21:50.0937 3252  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
17:21:51.0000 3252  audstub - ok
17:21:51.0031 3252  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
17:21:51.0109 3252  Beep - ok
17:21:51.0140 3252  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
17:21:51.0218 3252  BITS - ok
17:21:51.0296 3252  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
17:21:51.0312 3252  Bonjour Service - ok
17:21:51.0343 3252  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
17:21:51.0390 3252  Browser - ok
17:21:51.0437 3252  [ ECDC40CC54603C711E1A7A1C9255184A ] btaudio         C:\WINDOWS\system32\drivers\btaudio.sys
17:21:51.0468 3252  btaudio - ok
17:21:51.0500 3252  [ 58A49BD10E08D3D4333A60DEDCB1CED8 ] BTDriver        C:\WINDOWS\system32\DRIVERS\btport.sys
17:21:51.0500 3252  BTDriver - ok
17:21:51.0562 3252  [ 885B6D0F826A216EEE4C3AD883809012 ] BTKRNL          C:\WINDOWS\system32\DRIVERS\btkrnl.sys
17:21:51.0593 3252  BTKRNL - ok
17:21:51.0656 3252  [ 49E9ED37FAEC5E8C03E81FD73D3884D6 ] btwdins         C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
17:21:51.0671 3252  btwdins - ok
17:21:51.0671 3252  [ B1D350F3F13CF340FCE93912D2BA1EBF ] BTWDNDIS        C:\WINDOWS\system32\DRIVERS\btwdndis.sys
17:21:51.0703 3252  BTWDNDIS - ok
17:21:51.0750 3252  [ 8BCD7BFE9C70A8FF7444263435B18AA1 ] btwmodem        C:\WINDOWS\system32\DRIVERS\btwmodem.sys
17:21:51.0750 3252  btwmodem - ok
17:21:51.0765 3252  [ 57E91E9925976BBC98984EEBAAF1D84C ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
17:21:51.0812 3252  BTWUSB - ok
17:21:51.0828 3252  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
17:21:51.0921 3252  cbidf2k - ok
17:21:51.0953 3252  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:21:52.0031 3252  CCDECODE - ok
17:21:52.0046 3252  cd20xrnt - ok
17:21:52.0062 3252  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
17:21:52.0140 3252  Cdaudio - ok
17:21:52.0171 3252  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
17:21:52.0265 3252  Cdfs - ok
17:21:52.0281 3252  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:21:52.0359 3252  Cdrom - ok
17:21:52.0406 3252  [ C9503EED292DB41937C22F620FDAA39C ] cglptnt         C:\Programme\totalcmd\cglptnt.sys
17:21:52.0421 3252  cglptnt - ok
17:21:52.0421 3252  Changer - ok
17:21:52.0437 3252  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
17:21:52.0515 3252  CiSvc - ok
17:21:52.0531 3252  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
17:21:52.0625 3252  ClipSrv - ok
17:21:52.0671 3252  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:21:52.0687 3252  clr_optimization_v2.0.50727_32 - ok
17:21:52.0718 3252  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:21:52.0765 3252  clr_optimization_v4.0.30319_32 - ok
17:21:52.0781 3252  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:21:52.0875 3252  CmBatt - ok
17:21:52.0875 3252  CmdIde - ok
17:21:52.0906 3252  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:21:53.0000 3252  Compbatt - ok
17:21:53.0000 3252  COMSysApp - ok
17:21:53.0015 3252  Cpqarray - ok
17:21:53.0031 3252  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
17:21:53.0109 3252  CryptSvc - ok
17:21:53.0109 3252  dac2w2k - ok
17:21:53.0125 3252  dac960nt - ok
17:21:53.0156 3252  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
17:21:53.0218 3252  DcomLaunch - ok
17:21:53.0265 3252  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
17:21:53.0359 3252  Dhcp - ok
17:21:53.0359 3252  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
17:21:53.0453 3252  Disk - ok
17:21:53.0453 3252  dmadmin - ok
17:21:53.0484 3252  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
17:21:53.0609 3252  dmboot - ok
17:21:53.0609 3252  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
17:21:53.0703 3252  dmio - ok
17:21:53.0734 3252  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
17:21:53.0828 3252  dmload - ok
17:21:53.0843 3252  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
17:21:53.0937 3252  dmserver - ok
17:21:53.0953 3252  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
17:21:54.0046 3252  DMusic - ok
17:21:54.0093 3252  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
17:21:54.0171 3252  Dnscache - ok
17:21:54.0203 3252  [ 128AE3AEDDE1E3AE772C88320628FE7C ] DNSeFilter      C:\WINDOWS\system32\drivers\SamsungEDS.sys
17:21:54.0203 3252  DNSeFilter ( UnsignedFile.Multi.Generic ) - warning
17:21:54.0203 3252  DNSeFilter - detected UnsignedFile.Multi.Generic (1)
17:21:54.0234 3252  [ 8A4CB9438571814B128B6DC30D698064 ] DOSMEMIO        C:\WINDOWS\system32\MEMIO.SYS
17:21:54.0250 3252  DOSMEMIO ( UnsignedFile.Multi.Generic ) - warning
17:21:54.0250 3252  DOSMEMIO - detected UnsignedFile.Multi.Generic (1)
17:21:54.0281 3252  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
17:21:54.0359 3252  Dot3svc - ok
17:21:54.0359 3252  dpti2o - ok
17:21:54.0390 3252  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
17:21:54.0484 3252  drmkaud - ok
17:21:54.0484 3252  DS1410D - ok
17:21:54.0515 3252  [ AEE21A637EDE5BD4F89CD90883149104 ] e1yexpress      C:\WINDOWS\system32\DRIVERS\e1y5132.sys
17:21:54.0531 3252  e1yexpress - ok
17:21:54.0546 3252  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
17:21:54.0625 3252  EapHost - ok
17:21:54.0656 3252  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
17:21:54.0750 3252  ERSvc - ok
17:21:54.0781 3252  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
17:21:54.0812 3252  Eventlog - ok
17:21:54.0843 3252  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
17:21:54.0875 3252  EventSystem - ok
17:21:54.0906 3252  [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev     C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
17:21:54.0953 3252  ew_hwusbdev - ok
17:21:54.0984 3252  [ 61A973F60E94A551BA7B15F3460444FB ] ew_usbenumfilter C:\WINDOWS\system32\DRIVERS\ew_usbenumfilter.sys
17:21:55.0015 3252  ew_usbenumfilter - ok
17:21:55.0031 3252  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
17:21:55.0125 3252  Fastfat - ok
17:21:55.0156 3252  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:21:55.0218 3252  FastUserSwitchingCompatibility - ok
17:21:55.0234 3252  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
17:21:55.0312 3252  Fdc - ok
17:21:55.0328 3252  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
17:21:55.0421 3252  Fips - ok
17:21:55.0468 3252  [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:21:55.0531 3252  FLEXnet Licensing Service - ok
17:21:55.0578 3252  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
17:21:55.0656 3252  Flpydisk - ok
17:21:55.0703 3252  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
17:21:55.0781 3252  FltMgr - ok
17:21:55.0812 3252  [ E20D64EDF74D80874837B16506D58166 ] fltsrv          C:\WINDOWS\system32\DRIVERS\fltsrv.sys
17:21:55.0812 3252  fltsrv - ok
17:21:55.0859 3252  [ 5043F0D9A22AABF550508B3165C5B0FD ] FolderSize      C:\Programme\FolderSize\FolderSizeSvc.exe
17:21:55.0890 3252  FolderSize ( UnsignedFile.Multi.Generic ) - warning
17:21:55.0890 3252  FolderSize - detected UnsignedFile.Multi.Generic (1)
17:21:55.0937 3252  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:21:55.0953 3252  FontCache3.0.0.0 - ok
17:21:55.0984 3252  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:21:56.0078 3252  Fs_Rec - ok
17:21:56.0078 3252  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:21:56.0156 3252  Ftdisk - ok
17:21:56.0187 3252  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:21:56.0203 3252  GEARAspiWDM - ok
17:21:56.0250 3252  [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper   C:\Programme\NOS\bin\getPlus_Helper.dll
17:21:56.0265 3252  getPlusHelper - ok
17:21:56.0296 3252  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:21:56.0390 3252  Gpc - ok
17:21:56.0453 3252  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9b887e0a7795c C:\Programme\Google\Update\GoogleUpdate.exe
17:21:56.0468 3252  gupdate1c9b887e0a7795c - ok
17:21:56.0468 3252  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Programme\Google\Update\GoogleUpdate.exe
17:21:56.0484 3252  gupdatem - ok
17:21:56.0500 3252  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:21:56.0593 3252  HDAudBus - ok
17:21:56.0625 3252  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:21:56.0718 3252  helpsvc - ok
17:21:56.0734 3252  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
17:21:56.0828 3252  HidServ - ok
17:21:56.0843 3252  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:21:56.0921 3252  HidUsb - ok
17:21:56.0953 3252  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
17:21:57.0031 3252  hkmsvc - ok
17:21:57.0109 3252  [ 86724A200BF1F08A03FB563660FCD928 ] HP DS Service   C:\Programme\HP\HPBDSService\HPBDSService.exe
17:21:57.0125 3252  HP DS Service ( UnsignedFile.Multi.Generic ) - warning
17:21:57.0125 3252  HP DS Service - detected UnsignedFile.Multi.Generic (1)
17:21:57.0171 3252  [ 896DA1A34D78FA82F7A98EAD1A4F4B3B ] HP LaserJet Service C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe
17:21:57.0171 3252  HP LaserJet Service ( UnsignedFile.Multi.Generic ) - warning
17:21:57.0171 3252  HP LaserJet Service - detected UnsignedFile.Multi.Generic (1)
17:21:57.0187 3252  hpn - ok
17:21:57.0218 3252  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
17:21:57.0250 3252  HTTP - ok
17:21:57.0265 3252  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
17:21:57.0359 3252  HTTPFilter - ok
17:21:57.0375 3252  [ 88B2115311628579BDE805DDDDD913B7 ] huawei_cdcacm   C:\WINDOWS\system32\DRIVERS\ew_jucdcacm.sys
17:21:57.0468 3252  huawei_cdcacm - ok
17:21:57.0500 3252  [ 77F6E1CF7A4B1460214E6343B0EAD4C7 ] huawei_cdcecm   C:\WINDOWS\system32\DRIVERS\ew_jucdcecm.sys
17:21:57.0531 3252  huawei_cdcecm - ok
17:21:57.0562 3252  [ 2AEB89AEAC08ECD23FC0DA3EB4330A29 ] huawei_enumerator C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
17:21:57.0593 3252  huawei_enumerator - ok
17:21:57.0609 3252  [ FF66400ACC543F4EEFE83CDE5B1B4164 ] huawei_ext_ctrl C:\WINDOWS\system32\DRIVERS\ew_juextctrl.sys
17:21:57.0640 3252  huawei_ext_ctrl - ok
17:21:57.0640 3252  i2omgmt - ok
17:21:57.0640 3252  i2omp - ok
17:21:57.0687 3252  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:21:57.0765 3252  i8042prt - ok
17:21:57.0875 3252  [ 7612564EE841AF81DC07081906647640 ] IDL DicomEx Storage SCP C:\Programme\RSI\IDL63\bin\bin.x86\idl_dicomexstorscp.exe
17:21:57.0875 3252  IDL DicomEx Storage SCP ( UnsignedFile.Multi.Generic ) - warning
17:21:57.0875 3252  IDL DicomEx Storage SCP - detected UnsignedFile.Multi.Generic (1)
17:21:57.0953 3252  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:21:57.0968 3252  IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:21:57.0968 3252  IDriverT - detected UnsignedFile.Multi.Generic (1)
17:21:58.0015 3252  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:21:58.0078 3252  idsvc - ok
17:21:58.0125 3252  [ 204AC659F069616AE00627A1B467655D ] IFXSpMgtSrv     C:\WINDOWS\system32\ifxspmgt.exe
17:21:58.0140 3252  IFXSpMgtSrv - ok
17:21:58.0187 3252  [ 02B893D0B89E0B28881A1CAB6F337A0B ] IFXTCS          C:\WINDOWS\system32\IFXTCS.exe
17:21:58.0218 3252  IFXTCS - ok
17:21:58.0265 3252  [ 667CFDB801DF771F47B7C39373C2D850 ] IFXTPM          C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
17:21:58.0343 3252  IFXTPM - ok
17:21:58.0359 3252  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
17:21:58.0453 3252  Imapi - ok
17:21:58.0468 3252  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
17:21:58.0546 3252  ImapiService - ok
17:21:58.0562 3252  ini910u - ok
17:21:58.0718 3252  [ 19AFBB8427CE65042599555E578170DF ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:21:58.0906 3252  IntcAzAudAddService - ok
17:21:58.0921 3252  IntelIde - ok
17:21:58.0953 3252  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:21:59.0031 3252  intelppm - ok
17:21:59.0046 3252  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
17:21:59.0125 3252  Ip6Fw - ok
17:21:59.0140 3252  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:21:59.0218 3252  IpInIp - ok
17:21:59.0250 3252  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:21:59.0328 3252  IpNat - ok
17:21:59.0375 3252  [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service    C:\Programme\iPod\bin\iPodService.exe
17:21:59.0437 3252  iPod Service - ok
17:21:59.0468 3252  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:21:59.0546 3252  IPSec - ok
17:21:59.0562 3252  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
17:21:59.0640 3252  IRENUM - ok
17:21:59.0671 3252  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:21:59.0750 3252  isapnp - ok
17:21:59.0843 3252  [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
17:21:59.0859 3252  JavaQuickStarterService - ok
17:21:59.0875 3252  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:21:59.0953 3252  Kbdclass - ok
17:21:59.0984 3252  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:22:00.0078 3252  kbdhid - ok
17:22:00.0109 3252  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
17:22:00.0187 3252  kmixer - ok
17:22:00.0203 3252  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
17:22:00.0281 3252  KSecDD - ok
17:22:00.0312 3252  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
17:22:00.0375 3252  lanmanserver - ok
17:22:00.0406 3252  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:22:00.0453 3252  lanmanworkstation - ok
17:22:00.0453 3252  lbrtfdc - ok
17:22:00.0515 3252  [ C215E09622118383B236DD56C2065183 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
17:22:00.0531 3252  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:22:00.0531 3252  LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:22:00.0562 3252  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
17:22:00.0656 3252  LmHosts - ok
17:22:00.0671 3252  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
17:22:00.0734 3252  Messenger - ok
17:22:00.0765 3252  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
17:22:00.0859 3252  mnmdd - ok
17:22:00.0890 3252  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
17:22:00.0968 3252  mnmsrvc - ok
17:22:00.0984 3252  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
17:22:01.0078 3252  Modem - ok
17:22:01.0093 3252  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:22:01.0187 3252  Mouclass - ok
17:22:01.0187 3252  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:22:01.0265 3252  mouhid - ok
17:22:01.0281 3252  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
17:22:01.0375 3252  MountMgr - ok
17:22:01.0406 3252  [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
17:22:01.0421 3252  MozillaMaintenance - ok
17:22:01.0453 3252  [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:22:01.0468 3252  MpFilter - ok
17:22:01.0578 3252  [ A69630D039C38018689190234F866D77 ] MpKsl42a0614a   C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{1DCB9B1A-AE19-45F9-B71B-678FBCF09D10}\MpKsl42a0614a.sys
17:22:01.0578 3252  MpKsl42a0614a - ok
17:22:01.0593 3252  mraid35x - ok
17:22:01.0593 3252  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:22:01.0687 3252  MRxDAV - ok
17:22:01.0734 3252  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:22:01.0796 3252  MRxSmb - ok
17:22:01.0828 3252  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
17:22:01.0906 3252  MSDTC - ok
17:22:01.0921 3252  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
17:22:02.0015 3252  Msfs - ok
17:22:02.0015 3252  MSIServer - ok
17:22:02.0046 3252  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:22:02.0125 3252  MSKSSRV - ok
17:22:02.0203 3252  [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc         c:\Programme\Microsoft Security Client\MsMpEng.exe
17:22:02.0218 3252  MsMpSvc - ok
17:22:02.0250 3252  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:22:02.0312 3252  MSPCLOCK - ok
17:22:02.0328 3252  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
17:22:02.0406 3252  MSPQM - ok
17:22:02.0421 3252  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:22:02.0500 3252  mssmbios - ok
17:22:02.0515 3252  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
17:22:02.0593 3252  MSTEE - ok
17:22:02.0625 3252  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
17:22:02.0671 3252  Mup - ok
17:22:02.0687 3252  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:22:02.0765 3252  NABTSFEC - ok
17:22:02.0796 3252  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
17:22:02.0890 3252  napagent - ok
17:22:02.0921 3252  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
17:22:03.0000 3252  NDIS - ok
17:22:03.0015 3252  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:22:03.0093 3252  NdisIP - ok
17:22:03.0140 3252  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:22:03.0171 3252  NdisTapi - ok
17:22:03.0218 3252  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:22:03.0296 3252  Ndisuio - ok
17:22:03.0328 3252  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:22:03.0406 3252  NdisWan - ok
17:22:03.0421 3252  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
17:22:03.0453 3252  NDProxy - ok
17:22:03.0500 3252  [ F7C14F5077BF2BC476C348B88A7F74E2 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
17:22:03.0500 3252  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:22:03.0500 3252  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:22:03.0515 3252  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
17:22:03.0593 3252  NetBIOS - ok
17:22:03.0625 3252  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
17:22:03.0718 3252  NetBT - ok
17:22:03.0750 3252  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
17:22:03.0828 3252  NetDDE - ok
17:22:03.0828 3252  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
17:22:03.0906 3252  NetDDEdsdm - ok
17:22:03.0921 3252  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
17:22:04.0000 3252  Netlogon - ok
17:22:04.0031 3252  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
17:22:04.0125 3252  Netman - ok
17:22:04.0156 3252  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:22:04.0156 3252  NetTcpPortSharing - ok
17:22:04.0296 3252  [ 91F027C242D3FF6E5C09F92A0518297F ] NETw5x32        C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
17:22:04.0546 3252  NETw5x32 - ok
17:22:04.0578 3252  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
17:22:04.0609 3252  Nla - ok
17:22:04.0656 3252  [ F44ADDBF29905CB19F52FC9FE6A0EFA1 ] nosGetPlusHelper C:\Programme\NOS\bin\getPlus_Helper_3004.dll
17:22:04.0656 3252  nosGetPlusHelper - ok
17:22:04.0671 3252  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
17:22:04.0750 3252  Npfs - ok
17:22:04.0796 3252  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
17:22:04.0953 3252  Ntfs - ok
17:22:05.0000 3252  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
17:22:05.0062 3252  NtLmSsp - ok
17:22:05.0109 3252  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
17:22:05.0203 3252  NtmsSvc - ok
17:22:05.0203 3252  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
17:22:05.0281 3252  Null - ok
17:22:05.0484 3252  [ AD4E53F0CAAC3DDC1B34BEC01F5CAB3D ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:22:05.0843 3252  nv - ok
17:22:05.0906 3252  [ F0A93CE4233187889020DED62D07CEB2 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda32.sys
17:22:05.0906 3252  NVHDA - ok
17:22:05.0921 3252  [ 51CC53015DC3ED715441711350F7D96F ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
17:22:05.0937 3252  NVSvc - ok
17:22:05.0968 3252  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:22:06.0046 3252  NwlnkFlt - ok
17:22:06.0062 3252  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:22:06.0140 3252  NwlnkFwd - ok
17:22:06.0234 3252  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
17:22:06.0250 3252  odserv - ok
17:22:06.0328 3252  [ 7E980A7AA0CF8F9F079500AD9FEFCC74 ] omniserv        C:\Programme\Softex\OmniPass\Omniserv.exe
17:22:06.0343 3252  omniserv ( UnsignedFile.Multi.Generic ) - warning
17:22:06.0343 3252  omniserv - detected UnsignedFile.Multi.Generic (1)
17:22:06.0375 3252  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
17:22:06.0390 3252  ose - ok
17:22:06.0406 3252  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
17:22:06.0500 3252  Parport - ok
17:22:06.0531 3252  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
17:22:06.0609 3252  PartMgr - ok
17:22:06.0640 3252  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
17:22:06.0718 3252  ParVdm - ok
17:22:06.0718 3252  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
17:22:06.0812 3252  PCI - ok
17:22:06.0812 3252  PCIDump - ok
17:22:06.0828 3252  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
17:22:06.0906 3252  PCIIde - ok
17:22:06.0906 3252  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:22:06.0984 3252  Pcmcia - ok
17:22:06.0984 3252  PDCOMP - ok
17:22:06.0984 3252  PDFRAME - ok
17:22:07.0000 3252  PDRELI - ok
17:22:07.0015 3252  PDRFRAME - ok
17:22:07.0015 3252  perc2 - ok
17:22:07.0031 3252  perc2hib - ok
17:22:07.0093 3252  [ F21B077B1FBA7AA331FA1087078D92E8 ] PersonalSecureDrive C:\WINDOWS\System32\drivers\psd.sys
17:22:07.0093 3252  PersonalSecureDrive - ok
17:22:07.0109 3252  [ C30A73C602C09BC8404A18497AD24145 ] PersonalSecureDriveService C:\WINDOWS\system32\IfxPsdSv.exe
17:22:07.0125 3252  PersonalSecureDriveService - ok
17:22:07.0140 3252  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
17:22:07.0171 3252  PlugPlay - ok
17:22:07.0187 3252  [ E638656001C52A1FAA34F92E6D3A086B ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
17:22:07.0203 3252  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:22:07.0203 3252  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:22:07.0218 3252  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
17:22:07.0296 3252  PolicyAgent - ok
17:22:07.0296 3252  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:22:07.0390 3252  PptpMiniport - ok
17:22:07.0390 3252  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:22:07.0468 3252  ProtectedStorage - ok
17:22:07.0500 3252  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
17:22:07.0578 3252  PSched - ok
17:22:07.0625 3252  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:22:07.0703 3252  Ptilink - ok
17:22:07.0718 3252  ql1080 - ok
17:22:07.0718 3252  Ql10wnt - ok
17:22:07.0718 3252  ql12160 - ok
17:22:07.0734 3252  ql1240 - ok
17:22:07.0750 3252  ql1280 - ok
17:22:07.0765 3252  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:22:07.0859 3252  RasAcd - ok
17:22:07.0875 3252  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
17:22:07.0953 3252  RasAuto - ok
17:22:08.0000 3252  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:22:08.0062 3252  Rasl2tp - ok
17:22:08.0093 3252  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
17:22:08.0171 3252  RasMan - ok
17:22:08.0187 3252  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:22:08.0281 3252  RasPppoe - ok
17:22:08.0281 3252  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
17:22:08.0359 3252  Raspti - ok
17:22:08.0375 3252  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:22:08.0468 3252  Rdbss - ok
17:22:08.0484 3252  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:22:08.0578 3252  RDPCDD - ok
17:22:08.0609 3252  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:22:08.0703 3252  rdpdr - ok
17:22:08.0734 3252  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
17:22:08.0796 3252  RDPWD - ok
17:22:08.0812 3252  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
17:22:08.0890 3252  RDSessMgr - ok
17:22:08.0906 3252  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
17:22:08.0984 3252  redbook - ok
17:22:09.0015 3252  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
17:22:09.0093 3252  RemoteAccess - ok
17:22:09.0125 3252  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
17:22:09.0203 3252  RemoteRegistry - ok
17:22:09.0296 3252  [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo       C:\Programme\CyberLink\Shared Files\RichVideo.exe
17:22:09.0312 3252  RichVideo - ok
17:22:09.0359 3252  [ C2EF513BBE069F0D4EE0938A76F975D3 ] rimmptsk        C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
17:22:09.0375 3252  rimmptsk - ok
17:22:09.0421 3252  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
17:22:09.0500 3252  RpcLocator - ok
17:22:09.0531 3252  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\System32\rpcss.dll
17:22:09.0562 3252  RpcSs - ok
17:22:09.0593 3252  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
17:22:09.0687 3252  RSVP - ok
17:22:09.0703 3252  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
17:22:09.0765 3252  SamSs - ok
17:22:09.0843 3252  [ B1C20CF045A559FF8B622893D05067B5 ] Samsung Update Plus C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
17:22:09.0859 3252  Samsung Update Plus ( UnsignedFile.Multi.Generic ) - warning
17:22:09.0859 3252  Samsung Update Plus - detected UnsignedFile.Multi.Generic (1)
17:22:09.0921 3252  [ 27E8DE3890E8EE4B38DF44B10F5007BF ] samsung-p560    C:\Programme\ESRI\License\arcgis9x\lmgrd.exe
17:22:09.0953 3252  samsung-p560 ( UnsignedFile.Multi.Generic ) - warning
17:22:09.0953 3252  samsung-p560 - detected UnsignedFile.Multi.Generic (1)
17:22:09.0984 3252  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
17:22:10.0078 3252  SCardSvr - ok
17:22:10.0109 3252  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
17:22:10.0187 3252  Schedule - ok
17:22:10.0203 3252  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:22:10.0296 3252  sdbus - ok
17:22:10.0312 3252  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:22:10.0390 3252  Secdrv - ok
17:22:10.0406 3252  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
17:22:10.0500 3252  seclogon - ok
17:22:10.0515 3252  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
17:22:10.0593 3252  SENS - ok
17:22:10.0640 3252  [ B3C1B187FEFC941F63CE0DF93D02EB9F ] Sentinel        C:\WINDOWS\System32\Drivers\SENTINEL.SYS
17:22:10.0640 3252  Sentinel - ok
17:22:10.0656 3252  [ ACCDF944417FCE3B9BDDFC197C704A27 ] SentinelProtectionServer C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
17:22:10.0671 3252  SentinelProtectionServer - ok
17:22:10.0687 3252  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
17:22:10.0750 3252  serenum - ok
17:22:10.0765 3252  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
17:22:10.0843 3252  Serial - ok
17:22:10.0890 3252  [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk         C:\WINDOWS\system32\DRIVERS\sffdisk.sys
17:22:10.0953 3252  sffdisk - ok
17:22:10.0984 3252  [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd         C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
17:22:11.0062 3252  sffp_sd - ok
17:22:11.0093 3252  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
17:22:11.0171 3252  Sfloppy - ok
17:22:11.0218 3252  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
17:22:11.0296 3252  SharedAccess - ok
17:22:11.0328 3252  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:22:11.0328 3252  ShellHWDetection - ok
17:22:11.0343 3252  Simbad - ok
17:22:11.0500 3252  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:22:11.0656 3252  Skype C2C Service - ok
17:22:11.0734 3252  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Programme\Skype\Updater\Updater.exe
17:22:11.0734 3252  SkypeUpdate - ok
17:22:11.0765 3252  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:22:11.0843 3252  SLIP - ok
17:22:11.0875 3252  [ 851310C1B742D2DF2D334603836FFDF5 ] snapman         C:\WINDOWS\system32\DRIVERS\snapman.sys
17:22:11.0890 3252  snapman - ok
17:22:11.0906 3252  [ A44FAD36D97FB5FF5B57CCEB581EB29F ] SNM WLAN Service C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe
17:22:11.0921 3252  SNM WLAN Service ( UnsignedFile.Multi.Generic ) - warning
17:22:11.0921 3252  SNM WLAN Service - detected UnsignedFile.Multi.Generic (1)
17:22:11.0921 3252  Sparrow - ok
17:22:11.0953 3252  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
17:22:12.0031 3252  splitter - ok
17:22:12.0078 3252  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
17:22:12.0109 3252  Spooler - ok
17:22:12.0156 3252  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
17:22:12.0234 3252  sr - ok
17:22:12.0234 3252  srescan - ok
17:22:12.0265 3252  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
17:22:12.0359 3252  srservice - ok
17:22:12.0406 3252  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
17:22:12.0468 3252  Srv - ok
17:22:12.0484 3252  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
17:22:12.0562 3252  SSDPSRV - ok
17:22:12.0609 3252  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
17:22:12.0703 3252  stisvc - ok
17:22:12.0765 3252  [ 0EBE46CF63F94A0ECC401DFB4C4FC139 ] StkCMini        C:\WINDOWS\system32\Drivers\StkCMini.sys
17:22:12.0828 3252  StkCMini - ok
17:22:12.0843 3252  [ 6F0530313A2874A0B3D81809DE74A2E5 ] StkSSrv         C:\WINDOWS\System32\StkCSrv.exe
17:22:12.0859 3252  StkSSrv - ok
17:22:12.0875 3252  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:22:12.0968 3252  streamip - ok
17:22:13.0000 3252  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
17:22:13.0093 3252  swenum - ok
17:22:13.0109 3252  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
17:22:13.0187 3252  swmidi - ok
17:22:13.0203 3252  SwPrv - ok
17:22:13.0203 3252  symc810 - ok
17:22:13.0218 3252  symc8xx - ok
17:22:13.0234 3252  sym_hi - ok
17:22:13.0234 3252  sym_u3 - ok
17:22:13.0500 3252  [ A214C8AA6A6C06C9DBAB1310E38DAB4A ] syncagentsrv    C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe
17:22:13.0875 3252  syncagentsrv - ok
17:22:13.0906 3252  [ AAF5E46AE0FB391AD94850AC00707330 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:22:13.0953 3252  SynTP - ok
17:22:13.0968 3252  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
17:22:14.0062 3252  sysaudio - ok
17:22:14.0093 3252  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
17:22:14.0171 3252  SysmonLog - ok
17:22:14.0265 3252  [ 5781D4C12D0D204447F9936D421C1B80 ] TabletServicePen C:\WINDOWS\system32\Pen_Tablet.exe
17:22:14.0437 3252  TabletServicePen - ok
17:22:14.0468 3252  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
17:22:14.0562 3252  TapiSrv - ok
17:22:14.0593 3252  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:22:14.0640 3252  Tcpip - ok
17:22:14.0687 3252  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
17:22:14.0765 3252  TDPIPE - ok
17:22:14.0812 3252  [ 6345E3829FD130A144454F9F5C2A3B9E ] tdrpman         C:\WINDOWS\system32\DRIVERS\tdrpman.sys
17:22:14.0843 3252  tdrpman - ok
17:22:14.0890 3252  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
17:22:14.0968 3252  TDTCP - ok
17:22:14.0984 3252  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
17:22:15.0078 3252  TermDD - ok
17:22:15.0109 3252  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
17:22:15.0203 3252  TermService - ok
17:22:15.0218 3252  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
17:22:15.0234 3252  Themes - ok
17:22:15.0265 3252  [ A8C31102F448231596168FFC9F568B9A ] tib_mounter     C:\WINDOWS\system32\DRIVERS\tib_mounter.sys
17:22:15.0312 3252  tib_mounter - ok
17:22:15.0343 3252  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
17:22:15.0421 3252  TlntSvr - ok
17:22:15.0421 3252  TosIde - ok
17:22:15.0437 3252  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
17:22:15.0515 3252  TrkWks - ok
17:22:15.0531 3252  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
17:22:15.0609 3252  Udfs - ok
17:22:15.0609 3252  ultra - ok
17:22:15.0656 3252  [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe
17:22:15.0703 3252  UMWdf - ok
17:22:15.0734 3252  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
17:22:15.0828 3252  Update - ok
17:22:15.0875 3252  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
17:22:15.0953 3252  upnphost - ok
17:22:15.0968 3252  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
17:22:16.0062 3252  UPS - ok
17:22:16.0093 3252  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
17:22:16.0171 3252  usbaudio - ok
17:22:16.0218 3252  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:22:16.0296 3252  usbccgp - ok
17:22:16.0312 3252  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:22:16.0390 3252  usbehci - ok
17:22:16.0406 3252  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:22:16.0484 3252  usbhub - ok
17:22:16.0515 3252  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:22:16.0578 3252  usbprint - ok
17:22:16.0609 3252  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:22:16.0687 3252  usbscan - ok
17:22:16.0687 3252  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:22:16.0781 3252  USBSTOR - ok
17:22:16.0796 3252  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:22:16.0859 3252  usbuhci - ok
17:22:16.0890 3252  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
17:22:16.0968 3252  usbvideo - ok
17:22:17.0000 3252  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
17:22:17.0093 3252  VgaSave - ok
17:22:17.0109 3252  ViaIde - ok
17:22:17.0140 3252  [ 26B75DCB58B006867EFD659E845CD65E ] vididr          C:\WINDOWS\system32\DRIVERS\vididr.sys
17:22:17.0140 3252  vididr - ok
17:22:17.0156 3252  [ 40AFA68F81F90636D1300099E9CFC8CE ] vidsflt         C:\WINDOWS\system32\DRIVERS\vidsflt.sys
17:22:17.0171 3252  vidsflt - ok
17:22:17.0203 3252  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
17:22:17.0281 3252  VolSnap - ok
17:22:17.0328 3252  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
17:22:17.0406 3252  VSS - ok
17:22:17.0421 3252  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
17:22:17.0515 3252  W32Time - ok
17:22:17.0546 3252  [ 85F2115FEA646693C195C101E15F5667 ] wacmoumonitor   C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
17:22:17.0562 3252  wacmoumonitor - ok
17:22:17.0578 3252  [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
17:22:17.0593 3252  wacommousefilter - ok
17:22:17.0625 3252  [ A45BC72E1BBF4286A58EF9B894871394 ] wacomvhid       C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
17:22:17.0640 3252  wacomvhid - ok
17:22:17.0640 3252  [ 889459833432B161CB99CFDF84A1A9BB ] WacomVKHid      C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
17:22:17.0656 3252  WacomVKHid - ok
17:22:17.0687 3252  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:22:17.0781 3252  Wanarp - ok
17:22:17.0828 3252  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
17:22:17.0843 3252  Wdf01000 - ok
17:22:17.0843 3252  WDICA - ok
17:22:17.0859 3252  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
17:22:17.0953 3252  wdmaud - ok
17:22:18.0000 3252  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
17:22:18.0093 3252  WebClient - ok
17:22:18.0156 3252  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
17:22:18.0234 3252  winmgmt - ok
17:22:18.0265 3252  [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
17:22:18.0296 3252  WmdmPmSN - ok
17:22:18.0328 3252  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
17:22:18.0390 3252  Wmi - ok
17:22:18.0406 3252  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:22:18.0500 3252  WmiApSrv - ok
17:22:18.0609 3252  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:22:18.0656 3252  WPFFontCache_v0400 - ok
17:22:18.0687 3252  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
17:22:18.0781 3252  wscsvc - ok
17:22:18.0796 3252  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:22:18.0859 3252  WSTCODEC - ok
17:22:18.0875 3252  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
17:22:18.0953 3252  wuauserv - ok
17:22:19.0000 3252  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
17:22:19.0125 3252  WZCSVC - ok
17:22:19.0156 3252  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
17:22:19.0234 3252  xmlprov - ok
17:22:19.0250 3252  ================ Scan global ===============================
17:22:19.0281 3252  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
17:22:19.0328 3252  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:22:19.0343 3252  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:22:19.0359 3252  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
17:22:19.0359 3252  [Global] - ok
17:22:19.0359 3252  ================ Scan MBR ==================================
17:22:19.0390 3252  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
17:22:19.0703 3252  \Device\Harddisk0\DR0 - ok
17:22:19.0703 3252  ================ Scan VBR ==================================
17:22:19.0703 3252  [ 5001E9B82DBCB32D7C107DF526336FBA ] \Device\Harddisk0\DR0\Partition1
17:22:19.0703 3252  \Device\Harddisk0\DR0\Partition1 - ok
17:22:19.0718 3252  [ 61F02124E5EE6EAB6B589E64BF0E0B2E ] \Device\Harddisk0\DR0\Partition2
17:22:19.0718 3252  \Device\Harddisk0\DR0\Partition2 - ok
17:22:19.0718 3252  ============================================================
17:22:19.0718 3252  Scan finished
17:22:19.0718 3252  ============================================================
17:22:19.0843 2088  Detected object count: 17
17:22:19.0843 2088  Actual detected object count: 17
17:22:53.0515 2088  27000@samsung-p560 ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0515 2088  27000@samsung-p560 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:22:53.0531 2088  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0531 2088  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:22:53.0531 2088  Apache2.2 ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0531 2088  Apache2.2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:22:53.0531 2088  DNSeFilter ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0531 2088  DNSeFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:22:53.0546 2088  DOSMEMIO ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0546 2088  DOSMEMIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:22:53.0546 2088  FolderSize ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0546 2088  FolderSize ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:22:53.0546 2088  HP DS Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0546 2088  HP DS Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:22:53.0562 2088  HP LaserJet Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0562 2088  HP LaserJet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:22:53.0562 2088  IDL DicomEx Storage SCP ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0562 2088  IDL DicomEx Storage SCP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:22:53.0562 2088  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0562 2088  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:22:53.0578 2088  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0578 2088  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:22:53.0578 2088  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0578 2088  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:22:53.0578 2088  omniserv ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0578 2088  omniserv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:22:53.0593 2088  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0593 2088  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:22:53.0593 2088  Samsung Update Plus ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0593 2088  Samsung Update Plus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:22:53.0593 2088  samsung-p560 ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0593 2088  samsung-p560 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:22:53.0593 2088  SNM WLAN Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:53.0593 2088  SNM WLAN Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
__________________

Alt 22.11.2012, 17:49   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/CVE-2012-0507.CG und Windows Performanz - Standard

Java/CVE-2012-0507.CG und Windows Performanz



Mach bitte einen CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:
ATTFilter
msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.11.2012, 19:40   #5
gunnar_p
 
Java/CVE-2012-0507.CG und Windows Performanz - Standard

Java/CVE-2012-0507.CG und Windows Performanz



Hi Cosinus,

hier kommt die OTL.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.11.2012 20:27:56 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Gunter\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 72,84% Memory free
4,84 Gb Paging File | 4,16 Gb Available in Paging File | 85,97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 80,00 Gb Total Space | 26,95 Gb Free Space | 33,69% Space Free | Partition Type: NTFS
Drive D: | 142,88 Gb Total Space | 14,86 Gb Free Space | 10,40% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG-P560 | User Name: Gunter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.22 20:23:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gunter\Desktop\OTL.exe
PRC - [2012.11.11 14:18:29 | 003,729,400 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.09.24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.09.12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.08.23 03:50:28 | 000,813,576 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
PRC - [2012.08.23 03:50:22 | 000,403,888 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
PRC - [2012.08.23 03:49:48 | 006,049,096 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2012.08.18 21:22:02 | 007,027,752 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2012.07.24 15:13:58 | 000,943,856 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\TibMounterMonitor.exe
PRC - [2012.07.03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2012.05.24 12:28:56 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.10.17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\HPBDSService\HPBDSService.exe
PRC - [2011.10.14 13:27:46 | 000,304,696 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\StatusAlerts\bin\HPStatusAlerts.exe
PRC - [2011.08.04 00:12:46 | 000,164,352 | ---- | M] (HP) -- C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2010.04.06 00:41:46 | 000,116,224 | ---- | M] (Brio) -- C:\Programme\FolderSize\FolderSizeSvc.exe
PRC - [2009.01.09 19:14:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.01.09 19:14:42 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2008.10.07 16:13:44 | 002,772,992 | ---- | M] () -- C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
PRC - [2008.10.06 17:07:26 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008.09.08 12:20:18 | 000,031,248 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkCSrv.exe
PRC - [2008.08.13 12:57:52 | 002,670,592 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
PRC - [2008.08.13 12:54:16 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe
PRC - [2008.08.13 12:49:18 | 000,018,944 | ---- | M] () -- C:\Programme\Softex\OmniPass\OPXPApp.exe
PRC - [2008.05.21 15:44:30 | 000,299,008 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\MagicKBD\PerformanceManager.exe
PRC - [2008.05.20 19:02:08 | 000,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Programme\Samsung\MagicKBD\MagicKBD.exe
PRC - [2008.05.01 23:41:38 | 000,136,488 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2008.05.01 23:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.18 04:27:12 | 000,013,312 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2008.03.17 17:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2007.12.20 19:40:30 | 000,659,456 | ---- | M] (Samsung Electronics,.LTD) -- C:\Programme\Samsung\Samsung EDS\EDSAgent.exe
PRC - [2007.07.23 23:59:22 | 000,660,760 | ---- | M] (Infineon Technologies AG) -- C:\Programme\Infineon\Security Platform Software\SpTNA.exe
PRC - [2007.07.23 23:59:22 | 000,185,624 | ---- | M] (Infineon Technologies AG) -- C:\Programme\Infineon\Security Platform Software\PSDrt.exe
PRC - [2007.07.23 23:59:12 | 000,140,568 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IfxPsdSv.exe
PRC - [2006.10.30 13:29:28 | 000,036,864 | ---- | M] () -- C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe
PRC - [2006.03.14 06:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2004.03.08 13:26:30 | 000,548,864 | ---- | M] () -- C:\Programme\ESRI\License\arcgis9x\ARCGIS.EXE
PRC - [1999.12.01 12:38:28 | 000,467,968 | ---- | M] () -- C:\Programme\ESRI\License\arcgis9x\lmgrd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.16 15:32:14 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\b75ca75b9c2eb103f98a457ec9256ce7\System.Xml.Linq.ni.dll
MOD - [2012.11.16 15:31:44 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\b809681da85a58046cb39f268b6697ad\System.Web.ni.dll
MOD - [2012.11.16 15:31:35 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll
MOD - [2012.11.16 15:31:27 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\709bb78b419d5d5e30f2acfd722abb29\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2012.11.16 15:31:21 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\188d6391f7485a07e1218b5fc4ec2207\System.Deployment.ni.dll
MOD - [2012.11.16 15:30:21 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012.11.16 15:28:05 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012.11.16 15:27:59 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll
MOD - [2012.11.16 15:27:43 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll
MOD - [2012.11.16 15:27:18 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\3710da7b61c2c4ed10903487dbde1c35\System.Core.ni.dll
MOD - [2012.11.16 15:26:12 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012.11.16 15:26:00 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012.11.16 15:24:57 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.08.23 03:35:38 | 013,873,200 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\ti_managers.dll
MOD - [2012.08.23 03:31:22 | 001,590,656 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Acronis\Home\icudt38.dll
MOD - [2012.08.23 01:12:16 | 000,019,840 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
MOD - [2012.08.23 00:42:50 | 000,435,584 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Acronis\Home\ulxmlrpcpp.dll
MOD - [2012.07.27 21:51:38 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2012.07.24 14:48:28 | 000,012,160 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\icudt38.dll
MOD - [2012.06.18 16:24:30 | 000,260,096 | ---- | M] () -- C:\Programme\Notepad++\NppShell_05.dll
MOD - [2011.10.14 13:25:02 | 000,111,160 | ---- | M] () -- C:\Programme\HP\StatusAlerts\bin\NativeUtils.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2009.09.21 13:10:41 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.09.21 13:10:37 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2009.09.21 13:10:35 | 000,413,696 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll
MOD - [2008.10.07 16:13:44 | 002,772,992 | ---- | M] () -- C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
MOD - [2008.08.13 12:58:48 | 000,047,056 | ---- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll
MOD - [2008.08.13 12:57:52 | 002,670,592 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
MOD - [2008.08.13 12:49:18 | 000,073,728 | ---- | M] () -- C:\Programme\Softex\OmniPass\OPXPGina.dll
MOD - [2008.08.13 12:49:18 | 000,018,944 | ---- | M] () -- C:\Programme\Softex\OmniPass\OPXPApp.exe
MOD - [2008.08.13 12:48:18 | 000,151,552 | ---- | M] () -- C:\Programme\Softex\OmniPass\ginastub.dll
MOD - [2008.08.13 12:48:04 | 000,061,440 | ---- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll
MOD - [2008.08.13 12:47:46 | 000,438,272 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll
MOD - [2008.08.13 12:47:38 | 000,065,536 | ---- | M] () -- C:\Programme\Softex\OmniPass\opfsdll.dll
MOD - [2008.08.13 12:47:34 | 001,101,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll
MOD - [2008.08.13 12:47:26 | 000,540,672 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll
MOD - [2008.08.13 12:47:26 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll
MOD - [2008.08.13 12:47:12 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll
MOD - [2008.07.29 12:55:14 | 000,969,728 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2008.05.14 14:13:00 | 001,486,848 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2008.05.14 14:13:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007.04.01 08:00:28 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2006.10.30 13:29:28 | 000,036,864 | ---- | M] () -- C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe
MOD - [2006.08.12 11:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll
MOD - [2005.07.12 15:34:22 | 000,045,056 | ---- | M] () -- C:\Programme\Samsung\MagicKBD\EasyBoxDll.dll
MOD - [2004.09.08 12:45:58 | 000,368,128 | ---- | M] () -- C:\Programme\Filzip\fzshext.dll
MOD - [2004.03.08 13:26:30 | 000,548,864 | ---- | M] () -- C:\Programme\ESRI\License\arcgis9x\ARCGIS.EXE
MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
MOD - [1999.12.01 12:38:28 | 000,467,968 | ---- | M] () -- C:\Programme\ESRI\License\arcgis9x\lmgrd.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.11 14:18:29 | 003,729,400 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012.11.11 09:45:01 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.30 19:50:32 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.08.23 03:50:28 | 000,813,576 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012.08.18 21:22:02 | 007,027,752 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.24 12:28:56 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.10.17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\HP\HPBDSService\HPBDSService.exe -- (HP DS Service)
SRV - [2011.08.04 00:12:46 | 000,164,352 | ---- | M] (HP) [Auto | Running] -- C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.03.07 22:50:03 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.09.01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010.04.06 00:41:46 | 000,116,224 | ---- | M] (Brio) [Auto | Running] -- C:\Programme\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009.04.30 21:43:01 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008.09.08 12:20:18 | 000,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\system32\StkCSrv.exe -- (StkSSrv)
SRV - [2008.08.13 12:54:16 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2008.05.13 07:44:00 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2008.05.01 23:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2008.03.18 04:27:12 | 000,013,312 | R--- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.03.17 17:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007.07.23 23:59:12 | 000,140,568 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2006.10.30 13:29:28 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe -- (SNM WLAN Service)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.03.27 16:45:52 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\RSI\IDL63\bin\bin.x86\idl_dicomexstorscp.exe -- (IDL DicomEx Storage SCP)
SRV - [2006.03.14 06:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2005.11.14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [1999.12.01 12:41:52 | 000,592,896 | ---- | M] () [Auto | Stopped] -- C:\Programme\ESRI\License\arcgis9x\lmtools.exe -- (27000@samsung-p560)
SRV - [1999.12.01 12:38:28 | 000,467,968 | ---- | M] () [Auto | Running] -- C:\Programme\ESRI\License\arcgis9x\lmgrd.exe -- (samsung-p560)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- system32\ZoneLabs\srescan.sys -- (srescan)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | Auto | Stopped] -- SYSTEM32\drivers\DS1410D.SYS -- (DS1410D)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\Gunter\LOKALE~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012.11.11 14:18:33 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2012.11.11 14:18:22 | 000,806,184 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2012.11.11 14:18:15 | 000,689,672 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tib_mounter.sys -- (tib_mounter)
DRV - [2012.11.11 14:18:08 | 000,139,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vididr.sys -- (vididr)
DRV - [2012.11.11 14:18:07 | 000,099,720 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vidsflt.sys -- (vidsflt)
DRV - [2012.11.11 14:18:04 | 000,192,904 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2012.11.11 14:17:56 | 000,093,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2012.03.16 13:55:26 | 000,102,784 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012.03.16 13:55:26 | 000,089,856 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012.03.16 13:55:26 | 000,073,984 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012.03.16 13:55:26 | 000,066,688 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2012.03.16 13:55:26 | 000,026,624 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2012.03.16 13:55:26 | 000,011,136 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2010.12.17 06:56:10 | 000,014,424 | ---- | M] (Ghisler Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\totalcmd\CGLPTNT.SYS -- (cglptnt)
DRV - [2009.10.26 14:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2008.09.12 19:30:08 | 001,374,736 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2008.09.05 20:20:22 | 000,041,376 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2008.05.30 12:44:42 | 000,146,944 | R--- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2008.05.20 09:53:00 | 004,800,000 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008.04.15 09:16:44 | 000,244,368 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress)
DRV - [2008.03.21 04:13:00 | 001,203,776 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.03.17 21:14:52 | 000,015,144 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008.02.15 17:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.01.15 21:11:46 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008.01.14 18:01:02 | 000,030,208 | ---- | M] (Samsung Electronics,.LTD) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS -- (DNSeFilter)
DRV - [2007.07.23 23:59:14 | 000,038,816 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2007.07.23 23:59:12 | 000,041,216 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007.03.31 05:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.03.23 02:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007.03.23 02:50:36 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007.03.23 02:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007.03.23 02:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007.03.23 02:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007.02.16 20:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007.02.16 01:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006.03.14 06:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)
DRV - [2000.08.24 00:19:38 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\..\SearchScopes,DefaultScope = {EBDE5A0F-6BBF-459D-9B97-4C256F56BC3C}
IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\..\SearchScopes\{EBDE5A0F-6BBF-459D-9B97-4C256F56BC3C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb}:1.5.3
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..keyword.URL: "hxxp://go.gmx.net/tb/mff_keyurl_search/?su="
FF - prefs.js..network.proxy.http: "31.7.56.72"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, fritz.box, 192.168.178.254, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Programme\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.9: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.29 20:38:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.29 00:23:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.10.30 19:49:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010.09.01 21:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Extensions
[2010.09.01 21:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.22 17:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions
[2010.04.28 09:07:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.10.03 10:45:31 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.05.12 00:02:37 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2012.09.26 20:53:48 | 000,000,000 | ---D | M] (Ghostery) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\firefox@ghostery.com
[2012.11.10 12:31:34 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\https-everywhere@eff.org
[2012.09.16 09:20:29 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\ich@maltegoetz.de
[2011.05.17 20:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\nostmp
[2012.02.08 23:18:14 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\piclens@cooliris.com
[2012.11.03 17:31:37 | 002,042,908 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\firebug@software.joehewitt.com.xpi
[2012.10.23 15:58:46 | 000,183,174 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\stealthyextension@gmail.com.xpi
[2012.11.22 17:37:10 | 000,530,519 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011.08.19 18:08:10 | 000,031,532 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}.xpi
[2012.11.22 17:37:11 | 000,804,737 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.02.09 22:12:13 | 000,138,614 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012.10.29 20:38:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.04 21:52:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.05.04 14:02:43 | 000,303,416 | ---- | M] (Cisco WebEx LLC) -- C:\Programme\mozilla firefox\plugins\ieatgpc.dll
[2012.05.04 14:02:27 | 000,215,864 | ---- | M] (Cisco WebEx LLC) -- C:\Programme\mozilla firefox\plugins\npatgpc.dll
[2009.11.18 15:49:42 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.06.27 19:57:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-789336058-854245398-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [DMHotKey] C:\Programme\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [StatusAlerts] C:\Programme\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-789336058-854245398-1801674531-1003..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-789336058-854245398-1801674531-1003..\Run: [Power2GoExpress] NA File not found
O4 - Startup: C:\Dokumente und Einstellungen\Gunter\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Gunter\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Gunter\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-854245398-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-854245398-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-854245398-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.71.128.11 80.71.128.27
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{486B557B-F110-4BF1-88D5-1D07F221CC27}: DhcpNameServer = 80.71.128.11 80.71.128.27
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Programme\Softex\OmniPass\opxpgina.dll) - C:\Programme\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Gunter\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Gunter\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.04.06 13:57:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {39D10505-1933-40C6-9EEC-9BB731C6C424} - Outlook Express
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {48C95ABB-F4F0-9803-8F31-0DEFD4B9D821} - Browseranpassungen
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {75BDBAC0-47EE-DC03-CE53-80D61FC3DEFA} - Vektorgrafik-Rendering (VML)
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {CE27FC7B-4FDA-5717-4383-0171F9DF7DAC} - Internet Explorer
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.clmp3enc - C:\Programme\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.22 20:24:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gunter\Desktop\OTL.exe
[2012.11.22 17:04:30 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Gunter\Desktop\tdsskiller.exe
[2012.11.22 17:02:45 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Gunter\Desktop\aswMBR.exe
[2012.11.19 21:48:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gunter\restore
[2012.11.19 21:00:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\dm-Fotowelt
[2012.11.19 20:44:28 | 000,000,000 | ---D | C] -- C:\Programme\dm
[2012.11.14 10:40:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gunter\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2012.11.11 14:20:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Acronis
[2012.11.11 14:18:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012.11.11 14:17:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2012.11.11 14:17:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Acronis
[2012.11.11 14:17:20 | 000,000,000 | ---D | C] -- C:\Programme\Acronis
[2012.11.11 14:17:18 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Acronis
[2012.11.05 20:23:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gunter\Lokale Einstellungen\Anwendungsdaten\HP
[2012.11.05 20:22:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Hewlett-Packard Company
[2012.11.05 20:21:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\HpUpdate
[2012.11.05 20:21:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HP_LaserJet_Fax_0_6
[2012.11.05 20:20:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HP
[2012.11.05 20:20:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HP
[2012.11.05 20:20:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hewlett-Packard
[2012.11.05 20:20:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gunter\Startmenü\Programme\HP
[2012.11.05 20:19:27 | 000,187,960 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\hppscancoins32.dll
[2012.11.05 20:16:29 | 000,000,000 | ---D | C] -- C:\Programme\HP
[2012.10.30 19:49:29 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird
[2012.10.29 20:37:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gunter\Downloads
[2012.10.29 00:22:54 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.22 20:23:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gunter\Desktop\OTL.exe
[2012.11.22 20:23:33 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini
[2012.11.22 17:25:49 | 000,003,972 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2012.11.22 17:19:07 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Gunter\Desktop\MBR.dat
[2012.11.22 17:04:37 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Gunter\Desktop\tdsskiller.exe
[2012.11.22 17:02:12 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Gunter\Desktop\aswMBR.exe
[2012.11.22 16:59:16 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012.11.22 16:50:39 | 000,186,442 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.11.22 16:49:03 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.22 16:49:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.11.22 12:41:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.11.22 00:48:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.21 20:21:04 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012.11.21 19:50:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.11.21 14:30:09 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012.11.21 10:15:04 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012.11.21 08:32:33 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Gunter\Desktop\kyn4bn1d.exe
[2012.11.21 00:35:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.11.21 00:32:19 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Gunter\Desktop\Defogger.exe
[2012.11.20 20:45:04 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012.11.19 21:00:45 | 000,000,751 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\dm-Fotowelt.lnk
[2012.11.19 20:58:46 | 000,025,671 | ---- | M] () -- C:\Dokumente und Einstellungen\Gunter\Desktop\Malena-Zeug PRIVAT BØRNEPASNING.pdf
[2012.11.19 20:28:53 | 000,130,048 | ---- | M] () -- C:\Dokumente und Einstellungen\Gunter\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.16 20:29:05 | 000,325,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.11.16 15:36:08 | 000,517,730 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.11.16 15:36:08 | 000,494,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.11.16 15:36:08 | 000,101,838 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.11.16 15:36:08 | 000,084,902 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.11.16 15:26:58 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.11.11 14:17:53 | 000,000,836 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\True Image 2013.lnk
[2012.11.08 20:13:12 | 000,002,435 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Lexware buchhalter.lnk
[2012.11.05 20:21:33 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LJ200 M276 Scan.lnk
[2012.11.05 20:21:23 | 000,000,608 | -HS- | M] () -- C:\WINDOWS\System32\winzvprt5.sys
[2012.11.05 20:21:23 | 000,000,222 | ---- | M] () -- C:\WINDOWS\System32\hppfaxprinter5.ini
[2012.11.05 20:20:35 | 000,001,008 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LaserJet 200 color MFP M276 - Hilfe- und Lern-Center.lnk
[2012.10.29 20:39:15 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2012.10.25 19:52:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
 
========== Files Created - No Company Name ==========
 
[2012.11.22 17:19:07 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\Desktop\MBR.dat
[2012.11.21 08:33:01 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\Desktop\kyn4bn1d.exe
[2012.11.21 00:33:22 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\Desktop\Defogger.exe
[2012.11.19 21:00:45 | 000,000,751 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\dm-Fotowelt.lnk
[2012.11.19 20:58:46 | 000,025,671 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\Desktop\Malena-Zeug PRIVAT BØRNEPASNING.pdf
[2012.11.11 14:17:53 | 000,000,836 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\True Image 2013.lnk
[2012.11.05 23:25:49 | 000,244,992 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.11.05 20:21:55 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2012.11.05 20:21:55 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2012.11.05 20:21:54 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2012.11.05 20:21:54 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2012.11.05 20:21:33 | 000,000,927 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LJ200 M276 Scan.lnk
[2012.11.05 20:21:23 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys
[2012.11.05 20:21:23 | 000,000,222 | ---- | C] () -- C:\WINDOWS\System32\hppfaxprinter5.ini
[2012.11.05 20:20:35 | 000,001,008 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LaserJet 200 color MFP M276 - Hilfe- und Lern-Center.lnk
[2012.10.29 20:39:15 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2012.10.29 20:39:15 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2012.04.17 14:58:12 | 000,138,608 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvmc100.dll
[2012.04.17 14:58:10 | 000,074,608 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvm100.dll
[2012.04.17 14:58:08 | 000,309,616 | ---- | C] () -- C:\WINDOWS\System32\LxDNT100.dll
[2012.02.27 09:41:52 | 000,202,240 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll
[2012.02.16 19:58:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.03 13:41:41 | 000,002,001 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\.bash_history
[2012.02.03 09:30:24 | 000,000,113 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\.grassrc6
[2012.01.16 19:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Import71.INI
[2012.01.14 23:55:23 | 000,000,089 | ---- | C] () -- C:\WINDOWS\NetworkAnalystLayerUI.INI
[2011.12.03 22:29:49 | 000,000,702 | ---- | C] () -- C:\WINDOWS\KmsTrans.ini
[2011.10.07 19:20:47 | 000,000,663 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\EditLiveForJava.ini
[2011.10.04 19:34:56 | 000,000,186 | ---- | C] () -- C:\WINDOWS\SHPTrans2006.INI
[2011.06.19 19:42:06 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\defogger_reenable
[2010.05.05 09:53:41 | 002,510,317 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\GeoMaker.CAB
[2010.05.05 09:53:41 | 000,004,253 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\SETUP.LST
[2010.05.02 14:31:18 | 000,037,641 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\Untitled Gantt Project.png
[2010.05.01 22:43:28 | 000,003,414 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\.ganttproject
[2010.03.16 10:49:13 | 000,000,653 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\.openev
[2010.03.15 00:31:07 | 000,000,047 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\RegFree.ini
[2010.01.08 22:20:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\hostname
[2009.09.03 18:23:14 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\.recently-used.xbel
[2009.08.18 18:50:13 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND
[2009.08.17 21:58:21 | 000,000,404 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\idl_assistantrc
[2009.06.19 08:05:42 | 000,000,503 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\.jalbum-recent-projects.properties
[2009.06.19 07:55:43 | 000,000,038 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\.jalbum-ftp-accounts.xml
[2009.06.19 07:40:19 | 000,000,828 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\.jalbum-defaults.jap
[2009.06.14 11:53:59 | 000,130,048 | ---- | C] () -- C:\Dokumente und Einstellungen\Gunter\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.09.21 13:07:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011.04.25 15:47:19 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.11.11 14:19:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2011.09.06 23:07:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Caphyon
[2011.11.12 09:53:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint
[2011.09.11 19:19:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2009.04.18 19:49:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESRI
[2009.04.06 14:29:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Infineon
[2010.03.15 00:32:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IsolatedStorage
[2012.11.08 20:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2009.04.06 20:51:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2012.07.02 21:31:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL
[2009.12.15 23:40:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PDF Writer
[2011.10.07 19:20:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PersonalBrain
[2012.10.29 20:34:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012.05.19 12:09:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TheBrain
[2012.11.20 20:14:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2012.10.13 20:06:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone
[2011.06.28 20:06:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.04.17 20:28:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010.10.29 20:43:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\.gephi07beta
[2012.11.11 14:20:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Acronis
[2010.08.23 20:47:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\AnvSoft
[2010.03.15 00:32:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\BeGraphic
[2012.07.11 20:58:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\CheckPoint
[2012.07.02 21:51:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\com.esri.ags.AppBuilder
[2009.09.21 15:33:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\DataEast
[2012.11.22 16:49:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Dropbox
[2012.04.15 12:02:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Elluminate
[2012.06.27 20:39:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\EndNote
[2009.09.03 20:40:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\EPSON
[2010.01.21 15:56:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\ESRI
[2009.08.18 21:17:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\FileZilla
[2009.08.17 20:34:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\fltk.org
[2009.08.02 22:53:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Focus Mp3 Recorder
[2009.07.16 21:07:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Foxit
[2009.09.04 07:46:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\gtk-2.0
[2009.04.06 14:29:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Infineon
[2009.06.19 07:40:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\JAlbum
[2010.12.18 23:08:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\JOSM
[2011.03.16 23:00:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Leadertech
[2012.06.25 21:20:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Lexware
[2012.08.08 22:00:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Notepad++
[2009.04.06 21:09:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\OpenOffice.org
[2009.12.27 10:42:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Opera
[2012.08.18 08:29:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Oracle
[2009.12.15 23:40:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\PDF Writer
[2011.10.07 19:21:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\PersonalBrain
[2012.01.15 20:15:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\QuteCom
[2012.05.20 21:51:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\TheBrain
[2010.09.01 21:24:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Thunderbird
[2012.06.21 22:01:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Tracker Software
[2012.09.26 11:39:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Vodafone
[2012.05.04 14:02:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\webex
[2012.09.26 11:38:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Vodafone
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.03.03 00:20:18 | 000,000,000 | ---D | M] -- C:\ArcScripts
[2009.12.21 12:07:56 | 000,000,000 | -H-D | M] -- C:\BJPrinter
[2011.06.25 19:36:02 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2012.06.25 21:15:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2012.11.22 16:50:39 | 000,000,000 | ---D | M] -- C:\flexlm
[2009.04.06 14:15:54 | 000,000,000 | ---D | M] -- C:\Intel
[2009.06.11 21:37:58 | 000,000,000 | ---D | M] -- C:\Kpcms
[2012.03.08 08:49:03 | 000,000,000 | ---D | M] -- C:\Madita & Pim
[2010.12.02 22:25:06 | 000,000,000 | ---D | M] -- C:\Meine Webseiten
[2009.12.09 21:09:40 | 000,000,000 | R--D | M] -- C:\MSOCache
[2010.08.23 20:30:53 | 000,000,000 | ---D | M] -- C:\MyWorks
[2011.09.21 20:44:25 | 000,000,000 | ---D | M] -- C:\OSGeo4W
[2009.08.26 21:19:57 | 000,000,000 | ---D | M] -- C:\Output Files
[2012.11.19 20:44:28 | 000,000,000 | R--D | M] -- C:\Programme
[2009.06.14 11:53:58 | 000,000,000 | ---D | M] -- C:\Python24
[2011.06.28 07:30:38 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012.02.09 23:14:34 | 000,000,000 | ---D | M] -- C:\springdb
[2012.11.22 20:31:38 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.04.24 22:17:27 | 000,000,000 | ---D | M] -- C:\TEMP
[2011.12.03 22:27:16 | 000,000,000 | ---D | M] -- C:\TMP
[2012.11.16 20:31:28 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2009.12.26 20:23:38 | 000,000,000 | ---D | M] -- C:\WTablet
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.10.29 20:43:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\.gephi07beta
[2012.11.11 14:20:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Acronis
[2012.07.02 21:51:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Adobe
[2010.08.23 20:47:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\AnvSoft
[2011.12.02 10:20:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Apple Computer
[2010.03.15 00:32:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\BeGraphic
[2012.07.11 20:58:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\CheckPoint
[2012.07.02 21:51:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\com.esri.ags.AppBuilder
[2010.11.15 09:01:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\CyberLink
[2009.09.21 15:33:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\DataEast
[2012.11.22 16:49:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Dropbox
[2010.01.05 16:26:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\dvdcss
[2012.04.15 12:02:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Elluminate
[2012.06.27 20:39:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\EndNote
[2009.09.03 20:40:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\EPSON
[2010.01.21 15:56:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\ESRI
[2009.08.18 21:17:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\FileZilla
[2012.09.26 11:48:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\FLEXnet
[2009.08.17 20:34:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\fltk.org
[2009.08.02 22:53:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Focus Mp3 Recorder
[2009.07.16 21:07:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Foxit
[2009.04.08 21:25:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Google
[2009.09.04 07:46:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\gtk-2.0
[2009.12.21 12:09:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Help
[2012.11.05 20:22:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Hewlett-Packard Company
[2012.11.20 21:55:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\HpUpdate
[2009.04.06 14:03:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Identities
[2009.04.06 14:29:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Infineon
[2009.04.06 14:25:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\InstallShield
[2009.06.19 07:40:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\JAlbum
[2010.12.18 23:08:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\JOSM
[2011.03.16 23:00:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Leadertech
[2012.06.25 21:20:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Lexware
[2009.04.06 20:03:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Macromedia
[2011.05.14 16:31:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Malwarebytes
[2012.07.01 19:33:25 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Microsoft
[2009.04.06 21:14:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla
[2010.08.23 21:00:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\NCH Software
[2012.08.08 22:00:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Notepad++
[2009.04.06 21:09:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\OpenOffice.org
[2009.12.27 10:42:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Opera
[2012.08.18 08:29:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Oracle
[2009.12.15 23:40:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\PDF Writer
[2011.10.07 19:21:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\PersonalBrain
[2012.01.15 20:15:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\QuteCom
[2012.11.22 20:25:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Skype
[2009.04.06 21:05:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Sun
[2012.05.20 21:51:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\TheBrain
[2010.09.01 21:24:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Thunderbird
[2012.06.21 22:01:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Tracker Software
[2011.10.24 23:53:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\U3
[2009.04.18 22:26:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\vlc
[2012.09.26 11:39:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Vodafone
[2012.05.04 14:02:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\webex
[2012.11.22 16:50:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\WTablet
 
< %APPDATA%\*.exe /s >
[2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Dropbox\bin\Dropbox.exe
[2012.05.04 19:41:38 | 000,872,104 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 19:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Dropbox\bin\Uninstall.exe
[2012.07.02 21:50:19 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.10.11 19:33:53 | 000,885,770 | ---- | M] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Microsoft\AddIns\XLToolbox\uninstall\unins000.exe
[2012.07.01 19:33:25 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe
[2012.07.01 19:33:25 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe
[2012.07.01 19:33:25 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe
[2012.07.01 19:33:25 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe
[2012.07.02 21:31:35 | 000,287,934 | R--- | M] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Microsoft\Installer\{8FC67FB0-5F99-4DBC-9B32-E0C027862220}\InstallerIcon.exe
[2010.09.01 14:52:56 | 000,032,032 | ---- | M] (NOS Microsystems Ltd.) -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\nostmp\content\getPlusPlus_Adobe_reg.exe
[2012.02.06 13:07:28 | 000,425,984 | ---- | M] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
[2012.02.06 13:07:28 | 000,545,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
[2007.10.18 17:53:00 | 000,276,847 | ---- | M] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\Thunderbird\Profiles\0av7s8h4.default\extensions\{1f38ac4f-07a2-4d70-92e8-3b9cb468cda5}\platform\WINNT_x86-msvc\content\bin\readpst+.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Gunter\Anwendungsdaten\U3\temp\cleanup.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
[2009.04.06 15:44:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.04.06 15:44:56 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.04.06 15:44:56 | 000,458,752 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C321E34

< End of report >
         
--- --- ---


Alt 22.11.2012, 19:58   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/CVE-2012-0507.CG und Windows Performanz - Standard

Java/CVE-2012-0507.CG und Windows Performanz



Code:
ATTFilter
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.71.128.11 80.71.128.27
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{486B557B-F110-4BF1-88D5-1D07F221CC27}: DhcpNameServer = 80.71.128.11 80.71.128.27
         
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________
--> Java/CVE-2012-0507.CG und Windows Performanz

Alt 22.11.2012, 20:08   #7
gunnar_p
 
Java/CVE-2012-0507.CG und Windows Performanz - Standard

Java/CVE-2012-0507.CG und Windows Performanz



Nein, wieso? Wegen der IP? Ich bin hier in ein Netzwerk meiner Wohnanlage eingebunden. Das wird von https://parknet.dk/ betrieben. Wohne in Kopenhagen.

Oder wegen der XP Professional? Auch nicht, die war bei meinem Rechner dabei.

Alt 22.11.2012, 20:30   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/CVE-2012-0507.CG und Windows Performanz - Standard

Java/CVE-2012-0507.CG und Windows Performanz



Ein XP Professional war dabei? Ist recht ungewöhnlich
Homeuser brauchen die Features einer Professionalversion äußerst selten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.11.2012, 21:00   #9
gunnar_p
 
Java/CVE-2012-0507.CG und Windows Performanz - Standard

Java/CVE-2012-0507.CG und Windows Performanz



Hi Cosinus,
Ich wollte keine Spielekiste sondern einen ordentlichen Rechner. Und den gab's online vom Systemhaus. Vorinstalliert war damals Vista und eine XP Version (Recovery??) gab's auf CD dazu. Die habe ich installiert.
Aber das ist schon sicher 4-5 Jahre her.
Wirklich alles ganz legal, und kein Crack oder Kopie vom Sys Admin.

Alt 22.11.2012, 21:07   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/CVE-2012-0507.CG und Windows Performanz - Standard

Java/CVE-2012-0507.CG und Windows Performanz



Naja, die XP-Pro-Editions sind eher für Domänenrechner gedacht...also Bürokisten von Firmen die eine Windows-Server-Domäne haben...Domänenbeitritt eines Clients nur mit dieser Edititon möglich, wirklich für Heimanwender interessante Funktionen mehr als die Home-Edititon hat die Pro nicht...aber egal lassen wir das, ich frag meistens nach wenn mir eine Pro-Edition auffällt

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
@Alternate Data Stream - 95 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C321E34
:Files
C:\WINDOWS\tasks\At*.job
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.11.2012, 21:27   #11
gunnar_p
 
Java/CVE-2012-0507.CG und Windows Performanz - Standard

Java/CVE-2012-0507.CG und Windows Performanz



Hier kommt das OTL Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C321E34 deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\***\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes
 
User: ***
->Temp folder emptied: 1387235027 bytes
->Temporary Internet Files folder emptied: 839696552 bytes
->Java cache emptied: 21370372 bytes
->FireFox cache emptied: 61619111 bytes
->Flash cache emptied: 62658 bytes
 
User: LocalService
->Temp folder emptied: 2206792 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 4416262 bytes
->Temporary Internet Files folder emptied: 962988 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 183943515 bytes
RecycleBin emptied: 9435300 bytes
 
Total Files Cleaned = 2.395,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 11222012_221512

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 23.11.2012, 09:59   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/CVE-2012-0507.CG und Windows Performanz - Standard

Java/CVE-2012-0507.CG und Windows Performanz



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.11.2012, 18:18   #13
gunnar_p
 
Java/CVE-2012-0507.CG und Windows Performanz - Standard

Java/CVE-2012-0507.CG und Windows Performanz



Hallo Cosinus,
hier kommt das ADWCleaner Log:

Code:
ATTFilter
# AdwCleaner v2.008 - Datei am 23/11/2012 um 19:15:16 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : *** - SAMSUNG-P560
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Dokumente und Einstellungen\***\Software

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\ConduitSearchScopes
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2611275
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2613550

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [989 octets] - [23/11/2012 19:15:16]

########## EOF - C:\AdwCleaner[R1].txt - [1048 octets] ##########
         

Alt 23.11.2012, 19:59   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/CVE-2012-0507.CG und Windows Performanz - Standard

Java/CVE-2012-0507.CG und Windows Performanz



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.11.2012, 21:18   #15
gunnar_p
 
Java/CVE-2012-0507.CG und Windows Performanz - Standard

Java/CVE-2012-0507.CG und Windows Performanz



Hier sind adwcleaner:
Code:
ATTFilter
# AdwCleaner v2.008 - Datei am 23/11/2012 um 22:00:57 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : *** - SAMSUNG-P560
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Dokumente und Einstellungen\***\Software

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2611275
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2613550

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [1108 octets] - [23/11/2012 19:15:16]
AdwCleaner[S2].txt - [1051 octets] - [23/11/2012 22:00:57]

########## EOF - C:\AdwCleaner[S2].txt - [1111 octets] ##########
         
OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.11.2012 22:07:00 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 78,15% Memory free
4,84 Gb Paging File | 4,30 Gb Available in Paging File | 88,81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 80,00 Gb Total Space | 30,97 Gb Free Space | 38,72% Space Free | Partition Type: NTFS
Drive D: | 142,88 Gb Total Space | 14,87 Gb Free Space | 10,41% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG-P560 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\HP\HPBDSService\HPBDSService.exe (Hewlett-Packard Company)
PRC - C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe (HP)
PRC - C:\Programme\FolderSize\FolderSizeSvc.exe (Brio)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe ()
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\WINDOWS\system32\StkCSrv.exe (Syntek America Inc.)
PRC - C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.)
PRC - C:\Programme\Softex\OmniPass\OPXPApp.exe ()
PRC - C:\Programme\Samsung\MagicKBD\PerformanceManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\MagicKBD\MagicKBD.exe (SAMSUNG Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Programme\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
PRC - C:\Programme\Infineon\Security Platform Software\SpTNA.exe (Infineon Technologies AG)
PRC - C:\Programme\Infineon\Security Platform Software\PSDrt.exe (Infineon Technologies AG)
PRC - C:\WINDOWS\system32\IfxPsdSv.exe (Infineon Technologies AG)
PRC - C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe ()
PRC - C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
PRC - C:\Programme\ESRI\License\arcgis9x\ARCGIS.EXE ()
PRC - C:\Programme\ESRI\License\arcgis9x\lmgrd.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\b75ca75b9c2eb103f98a457ec9256ce7\System.Xml.Linq.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\b809681da85a58046cb39f268b6697ad\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\3710da7b61c2c4ed10903487dbde1c35\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\Programme\Acronis\TrueImageHome\ti_managers.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Acronis\Home\icudt38.dll ()
MOD - C:\Programme\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Acronis\Home\ulxmlrpcpp.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\icudt38.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll ()
MOD - C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe ()
MOD - C:\Programme\Softex\OmniPass\hdddrv.dll ()
MOD - C:\Programme\Softex\OmniPass\OPXPGina.dll ()
MOD - C:\Programme\Softex\OmniPass\OPXPApp.exe ()
MOD - C:\Programme\Softex\OmniPass\ginastub.dll ()
MOD - C:\Programme\Softex\OmniPass\userdata.dll ()
MOD - C:\Programme\Softex\OmniPass\autheng.dll ()
MOD - C:\Programme\Softex\OmniPass\storeng.dll ()
MOD - C:\Programme\Softex\OmniPass\cryptodll.dll ()
MOD - C:\Programme\Softex\OmniPass\SSPLogon.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvshell.dll ()
MOD - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
MOD - C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe ()
MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()
MOD - C:\Programme\Samsung\MagicKBD\EasyBoxDll.dll ()
MOD - C:\Programme\ESRI\License\arcgis9x\ARCGIS.EXE ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()
MOD - C:\Programme\ESRI\License\arcgis9x\lmgrd.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (afcdpsrv) -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Skype C2C Service) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (syncagentsrv) -- C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (HP DS Service) -- C:\Programme\HP\HPBDSService\HPBDSService.exe (Hewlett-Packard Company)
SRV - (HP LaserJet Service) -- C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe (HP)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (nosGetPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (FolderSize) -- C:\Programme\FolderSize\FolderSizeSvc.exe (Brio)
SRV - (getPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (StkSSrv) -- C:\WINDOWS\system32\StkCSrv.exe (Syntek America Inc.)
SRV - (omniserv) -- C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.)
SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (PersonalSecureDriveService) -- C:\WINDOWS\system32\IfxPsdSv.exe (Infineon Technologies AG)
SRV - (SNM WLAN Service) -- C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDL DicomEx Storage SCP) -- C:\Programme\RSI\IDL63\bin\bin.x86\idl_dicomexstorscp.exe ()
SRV - (SentinelProtectionServer) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (27000@samsung-p560) -- C:\Programme\ESRI\License\arcgis9x\lmtools.exe ()
SRV - (samsung-p560) -- C:\Programme\ESRI\License\arcgis9x\lmgrd.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (srescan) -- system32\ZoneLabs\srescan.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (DS1410D) -- SYSTEM32\drivers\DS1410D.SYS File not found
DRV - (Changer) --  File not found
DRV - (afcdp) -- C:\WINDOWS\system32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman) -- C:\WINDOWS\system32\drivers\tdrpman.sys (Acronis)
DRV - (tib_mounter) -- C:\WINDOWS\system32\drivers\tib_mounter.sys (Acronis)
DRV - (vididr) -- C:\WINDOWS\system32\drivers\vididr.sys (Acronis)
DRV - (vidsflt) -- C:\WINDOWS\system32\drivers\vidsflt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (fltsrv) -- C:\WINDOWS\system32\drivers\fltsrv.sys (Acronis)
DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcacm) -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcecm) -- C:\WINDOWS\system32\drivers\ew_jucdcecm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_ext_ctrl) -- C:\WINDOWS\system32\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_usbenumfilter) -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV - (cglptnt) -- C:\Programme\totalcmd\CGLPTNT.SYS (Ghisler Software GmbH)
DRV - (NETw5x32) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (StkCMini) -- C:\WINDOWS\system32\drivers\StkCMini.sys (Syntek)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (ATSWPDRV) -- C:\WINDOWS\system32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (e1yexpress) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (DNSeFilter) -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS (Samsung Electronics,.LTD)
DRV - (PersonalSecureDrive) -- C:\WINDOWS\system32\drivers\psd.sys (Infineon Technologies AG)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (Sentinel) -- C:\WINDOWS\system32\drivers\sentinel.sys (SafeNet, Inc.)
DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\..\SearchScopes\{EBDE5A0F-6BBF-459D-9B97-4C256F56BC3C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-854245398-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb}:1.5.3
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..keyword.URL: "hxxp://go.gmx.net/tb/mff_keyurl_search/?su="
FF - prefs.js..network.proxy.http: "31.7.56.72"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, fritz.box, 192.168.178.254, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Programme\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.9: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.29 20:38:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.29 00:23:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.10.30 19:49:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010.09.01 21:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.09.01 21:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.23 20:25:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions
[2010.04.28 09:07:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.10.03 10:45:31 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.05.12 00:02:37 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2012.09.26 20:53:48 | 000,000,000 | ---D | M] (Ghostery) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\firefox@ghostery.com
[2012.11.10 12:31:34 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\https-everywhere@eff.org
[2012.09.16 09:20:29 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\ich@maltegoetz.de
[2011.05.17 20:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\nostmp
[2012.02.08 23:18:14 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\piclens@cooliris.com
[2012.11.03 17:31:37 | 002,042,908 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\firebug@software.joehewitt.com.xpi
[2012.10.23 15:58:46 | 000,183,174 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\stealthyextension@gmail.com.xpi
[2012.11.22 17:37:10 | 000,530,519 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011.08.19 18:08:10 | 000,031,532 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}.xpi
[2012.11.23 20:25:43 | 000,804,627 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.02.09 22:12:13 | 000,138,614 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\knlfn47o.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012.10.29 20:38:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.04 21:52:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.05.04 14:02:43 | 000,303,416 | ---- | M] (Cisco WebEx LLC) -- C:\Programme\mozilla firefox\plugins\ieatgpc.dll
[2012.05.04 14:02:27 | 000,215,864 | ---- | M] (Cisco WebEx LLC) -- C:\Programme\mozilla firefox\plugins\npatgpc.dll
[2009.11.18 15:49:42 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.11.22 22:17:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-789336058-854245398-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [DMHotKey] C:\Programme\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [StatusAlerts] C:\Programme\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-789336058-854245398-1801674531-1003..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-789336058-854245398-1801674531-1003..\Run: [Power2GoExpress] NA File not found
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-854245398-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-854245398-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-854245398-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.71.128.11 80.71.128.27
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{486B557B-F110-4BF1-88D5-1D07F221CC27}: DhcpNameServer = 80.71.128.11 80.71.128.27
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Programme\Softex\OmniPass\opxpgina.dll) - C:\Programme\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.04.06 13:57:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.22 22:15:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.22 20:24:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2012.11.22 17:04:30 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\***\Desktop\tdsskiller.exe
[2012.11.22 17:02:45 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\***\Desktop\aswMBR.exe
[2012.11.19 21:48:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\restore
[2012.11.19 21:00:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\dm-Fotowelt
[2012.11.19 20:44:28 | 000,000,000 | ---D | C] -- C:\Programme\dm
[2012.11.14 10:40:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2012.11.13 08:56:08 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2012.11.11 14:20:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Acronis
[2012.11.11 14:18:31 | 000,234,752 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\afcdp.sys
[2012.11.11 14:18:21 | 000,806,184 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpman.sys
[2012.11.11 14:18:15 | 000,689,672 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\tib_mounter.sys
[2012.11.11 14:18:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012.11.11 14:18:08 | 000,139,336 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\vididr.sys
[2012.11.11 14:18:07 | 000,099,720 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\vidsflt.sys
[2012.11.11 14:18:04 | 000,192,904 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2012.11.11 14:17:56 | 000,093,928 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\fltsrv.sys
[2012.11.11 14:17:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2012.11.11 14:17:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Acronis
[2012.11.11 14:17:20 | 000,000,000 | ---D | C] -- C:\Programme\Acronis
[2012.11.11 14:17:18 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Acronis
[2012.11.05 20:23:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\HP
[2012.11.05 20:22:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Hewlett-Packard Company
[2012.11.05 20:21:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\HpUpdate
[2012.11.05 20:21:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HP_LaserJet_Fax_0_6
[2012.11.05 20:21:23 | 000,019,624 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hppfaxprintermon5.dll
[2012.11.05 20:21:23 | 000,015,144 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hppfaxprintermonui5.dll
[2012.11.05 20:20:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HP
[2012.11.05 20:20:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HP
[2012.11.05 20:20:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hewlett-Packard
[2012.11.05 20:20:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\HP
[2012.11.05 20:19:45 | 000,291,840 | ---- | C] (Hewlett-Packard Corporation) -- C:\WINDOWS\System32\hpcpn117.dll
[2012.11.05 20:19:42 | 000,238,080 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpbcoins32.dll
[2012.11.05 20:19:27 | 000,873,888 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpptsplj276.dll
[2012.11.05 20:19:27 | 000,491,064 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpwia1_lj276.dll
[2012.11.05 20:19:27 | 000,187,960 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\hppscancoins32.dll
[2012.11.05 20:16:29 | 000,000,000 | ---D | C] -- C:\Programme\HP
[2012.10.30 19:49:29 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird
[2012.10.29 20:37:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Downloads
[2012.10.29 00:22:54 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.23 22:04:06 | 000,186,442 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.11.23 22:02:49 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.23 22:02:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.11.23 21:48:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.23 21:41:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.11.23 19:14:05 | 000,543,531 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\adwcleaner.exe
[2012.11.23 18:25:48 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012.11.22 23:02:40 | 000,004,031 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2012.11.22 22:17:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012.11.22 22:15:18 | 000,517,730 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.11.22 22:15:18 | 000,494,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.11.22 22:15:18 | 000,101,838 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.11.22 22:15:18 | 000,084,902 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.11.22 20:23:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2012.11.22 20:23:33 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini
[2012.11.22 17:19:07 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\MBR.dat
[2012.11.22 17:04:37 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\***\Desktop\tdsskiller.exe
[2012.11.22 17:02:12 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\***\Desktop\aswMBR.exe
[2012.11.21 19:50:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.11.21 08:32:33 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\kyn4bn1d.exe
[2012.11.21 00:35:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.11.21 00:32:19 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2012.11.19 21:00:45 | 000,000,751 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\dm-Fotowelt.lnk
[2012.11.19 20:58:46 | 000,025,671 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Malena-Zeug PRIVAT BØRNEPASNING.pdf
[2012.11.19 20:28:53 | 000,130,048 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.16 20:29:05 | 000,325,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.11.16 15:26:58 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.11.11 14:18:33 | 000,234,752 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\afcdp.sys
[2012.11.11 14:18:22 | 000,806,184 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpman.sys
[2012.11.11 14:18:15 | 000,689,672 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tib_mounter.sys
[2012.11.11 14:18:08 | 000,139,336 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\vididr.sys
[2012.11.11 14:18:07 | 000,099,720 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\vidsflt.sys
[2012.11.11 14:18:04 | 000,192,904 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2012.11.11 14:17:56 | 000,093,928 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\fltsrv.sys
[2012.11.11 14:17:53 | 000,000,836 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\True Image 2013.lnk
[2012.11.11 09:45:01 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.11.11 09:45:00 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.11.08 20:13:12 | 000,002,435 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Lexware buchhalter.lnk
[2012.11.05 20:21:33 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LJ200 M276 Scan.lnk
[2012.11.05 20:21:23 | 000,000,608 | -HS- | M] () -- C:\WINDOWS\System32\winzvprt5.sys
[2012.11.05 20:21:23 | 000,000,222 | ---- | M] () -- C:\WINDOWS\System32\hppfaxprinter5.ini
[2012.11.05 20:20:35 | 000,001,008 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LaserJet 200 color MFP M276 - Hilfe- und Lern-Center.lnk
[2012.10.29 20:39:15 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2012.10.25 19:52:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
 
========== Files Created - No Company Name ==========
 
[2012.11.23 19:14:07 | 000,543,531 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\adwcleaner.exe
[2012.11.22 17:19:07 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\MBR.dat
[2012.11.21 08:33:01 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\kyn4bn1d.exe
[2012.11.21 00:33:22 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2012.11.19 21:00:45 | 000,000,751 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\dm-Fotowelt.lnk
[2012.11.19 20:58:46 | 000,025,671 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Malena-Zeug PRIVAT BØRNEPASNING.pdf
[2012.11.11 14:17:53 | 000,000,836 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\True Image 2013.lnk
[2012.11.05 23:25:49 | 000,244,992 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.11.05 20:21:33 | 000,000,927 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LJ200 M276 Scan.lnk
[2012.11.05 20:21:23 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys
[2012.11.05 20:21:23 | 000,000,222 | ---- | C] () -- C:\WINDOWS\System32\hppfaxprinter5.ini
[2012.11.05 20:20:35 | 000,001,008 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP LaserJet 200 color MFP M276 - Hilfe- und Lern-Center.lnk
[2012.10.29 20:39:15 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2012.10.29 20:39:15 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2012.04.17 14:58:12 | 000,138,608 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvmc100.dll
[2012.04.17 14:58:10 | 000,074,608 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvm100.dll
[2012.04.17 14:58:08 | 000,309,616 | ---- | C] () -- C:\WINDOWS\System32\LxDNT100.dll
[2012.02.27 09:41:52 | 000,202,240 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll
[2012.02.16 19:58:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.03 13:41:41 | 000,002,001 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.bash_history
[2012.02.03 09:30:24 | 000,000,113 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.grassrc6
[2012.01.16 19:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Import71.INI
[2012.01.14 23:55:23 | 000,000,089 | ---- | C] () -- C:\WINDOWS\NetworkAnalystLayerUI.INI
[2011.12.03 22:29:49 | 000,000,702 | ---- | C] () -- C:\WINDOWS\KmsTrans.ini
[2011.10.07 19:20:47 | 000,000,663 | ---- | C] () -- C:\Dokumente und Einstellungen\***\EditLiveForJava.ini
[2011.10.04 19:34:56 | 000,000,186 | ---- | C] () -- C:\WINDOWS\SHPTrans2006.INI
[2011.06.19 19:42:06 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2010.05.05 09:53:41 | 002,510,317 | ---- | C] () -- C:\Dokumente und Einstellungen\***\GeoMaker.CAB
[2010.05.05 09:53:41 | 000,004,253 | ---- | C] () -- C:\Dokumente und Einstellungen\***\SETUP.LST
[2010.05.02 14:31:18 | 000,037,641 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Untitled Gantt Project.png
[2010.05.01 22:43:28 | 000,003,414 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.ganttproject
[2010.03.16 10:49:13 | 000,000,653 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.openev
[2010.03.15 00:31:07 | 000,000,047 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\RegFree.ini
[2010.01.08 22:20:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\hostname
[2009.09.03 18:23:14 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel
[2009.08.18 18:50:13 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND
[2009.08.17 21:58:21 | 000,000,404 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\idl_assistantrc
[2009.06.19 08:05:42 | 000,000,503 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.jalbum-recent-projects.properties
[2009.06.19 07:55:43 | 000,000,038 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.jalbum-ftp-accounts.xml
[2009.06.19 07:40:19 | 000,000,828 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.jalbum-defaults.jap
[2009.06.14 11:53:59 | 000,130,048 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.09.21 13:07:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011.04.25 15:47:19 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---


und Extra.txt

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.11.2012 22:07:00 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 78,15% Memory free
4,84 Gb Paging File | 4,30 Gb Available in Paging File | 88,81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 80,00 Gb Total Space | 30,97 Gb Free Space | 38,72% Space Free | Partition Type: NTFS
Drive D: | 142,88 Gb Total Space | 14,87 Gb Free Space | 10,41% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG-P560 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-789336058-854245398-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Programme\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [dm Fotowelt] -- "C:\Programme\Fotowelt\dm Fotowelt.exe" "%1"
Directory [dm-Fotowelt] -- "C:\Programme\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\CyberLink\PowerDVD\PowerDVD.exe" = C:\Programme\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\CyberLink\PowerDVD\PowerDVD.exe" = C:\Programme\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Programme\CyberLink\PowerDirector\PDR.exe" = C:\Programme\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector -- (CyberLink Corp.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\Google\Google Talk\googletalk.exe" = C:\Programme\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\FaxApplications.exe" = C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\FaxApplications.exe:LocalSubNet:Enabled:HP LaserJet 200 color MFP M276 FaxApplications -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\DigitalWizards.exe" = C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\DigitalWizards.exe:LocalSubNet:Enabled:HP LaserJet 200 color MFP M276 DigitalWizards -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\HPNetworkCommunicator.exe" = C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Netzwerkkommunikator (HP LaserJet 200 color MFP M276) -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\EWSProxy.exe" = C:\Programme\HP\HP LaserJet 200 color MFP M276\Bin\EWSProxy.exe:LocalSubNet:Enabled:HP LaserJet 200 color MFP M276 EWSProxy -- (Hewlett-Packard Co.)
"E:\Installer\hpbcsiInstaller.exe" = E:\Installer\hpbcsiInstaller.exe:*:Enabled:HP Networked Printer Installer
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{0197D136-598D-4968-BEEA-91C1B764F05D}" = Lexware buchhalter 2012
"{028BF8B5-9143-4A68-84F3-A1A6D2E17889}" = hppLaserJetService
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0535BC5C-33E8-44DB-AEFB-0EDE4EF88052}" = GeoRoverXT
"{08DE5881-1312-46B3-86C0-4001DAB786F0}" = PDF-XChange Viewer
"{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D26E238-B81A-4541-8CAC-5CA3D69C12A5}" = Jalbum
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}" = HPLaserJet200color-MFPM276_HelpLearnCenter_SI
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{138C06D2-CF8E-250A-48D1-7421E7F1A525}" = ArcGIS Viewer for Flex
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{14E82399-E221-43EE-B819-055A00E499C3}" = Infineon TPM Professional Package
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1AA8913B-0A5E-4B70-8A1C-878283EF0F66}" = RSI ENVI 4.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F34839E-4826-4B64-B1B3-42E5AE8DEC5A}" = ArcGIS Desktop
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31A5ED9F-E07B-4F6E-8179-27325BAAC502}" = AuthenTec Fingerprint Sensor Minimum Install
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine for Microtek
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3B701A5D-1F4B-4178-8F86-6EB0D6BB3286}" = Inst565a
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C45ED46-5475-4E88-9EA5-38B962A4B8CF}" = ColorTool 2.0
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{48FB7C81-0EF5-4857-8849-DD526BAC7A36}" = Java Advanced Imaging 1.1.3 for JRE
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B02D3CE-A011-4475-93A5-774E0DA4E27E}" = hpbM276DSService
"{4D667C80-C106-4A7F-984E-42CD19F18CC1}" = Time Slider
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{51722911-C391-4118-97BF-B50100D2AB15}_is1" = Gephi 0.7
"{54525107-4C4E-44AC-AC65-806084151057}" = hppSendFaxM276
"{568C5D3E-5B79-47EC-A34B-8D7C8AEF1F8F}" = HPLJUTCore
"{59F3D2AC-5F1F-4A93-8F23-6FD4F029D9A9}" = True Image 2013
"{59F3D2AC-5F1F-4A93-8F23-6FD4F029D9A9}Visible" = True Image 2013
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.06
"{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}" = hpbDSService
"{6553F4A8-B67F-49BA-A882-FF499C83CF4B}" = 32 Bit HP CIO Components Installer
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6A136292-02AB-428E-8E9A-2628A52FA98E}" = HP LaserJet 200 color MFP M276 Fax
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C0BB722-74DF-4D06-95AA-1D9D4C2E906B}" = KML Geocode
"{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{7C960641-0A27-45C6-96F8-BE4E04A4CC2C}" = hpStatusAlerts
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.22
"{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1
"{88B2E402-DE40-4422-9CCB-D285F8602C93}" = HP Product FWUpdater
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FC67FB0-5F99-4DBC-9B32-E0C027862220}" = MySQL Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9615709B-777E-4EF7-ADF6-45131FA64C1E}" = Easy ALS Manager
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA7C8031-C18D-42A9-8426-0DD1CBCC9E3A}" = hppM276LaserJetService
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B361ED10-259E-4B76-B35E-E47BB6DDDD74}" = hppFaxDrvM276
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7A20537-1A1F-47D4-8526-DC9BABB315FD}" = Lexware Elster
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C97E3F48-DE95-4E00-80AF-32D75C69302D}" = HPLJUTM276
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}" = HP LaserJet 200 color MFP M276
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0AA26A2-08B8-4858-BB69-E50A542DC6ED}" = HP LaserJet 200 color MFP M276 HP Device Toolbox
"{D58D3C8E-2B39-455C-AE79-878AEA3D38FC}" = HP Unified IO
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4289A7B-F94B-4CB5-A09A-96D3634E9669}" = Tableau Public 6.0
"{E6770DAF-AA6B-4875-9B99-16B8FAC70547}" = hpStatusAlertsM276
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA540E75-A545-4C9D-B42E-9C8FC09630C4}" = HP LJ200 M276 HP Scan
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF719B9F-2D42-4790-87E8-005B4088E951}" = KMLReport
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F156F43B-0335-49CE-AA04-8B3FD74BEDD5}" = ArcScripts Cartograms
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.01.25.A
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"1190-3857-8766-9166" = TheBrain 7
"7-Zip" = 7-Zip 4.65
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ArcGIS License Manager" = ArcGIS License Manager
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Banco de Dados Spring DF" = Banco de Dados Spring DF
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1007
"CDex" = CDex - Open Source Digital Audio CD Extractor
"com.esri.ags.AppBuilder" = ArcGIS Viewer for Flex
"dm-Fotowelt" = dm-Fotowelt
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON SX110 Series" = Druckerdeinstallation für EPSON SX110 Series
"ESET Online Scanner" = ESET Online Scanner v3
"ET GeoWizards 9.9" = ET GeoWizards 9.9
"FileZilla Client" = FileZilla Client 3.2.4.1
"Filzip 3.0.6.93_is1" = Filzip 3.06
"FWTools247" = FWTools 2.4.7
"GanttProject" = GanttProject
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"iDump" = iDump (Build: 28)
"ie8" = Windows Internet Explorer 8
"InstallShield_{1AA8913B-0A5E-4B70-8A1C-878283EF0F66}" = RSI ENVI 4.3
"InstallShield_{48FB7C81-0EF5-4857-8849-DD526BAC7A36}" = Java Advanced Imaging 1.1.3 for JRE
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"IrfanView" = IrfanView (remove only)
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Mendeley Desktop" = Mendeley Desktop 1.3.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Monteverdi" = Monteverdi-1.8
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"No23 Recorder" = No23 Recorder
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OTB-Applications" = OrfeoToolbox-Applications-3.10
"Pen Tablet Driver" = Stifttablett
"Prism" = Prism Videodatei-Konverter
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"Python 2.4.1" = Python 2.4.1
"Quantum GIS Wroclaw" = Quantum GIS Wroclaw 1.7.3 Wroclaw
"SpywareBlaster_is1" = SpywareBlaster 4.4
"ST6UNST #1" = GEGraph
"ST6UNST #2" = LIDAR Data Handler (8.1)
"Strassenverzeichnisse_is1" = R2009_V1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 0.9.9
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9C
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-789336058-854245398-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{BDE4805C-4A64-4C6D-8547-5B7DB885C65F}_is1" = Daniel's XL Toolbox 5.04
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.11.2012 17:00:24 | Computer Name = SAMSUNG-P560 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ctfmon.exe, Version 5.1.2600.5512, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10078fa0.
 
Error - 23.11.2012 17:00:24 | Computer Name = SAMSUNG-P560 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung magickbd.exe, Version 7.0.2.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00ac8fa0.
 
Error - 23.11.2012 17:00:25 | Computer Name = SAMSUNG-P560 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung schedhlp.exe, Version 1.0.0.473, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10078fa0.
 
Error - 23.11.2012 17:00:28 | Computer Name = SAMSUNG-P560 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung performancemanager.exe, Version 1.0.2.1,
 fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00cc8a90.
 
Error - 23.11.2012 17:00:28 | Computer Name = SAMSUNG-P560 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wscntfy.exe, Version 5.1.2600.5512, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10078a90.
 
Error - 23.11.2012 17:00:29 | Computer Name = SAMSUNG-P560 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung batterymanager.exe, Version 2.1.4.2, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00ed80d0.
 
Error - 23.11.2012 17:00:29 | Computer Name = SAMSUNG-P560 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung tibmountermonitor.exe, Version 4.2.0.1061,
 fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x010b8a90.
 
Error - 23.11.2012 17:00:29 | Computer Name = SAMSUNG-P560 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung dmhkcore.exe, Version 2.2.10.1, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c38a90.
 
Error - 23.11.2012 17:00:30 | Computer Name = SAMSUNG-P560 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung sptna.exe, Version 3.0.1413.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c180d0.
 
Error - 23.11.2012 17:04:02 | Computer Name = SAMSUNG-P560 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
[ OSession Events ]
Error - 19.04.2010 09:38:43 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18225
 seconds with 4020 seconds of active time.  This session ended with a crash.
 
Error - 05.05.2010 16:14:12 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 05.05.2010 16:14:30 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 26.05.2011 16:08:23 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 26.05.2011 16:11:57 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 22.08.2011 12:13:10 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.08.2011 14:09:30 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.08.2011 14:09:45 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.11.2012 10:44:29 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 10959
 seconds with 2580 seconds of active time.  This session ended with a crash.
 
Error - 17.11.2012 10:44:48 | Computer Name = SAMSUNG-P560 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4020
 seconds with 600 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 23.11.2012 13:17:26 | Computer Name = SAMSUNG-P560 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DS1410D" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 23.11.2012 13:17:26 | Computer Name = SAMSUNG-P560 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst 27000@samsung-p560.
 
Error - 23.11.2012 13:17:26 | Computer Name = SAMSUNG-P560 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "27000@samsung-p560" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 23.11.2012 14:09:34 | Computer Name = SAMSUNG-P560 | Source = NetDDE | ID = 206
Description = "Listen" fehlgeschlagen: 23: NCB_LANA_NUM hat keine gültige Netzwerknummer
 angegeben.
 
Error - 23.11.2012 14:09:44 | Computer Name = SAMSUNG-P560 | Source = NetDDE | ID = 206
Description = "Listen" fehlgeschlagen: 15: 
 
Error - 23.11.2012 14:35:50 | Computer Name = SAMSUNG-P560 | Source = NetDDE | ID = 206
Description = "Listen" fehlgeschlagen: 23: NCB_LANA_NUM hat keine gültige Netzwerknummer
 angegeben.
 
Error - 23.11.2012 14:36:04 | Computer Name = SAMSUNG-P560 | Source = NetDDE | ID = 206
Description = "Listen" fehlgeschlagen: 15: 
 
Error - 23.11.2012 17:04:17 | Computer Name = SAMSUNG-P560 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DS1410D" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 23.11.2012 17:04:17 | Computer Name = SAMSUNG-P560 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst 27000@samsung-p560.
 
Error - 23.11.2012 17:04:17 | Computer Name = SAMSUNG-P560 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "27000@samsung-p560" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
 
< End of report >
         
--- --- ---

Antwort

Themen zu Java/CVE-2012-0507.CG und Windows Performanz
32 bit, 7-zip, application/pdf:, bho, bonjour, busse, entfernen, error, excel, festplatte, firefox, flash player, focus, fontcache, format, helper, hewlett packard, logfile, mozilla, mp3, nodrives, office 2007, proxy, realtek, registry, rundll, scan, security, senden, server, sketchup, software, tracker, virus, visual studio, von heute auf morgen, windows, windows internet, windows xp



Ähnliche Themen: Java/CVE-2012-0507.CG und Windows Performanz


  1. Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (37)
  2. Kaspersky findet Exploit.Java.CVE-2012-0507
    Log-Analyse und Auswertung - 23.04.2013 (1)
  3. Exploit:Java/CVE-2012-0507
    Plagegeister aller Art und deren Bekämpfung - 09.04.2013 (3)
  4. HEUR:Exploit.Java.CVE-2012-0507.gen
    Log-Analyse und Auswertung - 03.04.2013 (13)
  5. HEUR:Exploit.Java.CVE-2012-0507.gen
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (40)
  6. HEUR:Exploit.Java.CVE-2012-0507.gen (von Kaspersky gefunden)
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (11)
  7. Virusbefall durch Exploit.Java.CVE-2012-0507.gen
    Plagegeister aller Art und deren Bekämpfung - 28.01.2013 (23)
  8. HEUR:Exploit.Java.CVE-2012-0507.gen
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (3)
  9. Avira Antivir findet JAVA/Agent.LP, EXP/JAVA.Ternub.Gen und EXP/CVE-2012-0507.AR
    Log-Analyse und Auswertung - 21.01.2013 (1)
  10. HEUR:Exploit.Java.CVE-2012-4681.gen" sowie mehrfach Exploit.Java.CVE-2012-0507.ou mit kaspersky gefunden in C:Dokumente und Einstellungen ge
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (11)
  11. Exploits EXP/0507.BY.3, EXP/5353.AJ.4.B, EXP/2012-0507.AW.2 bzw. JAVA/Dldr.Lama.AE.2 gefunden
    Log-Analyse und Auswertung - 11.07.2012 (18)
  12. EXPLOIT:JAVA/CVE-2012-0507.CG gefunden
    Log-Analyse und Auswertung - 05.07.2012 (3)
  13. Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.**
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (21)
  14. Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.**
    Mülltonne - 11.06.2012 (0)
  15. Exploit.Java.CVE-2012-0507.fb
    Log-Analyse und Auswertung - 22.05.2012 (8)
  16. Exploit.Java.CVE-2012-0507.be in C:\Documents and Settings\Jonathan\Appdata\LocalLow\Sun\Java [...]
    Log-Analyse und Auswertung - 16.04.2012 (8)
  17. (2x) Java Virus? EXP/CVE-2012-0507.A und weitere
    Mülltonne - 25.03.2012 (1)

Zum Thema Java/CVE-2012-0507.CG und Windows Performanz - Hi, Meine Windows Performanz ist seit etwa 14 Tagen total im Keller. Das äussert sich so: wenn ich den Windows Explorer öffne, dauert es 30-40 sec um die Verzeichnisstruktur aufzubauen. - Java/CVE-2012-0507.CG und Windows Performanz...
Archiv
Du betrachtest: Java/CVE-2012-0507.CG und Windows Performanz auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.