| |
| |||||||
Log-Analyse und Auswertung: XP sehr langsam, outlook meldet Termine immer wiederWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte. |
 |
24.12.2013, 09:40
| #1 |
 |  XP sehr langsam, outlook meldet Termine immer wieder Hi, mein Rechner ist sehr langsam, speedswitch zeigt meist sehr hohe CPU Auslastung. FRST wird abgebrochen. gmer: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-24 10:29:27
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM160HC rev.LQ100-10 128,00GB
Running: gmer_2.1.19163.exe; Driver: D:\DOKUME~1\user\LOKALE~1\Temp\pgtdypoc.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB8AD9610]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB8ADA0E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB8B1DB36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB8AE5F18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB8AE5F64]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB8AE60FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB8AE5E86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB8AE5FA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB8AE5ECE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xB8ADA5E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB8AE60B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xB8ADAE9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB8AD9676]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB8B1E1FC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB8B1E4B2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB8ADE596]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB8B1E067]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB8B1DED2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB8AD925E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB8AD96DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB8ADE98C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB8ADB92C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB8AE5F42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB8AE5F86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB8AE6122]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB8AE5EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB8ADDE78]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB8AE6036]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB8AE5EF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB8ADE26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB8AE60DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB8B1DD4D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB8ADB7F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB8B1DB9F]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xB8ADB34E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB8B9A744]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB8B1CB30]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB8AD9742]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB8AD97A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xB8ADAD16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB8AD92F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB8AD94CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB8B1E303]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB8AD945C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xB8ADB066]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xB8ADB1C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB8AD9556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xB8ADAB54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xB8ADACF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB8AD980E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xB8ADA142]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateKey [0x804D7571]
SSDT \WINDOWS\system32\ntoskrnl.exe[unknown section] [804D7571] ZwCreateKey [0x804D7571]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenKey [0x804D7576]
SSDT \WINDOWS\system32\ntoskrnl.exe[unknown section] [804D7576] ZwOpenKey [0x804D7576]
INT 0x03 \WINDOWS\system32\ntoskrnl.exe[unknown section] 804D757B
INT 0x06 \??\D:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) B420516D
INT 0x0E \??\D:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) B4204FC2
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB8BA6E00]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!_abnormal_termination + F0 804E26C4 3 Bytes [71, 75, 4D] {JNO 0x77; DEC EBP}
.text ntoskrnl.exe!_abnormal_termination + 208 804E27DC 8 Bytes [8C, E9, AD, B8, 2C, B9, AD, ...] {MOV ECX, GS; LODSD ; MOV EAX, 0xb8adb92c}
.text ntoskrnl.exe!_abnormal_termination + 228 804E27FC 3 Bytes [76, 75, 4D] {JBE 0x77; DEC EBP}
.text ntoskrnl.exe!_abnormal_termination + 398 804E296C 12 Bytes [42, 97, AD, B8, A8, 97, AD, ...]
.text ntoskrnl.exe!_abnormal_termination + 440 804E2A14 12 Bytes [66, B0, AD, B8, C8, B1, AD, ...]
PAGE ntoskrnl.exe!ObInsertObject 805651BA 5 Bytes JMP B8BA57B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BC20 4 Bytes CALL B8ADBFD9 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 805830E4 7 Bytes JMP B8BA6E04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059EAEB 5 Bytes JMP B8BA3C9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF80996D 5 Bytes JMP B8AE0284 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C8C9 5 Bytes JMP B8AE0162 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813994 5 Bytes JMP B8AE0116 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E641 5 Bytes JMP B8ADEBF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 197D BF820D4E 5 Bytes JMP B8ADF6EC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 11A6 BF82D568 5 Bytes JMP B8ADED54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLockSurface + C09 BF82E6E6 5 Bytes JMP B8AE03FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 2E84 BF839072 5 Bytes JMP B8AE0614 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + B8EC BF841ADA 5 Bytes JMP B8AE000A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + E0A8 BF844296 5 Bytes JMP B8ADF6CE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + F624 BF845812 5 Bytes JMP B8ADEDF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 290F BF86F4A6 5 Bytes JMP B8ADF7C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 4BED BF871784 5 Bytes JMP B8ADF22C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 4C78 BF87180F 5 Bytes JMP B8ADF508 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 584E BF8723E5 5 Bytes JMP B8ADEAD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AC2C BF8777C3 5 Bytes JMP B8AE01B2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 67EE BF87E9ED 5 Bytes JMP B8AE033C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 35E9 BF897CCE 5 Bytes JMP B8ADF2F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4126 BF89880B 5 Bytes JMP B8ADF4C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF8B58F7 5 Bytes JMP B8ADF7E2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 2862 BF8B9015 5 Bytes JMP B8AE056C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 35C2 BF8C1B9F 5 Bytes JMP B8ADEF24 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + A5C1 BF8EB159 5 Bytes JMP B8ADF70A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8EFC1A 5 Bytes JMP B8ADE9C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 3BBE BF8F1DE9 5 Bytes JMP B8ADF008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 3E3E BF8F2069 5 Bytes JMP B8ADF150 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A40 BF914A09 5 Bytes JMP B8ADECDC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1CEC BF914CB5 5 Bytes JMP B8ADF88C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2614 BF9155DD 5 Bytes JMP B8ADEEBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F95 BF917F5E 5 Bytes JMP B8ADF628 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 192B BF9484CB 5 Bytes JMP B8AE04BE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.vmp2 D:\WINDOWS\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0xB3E9069D]
.text D:\WINDOWS\system32\drivers\aksfridge.sys section is writeable [0xB3E10000, 0x48011, 0xE0000020]
.init D:\WINDOWS\system32\drivers\aksfridge.sys entry point in ".init" section [0xB3E65224]
.init D:\WINDOWS\system32\drivers\aksfridge.sys unknown last code section [0xB3E65000, 0x4000, 0xE20000E0]
.text D:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xB3C83400, 0x6E1B2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xB3D0D220] D:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xB3D0D220]
.protectÿÿÿÿhardlockunknown last code section [0xB3D0D000, 0x50EA, 0xE0000020] D:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xB3D0D000, 0x50EA, 0xE0000020]
---- User code sections - GMER 2.1 ----
.text D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[228] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[228] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\system32\svchost.exe[232] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\system32\svchost.exe[232] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\AVAST Software\Avast\avastUI.exe[256] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\AVAST Software\Avast\avastUI.exe[256] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text E:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe[280] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text E:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe[280] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\Java\jre6\bin\jqs.exe[384] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Java\jre6\bin\jqs.exe[384] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\System32\smss.exe[436] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\system32\wuauclt.exe[456] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\system32\wuauclt.exe[456] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text E:\Programme\Microsoft Office\Office12\OUTLOOK.EXE[508] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text E:\Programme\Microsoft Office\Office12\OUTLOOK.EXE[508] kernel32.dll!SetUnhandledExceptionFilter 7C8449B5 5 Bytes JMP 326054C1 D:\Programme\Gemeinsame Dateien\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text E:\Programme\Microsoft Office\Office12\OUTLOOK.EXE[508] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text E:\Programme\Microsoft Office\Office12\OUTLOOK.EXE[508] ole32.dll!OleLoadFromStream 774F988B 5 Bytes JMP 330BD62A D:\Programme\Gemeinsame Dateien\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text E:\Programme\Bazaar\tbzrcache.exe[584] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text E:\Programme\Bazaar\tbzrcache.exe[584] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\AVAST Software\Avast\AvastSvc.exe[596] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\AVAST Software\Avast\AvastSvc.exe[596] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\TightVNC\tvnserver.exe[700] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\TightVNC\tvnserver.exe[700] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\system32\spoolsv.exe[784] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\system32\spoolsv.exe[784] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\Microsoft ActiveSync\WCESCOMM.EXE[788] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Microsoft ActiveSync\WCESCOMM.EXE[788] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\Windows Desktop Search\WindowsSearch.exe[820] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Windows Desktop Search\WindowsSearch.exe[820] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[832] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[832] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text E:\Programme\EaseUS\Todo Backup\bin\Agent.exe[856] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text E:\Programme\EaseUS\Todo Backup\bin\Agent.exe[856] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\system32\csrss.exe[904] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\system32\csrss.exe[904] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\system32\winlogon.exe[944] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\system32\services.exe[1004] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\system32\services.exe[1004] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\system32\hasplms.exe[1064] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\system32\hasplms.exe[1064] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text E:\Programme\EaseUS\Todo Backup\bin\GuardAgent.exe[1236] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text E:\Programme\EaseUS\Todo Backup\bin\GuardAgent.exe[1236] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\system32\nvsvc32.exe[1276] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\system32\nvsvc32.exe[1276] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\System32\svchost.exe[1400] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\DisplayLink Core Software\DisplayLinkManager.exe[1432] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\DisplayLink Core Software\DisplayLinkManager.exe[1432] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\TeamViewer\Version8\TeamViewer_Service.exe[1524] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\TeamViewer\Version8\TeamViewer_Service.exe[1524] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDPOP3.exe[1692] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDPOP3.exe[1692] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\DisplayLink Core Software\DisplayLinkUserAgent.exe[1764] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\DisplayLink Core Software\DisplayLinkUserAgent.exe[1764] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDClock.exe[1788] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDClock.exe[1788] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\system32\svchost.exe[2016] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\system32\svchost.exe[2016] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\system32\svchost.exe[2024] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe[2092] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe[2092] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe[2164] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe[2164] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\Explorer.EXE[2172] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\Explorer.EXE[2172] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\Explorer.EXE[2172] SHELL32.dll!SHFileOperationW 7E720984 5 Bytes JMP 00CC1102 D:\Programme\Unlocker\UnlockerHook.dll
.text D:\Programme\Messenger\msmsgs.exe[2184] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Messenger\msmsgs.exe[2184] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\system32\wscntfy.exe[2200] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\system32\wscntfy.exe[2200] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe[2272] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe[2272] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\Teleca Shared\logger.exe[2276] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\Teleca Shared\logger.exe[2276] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe[2344] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe[2344] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\Acronis\TrueImage\TrueImageMonitor.exe[2376] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Acronis\TrueImage\TrueImageMonitor.exe[2376] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe[2676] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe[2676] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe[2796] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe[2796] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text E:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter.exe[2964] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text E:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter.exe[2964] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text E:\Programme\EaseUS\Todo Backup\bin\EuWatch.exe[2992] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text E:\Programme\EaseUS\Todo Backup\bin\EuWatch.exe[2992] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDCountdown.exe[3052] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDCountdown.exe[3052] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text E:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter.exe[3064] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text E:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter.exe[3064] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[3168] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[3168] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\system32\wbem\wmiapsrv.exe[3176] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\system32\wbem\wmiapsrv.exe[3176] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDMedia.exe[3240] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDMedia.exe[3240] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text E:\Programme\EaseUS\Todo Backup\bin\TrayNotify.exe[3248] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text E:\Programme\EaseUS\Todo Backup\bin\TrayNotify.exe[3248] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\system32\SearchIndexer.exe[3268] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\system32\SearchIndexer.exe[3268] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C D:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text D:\WINDOWS\system32\SearchIndexer.exe[3268] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\Unlocker\UnlockerAssistant.exe[3292] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Unlocker\UnlockerAssistant.exe[3292] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\System32\svchost.exe[3320] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\System32\svchost.exe[3320] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\Wyse\PocketCloud Windows Companion\PocketCloudService.exe[3480] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Wyse\PocketCloud Windows Companion\PocketCloudService.exe[3480] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\system32\rundll32.exe[3548] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\system32\rundll32.exe[3548] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe[3616] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe[3616] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\system32\ctfmon.exe[3692] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\system32\ctfmon.exe[3692] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\AVG Secure Search\vprot.exe[3696] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\AVG Secure Search\vprot.exe[3696] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe[3732] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe[3732] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\DisplayLink Core Software\DisplayLinkUI.exe[3780] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\DisplayLink Core Software\DisplayLinkUI.exe[3780] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe[3824] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe[3824] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\system32\nipalsm.exe[4020] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\system32\nipalsm.exe[4020] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\SpeedswitchXP\SpeedswitchXP.exe[4044] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\SpeedswitchXP\SpeedswitchXP.exe[4044] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\Logitech\Vid HD\Vid.exe[4052] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\Logitech\Vid HD\Vid.exe[4052] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\WINDOWS\System32\alg.exe[4072] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\WINDOWS\System32\alg.exe[4072] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe[4152] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe[4152] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe[4244] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe[4244] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Dokumente und Einstellungen\user\Desktop\gmer_2.1.19163.exe[4708] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Dokumente und Einstellungen\user\Desktop\gmer_2.1.19163.exe[4708] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe[5948] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe[5948] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text D:\Programme\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe[6020] ntdll.dll!RtlDosSearchPath_U + 186 7C92616D 1 Byte [62]
.text D:\Programme\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe[6020] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (TrueImage Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 EUBKMON.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 timntr.sys (TrueImage Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 EUBKMON.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 timntr.sys (TrueImage Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 EUBKMON.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 timntr.sys (TrueImage Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 EUBKMON.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\Disk \Device\Harddisk0\DR0 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOCC06.00.00.01WSSV 507383A3DF0070EC7AD1F64614D53CB47B3836A545F01971403AFAC16599C88CE8E6D32D025A1968782B0ECD02428FC92278B269727D2F8B1C478D8CE339CCAD88DE47385D58E9A8677293DD56F2B117A4906BB8C632F23126DBD1E748F0B691789D35DE3F2F63CE0318D6A99F5AEB654EBB467AB35E14EDD923E80C038AC32807DA98D0BA49E9D0887F4CF230206BCDEE2ED1266B85A8213A3A1A48C889113686429151A544C2793B820C13211D3EBF590ABF4AE6DFA97E4AB34E7F1321A0554B71603899719BE5626BD0764C61DB7EE66AE20763D8748D131593279EBAD8F0307CEEEF75D50108C87A7B1C51AE1A9FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA2D97226D213B555A6171C11EC38DE3DD6CE30DC1F957F0D175D38D02D72702756DD20CA506F7D5AA57DD823F07402C00A970D9A169F0907B1960996A00E7A49BD24B9B31F695FD4981D31A7265034AA596545ED4789C95BBB033A4D050CBBACA807FA22E84B7015CBCCE18520E4A803B5079A3A29902973191A85EB12E465DE0CCCB3C2496BC86D633FF5417707840294386E77F526728EAEC8C500C3498BC4DEAE5B561AD6E60789191AEE0ABECA33F12EC72F2B6FD43D686D7AA9571BA6939C5A0A32FB4CAA5CEAF4A0B9F84869F
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
und Frohe Feiertage Klaus |
|
24.12.2013, 10:19
| #2 |
| /// the machine /// TB-Ausbilder    | XP sehr langsam, outlook meldet Termine immer wieder Hi,
__________________bringt FRST ne Fehlermeldung`?
__________________ |
|
25.12.2013, 11:35
| #3 |
| | XP sehr langsam, outlook meldet Termine immer wieder Hi Schrauber
__________________der Abbruch erfolgt mit der Windowsmeldung: FRST.exe hat ein Problem festgestellt und muss beendet werden und dann das übliche "Problembericht senden...", habe ich nicht gemacht. im FRST-Fenster steht oben: Listing Files and Folders: History Grüße Klaus Hi Schrauber, ich habe noch FRST.txt von heute, hatte FRST gestern nicht erzeugt, glaube ich. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-12-2013 01
Ran by user (administrator) on SAMSUN on 25-12-2013 09:38:50
Running from D:\Dokumente und Einstellungen\user\Eigene Dateien\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(DisplayLink Corp.) D:\Programme\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) D:\Programme\DisplayLink Core Software\DisplayLinkUserAgent.exe
(AVAST Software) D:\Programme\AVAST Software\Avast\AvastSvc.exe
(Acronis) D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
(CHENGDU YIWO Tech Development Co., Ltd) E:\Programme\EASEUS\Todo Backup\bin\Agent.exe
(CHENGDU YIWO Tech Development Co., Ltd) E:\Programme\EASEUS\Todo Backup\bin\GuardAgent.exe
(Aladdin Knowledge Systems Ltd.) D:\WINDOWS\system32\hasplms.exe
(Sun Microsystems, Inc.) D:\Programme\Java\jre6\bin\jqs.exe
(NVIDIA Corporation) D:\WINDOWS\system32\nvsvc32.exe
(TeamViewer GmbH) D:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
(GlavSoft LLC.) D:\Programme\TightVNC\tvnserver.exe
(VMware, Inc.) E:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
(VMware, Inc.) E:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) E:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(AVG Secure Search) D:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
() D:\Programme\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
(National Instruments Corporation) D:\WINDOWS\system32\nipalsm.exe
() D:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
(DisplayLink Corp.) D:\Programme\DisplayLink Core Software\DisplayLinkUI.exe
(Microsoft Corporation) D:\WINDOWS\system32\wuauclt.exe
(Logitech Inc.) D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\LCDMon.exe
(Logitech Inc.) D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDClock.exe
(Logitech Inc.) D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDCountdown.exe
(Logitech Inc.) D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDPOP3.exe
(Logitech Inc.) D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDMedia.exe
(Sun Microsystems, Inc.) D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
() D:\Programme\Browser Mouse\Browser Mouse\1.0\LwbWheel.exe
(Teleca Sweden AB) D:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe
(Acronis) D:\Programme\Acronis\TrueImage\TrueImageMonitor.exe
(Acronis) D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
(AVAST Software) D:\Programme\AVAST Software\Avast\AvastUI.exe
() D:\Programme\Unlocker\UnlockerAssistant.exe
() D:\Programme\AVG Secure Search\vprot.exe
(CHENGDU YIWO Tech Development Co., Ltd) E:\Programme\EASEUS\Todo Backup\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) E:\Programme\EASEUS\Todo Backup\bin\TrayNotify.exe
(Popwire AB) D:\Programme\Gemeinsame Dateien\Teleca Shared\logger.exe
(Christian Diefer) D:\Programme\SpeedswitchXP\SpeedswitchXP.exe
(Microsoft Corporation) D:\Programme\Microsoft ActiveSync\wcescomm.exe
(Logitech Inc.) D:\Programme\Logitech\Vid HD\Vid.exe
(Microsoft Corporation) D:\Programme\Messenger\msmsgs.exe
(Chromatic Dragon) D:\Programme\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe
(Microsoft Corporation) D:\Programme\Windows Desktop Search\WindowsSearch.exe
(Teleca AB) D:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
(Teleca Sweden AB) D:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
(Teleca) D:\Programme\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
(Teleca Sweden AB) D:\Programme\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
(Teleca Sweden AB) D:\Programme\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe
(Teleca AB) D:\Programme\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
(TODO: <Company name>) D:\Programme\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
(Sun Microsystems, Inc.) D:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
(Microsoft Corporation) E:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
(Mozilla Corporation) E:\Programme\Mozilla Firefox\firefox.exe
(Mozilla Corporation) E:\Programme\Mozilla Firefox\plugin-container.exe
() E:\Programme\Bazaar\tbzrcache.exe
(Microsoft Corporation) D:\WINDOWS\system32\wscntfy.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [Launch LCDMon] - D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\LCDMon.exe [774168 2007-04-27] (Logitech Inc.)
HKLM\...\Run: [BIH] - D:\WINDOWS\system32\rundll32.exe bih.dll,InitGauge
HKLM\...\Run: [SunJavaUpdateSched] - D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [LWBMOUSE] - D:\Programme\Browser Mouse\Browser Mouse\1.0\LwbWheel.exe [429568 2001-03-26] ()
HKLM\...\Run: [Mobile Connectivity Suite] - D:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe [598016 2009-11-19] (Teleca Sweden AB)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
HKLM\...\Run: [Acronis*True*Image Monitor] - D:\Programme\Acronis\TrueImage\TrueImageMonitor.exe [505319 2011-02-10] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe [65536 2011-02-10] (Acronis)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [avast] - D:\Programme\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [UnlockerAssistant] - D:\Programme\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [vProt] - D:\Programme\AVG Secure Search\vprot.exe [2471448 2013-12-24] ()
HKLM\...\Run: [EaseUs Watch] - E:\Programme\EASEUS\Todo Backup\bin\EuWatch.exe [70728 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [EaseUs Tray] - E:\Programme\EASEUS\Todo Backup\bin\TrayNotify.exe [1372232 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [NIDAQmxDriverStatus] - E:\Programme\National Instruments\NI-DAQ\HWConfig\nidevldstat.exe [11408 2004-07-14] (National Instruments Corporation)
HKLM\...\Run: [20131121] - D:\Programme\AVAST Software\Avast\Setup\emupdate\5a5f826e-c754-415a-9d00-eb31f3570d02.exe [180184 2013-12-04] (AVAST Software)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoSharedDocuments] 0
HKCU\...\Run: [SpeedswitchXP] - D:\Programme\SpeedswitchXP\SpeedswitchXP.exe [626688 2006-07-14] (Christian Diefer)
HKCU\...\Run: [H/PC Connection Agent] - D:\Programme\Microsoft ActiveSync\wcescomm.exe [401496 2002-01-12] (Microsoft Corporation)
HKCU\...\Run: [Logitech Vid] - D:\Programme\Logitech\Vid HD\Vid.exe [6129496 2011-01-13] (Logitech Inc.)
HKCU\...\Run: [MSMSGS] - D:\Programme\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Policies\Explorer: [FoFileAssociate] 0
HKCU\...\Policies\Explorer: [NoShellSearchButton] 0
HKCU\...\Policies\Explorer: [HideClock] 0
HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKCU\...\Policies\Explorer: [NoUserNameInStartMenu] 0
HKCU\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKU\Klaus\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - D:\Programme\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [ 2013-06-03] (AVG Secure Search)
Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Toodledo Sync Tool.lnk
ShortcutTarget: Toodledo Sync Tool.lnk -> D:\WINDOWS\Installer\{7D0C60CD-F5FF-4758-8A96-247D0DA74C52}\_ABFE74A9AD95D30FB3A626.exe ()
Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> D:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: D:\Dokumente und Einstellungen\user\Startmenü\Programme\Autostart\PandaUSBVaccine.lnk
ShortcutTarget: PandaUSBVaccine.lnk -> D:\Programme\Panda USB Vaccine\USBVaccine.exe (Panda Security)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={51E470F8-AF77-40EF-87AE-C44CBC6398F2}&mid=f87258d0644e47d0944ed145b7cf625f-ad3dee1b8d643e3f1eeb6a9023e59fabb0456946&lang=de&ds=mt011&pr=sa&d=2012-11-19 11:27:50&v=13.2.0.4&sap=hp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={51E470F8-AF77-40EF-87AE-C44CBC6398F2}&mid=f87258d0644e47d0944ed145b7cf625f-ad3dee1b8d643e3f1eeb6a9023e59fabb0456946&lang=de&ds=mt011&pr=sa&d=2012-11-19 11:27:50&v=15.5.0.2&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={51E470F8-AF77-40EF-87AE-C44CBC6398F2}&mid=f87258d0644e47d0944ed145b7cf625f-ad3dee1b8d643e3f1eeb6a9023e59fabb0456946&lang=de&ds=mt011&pr=sa&d=2012-11-19 11:27:50&v=15.5.0.2&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - D:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Programme\rpbrowserrecordplugin.dll No File
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - D:\Programme\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Programme\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - D:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - D:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - D:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - D:\Programme\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - D:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - D:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - D:\Programme\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - D:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - D:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default
FF user.js: detected! => D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\user.js
FF Plugin: @adobe.com/FlashPlayer - D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - D:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll (AVG Technologies)
FF Plugin: @Google.com/GoogleEarthPlugin - D:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - D:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin - D:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - D:\Programme\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.91 - D:\Programme\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin: @pack.google.com/Google Updater;version=14 - D:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - E:\Programme\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 - E:\Programme\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - E:\Programme\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - D:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - D:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\searchplugins\stumbleupon.xml
FF SearchPlugin: D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\searchplugins\winamp-search.xml
FF SearchPlugin: D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\searchplugins\surf-canyon.xml
FF SearchPlugin: D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\searchplugins\searchplugins-backup
FF SearchPlugin: D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\searchplugins\ixquick---deutsch.xml
FF Extension: Surf Canyon - Search Engine Assistant - D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
FF Extension: Microsoft .NET Framework Assistant - D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Winamp Toolbar - D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF Extension: Snap Shots - D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\snapshots@snap.com
FF Extension: No Name - D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\nostmp
FF Extension: FastestFox - D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\smarterwiki@wikiatic.com.xpi
FF Extension: Fast Video Download (with SearchMenu) - D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
FF Extension: StumbleUpon - D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
FF Extension: Toodledo - D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\statusbar@toodledo.com.xpi
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - E:\Programme\browserrecord
FF Extension: RealPlayer Browser Record Plugin - E:\Programme\browserrecord
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - D:\Programme\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - D:\Programme\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - D:\Programme\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - D:\Programme\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\FireFoxExt\17.2.0.38
FF Extension: AVG Security Toolbar - D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\FireFoxExt\17.2.0.38
FF StartMenuInternet: FIREFOX.EXE - E:\Programme\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - D:\Programme\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - D:\Programme\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - D:\Programme\Google\Chrome\Application\27.0.1453.94\pdf.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.230.5) - D:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U23) - D:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.4) - D:\Programme\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4) - D:\Programme\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4) - D:\Programme\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4) - D:\Programme\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4) - D:\Programme\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4) - D:\Programme\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4) - D:\Programme\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - D:\Programme\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - D:\Programme\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - D:\Programme\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - E:\Programme\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (National Instruments LabVIEW 8.0 Netscape Plug-in for Windows) - E:\Programme\Mozilla Firefox\plugins\NPLV80Win32.dll No File
CHR Plugin: (National Instruments LabVIEW 8.2 Netscape Plug-in for Windows) - E:\Programme\Mozilla Firefox\plugins\NPLV82Win32.dll (National Instruments)
CHR Plugin: (National Instruments LabVIEW 8.5 Netscape Plug-in for Windows) - E:\Programme\Mozilla Firefox\plugins\nplv85win32.dll No File
CHR Plugin: (RealPlayer Version Plugin) - E:\Programme\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - E:\Programme\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - E:\Programme\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (2007 Microsoft Office system) - E:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Internet Pictures Corp. iPIX Plugin v6.2) - E:\Programme\Mozilla Firefox\plugins\NpIpx32.dll (Internet Pictures Corp.)
CHR Plugin: (getPlusPlus for Adobe 16291) - E:\Programme\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (Google Earth Plugin) - D:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - D:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Picasa) - D:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - D:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - D:\Programme\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Gmail) - D:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: (Google Search) - D:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (YouTube) - D:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (AVG Security Toolbar) - D:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\ChromeExt\17.2.0.38\avg.crx
========================== Services (Whitelisted) =================
R2 AcrSch2Svc; D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [114688 2011-02-10] (Acronis)
R2 avast! Antivirus; D:\Programme\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 DisplayLinkService; D:\Programme\DisplayLink Core Software\DisplayLinkManager.exe [5240168 2011-04-10] (DisplayLink Corp.)
R2 EaseUS Agent; E:\Programme\EaseUS\Todo Backup\bin\Agent.exe [68168 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
R2 Guard Agent; E:\Programme\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
S2 gupdate1c9a57b31024390; D:\Programme\Google\Update\GoogleUpdate.exe [133104 2009-03-15] (Google Inc.)
S3 gupdatem; D:\Programme\Google\Update\GoogleUpdate.exe [133104 2009-03-15] (Google Inc.)
S2 gusvc; D:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2012-10-12] (Google)
R2 hasplms; D:\WINDOWS\system32\hasplms.exe [2549248 2008-07-17] (Aladdin Knowledge Systems Ltd.)
S2 LkCitadelServer; D:\WINDOWS\system32\lkcitdl.exe [695136 2007-03-21] (National Instruments, Inc.)
S4 lkClassAds; D:\WINDOWS\system32\lkads.exe [40488 2007-07-16] (National Instruments Corporation)
S4 lkTimeSync; D:\WINDOWS\system32\lktsrv.exe [50736 2007-07-16] (National Instruments Corporation)
S3 MozillaMaintenance; D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117144 2013-06-04] (Mozilla Foundation)
S2 nidevldu; D:\Windows\System32\nipalsm.exe [5730 2004-07-08] (National Instruments Corporation)
S4 NIDomainService; E:\Programme\National Instruments\Shared\Security\nidmsrv.exe [213040 2007-07-16] (National Instruments Corporation)
S4 NILM License manager; E:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1007616 2007-01-29] (Macrovision Corporation)
R2 nipxirmu; D:\Windows\System32\nipalsm.exe [5730 2004-07-08] (National Instruments Corporation)
S4 niSvcLoc; D:\WINDOWS\system32\nisvcloc.exe [48704 2007-07-19] (National Instruments Corp.)
S3 oad; E:\Programme\vbroker\Bin\oad.exe [1781248 1998-03-12] ()
S3 odserv; D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [441712 2008-11-04] (Microsoft Corporation)
S3 OpcEnum; D:\WINDOWS\system32\OpcEnum.exe [98304 2004-12-02] (OPC Foundation)
S3 osagent; E:\Programme\vbroker\Bin\osagent.exe [193536 1998-03-12] ()
S3 ose; D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S3 SandraAgentSrv; D:\Programme\SiSoftware\SiSoftware Sandra Lite 2013\RpcAgentSrv.exe [68760 2008-11-04] (SiSoftware)
R2 TeamViewer8; D:\Programme\TeamViewer\Version8\TeamViewer_Service.exe [3467768 2012-12-14] (TeamViewer GmbH)
R2 tvnserver; D:\Programme\TightVNC\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)
R2 vmware-converter-agent; D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VMware\VMware vCenter Converter Standalone\converter-agent.xml [6401 2013-06-03] ()
R2 vmware-converter-server; D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VMware\VMware vCenter Converter Standalone\converter-server.xml [4407 2013-06-03] ()
R2 vmware-converter-worker; D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VMware\VMware vCenter Converter Standalone\converter-worker.xml [7013 2013-06-03] ()
R2 vToolbarUpdater17.2.0; D:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [1771544 2013-12-24] (AVG Secure Search)
S3 WMPNetworkSvc; D:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
R2 WysePocketCloud; D:\Programme\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [74240 2010-11-19] ()
S2 ClipInc001; K:\Tobit ClipInc\Server\ClipInc-Server.exe 001 [x]
S3 de_serv; D:\Programme\Gemeinsame Dateien\AVM\de_serv.exe [x]
R2 JavaQuickStarterService; "D:\Programme\Java\jre6\bin\jqs.exe" -service -config "D:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf"
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
==================== Drivers (Whitelisted) ====================
R2 acedrv11; D:\WINDOWS\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R2 aksfridge; D:\WINDOWS\system32\drivers\aksfridge.sys [350720 2008-03-27] (Aladdin Knowledge Systems Ltd.)
R2 aswFsBlk; D:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; D:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 AswRdr; D:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; D:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; D:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-28] (AVAST Software)
R1 aswSP; D:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-28] (AVAST Software)
R1 aswTdi; D:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; D:\Windows\System32\Drivers\aswVmm.sys [175176 2013-08-28] ()
R1 avgtp; D:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-10-21] (AVG Technologies)
R1 BIOS; D:\WINDOWS\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group)
R3 BlueletAudio; D:\Windows\System32\DRIVERS\blueletaudio.sys [34704 2007-05-11] (IVT Corporation.)
R3 BlueletSCOAudio; D:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
S3 bmdrvr; D:\Windows\System32\drivers\bmdrvr.sys [54384 2011-03-15] (VMware, Inc.)
S3 BT; D:\Windows\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; D:\Windows\System32\Drivers\btcusb.sys [36496 2007-05-09] (IVT Corporation.)
R0 BTHidEnum; D:\Windows\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; D:\Windows\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
S3 CCDECODE; D:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 cs429x; D:\Windows\System32\drivers\cwawdm.sys [97664 2002-08-22] (Cirrus Logic, Inc.)
R2 cvintdrv; D:\Windows\System32\Drivers\cvintdrv.sys [7140 2003-07-29] ()
S3 dfu; D:\Windows\System32\drivers\MassDfu.sys [12416 2011-08-01] (Philips PTCL)
R3 DisplayLinkFilter; D:\Windows\System32\DRIVERS\DisplayLinkFilter.sys [7296 2011-04-10] (DisplayLink Corp.)
R3 DisplayLinkGA; D:\Windows\System32\DRIVERS\DisplayLinkGAport.sys [27648 2011-04-10] (DisplayLink Corp.)
R3 DisplayLinkmirror; D:\Windows\System32\DRIVERS\DisplayLinkmirrorport.sys [24448 2011-04-10] (DisplayLink Corp.)
S3 DisplayLinkUsbPort; D:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [21888 2011-11-15] (hxxp://libusb-win32.sourceforge.net)
R3 EL90XBC; D:\Windows\System32\DRIVERS\el90xbc5.sys [77469 2003-01-23] (3Com Corporation)
R0 EUBAKUP; D:\Windows\System32\drivers\eubakup.sys [51400 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; D:\Windows\System32\drivers\EUBKMON.sys [40776 2013-05-10] ()
R1 EUDSKACS; D:\WINDOWS\system32\drivers\eudskacs.sys [14920 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; D:\WINDOWS\system32\drivers\EuFdDisk.sys [185672 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
S3 FilterService; D:\Windows\System32\DRIVERS\lvuvcflt.sys [23904 2010-05-15] (Logitech Inc.)
S3 FTD2XX; D:\Windows\System32\Drivers\FTD2XX.sys [34639 2005-12-15] (FTDI Ltd.)
S3 FTDIBUS; D:\Windows\System32\drivers\ftdibus.sys [62216 2012-04-13] (FTDI Ltd.)
R2 GfSDev; E:\PROGRAMME\NATIONAL INSTRUMENTS\DIADEM 10.1\GfSDev.sys [22016 2006-10-25] (National Instruments)
S3 GHI_SpotUsb; D:\Windows\System32\DRIVERS\GHI_NETMF_Interface.sys [28888 2010-08-10] (Microsoft Corporation)
R0 giveio; D:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R2 gpib420; D:\Windows\System32\drivers\gpib420.sys [25088 2004-10-28] (National Instruments Corporation)
R2 GpibPrtK; D:\Windows\System32\drivers\gpibprtk.sys [199680 2004-10-28] (National Instruments Corporation)
S3 gv3; D:\Windows\System32\DRIVERS\gv3.sys [33664 2002-11-20] (Microsoft Corporation)
R2 hardlock; D:\WINDOWS\system32\drivers\hardlock.sys [586240 2008-02-11] (Aladdin Knowledge Systems Ltd.)
R2 Haspnt; D:\WINDOWS\system32\drivers\Haspnt.sys [47616 2008-07-24] (Aladdin Knowledge Systems)
R2 lvalarmk; D:\Windows\System32\drivers\lvalarmk.dll [10829 2004-04-01] (National Instruments)
S3 mbedComposite; D:\Windows\System32\DRIVERS\mbedComposite.sys [39984 2009-09-30] (ARM Ltd)
S3 mbedSerial; D:\Windows\System32\DRIVERS\mbedSerial.sys [50736 2009-09-30] (ARM Ltd)
S3 NdisIP; D:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NDMSHLP; D:\Programme\Gemeinsame Dateien\HHD Software\Device Monitor\ndmshlp.sys [7632 2005-05-24] (HHD Software)
S3 nhcDriverDevice; D:\WINDOWS\system32\drivers\nhcDriver.sys [22528 2010-01-07] (pBUS-167 Software - hxxp://www.pbus-167.com)
R2 niarbk; D:\Windows\System32\drivers\niarbk.dll [37376 2004-07-15] (National Instruments Corporation)
R2 nibffrk; D:\Windows\System32\drivers\nibffrk.dll [21504 2004-07-15] (National Instruments Corporation)
R3 nicdrk; D:\Windows\System32\drivers\nicdrk.dll [128112 2004-07-08] (National Instruments Corporation)
R2 Nidaq32k; D:\Windows\System32\Drivers\Nidaq32k.sys [674304 2004-07-15] (National Instruments Corporation)
R2 nidimk; D:\Windows\System32\drivers\nidimk.dll [108124 2004-03-26] (National Instruments Corporation)
R2 nidmmk; D:\Windows\System32\drivers\nidmmk.dll [50688 2004-07-15] (National Instruments Corporation)
R2 nidmxfk; D:\Windows\System32\drivers\nidmxfk.dll [128117 2004-07-08] (National Instruments Corporation)
S3 nidsark; D:\Windows\System32\drivers\nidsark.dll [652906 2004-07-08] (National Instruments Corporation)
S3 niesrk; D:\Windows\System32\drivers\niesrk.dll [513643 2004-10-08] (National Instruments Corporation)
R2 nilvaik; D:\Windows\System32\drivers\nilvaik.dll [18037 2004-07-08] (National Instruments Corporation)
R3 nimdbgk; D:\Windows\System32\drivers\nimdbgk.dll [133227 2004-03-26] (National Instruments Corporation)
R2 nimdsk; D:\Windows\System32\drivers\nimdsk.dll [30208 2004-07-15] (National Instruments Corporation)
R3 nimru2k; D:\Windows\System32\drivers\nimru2k.dll [130141 2004-07-07] (National Instruments Corporation)
S3 nimsdrk; D:\Windows\System32\drivers\nimsdrk.dll [73858 2004-07-08] (National Instruments Corporation)
S3 nimslk; D:\Windows\System32\drivers\nimslk.dll [14464 2004-03-29] (National Instruments Corporation)
S3 nimsrlk; D:\Windows\System32\drivers\nimsrlk.dll [151683 2004-03-29] (National Instruments Corporation)
R3 nimstsk; D:\Windows\System32\drivers\nimstsk.dll [44149 2004-07-08] (National Instruments Corporation)
R3 nimxdfk; D:\Windows\System32\drivers\nimxdfk.dll [172639 2004-03-26] (National Instruments Corporation)
R2 nimxpk; D:\Windows\System32\drivers\nimxpk.dll [19570 2004-03-29] (National Instruments Corporation)
R3 niorbk; D:\Windows\System32\drivers\niorbk.dll [35420 2004-03-31] (National Instruments Corporation)
R0 NIPALK; D:\Windows\System32\Drivers\NIPALK.sys [373853 2004-07-07] (National Instruments Corporation)
R2 nipxirmk; D:\Windows\System32\drivers\nipxirmk.dll [41075 2004-10-19] (National Instruments Corporation)
R3 niscdk; D:\Windows\System32\drivers\niscdk.dll [396394 2004-07-14] (National Instruments Corporation)
S3 nisdigk; D:\Windows\System32\drivers\nisdigk.dll [204917 2004-10-08] (National Instruments Corporation)
S3 nispdk; D:\Windows\System32\drivers\nispdk.dll [68202 2004-07-14] ()
S3 nissrk; D:\Windows\System32\drivers\nissrk.dll [513643 2004-10-08] (National Instruments Corporation)
S3 nistc2k; D:\Windows\System32\drivers\nistc2k.dll [121461 2004-03-29] (National Instruments Corporation)
R2 nistck; D:\Windows\System32\drivers\nistck.dll [111616 2004-07-15] (National Instruments Corporation)
S3 nistcrk; D:\Windows\System32\drivers\nistcrk.dll [91257 2004-07-08] (National Instruments Corporation)
R2 niswdk; D:\Windows\System32\drivers\niswdk.dll [365677 2004-10-15] (National Instruments Corporation)
S3 nitiork; D:\Windows\System32\drivers\nitiork.dll [1202809 2004-07-08] (National Instruments Corporation)
S3 NiViPxiK; D:\Windows\System32\Drivers\NiViPxiK.sys [24576 2004-07-14] (National Instruments)
S3 niwfrk; D:\Windows\System32\drivers\niwfrk.dll [417899 2004-10-08] (National Instruments Corporation)
S3 nixsrk; D:\Windows\System32\drivers\nixsrk.dll [828523 2004-10-08] (National Instruments Corporation)
R2 NPF; D:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R1 PBUS; D:\Windows\System32\Drivers\PBUS.sys [3600 2001-09-19] (Bernecker + Rainer, Industrie-Elektronik Ges.m.b.H., A-5142, Austria, Europe)
R2 PHDIo; D:\WINDOWS\System32\Drivers\PHDIo.sys [14000 2000-01-10] (PHD Computer Consultants Ltd)
S3 PortTalk; D:\Windows\System32\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic hxxp://www.beyondlogic.org)
S3 pwdrvio; D:\WINDOWS\system32\pwdrvio.sys [15576 2012-08-20] ()
S3 pwdspio; D:\WINDOWS\system32\pwdspio.sys [10200 2012-08-20] ()
S3 SANDRA; D:\Programme\SiSoftware\SiSoftware Sandra Lite 2013\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 SerMon; D:\Programme\HHD Software\Free Serial Port Monitor\sermon.sys [18432 2005-05-24] (HHD Software)
S3 silabenm; D:\Windows\System32\DRIVERS\silabenm.sys [24680 2010-05-24] (Silicon Laboratories, Inc.)
S3 silabser; D:\Windows\System32\DRIVERS\silabser.sys [70248 2010-05-24] (Silicon Laboratories)
R1 SLEE_16_DRIVER; D:\WINDOWS\system32\drivers\Sleen16.sys [79104 2007-10-11] (Softwareentwicklung Remus - ArchiCrypt )
R0 speedfan; D:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows (R) 2000 DDK provider)
S3 TfBulk; D:\Windows\System32\DRIVERS\TfBulk.sys [13312 2007-05-31] (Topfield (visit www.topfield.co.kr))
R2 tifsfilter; D:\Windows\System32\DRIVERS\tifsfilt.sys [28064 2011-02-10] (Acronis)
R1 UimBus; D:\Windows\System32\DRIVERS\UimBus.sys [81232 2013-03-15] (Windows (R) 2000 DDK provider)
R1 Uim_IM; D:\Windows\System32\Drivers\Uim_IM.sys [452816 2013-03-15] (Paragon)
R1 Uim_Vim; D:\Windows\System32\Drivers\Uim_Vim.sys [283600 2013-03-15] (Paragon)
S3 VComm; D:\Windows\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; D:\Windows\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
R2 vstor2-mntapi10-shared; D:\Windows\System32\drivers\vstor2-mntapi10-shared.sys [22768 2011-07-12] (VMware, Inc.)
R3 w70n51; D:\Windows\System32\DRIVERS\w70n51.sys [2370688 2003-01-13] (Intel® Corporation)
S3 wceusbsh; D:\Windows\System32\DRIVERS\wceusbsh.sys [32000 2009-08-03] (Microsoft Corporation)
R3 WinDriver6; D:\Windows\System32\drivers\windrvr6.sys [195968 2010-08-31] (Jungo)
S3 DCamUSBIP10; System32\Drivers\iP293x.sys [x]
S3 DOSMEMIO; \??\F:\MEMIO.SYS [x]
S3 EverestDriver; \??\G:\sicherheitspack\everest\everestultimate_build_0978\kerneld.wnt [x]
S3 meIDSmain; System32\Drivers\meIDSmain.sys [x]
S2 NatMotion; No ImagePath
U5 ScsiPort; D:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 UnlockerDriver5; D:\Programme\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-24 15:12 - 2013-12-24 15:12 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2868626$
2013-12-24 15:11 - 2013-12-24 15:11 - 00018243 _____ D:\WINDOWS\KB2900986.log
2013-12-24 15:11 - 2013-12-24 15:11 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2900986$
2013-12-24 15:09 - 2013-12-24 15:10 - 00021172 _____ D:\WINDOWS\KB2898785-IE8.log
2013-12-24 15:09 - 2013-12-24 15:09 - 00013316 _____ D:\WINDOWS\KB2904266.log
2013-12-24 15:09 - 2013-12-24 15:09 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2904266$
2013-12-24 15:09 - 2013-12-24 15:09 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2898715$
2013-12-24 15:08 - 2013-12-24 15:08 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2876331$
2013-12-24 15:08 - 2013-12-24 15:08 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2862152$
2013-12-24 15:02 - 2013-12-24 15:02 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2893294$
2013-12-24 15:01 - 2013-12-24 15:01 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2893984$
2013-12-24 15:01 - 2013-12-24 15:01 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2892075$
2013-12-24 10:29 - 2013-12-24 10:29 - 00089212 _____ D:\Dokumente und Einstellungen\user\Desktop\gmer-l24-12-13.log
2013-12-24 10:08 - 2013-12-24 10:08 - 00377856 _____ D:\Dokumente und Einstellungen\user\Desktop\gmer_2.1.19163.exe
2013-12-24 09:55 - 2013-12-24 09:55 - 00000000 ____D D:\FRST
2013-12-24 09:54 - 2013-12-24 09:54 - 00000000 _____ D:\Dokumente und Einstellungen\user\defogger_reenable
2013-12-24 09:52 - 2013-12-24 09:52 - 00001837 _____ D:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
2013-12-24 09:52 - 2013-12-24 09:52 - 00000000 ____D D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
2013-12-24 09:47 - 2013-12-24 15:09 - 00026753 _____ D:\WINDOWS\KB2898715.log
2013-12-24 09:47 - 2013-12-24 15:02 - 00024966 _____ D:\WINDOWS\KB2893294.log
2013-12-24 09:46 - 2013-12-24 15:01 - 00024194 _____ D:\WINDOWS\KB2892075.log
2013-12-24 09:45 - 2013-12-24 15:01 - 00025507 _____ D:\WINDOWS\KB2893984.log
2013-12-24 09:43 - 2013-12-24 15:12 - 00031418 _____ D:\WINDOWS\KB2868626.log
2013-12-24 09:26 - 2013-12-24 15:08 - 00025044 _____ D:\WINDOWS\KB2862152.log
2013-12-24 08:48 - 2013-12-24 15:08 - 00025449 _____ D:\WINDOWS\KB2876331.log
2013-11-29 15:51 - 2013-11-29 15:51 - 00000000 ____D D:\VXIPNP
2013-11-29 15:46 - 2013-11-29 15:46 - 00000000 ____D D:\WINDOWS\nidaq
2013-11-29 15:46 - 2013-11-29 15:46 - 00000000 ____D D:\Programme\Gemeinsame Dateien\National Instruments Shared
2013-11-29 15:42 - 2013-11-29 15:42 - 00001619 _____ D:\Dokumente und Einstellungen\All Users\Desktop\Measurement & Automation.lnk
2013-11-29 15:36 - 2013-11-29 15:46 - 00078229 _____ D:\WINDOWS\system32\niorbmap
2013-11-29 15:26 - 2013-11-29 15:26 - 00001517 _____ D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\National Instruments LabVIEW 7.1.lnk
2013-11-29 15:26 - 2013-11-29 15:26 - 00000000 ____D D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\National Instruments
==================== One Month Modified Files and Folders =======
2013-12-25 09:33 - 2012-11-19 11:50 - 00000440 ____H D:\WINDOWS\Tasks\User_Feed_Synchronization-{3520E1ED-4118-4802-B2E3-784E41B7BD6A}.job
2013-12-25 09:32 - 2009-07-21 14:44 - 03878752 _____ D:\Dokumente und Einstellungen\user\Eigene Dateien\.bzr.log
2013-12-25 08:50 - 2009-06-30 19:27 - 00001090 _____ D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-25 08:50 - 2009-06-30 19:27 - 00001086 _____ D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-25 08:49 - 2013-06-01 14:39 - 00000884 _____ D:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-25 07:43 - 2008-07-22 09:35 - 01149202 _____ D:\WINDOWS\WindowsUpdate.log
2013-12-25 07:39 - 2011-03-09 08:12 - 01030254 _____ D:\WINDOWS\KB2481109.log
2013-12-25 03:51 - 2012-10-12 11:49 - 00000356 ____H D:\WINDOWS\Tasks\avast! Emergency Update.job
2013-12-24 18:45 - 2013-06-03 17:51 - 00000350 _____ D:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-12-24 15:30 - 2008-07-21 17:53 - 00000006 ____H D:\WINDOWS\Tasks\SA.DAT
2013-12-24 15:30 - 2008-07-21 17:44 - 00000159 _____ D:\WINDOWS\wiadebug.log
2013-12-24 15:30 - 2008-07-21 17:34 - 00227208 _____ D:\WINDOWS\system32\FNTCACHE.DAT
2013-12-24 15:29 - 2009-12-21 16:00 - 00000050 _____ D:\WINDOWS\wiaservc.log
2013-12-24 15:29 - 2008-07-22 00:00 - 00032504 _____ D:\WINDOWS\SchedLgU.Txt
2013-12-24 15:28 - 2008-07-22 07:57 - 00000300 ___SH D:\Dokumente und Einstellungen\user\ntuser.ini
2013-12-24 15:12 - 2013-12-24 15:12 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2868626$
2013-12-24 15:12 - 2013-12-24 09:43 - 00031418 _____ D:\WINDOWS\KB2868626.log
2013-12-24 15:12 - 2010-11-18 12:50 - 00435514 _____ D:\WINDOWS\msmqinst.log
2013-12-24 15:12 - 2010-11-18 12:50 - 00246974 _____ D:\WINDOWS\netfxocm.log
2013-12-24 15:12 - 2010-11-18 12:50 - 00071227 _____ D:\WINDOWS\tabletoc.log
2013-12-24 15:12 - 2010-01-14 08:21 - 01681591 _____ D:\WINDOWS\FaxSetup.log
2013-12-24 15:12 - 2010-01-14 08:21 - 01614379 _____ D:\WINDOWS\iis6.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00947457 _____ D:\WINDOWS\ocgen.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00754251 _____ D:\WINDOWS\tsoc.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00573758 _____ D:\WINDOWS\comsetup.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00346496 _____ D:\WINDOWS\ntdtcsetup.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00095281 _____ D:\WINDOWS\updspapi.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00093352 _____ D:\WINDOWS\ocmsn.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00084201 _____ D:\WINDOWS\msgsocm.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00001393 _____ D:\WINDOWS\imsins.log
2013-12-24 15:12 - 2008-07-22 09:16 - 00097979 _____ D:\WINDOWS\medctroc.Log
2013-12-24 15:11 - 2013-12-24 15:11 - 00018243 _____ D:\WINDOWS\KB2900986.log
2013-12-24 15:11 - 2013-12-24 15:11 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2900986$
2013-12-24 15:11 - 2008-07-21 17:36 - 00001393 _____ D:\WINDOWS\imsins.BAK
2013-12-24 15:10 - 2013-12-24 15:09 - 00021172 _____ D:\WINDOWS\KB2898785-IE8.log
2013-12-24 15:09 - 2013-12-24 15:09 - 00013316 _____ D:\WINDOWS\KB2904266.log
2013-12-24 15:09 - 2013-12-24 15:09 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2904266$
2013-12-24 15:09 - 2013-12-24 15:09 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2898715$
2013-12-24 15:09 - 2013-12-24 09:47 - 00026753 _____ D:\WINDOWS\KB2898715.log
2013-12-24 15:09 - 2008-11-16 10:18 - 00490376 _____ D:\WINDOWS\system32\TZLog.log
2013-12-24 15:08 - 2013-12-24 15:08 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2876331$
2013-12-24 15:08 - 2013-12-24 15:08 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2862152$
2013-12-24 15:08 - 2013-12-24 09:26 - 00025044 _____ D:\WINDOWS\KB2862152.log
2013-12-24 15:08 - 2013-12-24 08:48 - 00025449 _____ D:\WINDOWS\KB2876331.log
2013-12-24 15:02 - 2013-12-24 15:02 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2893294$
2013-12-24 15:02 - 2013-12-24 09:47 - 00024966 _____ D:\WINDOWS\KB2893294.log
2013-12-24 15:01 - 2013-12-24 15:01 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2893984$
2013-12-24 15:01 - 2013-12-24 15:01 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2892075$
2013-12-24 15:01 - 2013-12-24 09:46 - 00024194 _____ D:\WINDOWS\KB2892075.log
2013-12-24 15:01 - 2013-12-24 09:45 - 00025507 _____ D:\WINDOWS\KB2893984.log
2013-12-24 12:53 - 2009-03-15 16:32 - 00000966 _____ D:\WINDOWS\Tasks\Google Software Updater.job
2013-12-24 10:49 - 2013-06-01 14:39 - 00692616 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-24 10:49 - 2013-06-01 14:39 - 00071048 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-24 10:29 - 2013-12-24 10:29 - 00089212 _____ D:\Dokumente und Einstellungen\user\Desktop\gmer-l24-12-13.log
2013-12-24 10:08 - 2013-12-24 10:08 - 00377856 _____ D:\Dokumente und Einstellungen\user\Desktop\gmer_2.1.19163.exe
2013-12-24 09:55 - 2013-12-24 09:55 - 00000000 ____D D:\FRST
2013-12-24 09:54 - 2013-12-24 09:54 - 00000000 _____ D:\Dokumente und Einstellungen\user\defogger_reenable
2013-12-24 09:52 - 2013-12-24 09:52 - 00001837 _____ D:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
2013-12-24 09:52 - 2013-12-24 09:52 - 00000000 ____D D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
2013-12-23 13:31 - 2003-04-02 12:00 - 00002228 _____ D:\WINDOWS\system32\wpa.dbl
2013-12-04 11:47 - 2008-07-23 12:33 - 00006577 _____ D:\WINDOWS\WINCMD.INI
2013-12-03 10:36 - 2008-07-31 10:53 - 00000644 _____ D:\WINDOWS\niconfig.daq
2013-12-01 14:42 - 2008-11-21 08:23 - 88123800 _____ (Microsoft Corporation) D:\WINDOWS\system32\MRT.exe
2013-11-29 18:24 - 2008-12-04 15:47 - 00000116 _____ D:\WINDOWS\NeroDigital.ini
2013-11-29 15:51 - 2013-11-29 15:51 - 00000000 ____D D:\VXIPNP
2013-11-29 15:48 - 2013-10-21 10:32 - 00054694 _____ D:\WINDOWS\setupapi.log
2013-11-29 15:48 - 2008-07-21 17:53 - 00003136 _____ D:\WINDOWS\system32\CONFIG.NT
2013-11-29 15:46 - 2013-11-29 15:46 - 00000000 ____D D:\WINDOWS\nidaq
2013-11-29 15:46 - 2013-11-29 15:46 - 00000000 ____D D:\Programme\Gemeinsame Dateien\National Instruments Shared
2013-11-29 15:46 - 2013-11-29 15:36 - 00078229 _____ D:\WINDOWS\system32\niorbmap
2013-11-29 15:42 - 2013-11-29 15:42 - 00001619 _____ D:\Dokumente und Einstellungen\All Users\Desktop\Measurement & Automation.lnk
2013-11-29 15:26 - 2013-11-29 15:26 - 00001517 _____ D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\National Instruments LabVIEW 7.1.lnk
2013-11-29 15:26 - 2013-11-29 15:26 - 00000000 ____D D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\National Instruments
2013-11-26 09:59 - 2008-07-24 14:10 - 00000000 _____ D:\WINDOWS\imaqconf.ini
Klaus |
|
26.12.2013, 12:45
| #4 | |
| /// the machine /// TB-Ausbilder | XP sehr langsam, outlook meldet Termine immer wieder hi, Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.12.2013, 13:41
| #5 |
| | XP sehr langsam, outlook meldet Termine immer wieder Hallo Schrauber, combofix wurde abgebrochen: beim ersten Mal: "PEV hat ein Problem und muss beendet werden" die letzten Meldungen im Fenster waren: E:\install.exe E:\setup.exe Lösche Ordner D:\Dokumente..\users\Lokale Einstellungen\assambly.tmp Danach ging nichts mehr auf dem Rechner, außer ctrl+alt+entf und neu starten. ein combofix.txt habe ich nicht gefunden. Nochmal probiert: Ablauf bleibt einfach stehen, der Bildschirm ist leer bis auf das Combofix-Fenster, dort steht als letztes: . . Stufe_49 Stufe_50 Lösche Dateien D:\windows\windowsupdate.log Lösche Ordner D:\Dokumente..\users\Lokale Einstellungen\assambly.tmp Nun gibt es ein combofix.txt im Ordner combofix Code:
ATTFilter ComboFix 13-12-26.01 - user 27.12.2013 9:21:38.3.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1347 [GMT 1:00]
ausgeführt von:: D:\Dokumente und Einstellungen\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
Grüße Klaus |
|
28.12.2013, 11:43
| #6 |
| /// the machine /// TB-Ausbilder | XP sehr langsam, outlook meldet Termine immer wieder Lösche Combofix, lade es neu und versuch es bitte nochmal.
__________________ --> XP sehr langsam, outlook meldet Termine immer wieder |
|
29.12.2013, 09:05
| #7 |
| | XP sehr langsam, outlook meldet Termine immer wieder Hallo Schrauber, combofix mit uninstall.exe entfernt und neu geladen. die Erscheinung ist genau gleich. Grüße Klaus |
|
30.12.2013, 03:07
| #8 |
| /// the machine /// TB-Ausbilder | XP sehr langsam, outlook meldet Termine immer wieder Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
31.12.2013, 10:12
| #9 |
| | XP sehr langsam, outlook meldet Termine immer wieder Hallo Schrauber, hier die Ergebnisse: mbam Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.30.03 Windows XP Service Pack 3 x86 FAT32 Internet Explorer 8.0.6001.18702 user :: SAMSUN [Administrator] 30.12.2013 13:23:46 mbam-log-2013-12-30 (13-23-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 507267 Laufzeit: 2 Stunde(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 D:\Programme\IZArc\OpenCandy\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\videora-android-504-setup.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 30/12/2013 um 15:57:10
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzername : user - SAMSUN
# Gestartet von : D:\Dokumente und Einstellungen\user\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search
Ordner Gelöscht : D:\Programme\AVG Secure Search
Ordner Gelöscht : D:\Programme\IZArc\OpenCandy
Ordner Gelöscht : D:\Programme\Gemeinsame Dateien\AVG Secure Search
Ordner Gelöscht : D:\WINDOWS\assembly\GAC_MSIL\QuickStoresToolbar
Ordner Gelöscht : D:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\AVG Secure Search
Ordner Gelöscht : D:\Dokumente und Einstellungen\user\Anwendungsdaten\AVG Secure Search
Ordner Gelöscht : D:\Dokumente und Einstellungen\user\Anwendungsdaten\QuickStoresToolbar
Ordner Gelöscht : D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\StumbleUpon
Ordner Gelöscht : D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\WinampToolbarData
Ordner Gelöscht : D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\{0B38152B-1B20-484D-A11F-5E04A9B0661F}
Ordner Gelöscht : D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\{75623D5D-4683-402A-B610-AC4BAB767C86}
[!] Ordner Gelöscht : D:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Datei Gelöscht : D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
Datei Gelöscht : D:\Dokumente und Einstellungen\user\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gelöscht : D:\Dokumente und Einstellungen\user\Startmenü\QuickStores.url
Datei Gelöscht : D:\Dokumente und Einstellungen\user\Desktop\QuickStores.url
Datei Gelöscht : D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\searchplugins\avg-secure-search.xml
Datei Gelöscht : D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\searchplugins\Surf-canyon.xml
Datei Gelöscht : D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\searchplugins\winamp-search.xml
Datei Gelöscht : D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\pdfforge.org
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\Software\pdfforge.org
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuickStores-Toolbar_is1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
***** [ Browser ] *****
-\\ Internet Explorer v8.0.6001.18702
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v26.0 (de)
[ Datei : D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\prefs.js ]
Zeile gelöscht : user_pref("avg.install.installDirPath", "D:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\AVG Secure Search\\FireFoxExt\\17.2.0.38");
Zeile gelöscht : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
[ Datei : D:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Mozilla\Firefox\Profiles\c83epvpm.default\prefs.js ]
-\\ Google Chrome v
[ Datei : D:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [13103 octets] - [30/12/2013 15:53:06]
AdwCleaner[S0].txt - [12846 octets] - [30/12/2013 15:57:10]
########## EOF - D:\AdwCleaner\AdwCleaner[S0].txt - [12907 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by user on 31.12.2013 at 9:17:53,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] "hkey_current_user\software\classes\typelib\{006ad7b2-968a-11de-88c9-5bde55d89593}"
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.12.2013 at 9:25:43,65
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-12-2013 01
Ran by user (administrator) on SAMSUN on 31-12-2013 10:38:09
Running from D:\Dokumente und Einstellungen\user\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(DisplayLink Corp.) D:\Programme\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) D:\Programme\DisplayLink Core Software\DisplayLinkUserAgent.exe
(AVAST Software) D:\Programme\AVAST Software\Avast\AvastSvc.exe
(Acronis) D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
(CHENGDU YIWO Tech Development Co., Ltd) E:\Programme\EASEUS\Todo Backup\bin\Agent.exe
(CHENGDU YIWO Tech Development Co., Ltd) E:\Programme\EASEUS\Todo Backup\bin\GuardAgent.exe
(Aladdin Knowledge Systems Ltd.) D:\WINDOWS\system32\hasplms.exe
(Sun Microsystems, Inc.) D:\Programme\Java\jre6\bin\jqs.exe
(NVIDIA Corporation) D:\WINDOWS\system32\nvsvc32.exe
(TeamViewer GmbH) D:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
(GlavSoft LLC.) D:\Programme\TightVNC\tvnserver.exe
(VMware, Inc.) E:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
(VMware, Inc.) E:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) E:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
() D:\Programme\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
(National Instruments Corporation) D:\WINDOWS\system32\nipalsm.exe
(National Instruments Corporation) D:\WINDOWS\system32\nipalsm.exe
(Microsoft Corporation) D:\WINDOWS\system32\wscntfy.exe
(DisplayLink Corp.) D:\Programme\DisplayLink Core Software\DisplayLinkUI.exe
(Logitech Inc.) D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\LCDMon.exe
(Sun Microsystems, Inc.) D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
() D:\Programme\Browser Mouse\Browser Mouse\1.0\LwbWheel.exe
(Logitech Inc.) D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDClock.exe
(Teleca Sweden AB) D:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe
(Logitech Inc.) D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDCountdown.exe
(Logitech Inc.) D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDPOP3.exe
(Acronis) D:\Programme\Acronis\TrueImage\TrueImageMonitor.exe
(Logitech Inc.) D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDMedia.exe
(Acronis) D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) D:\WINDOWS\system32\wuauclt.exe
(AVAST Software) D:\Programme\AVAST Software\Avast\AvastUI.exe
() D:\Programme\Unlocker\UnlockerAssistant.exe
(CHENGDU YIWO Tech Development Co., Ltd) E:\Programme\EASEUS\Todo Backup\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) E:\Programme\EASEUS\Todo Backup\bin\TrayNotify.exe
(National Instruments Corporation) E:\Programme\National Instruments\NI-DAQ\HWConfig\nidevldstat.exe
(Christian Diefer) D:\Programme\SpeedswitchXP\SpeedswitchXP.exe
(Microsoft Corporation) D:\Programme\Microsoft ActiveSync\wcescomm.exe
(Teleca Sweden AB) D:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
(Logitech Inc.) D:\Programme\Logitech\Vid HD\Vid.exe
(Microsoft Corporation) D:\Programme\Messenger\msmsgs.exe
(Popwire AB) D:\Programme\Gemeinsame Dateien\Teleca Shared\logger.exe
(Chromatic Dragon) D:\Programme\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe
(Microsoft Corporation) D:\Programme\Windows Desktop Search\WindowsSearch.exe
(Teleca AB) D:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
(Teleca) D:\Programme\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
(Teleca Sweden AB) D:\Programme\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
(Teleca Sweden AB) D:\Programme\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe
(Teleca AB) D:\Programme\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
(TODO: <Company name>) D:\Programme\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
(Mozilla Corporation) E:\Programme\Mozilla Firefox\firefox.exe
(Microsoft Corporation) D:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DW20.EXE
(Microsoft Corporation) E:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
() E:\Programme\Bazaar\tbzrcache.exe
(Microsoft Corporation) D:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) E:\Programme\Mozilla Firefox\plugin-container.exe
(Farbar) D:\Dokumente und Einstellungen\user\Desktop\FRST(1).exe
(Microsoft Corporation) D:\WINDOWS\system32\msfeedssync.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [Launch LCDMon] - D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\LCDMon.exe [774168 2007-04-27] (Logitech Inc.)
HKLM\...\Run: [BIH] - D:\WINDOWS\system32\rundll32.exe bih.dll,InitGauge
HKLM\...\Run: [SunJavaUpdateSched] - D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [LWBMOUSE] - D:\Programme\Browser Mouse\Browser Mouse\1.0\LwbWheel.exe [429568 2001-03-26] ()
HKLM\...\Run: [Mobile Connectivity Suite] - D:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe [598016 2009-11-19] (Teleca Sweden AB)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
HKLM\...\Run: [Acronis*True*Image Monitor] - D:\Programme\Acronis\TrueImage\TrueImageMonitor.exe [505319 2011-02-10] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe [65536 2011-02-10] (Acronis)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [avast] - D:\Programme\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [UnlockerAssistant] - D:\Programme\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [EaseUs Watch] - E:\Programme\EASEUS\Todo Backup\bin\EuWatch.exe [70728 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [EaseUs Tray] - E:\Programme\EASEUS\Todo Backup\bin\TrayNotify.exe [1372232 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [NIDAQmxDriverStatus] - E:\Programme\National Instruments\NI-DAQ\HWConfig\nidevldstat.exe [11408 2004-07-14] (National Instruments Corporation)
HKLM\...\Run: [20131121] - D:\Programme\AVAST Software\Avast\Setup\emupdate\5a5f826e-c754-415a-9d00-eb31f3570d02.exe [180184 2013-12-04] (AVAST Software)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoSharedDocuments] 0
HKCU\...\Run: [SpeedswitchXP] - D:\Programme\SpeedswitchXP\SpeedswitchXP.exe [626688 2006-07-14] (Christian Diefer)
HKCU\...\Run: [H/PC Connection Agent] - D:\Programme\Microsoft ActiveSync\wcescomm.exe [401496 2002-01-12] (Microsoft Corporation)
HKCU\...\Run: [Logitech Vid] - D:\Programme\Logitech\Vid HD\Vid.exe [6129496 2011-01-13] (Logitech Inc.)
HKCU\...\Run: [MSMSGS] - D:\Programme\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Policies\Explorer: [FoFileAssociate] 0
HKCU\...\Policies\Explorer: [NoShellSearchButton] 0
HKCU\...\Policies\Explorer: [HideClock] 0
HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKCU\...\Policies\Explorer: [NoUserNameInStartMenu] 0
HKCU\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKU\Klaus\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "D:\Programme\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Toodledo Sync Tool.lnk
ShortcutTarget: Toodledo Sync Tool.lnk -> D:\WINDOWS\Installer\{7D0C60CD-F5FF-4758-8A96-247D0DA74C52}\_ABFE74A9AD95D30FB3A626.exe ()
Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> D:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: D:\Dokumente und Einstellungen\user\Startmenü\Programme\Autostart\PandaUSBVaccine.lnk
ShortcutTarget: PandaUSBVaccine.lnk -> D:\Programme\Panda USB Vaccine\USBVaccine.exe (Panda Security)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Programme\rpbrowserrecordplugin.dll No File
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Programme\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - D:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - D:\Programme\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - D:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default
FF Plugin: @adobe.com/FlashPlayer - D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - D:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - D:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin - D:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - D:\Programme\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.91 - D:\Programme\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin: @pack.google.com/Google Updater;version=14 - D:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - E:\Programme\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 - E:\Programme\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - E:\Programme\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - D:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - D:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\searchplugins\stumbleupon.xml
FF SearchPlugin: D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\searchplugins\searchplugins-backup
FF SearchPlugin: D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\searchplugins\ixquick---deutsch.xml
FF Extension: Microsoft .NET Framework Assistant - D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Snap Shots - D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\snapshots@snap.com
FF Extension: No Name - D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\nostmp
FF Extension: FastestFox - D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\smarterwiki@wikiatic.com.xpi
FF Extension: StumbleUpon - D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
FF Extension: Toodledo - D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\statusbar@toodledo.com.xpi
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - E:\Programme\browserrecord
FF Extension: RealPlayer Browser Record Plugin - E:\Programme\browserrecord
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - D:\Programme\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - D:\Programme\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - D:\Programme\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - D:\Programme\AVAST Software\Avast\WebRep\FF
FF StartMenuInternet: FIREFOX.EXE - E:\Programme\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - D:\Programme\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - D:\Programme\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - D:\Programme\Google\Chrome\Application\27.0.1453.94\pdf.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.230.5) - D:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U23) - D:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.4) - D:\Programme\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4) - D:\Programme\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4) - D:\Programme\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4) - D:\Programme\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4) - D:\Programme\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4) - D:\Programme\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4) - D:\Programme\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - D:\Programme\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - D:\Programme\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - D:\Programme\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - E:\Programme\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (National Instruments LabVIEW 8.0 Netscape Plug-in for Windows) - E:\Programme\Mozilla Firefox\plugins\NPLV80Win32.dll No File
CHR Plugin: (National Instruments LabVIEW 8.2 Netscape Plug-in for Windows) - E:\Programme\Mozilla Firefox\plugins\NPLV82Win32.dll (National Instruments)
CHR Plugin: (National Instruments LabVIEW 8.5 Netscape Plug-in for Windows) - E:\Programme\Mozilla Firefox\plugins\nplv85win32.dll No File
CHR Plugin: (RealPlayer Version Plugin) - E:\Programme\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - E:\Programme\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - E:\Programme\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (2007 Microsoft Office system) - E:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Internet Pictures Corp. iPIX Plugin v6.2) - E:\Programme\Mozilla Firefox\plugins\NpIpx32.dll (Internet Pictures Corp.)
CHR Plugin: (getPlusPlus for Adobe 16291) - E:\Programme\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (Google Earth Plugin) - D:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - D:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Picasa) - D:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - D:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - D:\Programme\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Gmail) - D:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: (Google Search) - D:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (YouTube) - D:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
========================== Services (Whitelisted) =================
R2 AcrSch2Svc; D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [114688 2011-02-10] (Acronis)
R2 avast! Antivirus; D:\Programme\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 DisplayLinkService; D:\Programme\DisplayLink Core Software\DisplayLinkManager.exe [5240168 2011-04-10] (DisplayLink Corp.)
R2 EaseUS Agent; E:\Programme\EaseUS\Todo Backup\bin\Agent.exe [68168 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
R2 Guard Agent; E:\Programme\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
S2 gupdate1c9a57b31024390; D:\Programme\Google\Update\GoogleUpdate.exe [133104 2009-03-15] (Google Inc.)
S3 gupdatem; D:\Programme\Google\Update\GoogleUpdate.exe [133104 2009-03-15] (Google Inc.)
S2 gusvc; D:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2012-10-12] (Google)
R2 hasplms; D:\WINDOWS\system32\hasplms.exe [2549248 2008-07-17] (Aladdin Knowledge Systems Ltd.)
S2 LkCitadelServer; D:\WINDOWS\system32\lkcitdl.exe [695136 2007-03-21] (National Instruments, Inc.)
S4 lkClassAds; D:\WINDOWS\system32\lkads.exe [40488 2007-07-16] (National Instruments Corporation)
S4 lkTimeSync; D:\WINDOWS\system32\lktsrv.exe [50736 2007-07-16] (National Instruments Corporation)
S3 MozillaMaintenance; D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2013-12-30] (Mozilla Foundation)
R2 nidevldu; D:\Windows\System32\nipalsm.exe [5730 2004-07-08] (National Instruments Corporation)
S4 NIDomainService; E:\Programme\National Instruments\Shared\Security\nidmsrv.exe [213040 2007-07-16] (National Instruments Corporation)
S4 NILM License manager; E:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1007616 2007-01-29] (Macrovision Corporation)
R2 nipxirmu; D:\Windows\System32\nipalsm.exe [5730 2004-07-08] (National Instruments Corporation)
S4 niSvcLoc; D:\WINDOWS\system32\nisvcloc.exe [48704 2007-07-19] (National Instruments Corp.)
S3 oad; E:\Programme\vbroker\Bin\oad.exe [1781248 1998-03-12] ()
S3 odserv; D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [441712 2008-11-04] (Microsoft Corporation)
S3 OpcEnum; D:\WINDOWS\system32\OpcEnum.exe [98304 2004-12-02] (OPC Foundation)
S3 osagent; E:\Programme\vbroker\Bin\osagent.exe [193536 1998-03-12] ()
S3 ose; D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S3 SandraAgentSrv; D:\Programme\SiSoftware\SiSoftware Sandra Lite 2013\RpcAgentSrv.exe [68760 2008-11-04] (SiSoftware)
R2 TeamViewer8; D:\Programme\TeamViewer\Version8\TeamViewer_Service.exe [3467768 2012-12-14] (TeamViewer GmbH)
R2 tvnserver; D:\Programme\TightVNC\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)
R2 vmware-converter-agent; D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VMware\VMware vCenter Converter Standalone\converter-agent.xml [6401 2013-06-03] ()
R2 vmware-converter-server; D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VMware\VMware vCenter Converter Standalone\converter-server.xml [4407 2013-06-03] ()
R2 vmware-converter-worker; D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VMware\VMware vCenter Converter Standalone\converter-worker.xml [7013 2013-06-03] ()
S3 WMPNetworkSvc; D:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
R2 WysePocketCloud; D:\Programme\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [74240 2010-11-19] ()
S2 ClipInc001; K:\Tobit ClipInc\Server\ClipInc-Server.exe 001 [x]
S3 de_serv; D:\Programme\Gemeinsame Dateien\AVM\de_serv.exe [x]
R2 JavaQuickStarterService; "D:\Programme\Java\jre6\bin\jqs.exe" -service -config "D:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf"
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
S2 vToolbarUpdater17.2.0; D:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]
==================== Drivers (Whitelisted) ====================
R2 acedrv11; D:\WINDOWS\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R2 aksfridge; D:\WINDOWS\system32\drivers\aksfridge.sys [350720 2008-03-27] (Aladdin Knowledge Systems Ltd.)
R2 aswFsBlk; D:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; D:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 AswRdr; D:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; D:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; D:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-28] (AVAST Software)
R1 aswSP; D:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-28] (AVAST Software)
R1 aswTdi; D:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; D:\Windows\System32\Drivers\aswVmm.sys [175176 2013-08-28] ()
R1 avgtp; D:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-10-21] (AVG Technologies)
R1 BIOS; D:\WINDOWS\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group)
R3 BlueletAudio; D:\Windows\System32\DRIVERS\blueletaudio.sys [34704 2007-05-11] (IVT Corporation.)
R3 BlueletSCOAudio; D:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
S3 bmdrvr; D:\Windows\System32\drivers\bmdrvr.sys [54384 2011-03-15] (VMware, Inc.)
S3 BT; D:\Windows\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; D:\Windows\System32\Drivers\btcusb.sys [36496 2007-05-09] (IVT Corporation.)
R0 BTHidEnum; D:\Windows\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; D:\Windows\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
S3 CCDECODE; D:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 cs429x; D:\Windows\System32\drivers\cwawdm.sys [97664 2002-08-22] (Cirrus Logic, Inc.)
R2 cvintdrv; D:\Windows\System32\Drivers\cvintdrv.sys [7140 2003-07-29] ()
S3 dfu; D:\Windows\System32\drivers\MassDfu.sys [12416 2011-08-01] (Philips PTCL)
R3 DisplayLinkFilter; D:\Windows\System32\DRIVERS\DisplayLinkFilter.sys [7296 2011-04-10] (DisplayLink Corp.)
R3 DisplayLinkGA; D:\Windows\System32\DRIVERS\DisplayLinkGAport.sys [27648 2011-04-10] (DisplayLink Corp.)
R3 DisplayLinkmirror; D:\Windows\System32\DRIVERS\DisplayLinkmirrorport.sys [24448 2011-04-10] (DisplayLink Corp.)
S3 DisplayLinkUsbPort; D:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [21888 2011-11-15] (hxxp://libusb-win32.sourceforge.net)
R3 EL90XBC; D:\Windows\System32\DRIVERS\el90xbc5.sys [77469 2003-01-23] (3Com Corporation)
R0 EUBAKUP; D:\Windows\System32\drivers\eubakup.sys [51400 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; D:\Windows\System32\drivers\EUBKMON.sys [40776 2013-05-10] ()
R1 EUDSKACS; D:\WINDOWS\system32\drivers\eudskacs.sys [14920 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; D:\WINDOWS\system32\drivers\EuFdDisk.sys [185672 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
S3 FilterService; D:\Windows\System32\DRIVERS\lvuvcflt.sys [23904 2010-05-15] (Logitech Inc.)
S3 FTD2XX; D:\Windows\System32\Drivers\FTD2XX.sys [34639 2005-12-15] (FTDI Ltd.)
S3 FTDIBUS; D:\Windows\System32\drivers\ftdibus.sys [62216 2012-04-13] (FTDI Ltd.)
R2 GfSDev; E:\PROGRAMME\NATIONAL INSTRUMENTS\DIADEM 10.1\GfSDev.sys [22016 2006-10-25] (National Instruments)
S3 GHI_SpotUsb; D:\Windows\System32\DRIVERS\GHI_NETMF_Interface.sys [28888 2010-08-10] (Microsoft Corporation)
R0 giveio; D:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R2 gpib420; D:\Windows\System32\drivers\gpib420.sys [25088 2004-10-28] (National Instruments Corporation)
R2 GpibPrtK; D:\Windows\System32\drivers\gpibprtk.sys [199680 2004-10-28] (National Instruments Corporation)
S3 gv3; D:\Windows\System32\DRIVERS\gv3.sys [33664 2002-11-20] (Microsoft Corporation)
R2 hardlock; D:\WINDOWS\system32\drivers\hardlock.sys [586240 2008-02-11] (Aladdin Knowledge Systems Ltd.)
R2 Haspnt; D:\WINDOWS\system32\drivers\Haspnt.sys [47616 2008-07-24] (Aladdin Knowledge Systems)
R2 lvalarmk; D:\Windows\System32\drivers\lvalarmk.dll [10829 2004-04-01] (National Instruments)
S3 mbedComposite; D:\Windows\System32\DRIVERS\mbedComposite.sys [39984 2009-09-30] (ARM Ltd)
S3 mbedSerial; D:\Windows\System32\DRIVERS\mbedSerial.sys [50736 2009-09-30] (ARM Ltd)
S3 NdisIP; D:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NDMSHLP; D:\Programme\Gemeinsame Dateien\HHD Software\Device Monitor\ndmshlp.sys [7632 2005-05-24] (HHD Software)
S3 nhcDriverDevice; D:\WINDOWS\system32\drivers\nhcDriver.sys [22528 2010-01-07] (pBUS-167 Software - hxxp://www.pbus-167.com)
R2 niarbk; D:\Windows\System32\drivers\niarbk.dll [37376 2004-07-15] (National Instruments Corporation)
R2 nibffrk; D:\Windows\System32\drivers\nibffrk.dll [21504 2004-07-15] (National Instruments Corporation)
R3 nicdrk; D:\Windows\System32\drivers\nicdrk.dll [128112 2004-07-08] (National Instruments Corporation)
R2 Nidaq32k; D:\Windows\System32\Drivers\Nidaq32k.sys [674304 2004-07-15] (National Instruments Corporation)
R2 nidimk; D:\Windows\System32\drivers\nidimk.dll [108124 2004-03-26] (National Instruments Corporation)
R2 nidmmk; D:\Windows\System32\drivers\nidmmk.dll [50688 2004-07-15] (National Instruments Corporation)
R2 nidmxfk; D:\Windows\System32\drivers\nidmxfk.dll [128117 2004-07-08] (National Instruments Corporation)
S3 nidsark; D:\Windows\System32\drivers\nidsark.dll [652906 2004-07-08] (National Instruments Corporation)
S3 niesrk; D:\Windows\System32\drivers\niesrk.dll [513643 2004-10-08] (National Instruments Corporation)
R2 nilvaik; D:\Windows\System32\drivers\nilvaik.dll [18037 2004-07-08] (National Instruments Corporation)
R3 nimdbgk; D:\Windows\System32\drivers\nimdbgk.dll [133227 2004-03-26] (National Instruments Corporation)
R2 nimdsk; D:\Windows\System32\drivers\nimdsk.dll [30208 2004-07-15] (National Instruments Corporation)
R3 nimru2k; D:\Windows\System32\drivers\nimru2k.dll [130141 2004-07-07] (National Instruments Corporation)
S3 nimsdrk; D:\Windows\System32\drivers\nimsdrk.dll [73858 2004-07-08] (National Instruments Corporation)
S3 nimslk; D:\Windows\System32\drivers\nimslk.dll [14464 2004-03-29] (National Instruments Corporation)
S3 nimsrlk; D:\Windows\System32\drivers\nimsrlk.dll [151683 2004-03-29] (National Instruments Corporation)
R3 nimstsk; D:\Windows\System32\drivers\nimstsk.dll [44149 2004-07-08] (National Instruments Corporation)
R3 nimxdfk; D:\Windows\System32\drivers\nimxdfk.dll [172639 2004-03-26] (National Instruments Corporation)
R2 nimxpk; D:\Windows\System32\drivers\nimxpk.dll [19570 2004-03-29] (National Instruments Corporation)
R3 niorbk; D:\Windows\System32\drivers\niorbk.dll [35420 2004-03-31] (National Instruments Corporation)
R0 NIPALK; D:\Windows\System32\Drivers\NIPALK.sys [373853 2004-07-07] (National Instruments Corporation)
R2 nipxirmk; D:\Windows\System32\drivers\nipxirmk.dll [41075 2004-10-19] (National Instruments Corporation)
R3 niscdk; D:\Windows\System32\drivers\niscdk.dll [396394 2004-07-14] (National Instruments Corporation)
S3 nisdigk; D:\Windows\System32\drivers\nisdigk.dll [204917 2004-10-08] (National Instruments Corporation)
S3 nispdk; D:\Windows\System32\drivers\nispdk.dll [68202 2004-07-14] ()
S3 nissrk; D:\Windows\System32\drivers\nissrk.dll [513643 2004-10-08] (National Instruments Corporation)
S3 nistc2k; D:\Windows\System32\drivers\nistc2k.dll [121461 2004-03-29] (National Instruments Corporation)
R2 nistck; D:\Windows\System32\drivers\nistck.dll [111616 2004-07-15] (National Instruments Corporation)
S3 nistcrk; D:\Windows\System32\drivers\nistcrk.dll [91257 2004-07-08] (National Instruments Corporation)
R2 niswdk; D:\Windows\System32\drivers\niswdk.dll [365677 2004-10-15] (National Instruments Corporation)
S3 nitiork; D:\Windows\System32\drivers\nitiork.dll [1202809 2004-07-08] (National Instruments Corporation)
S3 NiViPxiK; D:\Windows\System32\Drivers\NiViPxiK.sys [24576 2004-07-14] (National Instruments)
S3 niwfrk; D:\Windows\System32\drivers\niwfrk.dll [417899 2004-10-08] (National Instruments Corporation)
S3 nixsrk; D:\Windows\System32\drivers\nixsrk.dll [828523 2004-10-08] (National Instruments Corporation)
R2 NPF; D:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R1 PBUS; D:\Windows\System32\Drivers\PBUS.sys [3600 2001-09-19] (Bernecker + Rainer, Industrie-Elektronik Ges.m.b.H., A-5142, Austria, Europe)
R2 PHDIo; D:\WINDOWS\System32\Drivers\PHDIo.sys [14000 2000-01-10] (PHD Computer Consultants Ltd)
S3 PortTalk; D:\Windows\System32\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic hxxp://www.beyondlogic.org)
S3 pwdrvio; D:\WINDOWS\system32\pwdrvio.sys [15576 2012-08-20] ()
S3 pwdspio; D:\WINDOWS\system32\pwdspio.sys [10200 2012-08-20] ()
S3 SANDRA; D:\Programme\SiSoftware\SiSoftware Sandra Lite 2013\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 SerMon; D:\Programme\HHD Software\Free Serial Port Monitor\sermon.sys [18432 2005-05-24] (HHD Software)
S3 silabenm; D:\Windows\System32\DRIVERS\silabenm.sys [24680 2010-05-24] (Silicon Laboratories, Inc.)
S3 silabser; D:\Windows\System32\DRIVERS\silabser.sys [70248 2010-05-24] (Silicon Laboratories)
R1 SLEE_16_DRIVER; D:\WINDOWS\system32\drivers\Sleen16.sys [79104 2007-10-11] (Softwareentwicklung Remus - ArchiCrypt )
R0 speedfan; D:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows (R) 2000 DDK provider)
S3 TfBulk; D:\Windows\System32\DRIVERS\TfBulk.sys [13312 2007-05-31] (Topfield (visit www.topfield.co.kr))
R2 tifsfilter; D:\Windows\System32\DRIVERS\tifsfilt.sys [28064 2011-02-10] (Acronis)
R1 UimBus; D:\Windows\System32\DRIVERS\UimBus.sys [81232 2013-03-15] (Windows (R) 2000 DDK provider)
R1 Uim_IM; D:\Windows\System32\Drivers\Uim_IM.sys [452816 2013-03-15] (Paragon)
R1 Uim_Vim; D:\Windows\System32\Drivers\Uim_Vim.sys [283600 2013-03-15] (Paragon)
S3 VComm; D:\Windows\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; D:\Windows\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
R2 vstor2-mntapi10-shared; D:\Windows\System32\drivers\vstor2-mntapi10-shared.sys [22768 2011-07-12] (VMware, Inc.)
R3 w70n51; D:\Windows\System32\DRIVERS\w70n51.sys [2370688 2003-01-13] (Intel® Corporation)
S3 wceusbsh; D:\Windows\System32\DRIVERS\wceusbsh.sys [32000 2009-08-03] (Microsoft Corporation)
R3 WinDriver6; D:\Windows\System32\drivers\windrvr6.sys [195968 2010-08-31] (Jungo)
S3 catchme; \??\D:\DOKUME~1\user\LOKALE~1\Temp\catchme.sys [x]
S3 DCamUSBIP10; System32\Drivers\iP293x.sys [x]
S3 DOSMEMIO; \??\F:\MEMIO.SYS [x]
S3 EverestDriver; \??\G:\sicherheitspack\everest\everestultimate_build_0978\kerneld.wnt [x]
S3 meIDSmain; System32\Drivers\meIDSmain.sys [x]
S2 NatMotion; No ImagePath
U5 ScsiPort; D:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 UnlockerDriver5; D:\Programme\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-31 10:38 - 2013-12-31 10:38 - 00036640 _____ D:\Dokumente und Einstellungen\user\Desktop\FRST.txt
2013-12-31 10:37 - 2013-12-31 10:37 - 01064199 _____ (Farbar) D:\Dokumente und Einstellungen\user\Desktop\FRST(1).exe
2013-12-31 10:35 - 2013-12-31 10:35 - 00000000 __SHD D:\Recycled
2013-12-31 09:25 - 2013-12-31 09:25 - 00000729 _____ D:\Dokumente und Einstellungen\user\Desktop\JRT.txt
2013-12-30 16:21 - 2013-12-30 16:21 - 00000000 ____D D:\WINDOWS\ERUNT
2013-12-30 15:52 - 2013-12-30 15:52 - 00000000 ____D D:\AdwCleaner
2013-12-30 15:30 - 2013-12-30 15:30 - 01034531 _____ (Thisisu) D:\Dokumente und Einstellungen\user\Desktop\JRT.exe
2013-12-30 15:29 - 2013-12-30 15:29 - 01233962 _____ D:\Dokumente und Einstellungen\user\Desktop\adwcleaner.exe
2013-12-28 14:32 - 2013-12-28 14:32 - 00000000 ___SD D:\ComboFix
2013-12-28 14:32 - 2013-12-28 14:32 - 00000000 ____D D:\Qoobox
2013-12-28 14:32 - 2011-06-26 07:45 - 00256000 _____ D:\WINDOWS\PEV.exe
2013-12-28 14:32 - 2010-11-07 18:20 - 00208896 _____ D:\WINDOWS\MBR.exe
2013-12-28 14:32 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) D:\WINDOWS\NIRCMD.exe
2013-12-28 14:32 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) D:\WINDOWS\SWREG.exe
2013-12-28 14:32 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) D:\WINDOWS\SWSC.exe
2013-12-28 14:32 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) D:\WINDOWS\SWXCACLS.exe
2013-12-28 14:32 - 2000-08-31 01:00 - 00098816 _____ D:\WINDOWS\sed.exe
2013-12-28 14:32 - 2000-08-31 01:00 - 00080412 _____ D:\WINDOWS\grep.exe
2013-12-28 14:32 - 2000-08-31 01:00 - 00068096 _____ D:\WINDOWS\zip.exe
2013-12-28 14:30 - 2013-12-28 14:31 - 05158590 ____R (Swearware) D:\Dokumente und Einstellungen\user\Desktop\ComboFix.exe
2013-12-26 14:19 - 2013-12-26 14:19 - 00000000 _____ D:\WINDOWS\DbgOut.INI
2013-12-26 14:11 - 2013-12-26 14:12 - 00000000 ____D D:\WINDOWS\erdnt
2013-12-24 15:12 - 2013-12-24 15:12 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2868626$
2013-12-24 15:11 - 2013-12-24 15:11 - 00018243 _____ D:\WINDOWS\KB2900986.log
2013-12-24 15:11 - 2013-12-24 15:11 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2900986$
2013-12-24 15:09 - 2013-12-24 15:10 - 00021172 _____ D:\WINDOWS\KB2898785-IE8.log
2013-12-24 15:09 - 2013-12-24 15:09 - 00013316 _____ D:\WINDOWS\KB2904266.log
2013-12-24 15:09 - 2013-12-24 15:09 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2904266$
2013-12-24 15:09 - 2013-12-24 15:09 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2898715$
2013-12-24 15:08 - 2013-12-24 15:08 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2876331$
2013-12-24 15:08 - 2013-12-24 15:08 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2862152$
2013-12-24 15:02 - 2013-12-24 15:02 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2893294$
2013-12-24 15:01 - 2013-12-24 15:01 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2893984$
2013-12-24 15:01 - 2013-12-24 15:01 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2892075$
2013-12-24 10:29 - 2013-12-24 10:29 - 00089212 _____ D:\Dokumente und Einstellungen\user\Desktop\gmer-l24-12-13.log
2013-12-24 10:08 - 2013-12-24 10:08 - 00377856 _____ D:\Dokumente und Einstellungen\user\Desktop\gmer_2.1.19163.exe
2013-12-24 09:55 - 2013-12-24 09:55 - 00000000 ____D D:\FRST
2013-12-24 09:54 - 2013-12-24 09:54 - 00000000 _____ D:\Dokumente und Einstellungen\user\defogger_reenable
2013-12-24 09:52 - 2013-12-24 09:52 - 00001837 _____ D:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
2013-12-24 09:52 - 2013-12-24 09:52 - 00000000 ____D D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
2013-12-24 09:47 - 2013-12-24 15:09 - 00026753 _____ D:\WINDOWS\KB2898715.log
2013-12-24 09:47 - 2013-12-24 15:02 - 00024966 _____ D:\WINDOWS\KB2893294.log
2013-12-24 09:46 - 2013-12-24 15:01 - 00024194 _____ D:\WINDOWS\KB2892075.log
2013-12-24 09:45 - 2013-12-24 15:01 - 00025507 _____ D:\WINDOWS\KB2893984.log
2013-12-24 09:43 - 2013-12-24 15:12 - 00031418 _____ D:\WINDOWS\KB2868626.log
2013-12-24 09:26 - 2013-12-24 15:08 - 00025044 _____ D:\WINDOWS\KB2862152.log
2013-12-24 08:48 - 2013-12-24 15:08 - 00025449 _____ D:\WINDOWS\KB2876331.log
==================== One Month Modified Files and Folders =======
2013-12-31 10:38 - 2013-12-31 10:38 - 00036640 _____ D:\Dokumente und Einstellungen\user\Desktop\FRST.txt
2013-12-31 10:38 - 2012-11-19 11:50 - 00000440 ____H D:\WINDOWS\Tasks\User_Feed_Synchronization-{3520E1ED-4118-4802-B2E3-784E41B7BD6A}.job
2013-12-31 10:37 - 2013-12-31 10:37 - 01064199 _____ (Farbar) D:\Dokumente und Einstellungen\user\Desktop\FRST(1).exe
2013-12-31 10:35 - 2013-12-31 10:35 - 00000000 __SHD D:\Recycled
2013-12-31 10:35 - 2009-07-21 14:44 - 03881870 _____ D:\Dokumente und Einstellungen\user\Eigene Dateien\.bzr.log
2013-12-31 09:50 - 2009-06-30 19:27 - 00001090 _____ D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-31 09:49 - 2013-06-01 14:39 - 00000884 _____ D:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-31 09:29 - 2011-03-09 08:12 - 01058160 _____ D:\WINDOWS\KB2481109.log
2013-12-31 09:25 - 2013-12-31 09:25 - 00000729 _____ D:\Dokumente und Einstellungen\user\Desktop\JRT.txt
2013-12-31 09:18 - 2012-10-12 11:49 - 00000356 ____H D:\WINDOWS\Tasks\avast! Emergency Update.job
2013-12-31 09:17 - 2013-06-03 17:51 - 00000350 _____ D:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-12-31 09:17 - 2009-06-30 19:27 - 00001086 _____ D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-31 09:13 - 2008-07-21 17:53 - 00000006 ____H D:\WINDOWS\Tasks\SA.DAT
2013-12-31 09:13 - 2008-07-21 17:44 - 00000159 _____ D:\WINDOWS\wiadebug.log
2013-12-31 09:12 - 2009-12-21 16:00 - 00000050 _____ D:\WINDOWS\wiaservc.log
2013-12-31 09:12 - 2008-07-22 09:35 - 01542057 _____ D:\WINDOWS\WindowsUpdate.log
2013-12-31 09:12 - 2008-07-22 07:57 - 00000300 ___SH D:\Dokumente und Einstellungen\user\ntuser.ini
2013-12-31 09:12 - 2008-07-22 00:00 - 00032490 _____ D:\WINDOWS\SchedLgU.Txt
2013-12-30 16:21 - 2013-12-30 16:21 - 00000000 ____D D:\WINDOWS\ERUNT
2013-12-30 15:52 - 2013-12-30 15:52 - 00000000 ____D D:\AdwCleaner
2013-12-30 15:39 - 2003-04-02 12:00 - 00002228 _____ D:\WINDOWS\system32\wpa.dbl
2013-12-30 15:30 - 2013-12-30 15:30 - 01034531 _____ (Thisisu) D:\Dokumente und Einstellungen\user\Desktop\JRT.exe
2013-12-30 15:29 - 2013-12-30 15:29 - 01233962 _____ D:\Dokumente und Einstellungen\user\Desktop\adwcleaner.exe
2013-12-30 12:53 - 2009-03-15 16:32 - 00000966 _____ D:\WINDOWS\Tasks\Google Software Updater.job
2013-12-29 15:38 - 2013-10-21 10:32 - 00059411 _____ D:\WINDOWS\setupapi.log
2013-12-29 15:36 - 2008-07-23 12:33 - 00006490 _____ D:\WINDOWS\WINCMD.INI
2013-12-29 15:26 - 2008-12-04 15:47 - 00000116 _____ D:\WINDOWS\NeroDigital.ini
2013-12-28 14:32 - 2013-12-28 14:32 - 00000000 ___SD D:\ComboFix
2013-12-28 14:32 - 2013-12-28 14:32 - 00000000 ____D D:\Qoobox
2013-12-28 14:31 - 2013-12-28 14:30 - 05158590 ____R (Swearware) D:\Dokumente und Einstellungen\user\Desktop\ComboFix.exe
2013-12-26 14:19 - 2013-12-26 14:19 - 00000000 _____ D:\WINDOWS\DbgOut.INI
2013-12-26 14:12 - 2013-12-26 14:11 - 00000000 ____D D:\WINDOWS\erdnt
2013-12-24 15:30 - 2008-07-21 17:34 - 00227208 _____ D:\WINDOWS\system32\FNTCACHE.DAT
2013-12-24 15:12 - 2013-12-24 15:12 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2868626$
2013-12-24 15:12 - 2013-12-24 09:43 - 00031418 _____ D:\WINDOWS\KB2868626.log
2013-12-24 15:12 - 2010-11-18 12:50 - 00435514 _____ D:\WINDOWS\msmqinst.log
2013-12-24 15:12 - 2010-11-18 12:50 - 00246974 _____ D:\WINDOWS\netfxocm.log
2013-12-24 15:12 - 2010-11-18 12:50 - 00071227 _____ D:\WINDOWS\tabletoc.log
2013-12-24 15:12 - 2010-01-14 08:21 - 01681591 _____ D:\WINDOWS\FaxSetup.log
2013-12-24 15:12 - 2010-01-14 08:21 - 01614379 _____ D:\WINDOWS\iis6.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00947457 _____ D:\WINDOWS\ocgen.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00754251 _____ D:\WINDOWS\tsoc.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00573758 _____ D:\WINDOWS\comsetup.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00346496 _____ D:\WINDOWS\ntdtcsetup.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00095281 _____ D:\WINDOWS\updspapi.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00093352 _____ D:\WINDOWS\ocmsn.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00084201 _____ D:\WINDOWS\msgsocm.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00001393 _____ D:\WINDOWS\imsins.log
2013-12-24 15:12 - 2008-07-22 09:16 - 00097979 _____ D:\WINDOWS\medctroc.Log
2013-12-24 15:11 - 2013-12-24 15:11 - 00018243 _____ D:\WINDOWS\KB2900986.log
2013-12-24 15:11 - 2013-12-24 15:11 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2900986$
2013-12-24 15:11 - 2008-07-21 17:36 - 00001393 _____ D:\WINDOWS\imsins.BAK
2013-12-24 15:10 - 2013-12-24 15:09 - 00021172 _____ D:\WINDOWS\KB2898785-IE8.log
2013-12-24 15:09 - 2013-12-24 15:09 - 00013316 _____ D:\WINDOWS\KB2904266.log
2013-12-24 15:09 - 2013-12-24 15:09 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2904266$
2013-12-24 15:09 - 2013-12-24 15:09 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2898715$
2013-12-24 15:09 - 2013-12-24 09:47 - 00026753 _____ D:\WINDOWS\KB2898715.log
2013-12-24 15:09 - 2008-11-16 10:18 - 00490376 _____ D:\WINDOWS\system32\TZLog.log
2013-12-24 15:08 - 2013-12-24 15:08 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2876331$
2013-12-24 15:08 - 2013-12-24 15:08 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2862152$
2013-12-24 15:08 - 2013-12-24 09:26 - 00025044 _____ D:\WINDOWS\KB2862152.log
2013-12-24 15:08 - 2013-12-24 08:48 - 00025449 _____ D:\WINDOWS\KB2876331.log
2013-12-24 15:02 - 2013-12-24 15:02 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2893294$
2013-12-24 15:02 - 2013-12-24 09:47 - 00024966 _____ D:\WINDOWS\KB2893294.log
2013-12-24 15:01 - 2013-12-24 15:01 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2893984$
2013-12-24 15:01 - 2013-12-24 15:01 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2892075$
2013-12-24 15:01 - 2013-12-24 09:46 - 00024194 _____ D:\WINDOWS\KB2892075.log
2013-12-24 15:01 - 2013-12-24 09:45 - 00025507 _____ D:\WINDOWS\KB2893984.log
2013-12-24 10:49 - 2013-06-01 14:39 - 00692616 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-24 10:49 - 2013-06-01 14:39 - 00071048 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-24 10:29 - 2013-12-24 10:29 - 00089212 _____ D:\Dokumente und Einstellungen\user\Desktop\gmer-l24-12-13.log
2013-12-24 10:08 - 2013-12-24 10:08 - 00377856 _____ D:\Dokumente und Einstellungen\user\Desktop\gmer_2.1.19163.exe
2013-12-24 09:55 - 2013-12-24 09:55 - 00000000 ____D D:\FRST
2013-12-24 09:54 - 2013-12-24 09:54 - 00000000 _____ D:\Dokumente und Einstellungen\user\defogger_reenable
2013-12-24 09:52 - 2013-12-24 09:52 - 00001837 _____ D:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
2013-12-24 09:52 - 2013-12-24 09:52 - 00000000 ____D D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
2013-12-03 10:36 - 2008-07-31 10:53 - 00000644 _____ D:\WINDOWS\niconfig.daq
2013-12-01 14:42 - 2008-11-21 08:23 - 88123800 _____ (Microsoft Corporation) D:\WINDOWS\system32\MRT.exe
Klaus |
|
01.01.2014, 11:49
| #10 |
| /// the machine /// TB-Ausbilder | XP sehr langsam, outlook meldet Termine immer wiederESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.01.2014, 14:38
| #11 |
| | XP sehr langsam, outlook meldet Termine immer wieder Hi Schrauber, Eset: Code:
ATTFilter D:\Dokumente und Einstellungen\user\Eigene Dateien\RegServe\SilentRemover.exe a variant of Win32/Adware.RegDefense application
G:\pro2001\BKM-Sender\GNU-C\source.zip a variant of Generik.LNKJGDZ trojan
Code:
ATTFilter Results of screen317's Security Check version 0.99.77 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Please wait while WMIC compiles updated MOF files.d i s p l a y N a m e ECHO ist ausgeschaltet (OFF). a v a s t ! ECHO ist ausgeschaltet (OFF). A n t i v i r u s ECHO ist ausgeschaltet (OFF). Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` NI Spy 2.2.0f0 Malwarebytes Anti-Malware Version 1.75.0.1300 Java(TM) 6 Update 23 Java(TM) 6 Update 7 Java version out of Date! Adobe Flash Player 11.9.900.170 Adobe Reader 7 Adobe Reader out of Date! Mozilla Firefox (26.0) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastEmUpdate.exe AVAST Software Avast avastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive D:: ````````````````````End of Log`````````````````````` Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-12-2013 01
Ran by user (administrator) on SAMSUN on 02-01-2014 15:04:33
Running from D:\Dokumente und Einstellungen\user\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(DisplayLink Corp.) D:\Programme\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) D:\Programme\DisplayLink Core Software\DisplayLinkUserAgent.exe
(AVAST Software) D:\Programme\AVAST Software\Avast\AvastSvc.exe
(Acronis) D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
(CHENGDU YIWO Tech Development Co., Ltd) E:\Programme\EASEUS\Todo Backup\bin\Agent.exe
(CHENGDU YIWO Tech Development Co., Ltd) E:\Programme\EASEUS\Todo Backup\bin\GuardAgent.exe
(Aladdin Knowledge Systems Ltd.) D:\WINDOWS\system32\hasplms.exe
(Sun Microsystems, Inc.) D:\Programme\Java\jre6\bin\jqs.exe
(NVIDIA Corporation) D:\WINDOWS\system32\nvsvc32.exe
(TeamViewer GmbH) D:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
(GlavSoft LLC.) D:\Programme\TightVNC\tvnserver.exe
(VMware, Inc.) E:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
(VMware, Inc.) E:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) E:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
() D:\Programme\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
(National Instruments Corporation) D:\WINDOWS\system32\nipalsm.exe
(National Instruments Corporation) D:\WINDOWS\system32\nipalsm.exe
(Microsoft Corporation) D:\WINDOWS\system32\wscntfy.exe
(DisplayLink Corp.) D:\Programme\DisplayLink Core Software\DisplayLinkUI.exe
() E:\Programme\Bazaar\tbzrcache.exe
(Logitech Inc.) D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\LCDMon.exe
(Logitech Inc.) D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDClock.exe
(Logitech Inc.) D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDCountdown.exe
(Logitech Inc.) D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDPOP3.exe
(Logitech Inc.) D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDMedia.exe
(Sun Microsystems, Inc.) D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
() D:\Programme\Browser Mouse\Browser Mouse\1.0\LwbWheel.exe
(Teleca Sweden AB) D:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe
(Acronis) D:\Programme\Acronis\TrueImage\TrueImageMonitor.exe
(Acronis) D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
() D:\Dokumente und Einstellungen\user\Desktop\SecurityCheck.exe
(Teleca Sweden AB) D:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
(AVAST Software) D:\Programme\AVAST Software\Avast\AvastUI.exe
() D:\Programme\Unlocker\UnlockerAssistant.exe
(Microsoft Corporation) D:\WINDOWS\system32\cmd.exe
(CHENGDU YIWO Tech Development Co., Ltd) E:\Programme\EASEUS\Todo Backup\bin\EuWatch.exe
(Popwire AB) D:\Programme\Gemeinsame Dateien\Teleca Shared\logger.exe
(CHENGDU YIWO Tech Development Co., Ltd) E:\Programme\EASEUS\Todo Backup\bin\TrayNotify.exe
(National Instruments Corporation) E:\Programme\National Instruments\NI-DAQ\HWConfig\nidevldstat.exe
(Christian Diefer) D:\Programme\SpeedswitchXP\SpeedswitchXP.exe
(Microsoft Corporation) D:\Programme\Microsoft ActiveSync\wcescomm.exe
(Logitech Inc.) D:\Programme\Logitech\Vid HD\Vid.exe
(Microsoft Corporation) D:\Programme\Messenger\msmsgs.exe
(Teleca AB) D:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
(Chromatic Dragon) D:\Programme\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe
(Microsoft Corporation) D:\Programme\Windows Desktop Search\WindowsSearch.exe
(Teleca) D:\Programme\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
(Teleca Sweden AB) D:\Programme\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
(Teleca Sweden AB) D:\Programme\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe
(Teleca AB) D:\Programme\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
(TODO: <Company name>) D:\Programme\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
(Microsoft Corporation) E:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
(Mozilla Corporation) E:\Programme\Mozilla Firefox\firefox.exe
(Microsoft Corporation) D:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) D:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) D:\WINDOWS\system32\wuauclt.exe
(Farbar) D:\Dokumente und Einstellungen\user\Desktop\FRST(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [Launch LCDMon] - D:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\LCDMon.exe [774168 2007-04-27] (Logitech Inc.)
HKLM\...\Run: [BIH] - D:\WINDOWS\system32\rundll32.exe bih.dll,InitGauge
HKLM\...\Run: [SunJavaUpdateSched] - D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [LWBMOUSE] - D:\Programme\Browser Mouse\Browser Mouse\1.0\LwbWheel.exe [429568 2001-03-26] ()
HKLM\...\Run: [Mobile Connectivity Suite] - D:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe [598016 2009-11-19] (Teleca Sweden AB)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
HKLM\...\Run: [Acronis*True*Image Monitor] - D:\Programme\Acronis\TrueImage\TrueImageMonitor.exe [505319 2011-02-10] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe [65536 2011-02-10] (Acronis)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [avast] - D:\Programme\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [UnlockerAssistant] - D:\Programme\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [EaseUs Watch] - E:\Programme\EASEUS\Todo Backup\bin\EuWatch.exe [70728 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [EaseUs Tray] - E:\Programme\EASEUS\Todo Backup\bin\TrayNotify.exe [1372232 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [NIDAQmxDriverStatus] - E:\Programme\National Instruments\NI-DAQ\HWConfig\nidevldstat.exe [11408 2004-07-14] (National Instruments Corporation)
HKLM\...\Run: [20131121] - D:\Programme\AVAST Software\Avast\Setup\emupdate\5a5f826e-c754-415a-9d00-eb31f3570d02.exe [180184 2013-12-04] (AVAST Software)
HKLM\...\Run: [DWQueuedReporting] - D:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE [435096 2008-11-04] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoSharedDocuments] 0
HKCU\...\Run: [SpeedswitchXP] - D:\Programme\SpeedswitchXP\SpeedswitchXP.exe [626688 2006-07-14] (Christian Diefer)
HKCU\...\Run: [H/PC Connection Agent] - D:\Programme\Microsoft ActiveSync\wcescomm.exe [401496 2002-01-12] (Microsoft Corporation)
HKCU\...\Run: [Logitech Vid] - D:\Programme\Logitech\Vid HD\Vid.exe [6129496 2011-01-13] (Logitech Inc.)
HKCU\...\Run: [MSMSGS] - D:\Programme\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Policies\Explorer: [FoFileAssociate] 0
HKCU\...\Policies\Explorer: [NoShellSearchButton] 0
HKCU\...\Policies\Explorer: [HideClock] 0
HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKCU\...\Policies\Explorer: [NoUserNameInStartMenu] 0
HKCU\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKU\Klaus\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "D:\Programme\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Toodledo Sync Tool.lnk
ShortcutTarget: Toodledo Sync Tool.lnk -> D:\WINDOWS\Installer\{7D0C60CD-F5FF-4758-8A96-247D0DA74C52}\_ABFE74A9AD95D30FB3A626.exe ()
Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> D:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: D:\Dokumente und Einstellungen\user\Startmenü\Programme\Autostart\PandaUSBVaccine.lnk
ShortcutTarget: PandaUSBVaccine.lnk -> D:\Programme\Panda USB Vaccine\USBVaccine.exe (Panda Security)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Programme\rpbrowserrecordplugin.dll No File
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Programme\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - D:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - D:\Programme\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - D:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default
FF Plugin: @adobe.com/FlashPlayer - D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - D:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - D:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin - D:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - D:\Programme\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.91 - D:\Programme\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin: @pack.google.com/Google Updater;version=14 - D:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - E:\Programme\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 - E:\Programme\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - E:\Programme\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - D:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - D:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\searchplugins\stumbleupon.xml
FF SearchPlugin: D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\searchplugins\ixquick---deutsch.xml
FF SearchPlugin: D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\searchplugins\searchplugins-backup
FF Extension: Microsoft .NET Framework Assistant - D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Snap Shots - D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\snapshots@snap.com
FF Extension: No Name - D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\nostmp
FF Extension: FastestFox - D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\smarterwiki@wikiatic.com.xpi
FF Extension: StumbleUpon - D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
FF Extension: Toodledo - D:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\r9gvvyt3.default\Extensions\statusbar@toodledo.com.xpi
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - E:\Programme\browserrecord
FF Extension: RealPlayer Browser Record Plugin - E:\Programme\browserrecord
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - D:\Programme\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - D:\Programme\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - D:\Programme\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - D:\Programme\AVAST Software\Avast\WebRep\FF
FF StartMenuInternet: FIREFOX.EXE - E:\Programme\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - D:\Programme\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - D:\Programme\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - D:\Programme\Google\Chrome\Application\27.0.1453.94\pdf.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.230.5) - D:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U23) - D:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.4) - D:\Programme\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4) - D:\Programme\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4) - D:\Programme\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4) - D:\Programme\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4) - D:\Programme\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4) - D:\Programme\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4) - D:\Programme\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - D:\Programme\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - D:\Programme\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - D:\Programme\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - E:\Programme\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (National Instruments LabVIEW 8.0 Netscape Plug-in for Windows) - E:\Programme\Mozilla Firefox\plugins\NPLV80Win32.dll No File
CHR Plugin: (National Instruments LabVIEW 8.2 Netscape Plug-in for Windows) - E:\Programme\Mozilla Firefox\plugins\NPLV82Win32.dll (National Instruments)
CHR Plugin: (National Instruments LabVIEW 8.5 Netscape Plug-in for Windows) - E:\Programme\Mozilla Firefox\plugins\nplv85win32.dll No File
CHR Plugin: (RealPlayer Version Plugin) - E:\Programme\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - E:\Programme\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - E:\Programme\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (2007 Microsoft Office system) - E:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Internet Pictures Corp. iPIX Plugin v6.2) - E:\Programme\Mozilla Firefox\plugins\NpIpx32.dll (Internet Pictures Corp.)
CHR Plugin: (getPlusPlus for Adobe 16291) - E:\Programme\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (Google Earth Plugin) - D:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - D:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Picasa) - D:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - D:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - D:\Programme\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Gmail) - D:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: (Google Search) - D:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (YouTube) - D:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
========================== Services (Whitelisted) =================
R2 AcrSch2Svc; D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [114688 2011-02-10] (Acronis)
R2 avast! Antivirus; D:\Programme\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 DisplayLinkService; D:\Programme\DisplayLink Core Software\DisplayLinkManager.exe [5240168 2011-04-10] (DisplayLink Corp.)
R2 EaseUS Agent; E:\Programme\EaseUS\Todo Backup\bin\Agent.exe [68168 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
R2 Guard Agent; E:\Programme\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
S2 gupdate1c9a57b31024390; D:\Programme\Google\Update\GoogleUpdate.exe [133104 2009-03-15] (Google Inc.)
S3 gupdatem; D:\Programme\Google\Update\GoogleUpdate.exe [133104 2009-03-15] (Google Inc.)
S2 gusvc; D:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2012-10-12] (Google)
R2 hasplms; D:\WINDOWS\system32\hasplms.exe [2549248 2008-07-17] (Aladdin Knowledge Systems Ltd.)
S2 LkCitadelServer; D:\WINDOWS\system32\lkcitdl.exe [695136 2007-03-21] (National Instruments, Inc.)
S4 lkClassAds; D:\WINDOWS\system32\lkads.exe [40488 2007-07-16] (National Instruments Corporation)
S4 lkTimeSync; D:\WINDOWS\system32\lktsrv.exe [50736 2007-07-16] (National Instruments Corporation)
S3 MozillaMaintenance; D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2013-12-30] (Mozilla Foundation)
R2 nidevldu; D:\Windows\System32\nipalsm.exe [5730 2004-07-08] (National Instruments Corporation)
S4 NIDomainService; E:\Programme\National Instruments\Shared\Security\nidmsrv.exe [213040 2007-07-16] (National Instruments Corporation)
S4 NILM License manager; E:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1007616 2007-01-29] (Macrovision Corporation)
R2 nipxirmu; D:\Windows\System32\nipalsm.exe [5730 2004-07-08] (National Instruments Corporation)
S4 niSvcLoc; D:\WINDOWS\system32\nisvcloc.exe [48704 2007-07-19] (National Instruments Corp.)
S3 oad; E:\Programme\vbroker\Bin\oad.exe [1781248 1998-03-12] ()
S3 odserv; D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [441712 2008-11-04] (Microsoft Corporation)
S3 OpcEnum; D:\WINDOWS\system32\OpcEnum.exe [98304 2004-12-02] (OPC Foundation)
S3 osagent; E:\Programme\vbroker\Bin\osagent.exe [193536 1998-03-12] ()
S3 ose; D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S3 SandraAgentSrv; D:\Programme\SiSoftware\SiSoftware Sandra Lite 2013\RpcAgentSrv.exe [68760 2008-11-04] (SiSoftware)
R2 TeamViewer8; D:\Programme\TeamViewer\Version8\TeamViewer_Service.exe [3467768 2012-12-14] (TeamViewer GmbH)
R2 tvnserver; D:\Programme\TightVNC\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)
R2 vmware-converter-agent; D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VMware\VMware vCenter Converter Standalone\converter-agent.xml [6401 2013-06-03] ()
R2 vmware-converter-server; D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VMware\VMware vCenter Converter Standalone\converter-server.xml [4407 2013-06-03] ()
R2 vmware-converter-worker; D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VMware\VMware vCenter Converter Standalone\converter-worker.xml [7013 2013-06-03] ()
S3 WMPNetworkSvc; D:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
R2 WysePocketCloud; D:\Programme\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [74240 2010-11-19] ()
S2 ClipInc001; K:\Tobit ClipInc\Server\ClipInc-Server.exe 001 [x]
S3 de_serv; D:\Programme\Gemeinsame Dateien\AVM\de_serv.exe [x]
R2 JavaQuickStarterService; "D:\Programme\Java\jre6\bin\jqs.exe" -service -config "D:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf"
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
S2 vToolbarUpdater17.2.0; D:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]
==================== Drivers (Whitelisted) ====================
R2 acedrv11; D:\WINDOWS\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R2 aksfridge; D:\WINDOWS\system32\drivers\aksfridge.sys [350720 2008-03-27] (Aladdin Knowledge Systems Ltd.)
R2 aswFsBlk; D:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; D:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 AswRdr; D:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; D:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; D:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-28] (AVAST Software)
R1 aswSP; D:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-28] (AVAST Software)
R1 aswTdi; D:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; D:\Windows\System32\Drivers\aswVmm.sys [175176 2013-08-28] ()
R1 avgtp; D:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-10-21] (AVG Technologies)
R1 BIOS; D:\WINDOWS\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group)
R3 BlueletAudio; D:\Windows\System32\DRIVERS\blueletaudio.sys [34704 2007-05-11] (IVT Corporation.)
R3 BlueletSCOAudio; D:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
S3 bmdrvr; D:\Windows\System32\drivers\bmdrvr.sys [54384 2011-03-15] (VMware, Inc.)
S3 BT; D:\Windows\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; D:\Windows\System32\Drivers\btcusb.sys [36496 2007-05-09] (IVT Corporation.)
R0 BTHidEnum; D:\Windows\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; D:\Windows\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
S3 CCDECODE; D:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 cs429x; D:\Windows\System32\drivers\cwawdm.sys [97664 2002-08-22] (Cirrus Logic, Inc.)
R2 cvintdrv; D:\Windows\System32\Drivers\cvintdrv.sys [7140 2003-07-29] ()
S3 dfu; D:\Windows\System32\drivers\MassDfu.sys [12416 2011-08-01] (Philips PTCL)
R3 DisplayLinkFilter; D:\Windows\System32\DRIVERS\DisplayLinkFilter.sys [7296 2011-04-10] (DisplayLink Corp.)
R3 DisplayLinkGA; D:\Windows\System32\DRIVERS\DisplayLinkGAport.sys [27648 2011-04-10] (DisplayLink Corp.)
R3 DisplayLinkmirror; D:\Windows\System32\DRIVERS\DisplayLinkmirrorport.sys [24448 2011-04-10] (DisplayLink Corp.)
S3 DisplayLinkUsbPort; D:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [21888 2011-11-15] (hxxp://libusb-win32.sourceforge.net)
R3 EL90XBC; D:\Windows\System32\DRIVERS\el90xbc5.sys [77469 2003-01-23] (3Com Corporation)
R0 EUBAKUP; D:\Windows\System32\drivers\eubakup.sys [51400 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; D:\Windows\System32\drivers\EUBKMON.sys [40776 2013-05-10] ()
R1 EUDSKACS; D:\WINDOWS\system32\drivers\eudskacs.sys [14920 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; D:\WINDOWS\system32\drivers\EuFdDisk.sys [185672 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
S3 FilterService; D:\Windows\System32\DRIVERS\lvuvcflt.sys [23904 2010-05-15] (Logitech Inc.)
S3 FTD2XX; D:\Windows\System32\Drivers\FTD2XX.sys [34639 2005-12-15] (FTDI Ltd.)
S3 FTDIBUS; D:\Windows\System32\drivers\ftdibus.sys [62216 2012-04-13] (FTDI Ltd.)
R2 GfSDev; E:\PROGRAMME\NATIONAL INSTRUMENTS\DIADEM 10.1\GfSDev.sys [22016 2006-10-25] (National Instruments)
S3 GHI_SpotUsb; D:\Windows\System32\DRIVERS\GHI_NETMF_Interface.sys [28888 2010-08-10] (Microsoft Corporation)
R0 giveio; D:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R2 gpib420; D:\Windows\System32\drivers\gpib420.sys [25088 2004-10-28] (National Instruments Corporation)
R2 GpibPrtK; D:\Windows\System32\drivers\gpibprtk.sys [199680 2004-10-28] (National Instruments Corporation)
S3 gv3; D:\Windows\System32\DRIVERS\gv3.sys [33664 2002-11-20] (Microsoft Corporation)
R2 hardlock; D:\WINDOWS\system32\drivers\hardlock.sys [586240 2008-02-11] (Aladdin Knowledge Systems Ltd.)
R2 Haspnt; D:\WINDOWS\system32\drivers\Haspnt.sys [47616 2008-07-24] (Aladdin Knowledge Systems)
R2 lvalarmk; D:\Windows\System32\drivers\lvalarmk.dll [10829 2004-04-01] (National Instruments)
S3 mbedComposite; D:\Windows\System32\DRIVERS\mbedComposite.sys [39984 2009-09-30] (ARM Ltd)
S3 mbedSerial; D:\Windows\System32\DRIVERS\mbedSerial.sys [50736 2009-09-30] (ARM Ltd)
S3 NdisIP; D:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NDMSHLP; D:\Programme\Gemeinsame Dateien\HHD Software\Device Monitor\ndmshlp.sys [7632 2005-05-24] (HHD Software)
S3 nhcDriverDevice; D:\WINDOWS\system32\drivers\nhcDriver.sys [22528 2010-01-07] (pBUS-167 Software - hxxp://www.pbus-167.com)
R2 niarbk; D:\Windows\System32\drivers\niarbk.dll [37376 2004-07-15] (National Instruments Corporation)
R2 nibffrk; D:\Windows\System32\drivers\nibffrk.dll [21504 2004-07-15] (National Instruments Corporation)
R3 nicdrk; D:\Windows\System32\drivers\nicdrk.dll [128112 2004-07-08] (National Instruments Corporation)
R2 Nidaq32k; D:\Windows\System32\Drivers\Nidaq32k.sys [674304 2004-07-15] (National Instruments Corporation)
R2 nidimk; D:\Windows\System32\drivers\nidimk.dll [108124 2004-03-26] (National Instruments Corporation)
R2 nidmmk; D:\Windows\System32\drivers\nidmmk.dll [50688 2004-07-15] (National Instruments Corporation)
R2 nidmxfk; D:\Windows\System32\drivers\nidmxfk.dll [128117 2004-07-08] (National Instruments Corporation)
S3 nidsark; D:\Windows\System32\drivers\nidsark.dll [652906 2004-07-08] (National Instruments Corporation)
S3 niesrk; D:\Windows\System32\drivers\niesrk.dll [513643 2004-10-08] (National Instruments Corporation)
R2 nilvaik; D:\Windows\System32\drivers\nilvaik.dll [18037 2004-07-08] (National Instruments Corporation)
R3 nimdbgk; D:\Windows\System32\drivers\nimdbgk.dll [133227 2004-03-26] (National Instruments Corporation)
R2 nimdsk; D:\Windows\System32\drivers\nimdsk.dll [30208 2004-07-15] (National Instruments Corporation)
R3 nimru2k; D:\Windows\System32\drivers\nimru2k.dll [130141 2004-07-07] (National Instruments Corporation)
S3 nimsdrk; D:\Windows\System32\drivers\nimsdrk.dll [73858 2004-07-08] (National Instruments Corporation)
S3 nimslk; D:\Windows\System32\drivers\nimslk.dll [14464 2004-03-29] (National Instruments Corporation)
S3 nimsrlk; D:\Windows\System32\drivers\nimsrlk.dll [151683 2004-03-29] (National Instruments Corporation)
R3 nimstsk; D:\Windows\System32\drivers\nimstsk.dll [44149 2004-07-08] (National Instruments Corporation)
R3 nimxdfk; D:\Windows\System32\drivers\nimxdfk.dll [172639 2004-03-26] (National Instruments Corporation)
R2 nimxpk; D:\Windows\System32\drivers\nimxpk.dll [19570 2004-03-29] (National Instruments Corporation)
R3 niorbk; D:\Windows\System32\drivers\niorbk.dll [35420 2004-03-31] (National Instruments Corporation)
R0 NIPALK; D:\Windows\System32\Drivers\NIPALK.sys [373853 2004-07-07] (National Instruments Corporation)
R2 nipxirmk; D:\Windows\System32\drivers\nipxirmk.dll [41075 2004-10-19] (National Instruments Corporation)
R3 niscdk; D:\Windows\System32\drivers\niscdk.dll [396394 2004-07-14] (National Instruments Corporation)
S3 nisdigk; D:\Windows\System32\drivers\nisdigk.dll [204917 2004-10-08] (National Instruments Corporation)
S3 nispdk; D:\Windows\System32\drivers\nispdk.dll [68202 2004-07-14] ()
S3 nissrk; D:\Windows\System32\drivers\nissrk.dll [513643 2004-10-08] (National Instruments Corporation)
S3 nistc2k; D:\Windows\System32\drivers\nistc2k.dll [121461 2004-03-29] (National Instruments Corporation)
R2 nistck; D:\Windows\System32\drivers\nistck.dll [111616 2004-07-15] (National Instruments Corporation)
S3 nistcrk; D:\Windows\System32\drivers\nistcrk.dll [91257 2004-07-08] (National Instruments Corporation)
R2 niswdk; D:\Windows\System32\drivers\niswdk.dll [365677 2004-10-15] (National Instruments Corporation)
S3 nitiork; D:\Windows\System32\drivers\nitiork.dll [1202809 2004-07-08] (National Instruments Corporation)
S3 NiViPxiK; D:\Windows\System32\Drivers\NiViPxiK.sys [24576 2004-07-14] (National Instruments)
S3 niwfrk; D:\Windows\System32\drivers\niwfrk.dll [417899 2004-10-08] (National Instruments Corporation)
S3 nixsrk; D:\Windows\System32\drivers\nixsrk.dll [828523 2004-10-08] (National Instruments Corporation)
R2 NPF; D:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R1 PBUS; D:\Windows\System32\Drivers\PBUS.sys [3600 2001-09-19] (Bernecker + Rainer, Industrie-Elektronik Ges.m.b.H., A-5142, Austria, Europe)
R2 PHDIo; D:\WINDOWS\System32\Drivers\PHDIo.sys [14000 2000-01-10] (PHD Computer Consultants Ltd)
S3 PortTalk; D:\Windows\System32\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic hxxp://www.beyondlogic.org)
S3 pwdrvio; D:\WINDOWS\system32\pwdrvio.sys [15576 2012-08-20] ()
S3 pwdspio; D:\WINDOWS\system32\pwdspio.sys [10200 2012-08-20] ()
S3 SANDRA; D:\Programme\SiSoftware\SiSoftware Sandra Lite 2013\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 SerMon; D:\Programme\HHD Software\Free Serial Port Monitor\sermon.sys [18432 2005-05-24] (HHD Software)
S3 silabenm; D:\Windows\System32\DRIVERS\silabenm.sys [24680 2010-05-24] (Silicon Laboratories, Inc.)
S3 silabser; D:\Windows\System32\DRIVERS\silabser.sys [70248 2010-05-24] (Silicon Laboratories)
R1 SLEE_16_DRIVER; D:\WINDOWS\system32\drivers\Sleen16.sys [79104 2007-10-11] (Softwareentwicklung Remus - ArchiCrypt )
R0 speedfan; D:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows (R) 2000 DDK provider)
S3 TfBulk; D:\Windows\System32\DRIVERS\TfBulk.sys [13312 2007-05-31] (Topfield (visit www.topfield.co.kr))
R2 tifsfilter; D:\Windows\System32\DRIVERS\tifsfilt.sys [28064 2011-02-10] (Acronis)
R1 UimBus; D:\Windows\System32\DRIVERS\UimBus.sys [81232 2013-03-15] (Windows (R) 2000 DDK provider)
R1 Uim_IM; D:\Windows\System32\Drivers\Uim_IM.sys [452816 2013-03-15] (Paragon)
R1 Uim_Vim; D:\Windows\System32\Drivers\Uim_Vim.sys [283600 2013-03-15] (Paragon)
S3 VComm; D:\Windows\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; D:\Windows\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
R2 vstor2-mntapi10-shared; D:\Windows\System32\drivers\vstor2-mntapi10-shared.sys [22768 2011-07-12] (VMware, Inc.)
R3 w70n51; D:\Windows\System32\DRIVERS\w70n51.sys [2370688 2003-01-13] (Intel® Corporation)
S3 wceusbsh; D:\Windows\System32\DRIVERS\wceusbsh.sys [32000 2009-08-03] (Microsoft Corporation)
R3 WinDriver6; D:\Windows\System32\drivers\windrvr6.sys [195968 2010-08-31] (Jungo)
S3 catchme; \??\D:\DOKUME~1\user\LOKALE~1\Temp\catchme.sys [x]
S3 DCamUSBIP10; System32\Drivers\iP293x.sys [x]
S3 DOSMEMIO; \??\F:\MEMIO.SYS [x]
S3 EverestDriver; \??\G:\sicherheitspack\everest\everestultimate_build_0978\kerneld.wnt [x]
S3 meIDSmain; System32\Drivers\meIDSmain.sys [x]
S2 NatMotion; No ImagePath
U5 ScsiPort; D:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 UnlockerDriver5; D:\Programme\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-02 08:04 - 2014-01-02 08:05 - 00891200 _____ D:\Dokumente und Einstellungen\user\Desktop\SecurityCheck.exe
2013-12-31 10:38 - 2014-01-02 15:04 - 00036692 _____ D:\Dokumente und Einstellungen\user\Desktop\FRST.txt
2013-12-31 10:37 - 2013-12-31 10:37 - 01064199 _____ (Farbar) D:\Dokumente und Einstellungen\user\Desktop\FRST(1).exe
2013-12-31 10:35 - 2013-12-31 10:35 - 00000000 __SHD D:\Recycled
2013-12-31 09:25 - 2013-12-31 09:25 - 00000729 _____ D:\Dokumente und Einstellungen\user\Desktop\JRT.txt
2013-12-30 16:21 - 2013-12-30 16:21 - 00000000 ____D D:\WINDOWS\ERUNT
2013-12-30 15:52 - 2013-12-30 15:52 - 00000000 ____D D:\AdwCleaner
2013-12-30 15:30 - 2013-12-30 15:30 - 01034531 _____ (Thisisu) D:\Dokumente und Einstellungen\user\Desktop\JRT.exe
2013-12-30 15:29 - 2013-12-30 15:29 - 01233962 _____ D:\Dokumente und Einstellungen\user\Desktop\adwcleaner.exe
2013-12-28 14:32 - 2013-12-28 14:32 - 00000000 ___SD D:\ComboFix
2013-12-28 14:32 - 2013-12-28 14:32 - 00000000 ____D D:\Qoobox
2013-12-28 14:32 - 2011-06-26 07:45 - 00256000 _____ D:\WINDOWS\PEV.exe
2013-12-28 14:32 - 2010-11-07 18:20 - 00208896 _____ D:\WINDOWS\MBR.exe
2013-12-28 14:32 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) D:\WINDOWS\NIRCMD.exe
2013-12-28 14:32 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) D:\WINDOWS\SWREG.exe
2013-12-28 14:32 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) D:\WINDOWS\SWSC.exe
2013-12-28 14:32 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) D:\WINDOWS\SWXCACLS.exe
2013-12-28 14:32 - 2000-08-31 01:00 - 00098816 _____ D:\WINDOWS\sed.exe
2013-12-28 14:32 - 2000-08-31 01:00 - 00080412 _____ D:\WINDOWS\grep.exe
2013-12-28 14:32 - 2000-08-31 01:00 - 00068096 _____ D:\WINDOWS\zip.exe
2013-12-28 14:30 - 2013-12-28 14:31 - 05158590 ____R (Swearware) D:\Dokumente und Einstellungen\user\Desktop\ComboFix.exe
2013-12-26 14:19 - 2013-12-26 14:19 - 00000000 _____ D:\WINDOWS\DbgOut.INI
2013-12-26 14:11 - 2013-12-26 14:12 - 00000000 ____D D:\WINDOWS\erdnt
2013-12-24 15:12 - 2013-12-24 15:12 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2868626$
2013-12-24 15:11 - 2013-12-24 15:11 - 00018243 _____ D:\WINDOWS\KB2900986.log
2013-12-24 15:11 - 2013-12-24 15:11 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2900986$
2013-12-24 15:09 - 2013-12-24 15:10 - 00021172 _____ D:\WINDOWS\KB2898785-IE8.log
2013-12-24 15:09 - 2013-12-24 15:09 - 00013316 _____ D:\WINDOWS\KB2904266.log
2013-12-24 15:09 - 2013-12-24 15:09 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2904266$
2013-12-24 15:09 - 2013-12-24 15:09 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2898715$
2013-12-24 15:08 - 2013-12-24 15:08 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2876331$
2013-12-24 15:08 - 2013-12-24 15:08 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2862152$
2013-12-24 15:02 - 2013-12-24 15:02 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2893294$
2013-12-24 15:01 - 2013-12-24 15:01 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2893984$
2013-12-24 15:01 - 2013-12-24 15:01 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2892075$
2013-12-24 10:29 - 2013-12-24 10:29 - 00089212 _____ D:\Dokumente und Einstellungen\user\Desktop\gmer-l24-12-13.log
2013-12-24 10:08 - 2013-12-24 10:08 - 00377856 _____ D:\Dokumente und Einstellungen\user\Desktop\gmer_2.1.19163.exe
2013-12-24 09:55 - 2013-12-24 09:55 - 00000000 ____D D:\FRST
2013-12-24 09:54 - 2013-12-24 09:54 - 00000000 _____ D:\Dokumente und Einstellungen\user\defogger_reenable
2013-12-24 09:52 - 2013-12-24 09:52 - 00001837 _____ D:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
2013-12-24 09:52 - 2013-12-24 09:52 - 00000000 ____D D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
2013-12-24 09:47 - 2013-12-24 15:09 - 00026753 _____ D:\WINDOWS\KB2898715.log
2013-12-24 09:47 - 2013-12-24 15:02 - 00024966 _____ D:\WINDOWS\KB2893294.log
2013-12-24 09:46 - 2013-12-24 15:01 - 00024194 _____ D:\WINDOWS\KB2892075.log
2013-12-24 09:45 - 2013-12-24 15:01 - 00025507 _____ D:\WINDOWS\KB2893984.log
2013-12-24 09:43 - 2013-12-24 15:12 - 00031418 _____ D:\WINDOWS\KB2868626.log
2013-12-24 09:26 - 2013-12-24 15:08 - 00025044 _____ D:\WINDOWS\KB2862152.log
2013-12-24 08:48 - 2013-12-24 15:08 - 00025449 _____ D:\WINDOWS\KB2876331.log
==================== One Month Modified Files and Folders =======
2014-01-02 15:04 - 2013-12-31 10:38 - 00036692 _____ D:\Dokumente und Einstellungen\user\Desktop\FRST.txt
2014-01-02 15:02 - 2011-03-09 08:12 - 01064031 _____ D:\WINDOWS\KB2481109.log
2014-01-02 15:02 - 2008-07-22 09:35 - 01715582 _____ D:\WINDOWS\WindowsUpdate.log
2014-01-02 14:51 - 2012-11-19 11:50 - 00000440 ____H D:\WINDOWS\Tasks\User_Feed_Synchronization-{3520E1ED-4118-4802-B2E3-784E41B7BD6A}.job
2014-01-02 14:50 - 2009-06-30 19:27 - 00001090 _____ D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-02 14:49 - 2013-06-01 14:39 - 00000884 _____ D:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-02 14:33 - 2012-10-12 11:49 - 00000356 ____H D:\WINDOWS\Tasks\avast! Emergency Update.job
2014-01-02 14:32 - 2009-07-21 14:44 - 03882640 _____ D:\Dokumente und Einstellungen\user\Eigene Dateien\.bzr.log
2014-01-02 14:32 - 2009-06-30 19:27 - 00001086 _____ D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-02 14:31 - 2013-06-03 17:51 - 00000350 _____ D:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-01-02 14:25 - 2008-07-21 17:53 - 00000006 ____H D:\WINDOWS\Tasks\SA.DAT
2014-01-02 14:25 - 2008-07-21 17:44 - 00000159 _____ D:\WINDOWS\wiadebug.log
2014-01-02 14:25 - 2003-04-02 12:00 - 00002228 _____ D:\WINDOWS\system32\wpa.dbl
2014-01-02 14:24 - 2009-12-21 16:00 - 00000050 _____ D:\WINDOWS\wiaservc.log
2014-01-02 14:24 - 2008-07-22 00:00 - 00032498 _____ D:\WINDOWS\SchedLgU.Txt
2014-01-02 14:23 - 2008-07-22 07:57 - 00000300 ___SH D:\Dokumente und Einstellungen\user\ntuser.ini
2014-01-02 12:53 - 2009-03-15 16:32 - 00000966 _____ D:\WINDOWS\Tasks\Google Software Updater.job
2014-01-02 08:05 - 2014-01-02 08:04 - 00891200 _____ D:\Dokumente und Einstellungen\user\Desktop\SecurityCheck.exe
2014-01-02 08:05 - 2008-07-23 12:33 - 00006722 _____ D:\WINDOWS\WINCMD.INI
2013-12-31 10:37 - 2013-12-31 10:37 - 01064199 _____ (Farbar) D:\Dokumente und Einstellungen\user\Desktop\FRST(1).exe
2013-12-31 10:35 - 2013-12-31 10:35 - 00000000 __SHD D:\Recycled
2013-12-31 09:25 - 2013-12-31 09:25 - 00000729 _____ D:\Dokumente und Einstellungen\user\Desktop\JRT.txt
2013-12-30 16:21 - 2013-12-30 16:21 - 00000000 ____D D:\WINDOWS\ERUNT
2013-12-30 15:52 - 2013-12-30 15:52 - 00000000 ____D D:\AdwCleaner
2013-12-30 15:30 - 2013-12-30 15:30 - 01034531 _____ (Thisisu) D:\Dokumente und Einstellungen\user\Desktop\JRT.exe
2013-12-30 15:29 - 2013-12-30 15:29 - 01233962 _____ D:\Dokumente und Einstellungen\user\Desktop\adwcleaner.exe
2013-12-29 15:38 - 2013-10-21 10:32 - 00059411 _____ D:\WINDOWS\setupapi.log
2013-12-29 15:26 - 2008-12-04 15:47 - 00000116 _____ D:\WINDOWS\NeroDigital.ini
2013-12-28 14:32 - 2013-12-28 14:32 - 00000000 ___SD D:\ComboFix
2013-12-28 14:32 - 2013-12-28 14:32 - 00000000 ____D D:\Qoobox
2013-12-28 14:31 - 2013-12-28 14:30 - 05158590 ____R (Swearware) D:\Dokumente und Einstellungen\user\Desktop\ComboFix.exe
2013-12-26 14:19 - 2013-12-26 14:19 - 00000000 _____ D:\WINDOWS\DbgOut.INI
2013-12-26 14:12 - 2013-12-26 14:11 - 00000000 ____D D:\WINDOWS\erdnt
2013-12-24 15:30 - 2008-07-21 17:34 - 00227208 _____ D:\WINDOWS\system32\FNTCACHE.DAT
2013-12-24 15:12 - 2013-12-24 15:12 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2868626$
2013-12-24 15:12 - 2013-12-24 09:43 - 00031418 _____ D:\WINDOWS\KB2868626.log
2013-12-24 15:12 - 2010-11-18 12:50 - 00435514 _____ D:\WINDOWS\msmqinst.log
2013-12-24 15:12 - 2010-11-18 12:50 - 00246974 _____ D:\WINDOWS\netfxocm.log
2013-12-24 15:12 - 2010-11-18 12:50 - 00071227 _____ D:\WINDOWS\tabletoc.log
2013-12-24 15:12 - 2010-01-14 08:21 - 01681591 _____ D:\WINDOWS\FaxSetup.log
2013-12-24 15:12 - 2010-01-14 08:21 - 01614379 _____ D:\WINDOWS\iis6.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00947457 _____ D:\WINDOWS\ocgen.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00754251 _____ D:\WINDOWS\tsoc.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00573758 _____ D:\WINDOWS\comsetup.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00346496 _____ D:\WINDOWS\ntdtcsetup.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00095281 _____ D:\WINDOWS\updspapi.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00093352 _____ D:\WINDOWS\ocmsn.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00084201 _____ D:\WINDOWS\msgsocm.log
2013-12-24 15:12 - 2010-01-14 08:21 - 00001393 _____ D:\WINDOWS\imsins.log
2013-12-24 15:12 - 2008-07-22 09:16 - 00097979 _____ D:\WINDOWS\medctroc.Log
2013-12-24 15:11 - 2013-12-24 15:11 - 00018243 _____ D:\WINDOWS\KB2900986.log
2013-12-24 15:11 - 2013-12-24 15:11 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2900986$
2013-12-24 15:11 - 2008-07-21 17:36 - 00001393 _____ D:\WINDOWS\imsins.BAK
2013-12-24 15:10 - 2013-12-24 15:09 - 00021172 _____ D:\WINDOWS\KB2898785-IE8.log
2013-12-24 15:09 - 2013-12-24 15:09 - 00013316 _____ D:\WINDOWS\KB2904266.log
2013-12-24 15:09 - 2013-12-24 15:09 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2904266$
2013-12-24 15:09 - 2013-12-24 15:09 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2898715$
2013-12-24 15:09 - 2013-12-24 09:47 - 00026753 _____ D:\WINDOWS\KB2898715.log
2013-12-24 15:09 - 2008-11-16 10:18 - 00490376 _____ D:\WINDOWS\system32\TZLog.log
2013-12-24 15:08 - 2013-12-24 15:08 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2876331$
2013-12-24 15:08 - 2013-12-24 15:08 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2862152$
2013-12-24 15:08 - 2013-12-24 09:26 - 00025044 _____ D:\WINDOWS\KB2862152.log
2013-12-24 15:08 - 2013-12-24 08:48 - 00025449 _____ D:\WINDOWS\KB2876331.log
2013-12-24 15:02 - 2013-12-24 15:02 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2893294$
2013-12-24 15:02 - 2013-12-24 09:47 - 00024966 _____ D:\WINDOWS\KB2893294.log
2013-12-24 15:01 - 2013-12-24 15:01 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2893984$
2013-12-24 15:01 - 2013-12-24 15:01 - 00000000 ___HD D:\WINDOWS\$NtUninstallKB2892075$
2013-12-24 15:01 - 2013-12-24 09:46 - 00024194 _____ D:\WINDOWS\KB2892075.log
2013-12-24 15:01 - 2013-12-24 09:45 - 00025507 _____ D:\WINDOWS\KB2893984.log
2013-12-24 10:49 - 2013-06-01 14:39 - 00692616 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-24 10:49 - 2013-06-01 14:39 - 00071048 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-24 10:29 - 2013-12-24 10:29 - 00089212 _____ D:\Dokumente und Einstellungen\user\Desktop\gmer-l24-12-13.log
2013-12-24 10:08 - 2013-12-24 10:08 - 00377856 _____ D:\Dokumente und Einstellungen\user\Desktop\gmer_2.1.19163.exe
2013-12-24 09:55 - 2013-12-24 09:55 - 00000000 ____D D:\FRST
2013-12-24 09:54 - 2013-12-24 09:54 - 00000000 _____ D:\Dokumente und Einstellungen\user\defogger_reenable
2013-12-24 09:52 - 2013-12-24 09:52 - 00001837 _____ D:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
2013-12-24 09:52 - 2013-12-24 09:52 - 00000000 ____D D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
2013-12-03 10:36 - 2008-07-31 10:53 - 00000644 _____ D:\WINDOWS\niconfig.daq
ein Fehler wurde festgestellt... Outlook bringt noch die Terminmeldungen, die erledigt waren, aber auch aktuelle. Während eset lief ohne Firewall und avast kamen mehrfach Meldungen, dass jemand auf Outlook-Adressen zugreifen wollte. Das habe ich abgelehnt. Diese Meldungen hatte ich früher auch schon mal, aber seit geschätzt 3 Monaten nicht mehr. Grüße Klaus |
|
03.01.2014, 11:16
| #12 |
| /// the machine /// TB-Ausbilder | XP sehr langsam, outlook meldet Termine immer wieder Java und Adobe updaten. Gibt es neben Outlook noch andere Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.01.2014, 12:58
| #13 |
| | XP sehr langsam, outlook meldet Termine immer wieder Hallo Schrauber, der Rechner ist sehr viel schneller, die Auslastung normal, d.h. Leerlauf meist bei 95 oder mehr %. Außer outlook bisher keine Probleme mehr. Vielen, vielen Dank für das bisher erreichte. Grüße Klaus |
|
04.01.2014, 14:26
| #14 |
| /// the machine /// TB-Ausbilder | XP sehr langsam, outlook meldet Termine immer wieder Outlook am Besten mal neu installieren.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu XP sehr langsam, outlook meldet Termine immer wieder |
| avast, avg, browser, converter, cpu, dateien, desktop, device driver, einstellungen, error, harddisk, hohe cpu, langsam, lsass.exe, ntdll.dll, programme, registry, rundll, scan, secure, secure search, services.exe, software, svchost.exe, system, temp, udp, vtoolbarupdater, win32k.sys, winlogon.exe, wuauclt.exe |
