| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC plötzlich verlangsamtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.06.2012, 21:31
| #1 |
 |  PC plötzlich verlangsamt Hallo Trojaner-Board-Forum-Leute =), Problem seit gestern habe ich ein Problem mit dem PC. Ich habe Windows XP und schon der Anfangsbildschirm, wo "Windows XP" steht wird deutlich länger (~2 Minuten) angezeigt. Beim online Video gucken ruckelt es und auch der Ton ist irgendwie verzerrt. Aber auch wenn ich Audiodateien offline anhöre, klingen sie so seltsam. Ursache? Gestern hat eine Freundin grooveshark installiert (wollte was hören). Das habe ich aber mittlerweile mithilfe von "Mozilla -> Extras -> Add-ons -> Erweiterungen" entfernt. Vor einer Weile, hatte ich einen Trojaner. Ich erinner mich nicht genau, habe ihn aber mit dem "Trojan Remover" irgendwie "beseitigt" (oder zum Stillschweigen gebracht  )Meine "Sicherheitsprogramme" sind
Ich hoffe, ihr habt ein paar Tipps für mich, da ich mich leider nur sehr wenig mit solchen Sachen auskenne, Gruß, ratsuchend |
|
19.06.2012, 09:23
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | PC plötzlich verlangsamtZitat:
__________________ |
|
24.06.2012, 23:19
| #3 |
| | PC plötzlich verlangsamt Hey,
__________________hab die letzten Tage viel gearbeitet, daher die Verzögerung. Ich hab nach etwas Suchen folgendes gefunden- "Trojan Remover Logfile"- das müsste es ja sein, oder? Freundliche Grüße ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.8.3.2601. For information, email support@simplysup.com [Unregistered version] Scan started at: 20:16:33 16 Jun 2012 Using Database v7899 Operating System: Windows XP Professional (SP3) [Build: 5.1.2600] File System: NTFS UserData directory: C:\Dokumente und Einstellungen\***\Anwendungsdaten\Simply Super Software\Trojan Remover\ Database directory: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Dokumente und Einstellungen\***\Eigene Dateien\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Programme\Trojan Remover\ Running with Administrator privileges ************************************************************ 20:16:33: ----- CHECKING DEFAULT FILE ASSOCIATIONS ----- No modified default file associations detected ************************************************************ 20:16:33: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 20:16:35: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [Explorer.exe] File: Explorer.exe C:\WINDOWS\Explorer.exe 1036800 bytes Created: 25.04.2008 11:45 Modified: 14.04.2008 14:00 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\WINDOWS\system32\userinit.exe] File: C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\userinit.exe 26624 bytes Created: 25.04.2008 11:46 Modified: 14.04.2008 14:00 Company: Microsoft Corporation ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value calls the following program: Key value: [logonui.exe] File: logonui.exe C:\WINDOWS\system32\logonui.exe 515072 bytes Created: 25.04.2008 11:45 Modified: 14.04.2008 14:00 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: Apoint Value Data: C:\Programme\DellTPad\Apoint.exe C:\Programme\DellTPad\Apoint.exe 159744 bytes Created: 22.10.2008 11:14 Modified: 21.02.2008 23:24 Company: Alps Electric Co., Ltd. -------------------- Value Name: DELL Webcam Manager Value Data: "C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe" /s C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe 118784 bytes Created: 22.10.2008 02:31 Modified: 27.07.2007 17:43 Company: Creative Technology Ltd. -------------------- Value Name: dellsupportcenter Value Data: "C:\Programme\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter C:\Programme\Dell Support Center\bin\sprtcmd.exe 206064 bytes Created: 21.05.2009 11:13 Modified: 21.05.2009 11:13 Company: SupportSoft, Inc. -------------------- Value Name: AVG_TRAY Value Data: "C:\Programme\AVG\AVG2012\avgtray.exe" C:\Programme\AVG\AVG2012\avgtray.exe 2587008 bytes Created: 05.04.2012 05:12 Modified: 05.04.2012 05:12 Company: AVG Technologies CZ, s.r.o. -------------------- Value Name: vProt Value Data: "C:\Programme\AVG Secure Search\vprot.exe" C:\Programme\AVG Secure Search\vprot.exe 1104440 bytes Created: 06.06.2012 21:43 Modified: 13.06.2012 16:59 Company: -------------------- Value Name: Adobe Reader Speed Launcher Value Data: "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe 37296 bytes Created: 27.03.2012 14:41 Modified: 27.03.2012 14:41 Company: Adobe Systems Incorporated -------------------- Value Name: Adobe ARM Value Data: "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe -R- 843712 bytes Created: 02.01.2012 11:07 Modified: 02.01.2012 11:07 Company: Adobe Systems Incorporated -------------------- Value Name: ROC_roc_dec12 Value Data: "C:\Programme\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 C:\Programme\AVG Secure Search\ROC_roc_dec12.exe - [file not found to scan] -------------------- Value Name: SunJavaUpdateSched Value Data: "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe 254696 bytes Created: 18.01.2012 14:02 Modified: 18.01.2012 14:02 Company: Sun Microsystems, Inc. -------------------- Value Name: TrojanScanner Value Data: C:\Programme\Trojan Remover\Trjscan.exe /boot C:\Programme\Trojan Remover\Trjscan.exe 1238800 bytes Created: 05.06.2012 10:00 Modified: 23.01.2012 14:12 Company: Simply Super Software -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: CTFMON.EXE Value Data: C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ctfmon.exe 15360 bytes Created: 25.04.2008 11:46 Modified: 14.04.2008 14:00 Company: Microsoft Corporation -------------------- Value Name: ISUSPM Value Data: "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe 205480 bytes Created: 30.08.2007 11:50 Modified: 30.08.2007 11:50 Company: Macrovision Corporation -------------------- Value Name: MSMSGS Value Data: "C:\Programme\Messenger\msmsgs.exe" /background C:\Programme\Messenger\msmsgs.exe 1695232 bytes Created: 25.04.2008 16:57 Modified: 14.04.2008 21:52 Company: Microsoft Corporation -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty ************************************************************ 20:16:43: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ************************************************************ 20:16:43: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************************ 20:16:45: Scanning -----ACTIVE SCREENSAVER----- ScreenSaver: C:\WINDOWS\system32\ssstars.scr C:\WINDOWS\system32\ssstars.scr 14848 bytes Created: 25.04.2008 11:46 Modified: 14.04.2008 14:00 Company: Microsoft Corporation -------------------- ************************************************************ 20:16:46: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- ************************************************************ 20:16:47: Scanning ----- SERVICEDLL REGISTRY KEYS ----- ************************************************************ 20:16:49: Scanning ----- SERVICES REGISTRY KEYS ----- Key: AdobeFlashPlayerUpdateSvc ImagePath: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 257224 bytes Created: 01.04.2012 11:50 Modified: 16.06.2012 14:25 Company: Adobe Systems Incorporated ---------- Key: AegisP ImagePath: system32\DRIVERS\AegisP.sys C:\WINDOWS\system32\DRIVERS\AegisP.sys 21393 bytes Created: 22.10.2008 02:29 Modified: 22.10.2008 02:29 Company: Cisco Systems, Inc. ---------- Key: atapi ImagePath: system32\DRIVERS\atapi.sys C:\WINDOWS\system32\DRIVERS\atapi.sys 96512 bytes Created: 14.04.2008 02:10 Modified: 14.04.2008 14:10 Company: Microsoft Corporation ---------- Key: AVGIDSAgent ImagePath: C:\Programme\AVG\AVG2012\AVGIDSAgent.exe C:\Programme\AVG\AVG2012\AVGIDSAgent.exe 5106744 bytes Created: 30.04.2012 09:44 Modified: 30.04.2012 09:44 Company: AVG Technologies CZ, s.r.o. ---------- Key: AVGIDSDriver ImagePath: system32\DRIVERS\avgidsdriverx.sys C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys 139856 bytes Created: 23.12.2011 13:32 Modified: 23.12.2011 13:32 Company: AVG Technologies CZ, s.r.o. ---------- Key: AVGIDSFilter ImagePath: system32\DRIVERS\avgidsfilterx.sys C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys 24144 bytes Created: 23.12.2011 13:32 Modified: 23.12.2011 13:32 Company: AVG Technologies CZ, s.r.o. ---------- Key: AVGIDSHX ImagePath: system32\DRIVERS\avgidshx.sys C:\WINDOWS\system32\DRIVERS\avgidshx.sys 24896 bytes Created: 19.04.2012 04:50 Modified: 19.04.2012 04:50 Company: AVG Technologies CZ, s.r.o. ---------- Key: AVGIDSShim ImagePath: system32\DRIVERS\avgidsshimx.sys C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys 17232 bytes Created: 23.12.2011 13:32 Modified: 23.12.2011 13:32 Company: AVG Technologies CZ, s.r.o. ---------- Key: Avgldx86 ImagePath: system32\DRIVERS\avgldx86.sys C:\WINDOWS\system32\DRIVERS\avgldx86.sys 235216 bytes Created: 07.10.2011 07:23 Modified: 22.02.2012 05:25 Company: AVG Technologies CZ, s.r.o. ---------- Key: Avgmfx86 ImagePath: system32\DRIVERS\avgmfx86.sys C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 41040 bytes Created: 08.08.2011 07:08 Modified: 23.12.2011 13:32 Company: AVG Technologies CZ, s.r.o. ---------- Key: Avgrkx86 ImagePath: system32\DRIVERS\avgrkx86.sys C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 31952 bytes Created: 13.09.2011 07:30 Modified: 31.01.2012 04:46 Company: AVG Technologies CZ, s.r.o. ---------- Key: Avgtdix ImagePath: system32\DRIVERS\avgtdix.sys C:\WINDOWS\system32\DRIVERS\avgtdix.sys 301248 bytes Created: 11.07.2011 02:14 Modified: 19.03.2012 05:17 Company: AVG Technologies CZ, s.r.o. ---------- Key: avgwd ImagePath: C:\Programme\AVG\AVG2012\avgwdsvc.exe C:\Programme\AVG\AVG2012\avgwdsvc.exe 193288 bytes Created: 14.02.2012 04:53 Modified: 14.02.2012 04:53 Company: AVG Technologies CZ, s.r.o. ---------- Key: CVirtA ImagePath: system32\DRIVERS\CVirtA.sys C:\WINDOWS\system32\DRIVERS\CVirtA.sys 5275 bytes Created: 18.01.2007 17:28 Modified: 18.01.2007 17:28 Company: Cisco Systems, Inc. ---------- Key: DLABMFSM ImagePath: System32\Drivers\DLABMFSM.SYS C:\WINDOWS\System32\Drivers\DLABMFSM.SYS 37360 bytes Created: 22.10.2008 02:34 Modified: 23.07.2007 16:04 Company: Roxio ---------- Key: DLABOIOM ImagePath: System32\Drivers\DLABOIOM.SYS C:\WINDOWS\System32\Drivers\DLABOIOM.SYS 32848 bytes Created: 22.10.2008 02:34 Modified: 23.07.2007 16:04 Company: Roxio ---------- Key: DLADResM ImagePath: System32\Drivers\DLADResM.SYS C:\WINDOWS\System32\Drivers\DLADResM.SYS 9104 bytes Created: 22.10.2008 02:34 Modified: 23.07.2007 16:05 Company: Roxio ---------- Key: DLAIFS_M ImagePath: System32\Drivers\DLAIFS_M.SYS C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS 108752 bytes Created: 22.10.2008 02:34 Modified: 23.07.2007 16:04 Company: Roxio ---------- Key: DLAOPIOM ImagePath: System32\Drivers\DLAOPIOM.SYS C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS 27216 bytes Created: 22.10.2008 02:34 Modified: 23.07.2007 16:04 Company: Roxio ---------- Key: DLAPoolM ImagePath: System32\Drivers\DLAPoolM.SYS C:\WINDOWS\System32\Drivers\DLAPoolM.SYS 16304 bytes Created: 22.10.2008 02:34 Modified: 23.07.2007 16:04 Company: Roxio ---------- Key: DLARTL_M ImagePath: System32\Drivers\DLARTL_M.SYS C:\WINDOWS\System32\Drivers\DLARTL_M.SYS 30064 bytes Created: 22.10.2008 02:34 Modified: 23.07.2007 15:49 Company: Roxio ---------- Key: DLAUDFAM ImagePath: System32\Drivers\DLAUDFAM.SYS C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS 93552 bytes Created: 22.10.2008 02:34 Modified: 23.07.2007 16:04 Company: Roxio ---------- Key: DLAUDF_M ImagePath: System32\Drivers\DLAUDF_M.SYS C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS 98448 bytes Created: 22.10.2008 02:34 Modified: 23.07.2007 16:04 Company: Roxio ---------- Key: DRVNDDM ImagePath: System32\Drivers\DRVNDDM.SYS C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 52000 bytes Created: 22.10.2008 02:34 Modified: 23.07.2007 15:43 Company: Roxio ---------- Key: EvtEng ImagePath: C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe 647168 bytes Created: 25.07.2007 17:41 Modified: 25.07.2007 17:41 Company: Intel Corporation ---------- Key: ialm ImagePath: system32\DRIVERS\igxpmp32.sys C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5776928 bytes Created: 22.10.2008 11:14 Modified: 22.02.2008 02:06 Company: Intel Corporation ---------- Key: iaStor ImagePath: system32\drivers\iaStor.sys C:\WINDOWS\system32\drivers\iaStor.sys 305176 bytes Created: 22.10.2008 11:14 Modified: 17.03.2008 23:59 Company: Intel Corporation ---------- Key: Lavasoft Ad-Aware Service ImagePath: C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe 2152720 bytes Created: 28.10.2011 20:35 Modified: 07.06.2012 13:30 Company: Lavasoft Limited ---------- Key: Lavasoft Kernexplorer ImagePath: \??\C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys 15232 bytes Created: 28.10.2011 20:35 Modified: 28.10.2011 20:35 Company: [no info] ---------- Key: MozillaMaintenance ImagePath: C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 129976 bytes Created: 04.05.2012 23:23 Modified: 04.05.2012 23:23 Company: Mozilla Foundation ---------- Key: NETw4x32 ImagePath: system32\DRIVERS\NETw4x32.sys C:\WINDOWS\system32\DRIVERS\NETw4x32.sys 2211456 bytes Created: 22.10.2008 11:13 Modified: 13.08.2007 03:05 Company: Intel Corporation ---------- Key: NETw5x32 ImagePath: system32\DRIVERS\NETw5x32.sys C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 4221952 bytes Created: 17.12.2009 21:12 Modified: 26.10.2009 06:47 Company: Intel Corporation ---------- Key: npggsvc ImagePath: C:\WINDOWS\system32\GameMon.des -service C:\WINDOWS\system32\GameMon.des 2784285 bytes Created: 30.04.2009 22:36 Modified: 06.04.2009 05:07 Company: INCA Internet Co., Ltd. ---------- Key: O2FLASH ImagePath: %SystemRoot%\system32\DRIVERS\o2flash.exe C:\WINDOWS\system32\DRIVERS\o2flash.exe 71512 bytes Created: 22.10.2008 11:13 Modified: 27.08.2008 02:39 Company: O2Micro International ---------- Key: O2MDRDR ImagePath: system32\DRIVERS\o2media.sys C:\WINDOWS\system32\DRIVERS\o2media.sys 51288 bytes Created: 22.10.2008 11:13 Modified: 27.08.2008 02:39 Company: O2Micro ---------- Key: O2SDRDR ImagePath: system32\DRIVERS\o2sd.sys C:\WINDOWS\system32\DRIVERS\o2sd.sys 43608 bytes Created: 22.10.2008 11:13 Modified: 27.08.2008 02:39 Company: O2Micro ---------- Key: OEM13Afx ImagePath: \??\C:\WINDOWS\system32\Drivers\OEM13Afx.sys C:\WINDOWS\system32\Drivers\OEM13Afx.sys 141376 bytes Created: 22.10.2008 11:14 Modified: 16.07.2008 23:32 Company: Creative Technology Ltd. ---------- Key: OEM13Vfx ImagePath: system32\DRIVERS\OEM13Vfx.sys C:\WINDOWS\system32\DRIVERS\OEM13Vfx.sys 7424 bytes Created: 22.10.2008 11:14 Modified: 16.07.2008 23:32 Company: EyePower Games Pte. Ltd. ---------- Key: OEM13Vid ImagePath: system32\DRIVERS\OEM13Vid.sys C:\WINDOWS\system32\DRIVERS\OEM13Vid.sys 235840 bytes Created: 22.10.2008 11:14 Modified: 16.07.2008 23:32 Company: Creative Technology Ltd. ---------- Key: ose ImagePath: "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 149352 bytes Created: 09.01.2010 22:18 Modified: 09.01.2010 22:18 Company: Microsoft Corporation ---------- Key: osppsvc ImagePath: "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 4640000 bytes Created: 09.01.2010 22:37 Modified: 09.01.2010 22:37 Company: Microsoft Corporation ---------- Key: RegSrvc ImagePath: C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe 327680 bytes Created: 25.07.2007 17:22 Modified: 25.07.2007 17:22 Company: Intel Corporation ---------- Key: S24EventMonitor ImagePath: C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe 987136 bytes Created: 25.07.2007 17:29 Modified: 25.07.2007 17:29 Company: Intel Corporation ---------- Key: sprtsvc_dellsupportcenter ImagePath: C:\Programme\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter C:\Programme\Dell Support Center\bin\sprtsvc.exe 201968 bytes Created: 14.08.2008 01:04 Modified: 14.08.2008 01:04 Company: SupportSoft, Inc. ---------- Key: stllssvr ImagePath: "C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe" C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe -R- 69632 bytes Created: 11.07.2007 09:33 Modified: 11.07.2007 09:33 Company: MicroVision Development, Inc. ---------- Key: SwPrv ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{CD5BB325-1698-4C3A-8782-0923E72A4E6B} C:\WINDOWS\system32\dllhost.exe 5120 bytes Created: 25.04.2008 11:45 Modified: 14.04.2008 14:00 Company: Microsoft Corporation ---------- Key: tosporte ImagePath: system32\DRIVERS\tosporte.sys C:\WINDOWS\system32\DRIVERS\tosporte.sys 41600 bytes Created: 22.10.2008 02:29 Modified: 26.04.2007 23:29 Company: TOSHIBA Corporation ---------- Key: tosrfbd ImagePath: system32\DRIVERS\tosrfbd.sys C:\WINDOWS\system32\DRIVERS\tosrfbd.sys 113920 bytes Created: 22.10.2008 02:29 Modified: 26.04.2007 23:29 Company: TOSHIBA CORPORATION ---------- Key: tosrfbnp ImagePath: System32\Drivers\tosrfbnp.sys C:\WINDOWS\System32\Drivers\tosrfbnp.sys 36480 bytes Created: 22.10.2008 02:29 Modified: 26.04.2007 23:29 Company: TOSHIBA Corporation ---------- Key: Tosrfcom ImagePath: System32\Drivers\tosrfcom.sys C:\WINDOWS\System32\Drivers\tosrfcom.sys 64896 bytes Created: 22.10.2008 02:29 Modified: 26.04.2007 23:29 Company: TOSHIBA Corporation ---------- Key: Tosrfhid ImagePath: system32\DRIVERS\Tosrfhid.sys C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys 73600 bytes Created: 22.10.2008 02:29 Modified: 26.04.2007 23:29 Company: TOSHIBA Corporation. ---------- Key: tosrfnds ImagePath: system32\DRIVERS\tosrfnds.sys C:\WINDOWS\system32\DRIVERS\tosrfnds.sys 18612 bytes Created: 22.10.2008 02:29 Modified: 26.04.2007 23:29 Company: TOSHIBA Corporation. ---------- Key: Tosrfusb ImagePath: system32\DRIVERS\tosrfusb.sys C:\WINDOWS\system32\DRIVERS\tosrfusb.sys 41856 bytes Created: 22.10.2008 02:29 Modified: 26.04.2007 23:29 Company: TOSHIBA CORPORATION ---------- Key: usbvideo ImagePath: System32\Drivers\usbvideo.sys C:\WINDOWS\System32\Drivers\usbvideo.sys 121984 bytes Created: 22.10.2008 15:18 Modified: 14.04.2008 14:16 Company: Microsoft Corporation ---------- Key: usnjsvc ImagePath: "C:\Programme\Windows Live\Messenger\usnsvc.exe" C:\Programme\Windows Live\Messenger\usnsvc.exe 98328 bytes Created: 18.10.2007 12:31 Modified: 18.10.2007 12:31 Company: Microsoft Corporation ---------- Key: vsdatant ImagePath: \??\C:\WINDOWS\system32\vsdatant.sys C:\WINDOWS\system32\vsdatant.sys - [file not found to scan] ---------- Key: vToolbarUpdater11.1.0 ImagePath: C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe 935480 bytes Created: 13.06.2012 16:59 Modified: 13.06.2012 16:59 Company: ---------- Key: WLANKEEPER ImagePath: C:\Programme\Intel\Wireless\Bin\WLKeeper.exe C:\Programme\Intel\Wireless\Bin\WLKeeper.exe 294912 bytes Created: 25.07.2007 17:32 Modified: 25.07.2007 17:32 Company: Intel(R) Corporation ---------- Key: WLSetupSvc ImagePath: "C:\Programme\Windows Live\installer\WLSetupSvc.exe" C:\Programme\Windows Live\installer\WLSetupSvc.exe 266240 bytes Created: 25.10.2007 16:27 Modified: 25.10.2007 16:27 Company: Microsoft Corporation ---------- Key: WpdUsb ImagePath: System32\Drivers\wpdusb.sys C:\WINDOWS\System32\Drivers\wpdusb.sys 18944 bytes Created: 28.01.2005 14:44 Modified: 28.01.2005 02:36 Company: Microsoft Corporation ---------- ************************************************************ 20:17:32: Scanning -----VXD ENTRIES----- Checking the following VxD entries: ************************************************************ 20:17:32: Scanning ----- WINLOGON\NOTIFY DLLS ----- ************************************************************ 20:17:32: Scanning ----- CONTEXTMENUHANDLERS ----- Key: AVG Shell Extension CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Path: C:\Programme\AVG\AVG2012\avgse.dll C:\Programme\AVG\AVG2012\avgse.dll 158560 bytes Created: 14.02.2012 04:53 Modified: 14.02.2012 04:53 Company: AVG Technologies CZ, s.r.o. ---------- Key: LavasoftShellExt CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} Path: C:\Programme\Lavasoft\Ad-Aware\ShellExt.dll C:\Programme\Lavasoft\Ad-Aware\ShellExt.dll 493344 bytes Created: 28.10.2011 20:35 Modified: 07.06.2012 13:30 Company: Lavasoft Limited ---------- Key: Notepad++ CLSID: {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} File: [CLSID does not appear to reference a file] ---------- ************************************************************ 20:17:34: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} File: C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll 420864 bytes Created: 17.01.2011 17:19 Modified: 17.01.2011 17:19 Company: OpenOffice.org ---------- Key: {F9DB5320-233E-11D1-9F84-707F02C10627} File: C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll 378264 bytes Created: 26.03.2012 17:52 Modified: 26.03.2012 17:52 Company: Adobe Systems, Inc. ---------- ************************************************************ 20:17:34: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} BHO: C:\Programme\AVG\AVG2012\avgdtiex.dll C:\Programme\AVG\AVG2012\avgdtiex.dll 936528 bytes Created: 20.04.2012 19:56 Modified: 20.04.2012 19:56 Company: AVG Technologies CZ, s.r.o. ---------- Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} BHO: C:\Programme\AVG\AVG2012\avgssie.dll C:\Programme\AVG\AVG2012\avgssie.dll 1390672 bytes Created: 13.04.2012 17:40 Modified: 13.04.2012 17:40 Company: AVG Technologies CZ, s.r.o. ---------- Key: {95B7759C-8C7F-4BF1-B163-73684A933233} BHO: C:\Programme\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll C:\Programme\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll 2068536 bytes Created: 13.06.2012 16:59 Modified: 13.06.2012 16:59 Company: ---------- Key: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} BHO: C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll 3834016 bytes Created: 10.10.2011 12:09 Modified: 10.10.2011 12:09 Company: Skype Technologies S.A. ---------- Key: {B4F3A835-0E21-4959-BA22-42B3008E02FF} BHO: C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL 561552 bytes Created: 21.12.2010 02:05 Modified: 21.12.2010 02:05 Company: Microsoft Corporation ---------- ************************************************************ 20:17:36: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************************ 20:17:36: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- ************************************************************ 20:17:37: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************************ 20:17:37: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank or does not exist ************************************************************ 20:17:38: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************************ 20:17:38: Scanning ------ COMMON STARTUP GROUP ------ [C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart] The Common Startup Group attempts to load the following file(s) at boot time: Bluetooth Manager.lnk - links to C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe 2150400 bytes Created: 11.01.2007 21:43 Modified: 11.01.2007 21:43 Company: TOSHIBA CORPORATION. -------------------- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -HS- 84 bytes Created: 25.04.2008 03:52 Modified: 25.04.2008 17:00 Company: [no info] -------------------- ************************************************************ No User Startup Groups were located to check ************************************************************ 20:17:38: Scanning ----- SCHEDULED TASKS ----- Taskname: Ad-Aware Update (Weekly) File: C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe 1744312 bytes Created: 28.10.2011 20:35 Modified: 07.06.2012 13:30 Company: Lavasoft Limited Parameters: update all silent repair Schedule: Um 13:18 wöchentlich jeden Mo, Do, ab dem 12.03.2012 Next Run Time: 18.06.2012 13:18:00 Status: Has not run Creator: SYSTEM Comments: This will perform a scheduled update with Ad-Aware ---------- Taskname: Adobe Flash Player Updater File: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 257224 bytes Created: 01.04.2012 11:50 Modified: 16.06.2012 14:25 Company: Adobe Systems Incorporated Schedule: Alle 1 Stunde(n) ab 00:26. Dauer: 24 Stunde(n) täglich, ab dem 01.01.2000 Next Run Time: 16.06.2012 20:26:00 Status: Ready Creator: Adobe Systems Incorporated Comments: Mit diesem Task ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes. Wenn dieser Task deaktiviert oder entfernt wird, kann Adobe Flash Player Ihren Computer nicht automatisch mit den neuesten Sicherheits-Fixes sichern. ---------- ************************************************************ 20:17:40: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- ************************************************************ 20:17:40: Scanning ----- DEVICE DRIVER ENTRIES ----- Value: msacm.voxacm160 File: vct3216.acm C:\WINDOWS\system32\vct3216.acm 82944 bytes Created: 26.10.2008 17:32 Modified: 22.05.2003 01:50 Company: Voxware, Inc. ---------- Value: msacm.alf2cd File: alf2cd.acm C:\WINDOWS\system32\alf2cd.acm 38912 bytes Created: 26.10.2008 17:32 Modified: 22.05.2003 01:50 Company: NCT Company ---------- Value: msacm.ac3acm File: AC3ACM.acm C:\WINDOWS\system32\AC3ACM.acm 81920 bytes Created: 26.10.2008 17:32 Modified: 04.02.2004 23:11 Company: fccHandler ---------- Value: vidc.dvsd File: mcdvd_32.dll C:\WINDOWS\system32\mcdvd_32.dll 261632 bytes Created: 26.10.2008 17:32 Modified: 27.09.2007 16:22 Company: MainConcept ---------- Value: vidc.VP60 File: C:\WINDOWS\system32\vp6vfw.dll C:\WINDOWS\system32\vp6vfw.dll -R- 442368 bytes Created: 14.12.2010 21:30 Modified: 26.02.2005 07:34 Company: On2.com ---------- Value: vidc.VP61 File: C:\WINDOWS\system32\vp6vfw.dll C:\WINDOWS\system32\vp6vfw.dll - file already scanned ---------- ************************************************************ 20:17:44: ----- ADDITIONAL CHECKS ----- PE386 rootkit checks completed ---------- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper entry is blank ---------- Web Desktop Wallpaper entry is blank ---------- DNS Server information: Interface: NameServers: 192.168.1.10 192.168.1.130 Checks for rogue DNS NameServers completed ---------- Additional checks completed ************************************************************ 20:17:46: Scanning ----- RUNNING PROCESSES ----- C:\WINDOWS\System32\smss.exe 50688 bytes Created: 25.04.2008 11:45 Modified: 14.04.2008 14:00 Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\csrss.exe 6144 bytes Created: 25.04.2008 11:45 Modified: 14.04.2008 14:00 Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\winlogon.exe 513024 bytes Created: 25.04.2008 11:46 Modified: 14.04.2008 14:00 Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\services.exe 111104 bytes Created: 25.04.2008 11:45 Modified: 09.02.2009 13:21 Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\lsass.exe 13312 bytes Created: 25.04.2008 11:45 Modified: 14.04.2008 14:00 Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\svchost.exe 14336 bytes Created: 25.04.2008 11:46 Modified: 14.04.2008 14:00 Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\spoolsv.exe 58880 bytes Created: 25.04.2008 11:45 Modified: 17.08.2010 15:17 Company: Microsoft Corporation -------------------- C:\Programme\Java\jre6\bin\jqs.exe 153376 bytes Created: 04.06.2012 09:07 Modified: 04.06.2012 09:07 Company: Sun Microsystems, Inc. -------------------- C:\Programme\Dell Support Center\bin\sprtsvc.exe 201968 bytes Created: 14.08.2008 01:04 Modified: 14.08.2008 01:04 Company: SupportSoft, Inc. -------------------- C:\Programme\AVG\AVG2012\avgnsx.exe 1254992 bytes Created: 19.04.2012 04:51 Modified: 19.04.2012 04:51 Company: AVG Technologies CZ, s.r.o. -------------------- C:\Programme\AVG\AVG2012\avgemcx.exe 979840 bytes Created: 19.03.2012 05:18 Modified: 19.03.2012 05:18 Company: AVG Technologies CZ, s.r.o. -------------------- C:\WINDOWS\system32\wdfmgr.exe 38912 bytes Created: 28.01.2005 14:44 Modified: 28.01.2005 02:36 Company: Microsoft Corporation -------------------- C:\Programme\AVG\AVG2012\avgrsx.exe 758112 bytes Created: 14.02.2012 04:53 Modified: 14.02.2012 04:53 Company: AVG Technologies CZ, s.r.o. -------------------- C:\Programme\AVG\AVG2012\avgcsrvx.exe 338784 bytes Created: 14.02.2012 04:52 Modified: 14.02.2012 04:52 Company: AVG Technologies CZ, s.r.o. -------------------- C:\Programme\DellTPad\ApMsgFwd.exe 50736 bytes Created: 22.10.2008 11:14 Modified: 21.02.2008 23:24 Company: Alps Electric Co., Ltd. -------------------- C:\Programme\DellTPad\HidFind.exe 40960 bytes Created: 22.10.2008 11:14 Modified: 21.02.2008 23:25 Company: Alps Electric Co., Ltd. -------------------- C:\Programme\DellTPad\Apntex.exe 49152 bytes Created: 22.10.2008 11:14 Modified: 21.02.2008 23:24 Company: Alps Electric Co., Ltd. -------------------- C:\WINDOWS\system32\wbem\unsecapp.exe 16896 bytes Created: 25.04.2008 16:57 Modified: 14.04.2008 14:00 Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\wbem\wmiprvse.exe 227840 bytes Created: 25.04.2008 16:56 Modified: 06.02.2009 12:10 Company: Microsoft Corporation -------------------- C:\WINDOWS\system32\wbem\wmiapsrv.exe 126464 bytes Created: 25.04.2008 16:56 Modified: 14.04.2008 14:00 Company: Microsoft Corporation -------------------- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe 2150400 bytes Created: 11.01.2007 21:43 Modified: 11.01.2007 21:43 Company: TOSHIBA CORPORATION. -------------------- C:\Programme\OpenOffice.org 3\program\soffice.exe 11322880 bytes Created: 17.01.2011 19:50 Modified: 17.01.2011 19:50 Company: OpenOffice.org -------------------- C:\Programme\OpenOffice.org 3\program\soffice.bin 11314688 bytes Created: 17.01.2011 19:50 Modified: 17.01.2011 19:50 Company: OpenOffice.org -------------------- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe 1187072 bytes Created: 28.10.2011 20:35 Modified: 07.06.2012 13:30 Company: Lavasoft Limited -------------------- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe 278528 bytes Created: 18.12.2006 16:22 Modified: 18.12.2006 16:22 Company: TOSHIBA CORPORATION. -------------------- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe 69632 bytes Created: 24.01.2006 00:14 Modified: 24.01.2006 00:14 Company: TOSHIBA CORPORATION. -------------------- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe 270336 bytes Created: 27.10.2006 21:13 Modified: 27.10.2006 21:13 Company: TOSHIBA CORPORATION. -------------------- C:\Programme\Mozilla Firefox\firefox.exe 924600 bytes Created: 07.01.2012 13:17 Modified: 04.05.2012 23:23 Company: Mozilla Corporation -------------------- C:\Programme\Mozilla Firefox\plugin-container.exe 16824 bytes Created: 07.01.2012 13:17 Modified: 04.05.2012 23:23 Company: Mozilla Corporation -------------------- C:\Programme\AVG\AVG2012\avgui.exe 4361296 bytes Created: 13.04.2012 17:40 Modified: 13.04.2012 17:40 Company: AVG Technologies CZ, s.r.o. -------------------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Simply Super Software\Trojan Remover\due82.exe FileSize: 4746488 [This is a Trojan Remover component] -------------------- -------------------- ************************************************************ 20:17:57: Checking HOSTS file No HOSTS file found to check ************************************************************ ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": Dell Offizielle Seite | Dell Deutschland HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": Dell Offizielle Seite | Dell Deutschland HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch": hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant": Dell-Suchseite HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": Personalisierte Startseite HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\WINDOWS\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": Dell-Suchseite HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": Personalisierte Startseite ************************************************************ === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 20:17:57 16 Jun 2012 Total Scan time: 00:01:23 ************************************************************ ***** THE SYSTEM HAS BEEN RESTARTED ***** 05.06.2012 10:24:33: Trojan Remover has been restarted ======================================================= Removing the following registry keys: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DLACDBHM.SYS - already removed (or did not exist) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DLACDBHM.SYS - already removed (or did not exist) ======================================================= ======================================================= Deleting the following registry value(s): HKLM\SYSTEM\CurrentControlSet\Services\DLACDBHM\[ImagePath] - already deleted ======================================================= 05.06.2012 10:24:33: Trojan Remover closed ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.8.3.2601. For information, email support@simplysup.com [Unregistered version] Scan started at: 10:01:33 05 Jun 2012 Using Database v7899 Operating System: Windows XP Professional (SP3) [Build: 5.1.2600] File System: NTFS UserData directory: C:\Dokumente und Einstellungen\***\Anwendungsdaten\Simply Super Software\Trojan Remover\ Database directory: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Dokumente und Einstellungen\***\Eigene Dateien\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Programme\Trojan Remover\ Running with Administrator privileges ************************************************************ 10:01:33: ----- CHECKING DEFAULT FILE ASSOCIATIONS ----- StartMenuInternet\IEXPLORE.EXE entry: ["C:\Programme\Internet Explorer\iexplore.exe"] This entry loads the following file: C:\Programme\Internet Explorer\iexplore.exe 638816 bytes Created: 25.04.2008 16:58 Modified: 08.03.2009 15:09 Company: Microsoft Corporation C:\Programme\Internet Explorer\iexplore.exe - process is either not running or could not be terminated C:\Programme\Internet Explorer\iexplore.exe - file renamed to: C:\Programme\Internet Explorer\iexplore.exe.vir The SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command registry entry has been reset to its default ************************************************************ 10:02:09: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 10:02:10: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [Explorer.exe] File: Explorer.exe C:\WINDOWS\Explorer.exe 1036800 bytes Created: 25.04.2008 11:45 Modified: 14.04.2008 14:00 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\WINDOWS\system32\userinit.exe] File: C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\userinit.exe 26624 bytes Created: 25.04.2008 11:46 Modified: 14.04.2008 14:00 Company: Microsoft Corporation ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value calls the following program: Key value: [logonui.exe] File: logonui.exe C:\WINDOWS\system32\logonui.exe 515072 bytes Created: 25.04.2008 11:45 Modified: 14.04.2008 14:00 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: Apoint Value Data: C:\Programme\DellTPad\Apoint.exe C:\Programme\DellTPad\Apoint.exe 159744 bytes Created: 22.10.2008 11:14 Modified: 21.02.2008 23:24 Company: Alps Electric Co., Ltd. -------------------- Value Name: DELL Webcam Manager Value Data: "C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe" /s C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe 118784 bytes Created: 22.10.2008 02:31 Modified: 27.07.2007 17:43 Company: Creative Technology Ltd. -------------------- Value Name: dellsupportcenter Value Data: "C:\Programme\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter C:\Programme\Dell Support Center\bin\sprtcmd.exe 206064 bytes Created: 21.05.2009 11:13 Modified: 21.05.2009 11:13 Company: SupportSoft, Inc. -------------------- Value Name: AVG_TRAY Value Data: "C:\Programme\AVG\AVG2012\avgtray.exe" C:\Programme\AVG\AVG2012\avgtray.exe 2416480 bytes Created: 24.01.2012 18:24 Modified: 24.01.2012 18:24 Company: AVG Technologies CZ, s.r.o. -------------------- Value Name: vProt Value Data: "C:\Programme\AVG Secure Search\vprot.exe" C:\Programme\AVG Secure Search\vprot.exe 982880 bytes Created: 07.01.2012 15:51 Modified: 31.03.2012 18:17 Company: -------------------- Value Name: Adobe Reader Speed Launcher Value Data: "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe 37296 bytes Created: 27.03.2012 14:41 Modified: 27.03.2012 14:41 Company: Adobe Systems Incorporated -------------------- Value Name: Adobe ARM Value Data: "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe -R- 843712 bytes Created: 02.01.2012 11:07 Modified: 02.01.2012 11:07 Company: Adobe Systems Incorporated -------------------- Value Name: ROC_roc_dec12 Value Data: "C:\Programme\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 C:\Programme\AVG Secure Search\ROC_roc_dec12.exe 928096 bytes Created: 19.01.2012 17:27 Modified: 19.01.2012 17:27 Company: -------------------- Value Name: SunJavaUpdateSched Value Data: "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe 254696 bytes Created: 18.01.2012 14:02 Modified: 18.01.2012 14:02 Company: Sun Microsystems, Inc. -------------------- Value Name: TrojanScanner Value Data: C:\Programme\Trojan Remover\Trjscan.exe /boot C:\Programme\Trojan Remover\Trjscan.exe 1238800 bytes Created: 05.06.2012 10:00 Modified: 23.01.2012 14:12 Company: Simply Super Software -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: CTFMON.EXE Value Data: C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ctfmon.exe 15360 bytes Created: 25.04.2008 11:46 Modified: 14.04.2008 14:00 Company: Microsoft Corporation -------------------- Value Name: ISUSPM Value Data: "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe 205480 bytes Created: 30.08.2007 11:50 Modified: 30.08.2007 11:50 Company: Macrovision Corporation -------------------- Value Name: MSMSGS Value Data: "C:\Programme\Messenger\msmsgs.exe" /background C:\Programme\Messenger\msmsgs.exe 1695232 bytes Created: 25.04.2008 16:57 Modified: 14.04.2008 21:52 Company: Microsoft Corporation -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty ************************************************************ 10:02:16: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ************************************************************ 10:02:16: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************************ 10:02:17: Scanning -----ACTIVE SCREENSAVER----- ScreenSaver: C:\WINDOWS\system32\ssstars.scr C:\WINDOWS\system32\ssstars.scr 14848 bytes Created: 25.04.2008 11:46 Modified: 14.04.2008 14:00 Company: Microsoft Corporation -------------------- ************************************************************ 10:02:17: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- ************************************************************ 10:02:18: Scanning ----- SERVICEDLL REGISTRY KEYS ----- ************************************************************ 10:02:20: Scanning ----- SERVICES REGISTRY KEYS ----- Key: AdobeFlashPlayerUpdateSvc ImagePath: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 257696 bytes Created: 01.04.2012 11:50 Modified: 05.05.2012 11:35 Company: Adobe Systems Incorporated ---------- Key: AegisP ImagePath: system32\DRIVERS\AegisP.sys C:\WINDOWS\system32\DRIVERS\AegisP.sys 21393 bytes Created: 22.10.2008 02:29 Modified: 22.10.2008 02:29 Company: Cisco Systems, Inc. ---------- Key: atapi ImagePath: system32\DRIVERS\atapi.sys C:\WINDOWS\system32\DRIVERS\atapi.sys 96512 bytes Created: 14.04.2008 02:10 Modified: 14.04.2008 14:10 Company: Microsoft Corporation ---------- Key: AVGIDSAgent ImagePath: C:\Programme\AVG\AVG2012\AVGIDSAgent.exe C:\Programme\AVG\AVG2012\AVGIDSAgent.exe 4433248 bytes Created: 12.10.2011 07:25 Modified: 12.10.2011 07:25 Company: AVG Technologies CZ, s.r.o. ---------- Key: AVGIDSDriver ImagePath: system32\DRIVERS\AVGIDSDriver.Sys C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 134608 bytes Created: 11.07.2011 02:14 Modified: 11.07.2011 02:14 Company: AVG Technologies CZ, s.r.o. ---------- Key: AVGIDSEH ImagePath: system32\DRIVERS\AVGIDSEH.Sys C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 23120 bytes Created: 11.07.2011 02:14 Modified: 11.07.2011 02:14 Company: AVG Technologies CZ, s.r.o. ---------- Key: AVGIDSFilter ImagePath: system32\DRIVERS\AVGIDSFilter.Sys C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 24272 bytes Created: 11.07.2011 02:14 Modified: 11.07.2011 02:14 Company: AVG Technologies CZ, s.r.o. ---------- Key: AVGIDSShim ImagePath: system32\DRIVERS\AVGIDSShim.Sys C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 16720 bytes Created: 04.10.2011 07:21 Modified: 04.10.2011 07:21 Company: AVG Technologies CZ, s.r.o. ---------- Key: Avgldx86 ImagePath: system32\DRIVERS\avgldx86.sys C:\WINDOWS\system32\DRIVERS\avgldx86.sys 230608 bytes Created: 07.10.2011 07:23 Modified: 07.10.2011 07:23 Company: AVG Technologies CZ, s.r.o. ---------- Key: Avgmfx86 ImagePath: system32\DRIVERS\avgmfx86.sys C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 40016 bytes Created: 08.08.2011 07:08 Modified: 08.08.2011 07:08 Company: AVG Technologies CZ, s.r.o. ---------- Key: Avgrkx86 ImagePath: system32\DRIVERS\avgrkx86.sys C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 32592 bytes Created: 13.09.2011 07:30 Modified: 13.09.2011 07:30 Company: AVG Technologies CZ, s.r.o. ---------- Key: Avgtdix ImagePath: system32\DRIVERS\avgtdix.sys C:\WINDOWS\system32\DRIVERS\avgtdix.sys 295248 bytes Created: 11.07.2011 02:14 Modified: 11.07.2011 02:14 Company: AVG Technologies CZ, s.r.o. ---------- Key: avgwd ImagePath: C:\Programme\AVG\AVG2012\avgwdsvc.exe C:\Programme\AVG\AVG2012\avgwdsvc.exe 192776 bytes Created: 02.08.2011 07:09 Modified: 02.08.2011 07:09 Company: AVG Technologies CZ, s.r.o. ---------- Key: CVirtA ImagePath: system32\DRIVERS\CVirtA.sys C:\WINDOWS\system32\DRIVERS\CVirtA.sys 5275 bytes Created: 18.01.2007 17:28 Modified: 18.01.2007 17:28 Company: Cisco Systems, Inc. ---------- Key: DLABMFSM ImagePath: System32\Drivers\DLABMFSM.SYS C:\WINDOWS\System32\Drivers\DLABMFSM.SYS 37360 bytes Created: 22.10.2008 02:34 Modified: 23.07.2007 16:04 Company: Roxio ---------- Key: DLABOIOM ImagePath: System32\Drivers\DLABOIOM.SYS C:\WINDOWS\System32\Drivers\DLABOIOM.SYS 32848 bytes Created: 22.10.2008 02:34 Modified: 23.07.2007 16:04 Company: Roxio ---------- Key: DLACDBHM ImagePath: System32\Drivers\DLACDBHM.SYS C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 14576 bytes Created: 22.10.2008 02:34 Modified: 23.07.2007 15:49 Company: Roxio C:\WINDOWS\System32\Drivers\DLACDBHM.SYS appears to contain: TROJAN.TDSS C:\WINDOWS\System32\Drivers\DLACDBHM.SYS - this registry value has been removed C:\WINDOWS\System32\Drivers\DLACDBHM.SYS - file renamed to: C:\WINDOWS\System32\Drivers\DLACDBHM.SYS.vir ---------- Key: DLADResM ImagePath: System32\Drivers\DLADResM.SYS C:\WINDOWS\System32\Drivers\DLADResM.SYS 9104 bytes Created: 22.10.2008 02:34 Modified: 23.07.2007 16:05 Company: Roxio ---------- Key: DLAIFS_M ImagePath: System32\Drivers\DLAIFS_M.SYS C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS 108752 bytes Created: 22.10.2008 02:34 Modified: 23.07.2007 16:04 Company: Roxio ---------- Key: DLAOPIOM ImagePath: System32\Drivers\DLAOPIOM.SYS C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS 27216 bytes Created: 22.10.2008 02:34 Modified: 23.07.2007 16:04 Company: Roxio ---------- Key: DLAPoolM ImagePath: System32\Drivers\DLAPoolM.SYS C:\WINDOWS\System32\Drivers\DLAPoolM.SYS 16304 bytes Created: 22.10.2008 02:34 Modified: 23.07.2007 16:04 Company: Roxio ---------- Key: DLARTL_M ImagePath: System32\Drivers\DLARTL_M.SYS C:\WINDOWS\System32\Drivers\DLARTL_M.SYS 30064 bytes Created: 22.10.2008 02:34 Modified: 23.07.2007 15:49 Company: Roxio ---------- Key: DLAUDFAM ImagePath: System32\Drivers\DLAUDFAM.SYS C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS 93552 bytes Created: 22.10.2008 02:34 Modified: 23.07.2007 16:04 Company: Roxio ---------- Key: DLAUDF_M ImagePath: System32\Drivers\DLAUDF_M.SYS C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS 98448 bytes Created: 22.10.2008 02:34 Modified: 23.07.2007 16:04 Company: Roxio ---------- Key: DRVNDDM ImagePath: System32\Drivers\DRVNDDM.SYS C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 52000 bytes Created: 22.10.2008 02:34 Modified: 23.07.2007 15:43 Company: Roxio ---------- Key: EvtEng ImagePath: C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe 647168 bytes Created: 25.07.2007 17:41 Modified: 25.07.2007 17:41 Company: Intel Corporation ---------- Key: ialm ImagePath: system32\DRIVERS\igxpmp32.sys C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5776928 bytes Created: 22.10.2008 11:14 Modified: 22.02.2008 02:06 Company: Intel Corporation ---------- Key: iaStor ImagePath: system32\drivers\iaStor.sys C:\WINDOWS\system32\drivers\iaStor.sys 305176 bytes Created: 22.10.2008 11:14 Modified: 17.03.2008 23:59 Company: Intel Corporation ---------- Key: Lavasoft Ad-Aware Service ImagePath: C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe 2152688 bytes Created: 28.10.2011 20:35 Modified: 14.05.2012 18:12 Company: Lavasoft Limited ---------- Key: Lavasoft Kernexplorer ImagePath: \??\C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys 15232 bytes Created: 28.10.2011 20:35 Modified: 28.10.2011 20:35 Company: [no info] ---------- Key: MozillaMaintenance ImagePath: C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 129976 bytes Created: 04.05.2012 23:23 Modified: 04.05.2012 23:23 Company: Mozilla Foundation ---------- Key: NETw4x32 ImagePath: system32\DRIVERS\NETw4x32.sys C:\WINDOWS\system32\DRIVERS\NETw4x32.sys 2211456 bytes Created: 22.10.2008 11:13 Modified: 13.08.2007 03:05 Company: Intel Corporation ---------- Key: NETw5x32 ImagePath: system32\DRIVERS\NETw5x32.sys C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 4221952 bytes Created: 17.12.2009 21:12 Modified: 26.10.2009 06:47 Company: Intel Corporation ---------- Key: npggsvc ImagePath: C:\WINDOWS\system32\GameMon.des -service C:\WINDOWS\system32\GameMon.des 2784285 bytes Created: 30.04.2009 22:36 Modified: 06.04.2009 05:07 Company: INCA Internet Co., Ltd. ---------- Key: O2FLASH ImagePath: %SystemRoot%\system32\DRIVERS\o2flash.exe C:\WINDOWS\system32\DRIVERS\o2flash.exe 71512 bytes Created: 22.10.2008 11:13 Modified: 27.08.2008 02:39 Company: O2Micro International ---------- Key: O2MDRDR ImagePath: system32\DRIVERS\o2media.sys C:\WINDOWS\system32\DRIVERS\o2media.sys 51288 bytes Created: 22.10.2008 11:13 Modified: 27.08.2008 02:39 Company: O2Micro ---------- Key: O2SDRDR ImagePath: system32\DRIVERS\o2sd.sys C:\WINDOWS\system32\DRIVERS\o2sd.sys 43608 bytes Created: 22.10.2008 11:13 Modified: 27.08.2008 02:39 Company: O2Micro ---------- Key: OEM13Afx ImagePath: \??\C:\WINDOWS\system32\Drivers\OEM13Afx.sys C:\WINDOWS\system32\Drivers\OEM13Afx.sys 141376 bytes Created: 22.10.2008 11:14 Modified: 16.07.2008 23:32 Company: Creative Technology Ltd. ---------- Key: OEM13Vfx ImagePath: system32\DRIVERS\OEM13Vfx.sys C:\WINDOWS\system32\DRIVERS\OEM13Vfx.sys 7424 bytes Created: 22.10.2008 11:14 Modified: 16.07.2008 23:32 Company: EyePower Games Pte. Ltd. ---------- Key: OEM13Vid ImagePath: system32\DRIVERS\OEM13Vid.sys C:\WINDOWS\system32\DRIVERS\OEM13Vid.sys 235840 bytes Created: 22.10.2008 11:14 Modified: 16.07.2008 23:32 Company: Creative Technology Ltd. ---------- Key: ose ImagePath: "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 149352 bytes Created: 09.01.2010 22:18 Modified: 09.01.2010 22:18 Company: Microsoft Corporation ---------- Key: osppsvc ImagePath: "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 4640000 bytes Created: 09.01.2010 22:37 Modified: 09.01.2010 22:37 Company: Microsoft Corporation ---------- Key: RegSrvc ImagePath: C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe 327680 bytes Created: 25.07.2007 17:22 Modified: 25.07.2007 17:22 Company: Intel Corporation ---------- Key: S24EventMonitor ImagePath: C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe 987136 bytes Created: 25.07.2007 17:29 Modified: 25.07.2007 17:29 Company: Intel Corporation ---------- Key: sprtsvc_dellsupportcenter ImagePath: C:\Programme\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter C:\Programme\Dell Support Center\bin\sprtsvc.exe 201968 bytes Created: 14.08.2008 01:04 Modified: 14.08.2008 01:04 Company: SupportSoft, Inc. ---------- Key: stllssvr ImagePath: "C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe" C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe -R- 69632 bytes Created: 11.07.2007 09:33 Modified: 11.07.2007 09:33 Company: MicroVision Development, Inc. ---------- Key: SwPrv ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{CD5BB325-1698-4C3A-8782-0923E72A4E6B} C:\WINDOWS\system32\dllhost.exe 5120 bytes Created: 25.04.2008 11:45 Modified: 14.04.2008 14:00 Company: Microsoft Corporation ---------- Key: tosporte ImagePath: system32\DRIVERS\tosporte.sys C:\WINDOWS\system32\DRIVERS\tosporte.sys 41600 bytes Created: 22.10.2008 02:29 Modified: 26.04.2007 23:29 Company: TOSHIBA Corporation ---------- Key: tosrfbd ImagePath: system32\DRIVERS\tosrfbd.sys C:\WINDOWS\system32\DRIVERS\tosrfbd.sys 113920 bytes Created: 22.10.2008 02:29 Modified: 26.04.2007 23:29 Company: TOSHIBA CORPORATION ---------- Key: tosrfbnp ImagePath: System32\Drivers\tosrfbnp.sys C:\WINDOWS\System32\Drivers\tosrfbnp.sys 36480 bytes Created: 22.10.2008 02:29 Modified: 26.04.2007 23:29 Company: TOSHIBA Corporation ---------- Key: Tosrfcom ImagePath: System32\Drivers\tosrfcom.sys C:\WINDOWS\System32\Drivers\tosrfcom.sys 64896 bytes Created: 22.10.2008 02:29 Modified: 26.04.2007 23:29 Company: TOSHIBA Corporation ---------- Key: Tosrfhid ImagePath: system32\DRIVERS\Tosrfhid.sys C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys 73600 bytes Created: 22.10.2008 02:29 Modified: 26.04.2007 23:29 Company: TOSHIBA Corporation. ---------- Key: tosrfnds ImagePath: system32\DRIVERS\tosrfnds.sys C:\WINDOWS\system32\DRIVERS\tosrfnds.sys 18612 bytes Created: 22.10.2008 02:29 Modified: 26.04.2007 23:29 Company: TOSHIBA Corporation. ---------- Key: Tosrfusb ImagePath: system32\DRIVERS\tosrfusb.sys C:\WINDOWS\system32\DRIVERS\tosrfusb.sys 41856 bytes Created: 22.10.2008 02:29 Modified: 26.04.2007 23:29 Company: TOSHIBA CORPORATION ---------- Key: usbvideo ImagePath: System32\Drivers\usbvideo.sys C:\WINDOWS\System32\Drivers\usbvideo.sys 121984 bytes Created: 22.10.2008 15:18 Modified: 14.04.2008 14:16 Company: Microsoft Corporation ---------- Key: usnjsvc ImagePath: "C:\Programme\Windows Live\Messenger\usnsvc.exe" C:\Programme\Windows Live\Messenger\usnsvc.exe 98328 bytes Created: 18.10.2007 12:31 Modified: 18.10.2007 12:31 Company: Microsoft Corporation ---------- Key: vsdatant ImagePath: \??\C:\WINDOWS\system32\vsdatant.sys C:\WINDOWS\system32\vsdatant.sys - [file not found to scan] ---------- Key: vToolbarUpdater10.2.0 ImagePath: C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe 918880 bytes Created: 31.03.2012 18:17 Modified: 31.03.2012 18:17 Company: ---------- Key: WLANKEEPER ImagePath: C:\Programme\Intel\Wireless\Bin\WLKeeper.exe C:\Programme\Intel\Wireless\Bin\WLKeeper.exe 294912 bytes Created: 25.07.2007 17:32 Modified: 25.07.2007 17:32 Company: Intel(R) Corporation ---------- Key: WLSetupSvc ImagePath: "C:\Programme\Windows Live\installer\WLSetupSvc.exe" C:\Programme\Windows Live\installer\WLSetupSvc.exe 266240 bytes Created: 25.10.2007 16:27 Modified: 25.10.2007 16:27 Company: Microsoft Corporation ---------- Key: WpdUsb ImagePath: System32\Drivers\wpdusb.sys C:\WINDOWS\System32\Drivers\wpdusb.sys 18944 bytes Created: 28.01.2005 14:44 Modified: 28.01.2005 02:36 Company: Microsoft Corporation ---------- ************************************************************ 10:05:50: Scanning -----VXD ENTRIES----- Checking the following VxD entries: ************************************************************ 10:05:50: Scanning ----- WINLOGON\NOTIFY DLLS ----- ************************************************************ 10:05:51: Scanning ----- CONTEXTMENUHANDLERS ----- Key: AVG Shell Extension CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Path: C:\Programme\AVG\AVG2012\avgse.dll C:\Programme\AVG\AVG2012\avgse.dll 156512 bytes Created: 02.08.2011 07:08 Modified: 02.08.2011 07:08 Company: AVG Technologies CZ, s.r.o. ---------- Key: LavasoftShellExt CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} Path: C:\Programme\Lavasoft\Ad-Aware\ShellExt.dll C:\Programme\Lavasoft\Ad-Aware\ShellExt.dll 493344 bytes Created: 28.10.2011 20:35 Modified: 14.05.2012 18:12 Company: Lavasoft Limited ---------- Key: Notepad++ CLSID: {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} File: [CLSID does not appear to reference a file] ---------- ************************************************************ 10:05:52: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} File: C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll 420864 bytes Created: 17.01.2011 17:19 Modified: 17.01.2011 17:19 Company: OpenOffice.org ---------- Key: {F9DB5320-233E-11D1-9F84-707F02C10627} File: C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll 378264 bytes Created: 26.03.2012 17:52 Modified: 26.03.2012 17:52 Company: Adobe Systems, Inc. ---------- ************************************************************ 10:05:53: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} BHO: C:\Programme\AVG\AVG2012\avgssie.dll C:\Programme\AVG\AVG2012\avgssie.dll 1378144 bytes Created: 11.11.2011 03:29 Modified: 11.11.2011 03:29 Company: AVG Technologies CZ, s.r.o. ---------- Key: {95B7759C-8C7F-4BF1-B163-73684A933233} BHO: C:\Programme\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll C:\Programme\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll 1869152 bytes Created: 31.03.2012 18:17 Modified: 31.03.2012 18:17 Company: ---------- Key: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} BHO: C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll 3834016 bytes Created: 10.10.2011 12:09 Modified: 10.10.2011 12:09 Company: Skype Technologies S.A. ---------- Key: {B4F3A835-0E21-4959-BA22-42B3008E02FF} BHO: C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL 561552 bytes Created: 21.12.2010 02:05 Modified: 21.12.2010 02:05 Company: Microsoft Corporation ---------- ************************************************************ 10:05:55: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************************ 10:05:55: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- ************************************************************ 10:05:55: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************************ 10:05:55: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank or does not exist ************************************************************ 10:05:55: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************************ 10:05:56: Scanning ------ COMMON STARTUP GROUP ------ [C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart] The Common Startup Group attempts to load the following file(s) at boot time: Bluetooth Manager.lnk - links to C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe 2150400 bytes Created: 11.01.2007 21:43 Modified: 11.01.2007 21:43 Company: TOSHIBA CORPORATION. -------------------- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -HS- 84 bytes Created: 25.04.2008 03:52 Modified: 25.04.2008 17:00 Company: [no info] -------------------- ************************************************************ No User Startup Groups were located to check ************************************************************ 10:05:57: Scanning ----- SCHEDULED TASKS ----- Taskname: Ad-Aware Update (Weekly) File: C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe 1743288 bytes Created: 28.10.2011 20:35 Modified: 14.05.2012 18:12 Company: Lavasoft Limited Parameters: update all silent repair Schedule: Um 13:18 wöchentlich jeden Mo, Do, ab dem 12.03.2012 Next Run Time: 07.06.2012 13:18:00 Status: Has not run Creator: SYSTEM Comments: This will perform a scheduled update with Ad-Aware ---------- Taskname: Adobe Flash Player Updater File: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 257696 bytes Created: 01.04.2012 11:50 Modified: 05.05.2012 11:35 Company: Adobe Systems Incorporated Schedule: Alle 1 Stunde(n) ab 01:35. Dauer: 24 Stunde(n) täglich, ab dem 01.01.2000 Next Run Time: 05.06.2012 10:35:00 Status: Ready Creator: Adobe Systems Incorporated Comments: Mit diesem Task ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes. Wenn dieser Task deaktiviert oder entfernt wird, kann Adobe Flash Player Ihren Computer nicht automatisch mit den neuesten Sicherheits-Fixes sichern. ---------- ************************************************************ 10:05:58: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- ************************************************************ 10:05:58: Scanning ----- DEVICE DRIVER ENTRIES ----- Value: msacm.voxacm160 File: vct3216.acm C:\WINDOWS\system32\vct3216.acm 82944 bytes Created: 26.10.2008 17:32 Modified: 22.05.2003 01:50 Company: Voxware, Inc. ---------- Value: msacm.alf2cd File: alf2cd.acm C:\WINDOWS\system32\alf2cd.acm 38912 bytes Created: 26.10.2008 17:32 Modified: 22.05.2003 01:50 Company: NCT Company ---------- Value: msacm.ac3acm File: AC3ACM.acm C:\WINDOWS\system32\AC3ACM.acm 81920 bytes Created: 26.10.2008 17:32 Modified: 04.02.2004 23:11 Company: fccHandler ---------- Value: vidc.dvsd File: mcdvd_32.dll C:\WINDOWS\system32\mcdvd_32.dll 261632 bytes Created: 26.10.2008 17:32 Modified: 27.09.2007 16:22 Company: MainConcept ---------- Value: vidc.VP60 File: C:\WINDOWS\system32\vp6vfw.dll C:\WINDOWS\system32\vp6vfw.dll -R- 442368 bytes Created: 14.12.2010 21:30 Modified: 26.02.2005 07:34 Company: On2.com ---------- Value: vidc.VP61 File: C:\WINDOWS\system32\vp6vfw.dll C:\WINDOWS\system32\vp6vfw.dll - file already scanned ---------- ************************************************************ 10:06:00: ----- ADDITIONAL CHECKS ----- PE386 rootkit checks completed ---------- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper entry is blank ---------- Web Desktop Wallpaper entry is blank ---------- DNS Server information: Interface: NameServers: 192.168.1.10 192.168.1.130 Checks for rogue DNS NameServers completed ---------- Additional checks completed ************************************************************ 10:06:01: Scanning ----- RUNNING PROCESSES ----- C:\WINDOWS\System32\smss.exe 50688 bytes Created: 25.04.2008 11:45 Modified: 14.04.2008 14:00 Company: Microsoft Corporation [1 loaded module] -------------------- C:\PROGRA~1\AVG\AVG2012\avgrsx.exe 743264 bytes Created: 08.09.2011 21:53 Modified: 08.09.2011 21:53 Company: AVG Technologies CZ, s.r.o. [8 loaded modules in total] -------------------- C:\WINDOWS\system32\csrss.exe 6144 bytes Created: 25.04.2008 11:45 Modified: 14.04.2008 14:00 Company: Microsoft Corporation [13 loaded modules in total] -------------------- C:\WINDOWS\system32\winlogon.exe 513024 bytes Created: 25.04.2008 11:46 Modified: 14.04.2008 14:00 Company: Microsoft Corporation [69 loaded modules in total] -------------------- C:\WINDOWS\system32\services.exe 111104 bytes Created: 25.04.2008 11:45 Modified: 09.02.2009 13:21 Company: Microsoft Corporation [25 loaded modules in total] -------------------- C:\WINDOWS\system32\lsass.exe 13312 bytes Created: 25.04.2008 11:45 Modified: 14.04.2008 14:00 Company: Microsoft Corporation [56 loaded modules in total] -------------------- C:\WINDOWS\system32\svchost.exe 14336 bytes Created: 25.04.2008 11:46 Modified: 14.04.2008 14:00 Company: Microsoft Corporation [47 loaded modules in total] -------------------- [37 loaded modules in total] [163 loaded modules in total] [59 loaded modules in total] [39 loaded modules in total] [36 loaded modules in total] [94 loaded modules in total] C:\WINDOWS\system32\spoolsv.exe 58880 bytes Created: 25.04.2008 11:45 Modified: 17.08.2010 15:17 Company: Microsoft Corporation [60 loaded modules in total] -------------------- [69 loaded modules in total] C:\Programme\Java\jre6\bin\jqs.exe 153376 bytes Created: 04.06.2012 09:07 Modified: 04.06.2012 09:07 Company: Sun Microsystems, Inc. [75 loaded modules in total] -------------------- [22 loaded modules in total] C:\Programme\Dell Support Center\bin\sprtsvc.exe 201968 bytes Created: 14.08.2008 01:04 Modified: 14.08.2008 01:04 Company: SupportSoft, Inc. [52 loaded modules in total] -------------------- [39 loaded modules in total] C:\WINDOWS\system32\wdfmgr.exe 38912 bytes Created: 28.01.2005 14:44 Modified: 28.01.2005 02:36 Company: Microsoft Corporation [13 loaded modules in total] -------------------- [23 loaded modules in total] [79 loaded modules in total] C:\Programme\AVG\AVG2012\avgnsx.exe 1229664 bytes Created: 28.11.2011 02:19 Modified: 28.11.2011 02:19 Company: AVG Technologies CZ, s.r.o. [30 loaded modules in total] -------------------- C:\Programme\AVG\AVG2012\avgemcx.exe 973664 bytes Created: 10.10.2011 07:23 Modified: 10.10.2011 07:23 Company: AVG Technologies CZ, s.r.o. [22 loaded modules in total] -------------------- C:\WINDOWS\system32\wbem\unsecapp.exe 16896 bytes Created: 25.04.2008 16:57 Modified: 14.04.2008 14:00 Company: Microsoft Corporation [34 loaded modules in total] -------------------- C:\WINDOWS\System32\alg.exe 44544 bytes Created: 25.04.2008 11:45 Modified: 14.04.2008 14:00 Company: Microsoft Corporation [31 loaded modules in total] -------------------- C:\WINDOWS\system32\wbem\wmiprvse.exe 227840 bytes Created: 25.04.2008 16:56 Modified: 06.02.2009 12:10 Company: Microsoft Corporation [40 loaded modules in total] -------------------- C:\WINDOWS\system32\wbem\wmiapsrv.exe 126464 bytes Created: 25.04.2008 16:56 Modified: 14.04.2008 14:00 Company: Microsoft Corporation [43 loaded modules in total] -------------------- [112 loaded modules in total] [29 loaded modules in total] [55 loaded modules in total] C:\Programme\DellTPad\ApMsgFwd.exe 50736 bytes Created: 22.10.2008 11:14 Modified: 21.02.2008 23:24 Company: Alps Electric Co., Ltd. [12 loaded modules in total] -------------------- C:\Programme\DellTPad\HidFind.exe 40960 bytes Created: 22.10.2008 11:14 Modified: 21.02.2008 23:25 Company: Alps Electric Co., Ltd. [16 loaded modules in total] -------------------- C:\Programme\DellTPad\Apntex.exe 49152 bytes Created: 22.10.2008 11:14 Modified: 21.02.2008 23:24 Company: Alps Electric Co., Ltd. [17 loaded modules in total] -------------------- [30 loaded modules in total] [19 loaded modules in total] [22 loaded modules in total] [21 loaded modules in total] [41 loaded modules in total] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe 1191728 bytes Created: 28.10.2011 20:35 Modified: 14.05.2012 18:12 Company: Lavasoft Limited [19 loaded modules in total] -------------------- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe 2150400 bytes Created: 11.01.2007 21:43 Modified: 11.01.2007 21:43 Company: TOSHIBA CORPORATION. [41 loaded modules in total] -------------------- C:\Programme\OpenOffice.org 3\program\soffice.exe 11322880 bytes Created: 17.01.2011 19:50 Modified: 17.01.2011 19:50 Company: OpenOffice.org [14 loaded modules in total] -------------------- C:\Programme\OpenOffice.org 3\program\soffice.bin 11314688 bytes Created: 17.01.2011 19:50 Modified: 17.01.2011 19:50 Company: OpenOffice.org [79 loaded modules in total] -------------------- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe 278528 bytes Created: 18.12.2006 16:22 Modified: 18.12.2006 16:22 Company: TOSHIBA CORPORATION. [21 loaded modules in total] -------------------- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe 69632 bytes Created: 24.01.2006 00:14 Modified: 24.01.2006 00:14 Company: TOSHIBA CORPORATION. [10 loaded modules in total] -------------------- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe 270336 bytes Created: 27.10.2006 21:13 Modified: 27.10.2006 21:13 Company: TOSHIBA CORPORATION. [27 loaded modules in total] -------------------- C:\Programme\Outlook Express\msimn.exe 60416 bytes Created: 25.04.2008 16:58 Modified: 14.04.2008 14:00 Company: Microsoft Corporation [91 loaded modules in total] -------------------- C:\Programme\AVG\AVG2012\avgcsrvx.exe 337760 bytes Created: 15.08.2011 07:21 Modified: 15.08.2011 07:21 Company: AVG Technologies CZ, s.r.o. [7 loaded modules in total] -------------------- [7 loaded modules in total] C:\WINDOWS\system32\wuauclt.exe 53472 bytes Created: 25.04.2008 16:58 Modified: 06.08.2009 20:24 Company: Microsoft Corporation [34 loaded modules in total] -------------------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Simply Super Software\Trojan Remover\syrE7.exe FileSize: 4746488 [This is a Trojan Remover component] [23 loaded modules in total] -------------------- ************************************************************ 10:08:08: Checking HOSTS file No HOSTS file found to check ************************************************************ 10:08:08: Scanning ------ %TEMP% DIRECTORY ------ ************************************************************ 10:08:25: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------ ************************************************************ 10:08:29: Scanning ------ ROOT DIRECTORY ------ ************************************************************ 10:08:30: ------ Scan for other files to remove ------ No malware-related files found to remove ************************************************************ ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": Dell Offizielle Seite | Dell Deutschland HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": Dell Offizielle Seite | Dell Deutschland HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch": hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant": Dell-Suchseite HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": Personalisierte Startseite HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\WINDOWS\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": Dell-Suchseite HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": Personalisierte Startseite ************************************************************ === CHANGES WERE MADE TO THE WINDOWS REGISTRY === === ONE OR MORE FILES WERE RENAMED OR REMOVED === Scan completed at: 10:08:30 05 Jun 2012 Total Scan time: 00:06:57 ------------------------------------------------------------------------- Trojan Remover needs to restart the system to complete operations 05.06.2012 10:08:38: restart commenced ************************************************************ |
|
25.06.2012, 10:58
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC plötzlich verlangsamt Bitte erstmal routinemäßig einen neuen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.06.2012, 01:46
| #5 | |
| | PC plötzlich verlangsamt Ok danke erstmal für die schnelle Antwort und ausführliche Beschreibung der Schritte, die ich noch machen muss. Hier der Log vom Malwarebyte: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.06.25.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Anne :: HANNSEN [Administrator] 25.06.2012 18:34:58 mbam-log-2012-06-25 (18-34-58).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 317860 Laufzeit: 5 Stunde(n), 29 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\tst (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\WINDOWS\system32\xmldm (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 5 C:\System Volume Information\_restore{D9FA3B3D-319C-4796-896B-52C04E52EBC8}\RP518\A0102339.exe (PUP.Passwordtool.Cain) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{D9FA3B3D-319C-4796-896B-52C04E52EBC8}\RP518\A0102340.exe (PUP.PasswordTool.Hydra) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{D9FA3B3D-319C-4796-896B-52C04E52EBC8}\RP518\A0102347.exe (PUP.PasswordTool.Hydra) -> Keine Aktion durchgeführt. C:\WINDOWS\system32\xmldm\msimn.exe_UAs001.dat (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\WINDOWS\system32\xmldm\serial.dbg (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c137d765e2b09449a4c25865f079cf44
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-26 07:56:13
# local_time=2012-06-26 09:56:13 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777191 100 0 14731565 14731565 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=74426
# found=2
# cleaned=0
# scan_time=25371
C:\Dokumente und Einstellungen\Anne\Eigene Dateien\Downloads\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application (unable to clean)
Zitat:
Geändert von ratsuchend (26.06.2012 um 01:52 Uhr) |
|
26.06.2012, 11:46
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC plötzlich verlangsamtZitat:
__________________ --> PC plötzlich verlangsamt |
|
26.06.2012, 17:22
| #7 |
| | PC plötzlich verlangsamt Bin mir nicht sicher, ob ich das richtig verstehe. Also ich hab bei Malwarebytes in der Quarantäne 2 mal "Trojan.Banker" und 3 mal "Stolen.Data". Ich dachte, in der Quarantäne soll ich erstmal nichts löschen oder doch? |
|
26.06.2012, 18:16
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC plötzlich verlangsamt Von aus der Quarantäne also endültig löschen war auch garnicht die Rede! Es geht darum, dass man in deinem Malwarebytes Logfile sieht, dass manche Einträge in die Quarantäne verschoben worden und manche nicht!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.06.2012, 14:49
| #9 |
| | PC plötzlich verlangsamt ok, mein PC ist zur Zeit super langsam (ja einer der Gründe, warum ich hier schreibe) und daher musst ich Malwarebites über 6 Stunden laufen lassen. Hier der Log, jetzt ist wohl alles Gefundene in Quarantäne. Ich hatte anscheinend letztes mal einige Häkchen vergessen. Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.26.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Anne :: HANNSEN [Administrator] 27.06.2012 09:00:30 mbam-log-2012-06-27 (09-00-30).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 312882 Laufzeit: 6 Stunde(n), 43 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\System Volume Information\_restore{D9FA3B3D-319C-4796-896B-52C04E52EBC8}\RP518\A0102339.exe (PUP.Passwordtool.Cain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{D9FA3B3D-319C-4796-896B-52C04E52EBC8}\RP518\A0102340.exe (PUP.PasswordTool.Hydra) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{D9FA3B3D-319C-4796-896B-52C04E52EBC8}\RP518\A0102347.exe (PUP.PasswordTool.Hydra) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
28.06.2012, 09:42
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC plötzlich verlangsamt Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.06.2012, 17:44
| #11 |
| | PC plötzlich verlangsamt hier ist OTL.txt. Brauchst du auch noch Extras.Txt? (ist auch erschienen) Code:
ATTFilter OTL logfile created on: 28.06.2012 18:13:24 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Dokumente und Einstellungen\Anne\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 67,27% Memory free 3,84 Gb Paging File | 3,32 Gb Available in Paging File | 86,46% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 148,95 Gb Total Space | 58,82 Gb Free Space | 39,49% Space Free | Partition Type: NTFS Computer Name: HANNSEN | User Name: Anne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.28 18:09:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL.exe PRC - [2012.06.13 16:59:17 | 000,935,480 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe PRC - [2012.06.13 16:59:13 | 001,104,440 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe PRC - [2012.06.12 16:35:04 | 006,029,944 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgmfapx.exe PRC - [2012.04.19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgnsx.exe PRC - [2012.04.05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe PRC - [2012.03.19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgemcx.exe PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe PRC - [2012.02.14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgrsx.exe PRC - [2012.02.14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcsrvx.exe PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.01.13 19:18:07 | 000,527,312 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2012.01.13 19:17:40 | 000,476,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2009.05.21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe PRC - [2008.08.14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.02.21 23:25:06 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe PRC - [2008.02.21 23:24:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe PRC - [2008.02.21 23:24:54 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe PRC - [2008.02.21 23:24:54 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe PRC - [2007.08.30 11:50:42 | 000,205,480 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe PRC - [2007.07.25 17:32:34 | 000,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe PRC - [2007.01.11 21:43:46 | 002,150,400 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2006.12.18 16:22:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2006.10.27 21:13:48 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2006.01.24 00:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe ========== Modules (No Company Name) ========== MOD - [2012.06.13 16:59:19 | 000,132,664 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll MOD - [2012.06.13 16:59:17 | 000,935,480 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe MOD - [2012.06.13 16:59:13 | 001,104,440 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe MOD - [2012.05.11 03:17:45 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.11 03:17:28 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.11 03:17:06 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2007.07.25 17:25:48 | 000,118,784 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll MOD - [2005.07.22 22:30:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll MOD - [2004.07.20 18:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll MOD - [2001.10.28 18:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll ========== Win32 Services (SafeList) ========== SRV - [2012.06.23 12:26:52 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.19 20:04:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.13 16:59:17 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0) SRV - [2012.06.07 13:30:15 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2012.01.13 19:17:40 | 000,476,112 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.04.06 05:07:00 | 002,784,285 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc) SRV - [2008.08.27 02:39:38 | 000,071,512 | ---- | M] (O2Micro International) [Disabled | Stopped] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH) SRV - [2008.08.14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Programme\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) SRV - [2007.07.25 17:32:34 | 000,294,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R) SRV - [2007.07.11 09:33:28 | 000,069,632 | R--- | M] (MicroVision Development, Inc.) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe -- (stllssvr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012.03.19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012.02.22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2012.01.13 19:08:23 | 000,023,464 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva) DRV - [2012.01.13 19:07:30 | 000,057,000 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsmux.sys -- (acsmux) DRV - [2012.01.13 19:07:30 | 000,038,440 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsint.sys -- (acsint) DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2011.10.28 20:35:28 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd) DRV - [2011.10.28 20:35:26 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2009.10.26 06:47:00 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R) DRV - [2008.08.27 02:39:48 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR) DRV - [2008.08.27 02:39:42 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR) DRV - [2008.07.16 23:32:12 | 000,235,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Vid.sys -- (OEM13Vid) DRV - [2008.07.16 23:32:10 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Vfx.sys -- (OEM13Vfx) DRV - [2008.07.16 23:32:00 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Afx.sys -- (OEM13Afx) DRV - [2008.02.22 02:28:14 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2008.02.21 23:24:52 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008.02.21 23:21:58 | 004,625,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.08.13 03:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R) DRV - [2007.07.23 16:05:18 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM) DRV - [2007.07.23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM) DRV - [2007.07.23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2007.07.23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2007.07.23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2007.07.23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM) DRV - [2007.07.23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM) DRV - [2007.07.23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2007.07.23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M) DRV - [2007.07.23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\DLACDBHM.SYS.vir -- (DLACDBHM) DRV - [2007.05.29 16:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2007.04.26 23:29:30 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2007.04.26 23:29:28 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2007.04.26 23:29:28 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2007.04.26 23:29:28 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2007.04.26 23:29:26 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2007.04.26 23:29:26 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2007.04.26 23:29:24 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte) DRV - [2007.01.18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2005.08.12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=4081022 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.de/hws/sb/dell-row/de/side.html?channel=de-smb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=4081022 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=4081022 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=4081022 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=4081022 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=4081022 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-519679788-2892203428-1993165830-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=4081022 IE - HKU\S-1-5-21-519679788-2892203428-1993165830-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de/hws/sb/dell-row/de/side.html?channel=de-smb IE - HKU\S-1-5-21-519679788-2892203428-1993165830-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de/hws/sb/dell-row/de/side.html?channel=de-smb IE - HKU\S-1-5-21-519679788-2892203428-1993165830-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=4081022 IE - HKU\S-1-5-21-519679788-2892203428-1993165830-1006\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-519679788-2892203428-1993165830-1006\..\SearchScopes\{35323DAD-6B1A-4E3A-9A3C-442B62944124}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-519679788-2892203428-1993165830-1006\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={2CC8BFA2-3AAD-47B2-96E6-144B48B86399}&mid=ea5eea5e6f4d47d194ded16836437a0a-b602d594afd2b0b327e07a06f36ca6a7e42546d0&lang=de&ds=AVG&pr=fr&d=2012-06-06 21:43:33&v=11.0.0.9&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-519679788-2892203428-1993165830-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\Line\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG2012\Firefox4\ [2012.06.12 16:41:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\11.1.0.7\ [2012.06.13 16:59:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Programme\AVG\AVG2012\Firefox\DoNotTrack\ [2012.06.06 21:41:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.19 20:04:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.23 20:00:52 | 000,000,000 | ---D | M] [2012.01.07 14:36:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Anne\Anwendungsdaten\Mozilla\Extensions [2012.06.16 14:22:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Anne\Anwendungsdaten\Mozilla\Firefox\Profiles\z8eb27xd.default\extensions [2012.06.19 20:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.01.21 14:28:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.13 16:59:32 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\AVG SECURE SEARCH\11.1.0.7 [2012.06.06 21:41:12 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAMME\AVG\AVG2012\FIREFOX\DONOTTRACK [2012.06.19 20:04:14 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll [2012.06.19 20:03:58 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.13 16:59:09 | 000,003,766 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml [2012.06.19 20:03:58 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.19 20:03:58 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.19 20:03:58 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 20:03:58 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 20:03:58 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.06.25 12:48:58 | 000,000,043 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 131.220.224.202 unibn-vpn.uni-bonn.de O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O3 - HKU\S-1-5-21-519679788-2892203428-1993165830-1006\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [DELL Webcam Manager] C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [dellsupportcenter] C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Programme\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [vProt] C:\Programme\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-21-519679788-2892203428-1993165830-1006..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-519679788-2892203428-1993165830-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225030740633 (WUWebControl Class) O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} hxxp://www.acclaim.com/cabs/acclaim_v5.cab (GameLauncher Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.130 192.168.1.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{475C73E2-E40C-41A0-9F82-E58AF5EAD24D}: NameServer = 192.168.1.10 192.168.1.130 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2EC93FA-6BEA-48D3-9235-54C5D7FDDC93}: DhcpNameServer = 192.168.1.130 192.168.1.10 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll () O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.04.25 17:00:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "WLSetupSvc" MsConfig - Services: "usnjsvc" MsConfig - Services: "stllssvr" MsConfig - Services: "O2FLASH" MsConfig - Services: "npggsvc" MsConfig - Services: "Lavasoft Ad-Aware Service" MsConfig - Services: "gusvc" MsConfig - Services: "GoogleDesktopManager-010708-104812" MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Audible Download Manager.lnk - - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - File not found MsConfig - StartUpReg: Dell QuickSet - hkey= - key= - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) MsConfig - StartUpReg: DellSupportCenter - hkey= - key= - C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) MsConfig - StartUpReg: dscactivate - hkey= - key= - C:\Programme\Dell Support Center\gs_agent\custom\dsca.exe ( ) MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - File not found MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found MsConfig - StartUpReg: IntelWireless - hkey= - key= - C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) MsConfig - StartUpReg: IntelZeroConfig - hkey= - key= - C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) MsConfig - StartUpReg: ISUSPM - hkey= - key= - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) MsConfig - StartUpReg: OEM13Mon.exe - hkey= - key= - C:\WINDOWS\OEM13Mon.exe (Creative Technology Ltd.) MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - File not found MsConfig - StartUpReg: Persistence - hkey= - key= - File not found MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1 ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler) Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com) Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.27 01:50:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anne\Desktop\mail [2012.06.26 02:49:47 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.06.25 18:30:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anne\Anwendungsdaten\Malwarebytes [2012.06.25 18:29:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.06.25 18:29:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.06.25 18:29:13 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.06.25 18:29:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.06.25 12:46:46 | 000,057,000 | R--- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\acsmux.sys [2012.06.25 12:46:39 | 000,038,440 | R--- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\acsint.sys [2012.06.25 12:46:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Cisco [2012.06.25 12:44:56 | 000,000,000 | ---D | C] -- C:\Programme\Cisco [2012.06.25 12:44:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anne\Lokale Einstellungen\Anwendungsdaten\Cisco [2012.06.25 12:43:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco [2012.06.16 17:03:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anne\Desktop\KliChi [2012.06.16 16:45:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anne\Desktop\Patho [2012.06.16 14:25:40 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.06.16 14:25:40 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.06.14 22:50:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anne\Desktop\hayes [2012.06.14 22:33:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anne\Desktop\präklinische dokus [2012.06.14 12:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anne\Desktop\Cisco [2012.06.12 19:36:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anne\Desktop\temporary [2012.06.12 19:26:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anne\Desktop\Hub [2012.06.12 16:41:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG [2012.06.06 21:43:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anne\Lokale Einstellungen\Anwendungsdaten\AVG Secure Search [2012.06.06 21:43:19 | 000,000,000 | ---D | C] -- C:\Programme\AVG Secure Search [2012.06.05 10:00:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anne\Eigene Dateien\Simply Super Software [2012.06.05 10:00:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Trojan Remover [2012.06.05 10:00:20 | 000,598,528 | ---- | C] (Igor Pavlov) -- C:\WINDOWS\System32\ztv7z.dll [2012.06.05 10:00:20 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll [2012.06.05 10:00:18 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover [2012.06.05 10:00:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anne\Anwendungsdaten\Simply Super Software [2012.06.05 10:00:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software [2012.06.04 09:13:13 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2012.06.04 09:07:58 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll [2012.06.04 09:07:58 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2012.06.04 09:07:58 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2012.06.04 09:07:57 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2012.06.04 09:07:57 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2012.06.04 09:07:05 | 000,000,000 | ---D | C] -- C:\Programme\Java [2012.06.03 23:33:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anne\Anwendungsdaten\Ad-Aware Antivirus [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Anne\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Anne\Eigene Dateien\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.28 18:14:14 | 100,776,178 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2012.06.28 18:12:17 | 000,176,906 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm [2012.06.28 17:26:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.06.28 15:16:22 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012.06.28 15:16:07 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2012.06.28 15:16:07 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2012.06.28 09:05:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.28 09:01:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.28 09:01:00 | 2137,444,352 | -HS- | M] () -- C:\hiberfil.sys [2012.06.27 08:06:40 | 000,019,012 | ---- | M] () -- C:\Dokumente und Einstellungen\Anne\Anwendungsdaten\wklnhst.dat [2012.06.27 01:50:16 | 000,024,868 | ---- | M] () -- C:\Dokumente und Einstellungen\Anne\Desktop\Dapagliflozin Ratten w.ods [2012.06.27 01:50:13 | 000,025,310 | ---- | M] () -- C:\Dokumente und Einstellungen\Anne\Desktop\Dapagliflozin Ratten m.ods [2012.06.27 01:50:10 | 000,024,834 | ---- | M] () -- C:\Dokumente und Einstellungen\Anne\Desktop\Dapagliflozin Mäuse W.ods [2012.06.27 01:33:51 | 000,010,210 | ---- | M] () -- C:\Dokumente und Einstellungen\Anne\Desktop\Abkürzungen.ods [2012.06.27 01:32:03 | 000,024,262 | ---- | M] () -- C:\Dokumente und Einstellungen\Anne\Desktop\Dapagliflozin Mäuse M.ods [2012.06.26 23:31:33 | 000,025,317 | ---- | M] () -- C:\Dokumente und Einstellungen\Anne\Desktop\Dapagliflozin Mäuse M2.ods [2012.06.25 18:29:30 | 000,000,758 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.25 12:48:58 | 000,000,043 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.06.24 23:27:20 | 000,082,717 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Abrissflyer_its_too_dangerous-chef.jpg [2012.06.24 19:53:46 | 000,017,913 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Entwurf Tabelle.ods [2012.06.23 12:26:51 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.06.23 12:26:49 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.06.21 08:58:44 | 001,250,944 | ---- | M] () -- C:\Dokumente und Einstellungen\Anne\Desktop\Excel.pdf [2012.06.21 00:12:29 | 000,040,565 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\chic-surface-piercing-on-eyebrow_49.jpg [2012.06.20 17:44:34 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.06.19 21:55:42 | 000,000,110 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\vor.URL [2012.06.15 00:31:41 | 000,312,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.06.15 00:12:54 | 000,497,612 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.06.15 00:12:54 | 000,473,746 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.06.15 00:12:54 | 000,101,836 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.06.15 00:12:54 | 000,085,140 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.06.15 00:04:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.06.14 09:27:59 | 001,239,254 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\bb2.pdf [2012.06.14 09:27:49 | 001,606,981 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\bb1.pdf [2012.06.07 16:48:30 | 000,025,600 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.04 09:07:18 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2012.06.04 09:07:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2012.06.04 09:07:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2012.06.04 09:07:18 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2012.06.04 09:07:17 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll [2012.06.04 09:07:17 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2012.06.02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll [2012.06.02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll [2012.06.02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl [2012.06.02 15:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll [2012.06.02 15:19:38 | 000,015,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui [2012.06.02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll [2012.06.02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll [2012.06.02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe [2012.06.02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll [2012.06.02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll [2012.06.02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll [2012.06.02 15:19:28 | 000,023,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui [2012.06.02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll [2012.06.02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll [2012.06.02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll [2012.06.02 15:18:58 | 000,275,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll [2012.06.02 15:18:58 | 000,018,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui [2012.05.31 15:22:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\***\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\***\Eigene Dateien\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.27 01:09:48 | 000,010,210 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Abkürzungen.ods [2012.06.26 23:31:32 | 000,025,317 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Dapagliflozin Mäuse M2.ods [2012.06.26 18:11:44 | 000,025,310 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Dapagliflozin Ratten m.ods [2012.06.26 15:40:24 | 000,024,834 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Dapagliflozin Mäuse W.ods [2012.06.26 13:22:47 | 000,024,262 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Dapagliflozin Mäuse M.ods [2012.06.25 23:41:52 | 000,024,868 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Dapagliflozin Ratten w.ods [2012.06.25 18:29:30 | 000,000,758 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.24 23:27:20 | 000,082,717 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Abrissflyer_its_too_dangerous-chef.jpg [2012.06.21 19:21:04 | 000,017,913 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Entwurf Tabelle.ods [2012.06.21 08:58:44 | 001,250,944 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Excel.pdf [2012.06.21 00:12:29 | 000,040,565 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\chic-surface-piercing-on-eyebrow_49.jpg [2012.06.19 21:55:42 | 000,000,110 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\vor.URL [2012.06.16 14:25:47 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.06.14 09:27:59 | 001,239,254 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\bb2.pdf [2012.06.14 09:27:49 | 001,606,981 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\bb1.pdf [2012.06.05 10:00:20 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar39.dll [2012.06.05 10:00:20 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll [2012.06.05 10:00:20 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll [2012.06.05 10:00:20 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll [2012.06.05 10:00:20 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll [2012.02.19 11:18:46 | 000,025,600 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.16 01:44:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.01.16 03:01:28 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2011.12.18 00:07:19 | 000,019,012 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\wklnhst.dat [2011.12.07 20:12:02 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2011.07.14 14:45:00 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011.07.14 14:45:00 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2009.04.17 18:40:35 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > [2008.10.27 16:20:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\SupportSoft < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.06.03 23:34:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ad-Aware Antivirus [2012.01.26 02:24:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe [2012.01.07 15:52:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AVG Secure Search [2012.01.07 16:06:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AVG2012 [2011.12.13 23:44:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Creative [2008.10.22 02:40:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CyberLink [2012.02.16 00:17:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Efzuew [2008.04.25 17:04:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities [2008.10.22 02:34:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InstallShield [2008.10.22 02:29:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Intel [2012.01.07 14:39:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia [2012.06.25 18:30:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2012.02.19 11:26:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Media Player Classic [2012.06.16 14:09:30 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft [2012.01.07 14:36:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla [2012.01.25 17:20:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org [2012.01.16 03:01:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\pdfforge [2012.06.05 10:00:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Simply Super Software [2012.05.25 13:18:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype [2008.10.22 02:27:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun [2012.02.16 00:22:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Veog [2012.04.06 00:26:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Winamp < %APPDATA%\*.exe /s > [2012.02.24 16:22:54 | 004,746,488 | ---- | M] (Simply Super Software) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Simply Super Software\Trojan Remover\due82.exe < %SYSTEMDRIVE%\*.exe > [2001.05.24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE < MD5 for: AGP440.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 14:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS < MD5 for: ATAPI.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 14:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008.04.14 14:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008.04.14 14:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: IASTOR.SYS > [2008.03.17 23:59:36 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\drivers\storage\R179638\iastor.sys [2008.03.17 23:59:36 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.04.25 04:50:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2008.04.25 04:50:48 | 001,093,632 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2008.04.25 04:50:48 | 000,446,464 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < > ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9 @Alternate Data Stream - 110 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 < End of report > |
|
29.06.2012, 11:27
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC plötzlich verlangsamt Ja die Extras.txt wäre auch gut
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.07.2012, 14:57
| #13 |
| | PC plötzlich verlangsamt ok hier noch das extras.txt (zum otl.txt) Code:
ATTFilter OTL Extras logfile created on: 28.06.2012 18:13:24 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 67,27% Memory free
3,84 Gb Paging File | 3,32 Gb Available in Paging File | 86,46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 148,95 Gb Total Space | 58,82 Gb Free Space | 39,49% Space Free | Partition Type: NTFS
Computer Name: HANNSEN | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-519679788-2892203428-1993165830-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\Microsoft Office\Office14\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Programme\AVG\AVG2012\avgmfapx.exe" = C:\Programme\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG2012\avgnsx.exe" = C:\Programme\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG2012\avgdiagex.exe" = C:\Programme\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnose 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG2012\avgemcx.exe" = C:\Programme\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal eMail-Scanner -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03440014-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Enzyklopädie 2003
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{85BE320B-A37D-42DA-B9BE-20A40B6A05E3}" = Cisco AnyConnect Secure Mobility Client
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 14
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C6A09671-93A6-4548-9FAE-3BF21EB9C921}" = AVG 2012
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}" = Ad-Aware
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AVG" = AVG 2012
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
"DC++" = DC++ 0.782
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.SingleImage" = Microsoft Office Professional 2010
"ProInst" = Intel(R) PROSet/Wireless Software
"SearchAssist" = SearchAssist
"Shockwave" = Shockwave
"Trojan Remover_is1" = Trojan Remover 6.8.3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Works2003Setup" = Microsoft Works 2003-Setup-Start
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-519679788-2892203428-1993165830-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.06.2012 23:26:06 | Computer Name = HANNSEN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.262,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
Error - 26.06.2012 05:43:00 | Computer Name = HANNSEN | Source = Microsoft Office 10 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Word.
Error - 26.06.2012 06:26:01 | Computer Name = HANNSEN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 26.06.2012 19:37:56 | Computer Name = HANNSEN | Source = Microsoft Office 10 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Word.
Error - 27.06.2012 02:26:02 | Computer Name = HANNSEN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.262,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
Error - 27.06.2012 06:26:09 | Computer Name = HANNSEN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.262,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
Error - 27.06.2012 08:26:06 | Computer Name = HANNSEN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.262,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
Error - 28.06.2012 05:26:02 | Computer Name = HANNSEN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.262,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
Error - 28.06.2012 09:16:21 | Computer Name = HANNSEN | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 28.06.2012 12:11:48 | Computer Name = HANNSEN | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.53.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 28.06.2012 03:06:12 | Computer Name = HANNSEN | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 28.06.2012 03:08:16 | Computer Name = HANNSEN | Source = acvpnagent | ID = 67108866
Description = Function: CTlsTransport::OnTransportInitiateComplete File: .\IP\TlsTransport.cpp
Line:
357 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
-31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 28.06.2012 03:08:16 | Computer Name = HANNSEN | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 28.06.2012 03:08:16 | Computer Name = HANNSEN | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1194 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 28.06.2012 03:08:26 | Computer Name = HANNSEN | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 28.06.2012 03:08:26 | Computer Name = HANNSEN | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1194 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 28.06.2012 03:08:26 | Computer Name = HANNSEN | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1024 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
(0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target
Error - 28.06.2012 03:08:26 | Computer Name = HANNSEN | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
860 Invoked Function: CNetEnvironment::TestAccessToSG Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 28.06.2012 03:10:04 | Computer Name = HANNSEN | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4612
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 28.06.2012 03:10:11 | Computer Name = HANNSEN | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1084 NULL object. Cannot establish a connection at this time.
[ System Events ]
Error - 27.06.2012 02:47:10 | Computer Name = HANNSEN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Imapi
Error - 27.06.2012 12:03:20 | Computer Name = HANNSEN | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.168.105.243 über
die Netzwerkkarte mit der Netzwerkadresse 002170A793F9 ist verloren gegangen.
Error - 27.06.2012 13:35:20 | Computer Name = HANNSEN | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.168.105.243 über
die Netzwerkkarte mit der Netzwerkadresse 002170A793F9 ist verloren gegangen.
Error - 27.06.2012 17:11:11 | Computer Name = HANNSEN | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst AVGIDSAgent.
Error - 27.06.2012 17:11:11 | Computer Name = HANNSEN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AVGIDSAgent" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 27.06.2012 17:11:29 | Computer Name = HANNSEN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
iaStor Imapi
Error - 28.06.2012 03:05:02 | Computer Name = HANNSEN | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst AVGIDSAgent.
Error - 28.06.2012 03:05:02 | Computer Name = HANNSEN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AVGIDSAgent" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 28.06.2012 03:05:03 | Computer Name = HANNSEN | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst AudioSrv.
Error - 28.06.2012 03:06:04 | Computer Name = HANNSEN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Imapi
< End of report >
|
|
01.07.2012, 16:10
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC plötzlich verlangsamt Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.07.2012, 18:14
| #15 |
| | PC plötzlich verlangsamt Report vom TDSS-Killer: Code:
ATTFilter 19:04:57.0328 4988 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
19:04:57.0406 4988 ============================================================
19:04:57.0406 4988 Current date / time: 2012/07/01 19:04:57.0406
19:04:57.0406 4988 SystemInfo:
19:04:57.0406 4988
19:04:57.0406 4988 OS Version: 5.1.2600 ServicePack: 3.0
19:04:57.0406 4988 Product type: Workstation
19:04:57.0421 4988 ComputerName: ***
19:04:57.0421 4988 UserName: ***
19:04:57.0421 4988 Windows directory: C:\WINDOWS
19:04:57.0421 4988 System windows directory: C:\WINDOWS
19:04:57.0421 4988 Processor architecture: Intel x86
19:04:57.0421 4988 Number of processors: 2
19:04:57.0421 4988 Page size: 0x1000
19:04:57.0421 4988 Boot type: Normal boot
19:04:57.0421 4988 ============================================================
19:05:07.0093 4988 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:05:07.0093 4988 ============================================================
19:05:07.0093 4988 \Device\Harddisk0\DR0:
19:05:07.0093 4988 MBR partitions:
19:05:07.0093 4988 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x129E5AF4
19:05:07.0093 4988 ============================================================
19:05:07.0156 4988 C: <-> \Device\Harddisk0\DR0\Partition0
19:05:07.0156 4988 ============================================================
19:05:07.0156 4988 Initialize success
19:05:07.0156 4988 ============================================================
19:06:12.0734 1736 ============================================================
19:06:12.0734 1736 Scan started
19:06:12.0734 1736 Mode: Manual; SigCheck; TDLFS;
19:06:12.0734 1736 ============================================================
19:06:13.0625 1736 Abiosdsk - ok
19:06:13.0718 1736 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:06:18.0062 1736 abp480n5 - ok
19:06:18.0187 1736 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:06:18.0375 1736 ACPI - ok
19:06:18.0375 1736 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:06:18.0484 1736 ACPIEC - ok
19:06:18.0578 1736 acsint (c0a9a0be382321a7a6adfcc4b305f062) C:\WINDOWS\system32\DRIVERS\acsint.sys
19:06:18.0625 1736 acsint - ok
19:06:18.0687 1736 acsmux (9d4b043fa3a628c6f0d56954a71cd726) C:\WINDOWS\system32\DRIVERS\acsmux.sys
19:06:18.0734 1736 acsmux - ok
19:06:18.0953 1736 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:06:18.0968 1736 AdobeFlashPlayerUpdateSvc - ok
19:06:19.0125 1736 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:06:19.0312 1736 adpu160m - ok
19:06:19.0437 1736 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:06:19.0609 1736 aec - ok
19:06:19.0734 1736 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:06:19.0765 1736 AegisP - ok
19:06:19.0921 1736 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:06:20.0109 1736 AFD - ok
19:06:20.0187 1736 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:06:20.0343 1736 agp440 - ok
19:06:20.0406 1736 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:06:20.0515 1736 agpCPQ - ok
19:06:20.0531 1736 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:06:20.0625 1736 Aha154x - ok
19:06:20.0687 1736 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:06:20.0875 1736 aic78u2 - ok
19:06:20.0906 1736 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:06:21.0015 1736 aic78xx - ok
19:06:21.0078 1736 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
19:06:21.0171 1736 Alerter - ok
19:06:21.0218 1736 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
19:06:21.0281 1736 ALG - ok
19:06:21.0312 1736 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
19:06:21.0406 1736 AliIde - ok
19:06:21.0453 1736 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:06:21.0593 1736 alim1541 - ok
19:06:21.0656 1736 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:06:21.0796 1736 amdagp - ok
19:06:21.0812 1736 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
19:06:21.0875 1736 amsint - ok
19:06:21.0968 1736 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
19:06:22.0078 1736 ApfiltrService - ok
19:06:22.0140 1736 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
19:06:22.0171 1736 APPDRV ( UnsignedFile.Multi.Generic ) - warning
19:06:22.0171 1736 APPDRV - detected UnsignedFile.Multi.Generic (1)
19:06:22.0312 1736 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
19:06:22.0468 1736 AppMgmt - ok
19:06:22.0515 1736 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:06:22.0640 1736 Arp1394 - ok
19:06:22.0671 1736 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
19:06:22.0812 1736 asc - ok
19:06:22.0843 1736 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:06:22.0953 1736 asc3350p - ok
19:06:23.0015 1736 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:06:23.0109 1736 asc3550 - ok
19:06:23.0296 1736 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:06:23.0375 1736 aspnet_state - ok
19:06:23.0421 1736 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:06:23.0531 1736 AsyncMac - ok
19:06:23.0671 1736 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:06:23.0781 1736 atapi - ok
19:06:23.0796 1736 Atdisk - ok
19:06:23.0843 1736 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:06:24.0000 1736 Atmarpc - ok
19:06:24.0093 1736 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
19:06:24.0218 1736 AudioSrv - ok
19:06:24.0296 1736 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:06:24.0390 1736 audstub - ok
19:06:27.0750 1736 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Programme\AVG\AVG2012\AVGIDSAgent.exe
19:06:32.0625 1736 AVGIDSAgent - ok
19:06:33.0187 1736 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
19:06:33.0296 1736 AVGIDSDriver - ok
19:06:33.0343 1736 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
19:06:33.0375 1736 AVGIDSFilter - ok
19:06:33.0468 1736 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
19:06:33.0515 1736 AVGIDSHX - ok
19:06:33.0593 1736 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
19:06:33.0640 1736 AVGIDSShim - ok
19:06:33.0875 1736 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:06:34.0109 1736 Avgldx86 - ok
19:06:34.0140 1736 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:06:34.0187 1736 Avgmfx86 - ok
19:06:34.0218 1736 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:06:34.0265 1736 Avgrkx86 - ok
19:06:34.0484 1736 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:06:34.0703 1736 Avgtdix - ok
19:06:35.0109 1736 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Programme\AVG\AVG2012\avgwdsvc.exe
19:06:35.0328 1736 avgwd - ok
19:06:35.0406 1736 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:06:35.0593 1736 Beep - ok
19:06:36.0125 1736 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
19:06:36.0687 1736 BITS - ok
19:06:37.0000 1736 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
19:06:37.0171 1736 Browser - ok
19:06:37.0234 1736 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:06:37.0453 1736 cbidf - ok
19:06:37.0453 1736 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:06:37.0546 1736 cbidf2k - ok
19:06:37.0812 1736 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:06:37.0906 1736 CCDECODE - ok
19:06:37.0921 1736 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:06:37.0968 1736 cd20xrnt - ok
19:06:38.0062 1736 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:06:38.0250 1736 Cdaudio - ok
19:06:38.0531 1736 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:06:38.0671 1736 Cdfs - ok
19:06:38.0703 1736 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:06:38.0828 1736 Cdrom - ok
19:06:38.0843 1736 Changer - ok
19:06:38.0937 1736 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
19:06:39.0015 1736 CiSvc - ok
19:06:39.0046 1736 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
19:06:39.0156 1736 ClipSrv - ok
19:06:39.0343 1736 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:06:39.0531 1736 clr_optimization_v2.0.50727_32 - ok
19:06:39.0609 1736 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:06:39.0703 1736 CmBatt - ok
19:06:39.0750 1736 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:06:39.0890 1736 CmdIde - ok
19:06:39.0937 1736 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:06:40.0062 1736 Compbatt - ok
19:06:40.0062 1736 COMSysApp - ok
19:06:40.0109 1736 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:06:40.0250 1736 Cpqarray - ok
19:06:40.0375 1736 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
19:06:40.0484 1736 CryptSvc - ok
19:06:40.0562 1736 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
19:06:40.0625 1736 CVirtA - ok
19:06:40.0718 1736 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:06:40.0953 1736 dac2w2k - ok
19:06:40.0984 1736 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:06:41.0078 1736 dac960nt - ok
19:06:41.0265 1736 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
19:06:41.0625 1736 DcomLaunch - ok
19:06:41.0750 1736 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
19:06:41.0937 1736 Dhcp - ok
19:06:42.0015 1736 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:06:42.0125 1736 Disk - ok
19:06:42.0171 1736 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
19:06:42.0203 1736 DLABMFSM - ok
19:06:42.0234 1736 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
19:06:42.0265 1736 DLABOIOM - ok
19:06:42.0265 1736 DLACDBHM - ok
19:06:42.0281 1736 DLADResM (f8b70d38845c4694b28adc4768676fd0) C:\WINDOWS\system32\Drivers\DLADResM.SYS
19:06:42.0296 1736 DLADResM - ok
19:06:42.0343 1736 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
19:06:42.0390 1736 DLAIFS_M - ok
19:06:42.0421 1736 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
19:06:42.0437 1736 DLAOPIOM - ok
19:06:42.0437 1736 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
19:06:42.0453 1736 DLAPoolM - ok
19:06:42.0484 1736 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
19:06:42.0500 1736 DLARTL_M - ok
19:06:42.0546 1736 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
19:06:42.0593 1736 DLAUDFAM - ok
19:06:42.0640 1736 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
19:06:42.0687 1736 DLAUDF_M - ok
19:06:42.0687 1736 dmadmin - ok
19:06:43.0046 1736 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
19:06:43.0718 1736 dmboot - ok
19:06:43.0812 1736 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
19:06:43.0984 1736 dmio - ok
19:06:44.0046 1736 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:06:44.0125 1736 dmload - ok
19:06:44.0187 1736 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
19:06:44.0281 1736 dmserver - ok
19:06:44.0406 1736 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:06:44.0531 1736 DMusic - ok
19:06:44.0625 1736 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
19:06:44.0765 1736 Dnscache - ok
19:06:44.0906 1736 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
19:06:45.0109 1736 Dot3svc - ok
19:06:45.0187 1736 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:06:45.0296 1736 dpti2o - ok
19:06:45.0343 1736 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:06:45.0421 1736 drmkaud - ok
19:06:45.0546 1736 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
19:06:45.0593 1736 DRVMCDB - ok
19:06:45.0625 1736 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
19:06:45.0656 1736 DRVNDDM - ok
19:06:45.0718 1736 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
19:06:45.0953 1736 EapHost - ok
19:06:46.0000 1736 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
19:06:46.0093 1736 ERSvc - ok
19:06:46.0234 1736 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
19:06:46.0312 1736 Eventlog - ok
19:06:46.0484 1736 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
19:06:46.0640 1736 EventSystem - ok
19:06:47.0078 1736 EvtEng (e71b03ff6b819ae1a286aa27e956d523) C:\Programme\Intel\Wireless\Bin\EvtEng.exe
19:06:47.0593 1736 EvtEng ( UnsignedFile.Multi.Generic ) - warning
19:06:47.0593 1736 EvtEng - detected UnsignedFile.Multi.Generic (1)
19:06:47.0750 1736 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:06:47.0921 1736 Fastfat - ok
19:06:48.0031 1736 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
19:06:48.0203 1736 FastUserSwitchingCompatibility - ok
19:06:48.0359 1736 Fax (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe
19:06:48.0671 1736 Fax - ok
19:06:49.0015 1736 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:06:49.0156 1736 Fdc - ok
19:06:49.0218 1736 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
19:06:49.0437 1736 Fips - ok
19:06:49.0453 1736 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:06:49.0796 1736 Flpydisk - ok
19:06:50.0140 1736 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:06:50.0484 1736 FltMgr - ok
19:06:50.0953 1736 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:06:50.0984 1736 FontCache3.0.0.0 - ok
19:06:51.0062 1736 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:06:51.0265 1736 Fs_Rec - ok
19:06:51.0859 1736 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:06:52.0218 1736 Ftdisk - ok
19:06:52.0468 1736 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:06:52.0593 1736 Gpc - ok
19:06:52.0671 1736 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:06:52.0937 1736 HDAudBus - ok
19:06:53.0093 1736 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:06:53.0203 1736 helpsvc - ok
19:06:53.0281 1736 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
19:06:53.0375 1736 HidServ - ok
19:06:53.0390 1736 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:06:53.0515 1736 hidusb - ok
19:06:53.0562 1736 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
19:06:53.0718 1736 hkmsvc - ok
19:06:54.0015 1736 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
19:06:54.0156 1736 hpn - ok
19:06:54.0843 1736 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:06:55.0109 1736 HTTP - ok
19:06:55.0187 1736 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
19:06:55.0390 1736 HTTPFilter - ok
19:06:55.0640 1736 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:06:55.0734 1736 i2omgmt - ok
19:06:55.0812 1736 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:06:56.0093 1736 i2omp - ok
19:06:56.0437 1736 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:06:56.0562 1736 i8042prt - ok
19:07:00.0218 1736 ialm (bffa387180121df1e4646c4ced3e16ca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:07:06.0281 1736 ialm - ok
19:07:07.0171 1736 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\drivers\iaStor.sys
19:07:07.0390 1736 iaStor - ok
19:07:08.0093 1736 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:07:08.0843 1736 idsvc - ok
19:07:08.0921 1736 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:07:09.0062 1736 Imapi - ok
19:07:09.0187 1736 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
19:07:09.0359 1736 ImapiService - ok
19:07:09.0421 1736 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:07:09.0562 1736 ini910u - ok
19:07:12.0218 1736 IntcAzAudAddService (613a2b00da1d4a80de1ec8cfb52c0d89) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:07:17.0937 1736 IntcAzAudAddService - ok
19:07:18.0593 1736 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:07:18.0828 1736 IntelIde - ok
19:07:19.0109 1736 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:07:19.0203 1736 intelppm - ok
19:07:19.0250 1736 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:07:19.0359 1736 Ip6Fw - ok
19:07:19.0375 1736 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:07:19.0531 1736 IpFilterDriver - ok
19:07:19.0546 1736 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:07:19.0640 1736 IpInIp - ok
19:07:19.0984 1736 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:07:20.0156 1736 IpNat - ok
19:07:20.0218 1736 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:07:20.0437 1736 IPSec - ok
19:07:20.0687 1736 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:07:20.0750 1736 IRENUM - ok
19:07:20.0828 1736 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:07:20.0968 1736 isapnp - ok
19:07:21.0343 1736 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Programme\Java\jre6\bin\jqs.exe
19:07:21.0593 1736 JavaQuickStarterService - ok
19:07:21.0687 1736 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:07:21.0906 1736 Kbdclass - ok
19:07:22.0171 1736 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:07:22.0265 1736 kbdhid - ok
19:07:22.0406 1736 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:07:22.0687 1736 kmixer - ok
19:07:23.0015 1736 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:07:23.0250 1736 KSecDD - ok
19:07:23.0390 1736 LanmanServer (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
19:07:23.0593 1736 LanmanServer - ok
19:07:23.0781 1736 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
19:07:24.0031 1736 lanmanworkstation - ok
19:07:25.0515 1736 Lavasoft Ad-Aware Service (55afd4a9d5ed4ad40d5215ccdf4d65f3) C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
19:07:26.0546 1736 Lavasoft Ad-Aware Service - ok
19:07:27.0062 1736 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
19:07:27.0125 1736 Lbd - ok
19:07:27.0140 1736 lbrtfdc - ok
19:07:27.0234 1736 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
19:07:27.0437 1736 LmHosts - ok
19:07:27.0703 1736 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
19:07:27.0812 1736 Messenger - ok
19:07:27.0921 1736 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:07:28.0000 1736 mnmdd - ok
19:07:28.0062 1736 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
19:07:28.0156 1736 mnmsrvc - ok
19:07:28.0171 1736 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
19:07:28.0281 1736 Modem - ok
19:07:28.0359 1736 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:07:28.0468 1736 Mouclass - ok
19:07:28.0546 1736 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:07:28.0640 1736 mouhid - ok
19:07:28.0671 1736 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:07:28.0812 1736 MountMgr - ok
19:07:29.0187 1736 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
19:07:29.0312 1736 MozillaMaintenance - ok
19:07:29.0343 1736 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:07:29.0578 1736 mraid35x - ok
19:07:30.0031 1736 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:07:30.0390 1736 MRxDAV - ok
19:07:31.0171 1736 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:07:31.0812 1736 MRxSmb - ok
19:07:31.0921 1736 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
19:07:32.0125 1736 MSDTC - ok
19:07:32.0437 1736 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:07:32.0531 1736 Msfs - ok
19:07:32.0531 1736 MSIServer - ok
19:07:32.0578 1736 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:07:32.0703 1736 MSKSSRV - ok
19:07:32.0765 1736 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:07:32.0859 1736 MSPCLOCK - ok
19:07:32.0968 1736 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:07:33.0109 1736 MSPQM - ok
19:07:33.0140 1736 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:07:33.0234 1736 mssmbios - ok
19:07:33.0281 1736 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:07:33.0406 1736 MSTEE - ok
19:07:33.0531 1736 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:07:33.0625 1736 Mup - ok
19:07:33.0687 1736 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:07:33.0859 1736 NABTSFEC - ok
19:07:34.0093 1736 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
19:07:34.0312 1736 napagent - ok
19:07:34.0453 1736 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:07:34.0625 1736 NDIS - ok
19:07:34.0671 1736 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:07:34.0796 1736 NdisIP - ok
19:07:34.0921 1736 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:07:35.0109 1736 NdisTapi - ok
19:07:35.0125 1736 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:07:35.0234 1736 Ndisuio - ok
19:07:35.0281 1736 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:07:35.0390 1736 NdisWan - ok
19:07:35.0484 1736 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:07:35.0546 1736 NDProxy - ok
19:07:35.0640 1736 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:07:35.0750 1736 NetBIOS - ok
19:07:35.0906 1736 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:07:36.0140 1736 NetBT - ok
19:07:36.0250 1736 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
19:07:36.0375 1736 NetDDE - ok
19:07:36.0390 1736 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
19:07:36.0484 1736 NetDDEdsdm - ok
19:07:36.0750 1736 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
19:07:36.0843 1736 Netlogon - ok
19:07:36.0953 1736 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
19:07:37.0343 1736 Netman - ok
19:07:37.0765 1736 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:07:37.0843 1736 NetTcpPortSharing - ok
19:07:38.0984 1736 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
19:07:41.0234 1736 NETw4x32 - ok
19:07:44.0515 1736 NETw5x32 (91f027c242d3ff6e5c09f92a0518297f) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
19:07:49.0031 1736 NETw5x32 - ok
19:07:49.0656 1736 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:07:49.0921 1736 NIC1394 - ok
19:07:50.0093 1736 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
19:07:50.0125 1736 Nla - ok
19:07:50.0156 1736 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:07:50.0265 1736 Npfs - ok
19:07:50.0265 1736 npggsvc - ok
19:07:50.0562 1736 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:07:51.0156 1736 Ntfs - ok
19:07:51.0453 1736 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
19:07:51.0546 1736 NtLmSsp - ok
19:07:51.0890 1736 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
19:07:52.0421 1736 NtmsSvc - ok
19:07:52.0656 1736 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:07:52.0796 1736 Null - ok
19:07:53.0093 1736 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:07:53.0359 1736 NwlnkFlt - ok
19:07:53.0609 1736 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:07:53.0859 1736 NwlnkFwd - ok
19:07:54.0156 1736 O2FLASH (bbd5503999f331278db39046888d559c) C:\WINDOWS\system32\DRIVERS\o2flash.exe
19:07:54.0265 1736 O2FLASH - ok
19:07:54.0343 1736 O2MDRDR (305e0ec480ebc7a24d4b691da76e008c) C:\WINDOWS\system32\DRIVERS\o2media.sys
19:07:54.0375 1736 O2MDRDR - ok
19:07:54.0406 1736 O2SDRDR (6e590c91f97ae5e3408453c8ae9a3000) C:\WINDOWS\system32\DRIVERS\o2sd.sys
19:07:54.0468 1736 O2SDRDR - ok
19:07:54.0562 1736 OEM13Afx (58f478fd0115012ceec75fb73628901c) C:\WINDOWS\system32\Drivers\OEM13Afx.sys
19:07:54.0765 1736 OEM13Afx - ok
19:07:54.0828 1736 OEM13Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM13Vfx.sys
19:07:54.0906 1736 OEM13Vfx - ok
19:07:55.0109 1736 OEM13Vid (12539b57ed05de7552403a12b3e0161c) C:\WINDOWS\system32\DRIVERS\OEM13Vid.sys
19:07:55.0312 1736 OEM13Vid - ok
19:07:55.0421 1736 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:07:55.0671 1736 ohci1394 - ok
19:07:56.0312 1736 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
19:07:56.0500 1736 ose - ok
19:07:59.0281 1736 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:08:01.0968 1736 osppsvc - ok
19:08:02.0750 1736 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
19:08:03.0046 1736 Parport - ok
19:08:03.0296 1736 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:08:03.0406 1736 PartMgr - ok
19:08:03.0437 1736 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
19:08:03.0578 1736 ParVdm - ok
19:08:03.0671 1736 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
19:08:03.0906 1736 PCI - ok
19:08:03.0906 1736 PCIDump - ok
19:08:03.0937 1736 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:08:04.0031 1736 PCIIde - ok
19:08:04.0093 1736 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:08:04.0234 1736 Pcmcia - ok
19:08:04.0234 1736 PDCOMP - ok
19:08:04.0234 1736 PDFRAME - ok
19:08:04.0250 1736 PDRELI - ok
19:08:04.0250 1736 PDRFRAME - ok
19:08:04.0265 1736 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
19:08:04.0375 1736 perc2 - ok
19:08:04.0625 1736 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:08:04.0765 1736 perc2hib - ok
19:08:04.0906 1736 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
19:08:04.0921 1736 PlugPlay - ok
19:08:05.0031 1736 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
19:08:05.0218 1736 PolicyAgent - ok
19:08:05.0750 1736 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:08:06.0000 1736 PptpMiniport - ok
19:08:06.0000 1736 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
19:08:06.0093 1736 ProtectedStorage - ok
19:08:06.0375 1736 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:08:06.0812 1736 PSched - ok
19:08:06.0859 1736 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:08:07.0156 1736 Ptilink - ok
19:08:07.0234 1736 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:08:07.0250 1736 PxHelp20 - ok
19:08:07.0281 1736 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:08:07.0390 1736 ql1080 - ok
19:08:07.0406 1736 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:08:07.0562 1736 Ql10wnt - ok
19:08:07.0593 1736 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:08:07.0703 1736 ql12160 - ok
19:08:07.0718 1736 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:08:07.0859 1736 ql1240 - ok
19:08:08.0109 1736 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:08:08.0218 1736 ql1280 - ok
19:08:08.0250 1736 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:08:08.0390 1736 RasAcd - ok
19:08:08.0984 1736 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
19:08:09.0203 1736 RasAuto - ok
19:08:09.0468 1736 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:08:09.0578 1736 Rasl2tp - ok
19:08:09.0671 1736 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
19:08:10.0000 1736 RasMan - ok
19:08:10.0015 1736 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:08:10.0125 1736 RasPppoe - ok
19:08:10.0125 1736 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:08:10.0218 1736 Raspti - ok
19:08:10.0796 1736 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:08:11.0015 1736 Rdbss - ok
19:08:11.0265 1736 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:08:11.0453 1736 RDPCDD - ok
19:08:11.0546 1736 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:08:11.0953 1736 rdpdr - ok
19:08:12.0109 1736 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
19:08:12.0312 1736 RDPWD - ok
19:08:12.0453 1736 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
19:08:12.0734 1736 RDSessMgr - ok
19:08:13.0000 1736 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:08:13.0125 1736 redbook - ok
19:08:13.0515 1736 RegSrvc (2cf574d0965f58e514a2dc94114d7eca) C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
19:08:13.0734 1736 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
19:08:13.0734 1736 RegSrvc - detected UnsignedFile.Multi.Generic (1)
19:08:13.0890 1736 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
19:08:14.0156 1736 RemoteAccess - ok
19:08:14.0468 1736 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
19:08:14.0578 1736 RemoteRegistry - ok
19:08:14.0640 1736 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
19:08:14.0890 1736 RpcLocator - ok
19:08:15.0312 1736 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
19:08:15.0500 1736 RpcSs - ok
19:08:15.0609 1736 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
19:08:15.0906 1736 RSVP - ok
19:08:16.0093 1736 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:08:16.0218 1736 RTLE8023xp - ok
19:08:16.0750 1736 S24EventMonitor (874173edbd4f2fe711f245855a2ffa23) C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
19:08:17.0750 1736 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0750 1736 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
19:08:17.0781 1736 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys
19:08:17.0796 1736 s24trans ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0796 1736 s24trans - detected UnsignedFile.Multi.Generic (1)
19:08:17.0875 1736 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
19:08:17.0968 1736 SamSs - ok
19:08:18.0078 1736 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
19:08:18.0234 1736 SCardSvr - ok
19:08:18.0328 1736 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
19:08:18.0562 1736 Schedule - ok
19:08:18.0640 1736 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
19:08:18.0765 1736 sdbus - ok
19:08:18.0781 1736 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:08:18.0875 1736 Secdrv - ok
19:08:18.0984 1736 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
19:08:19.0109 1736 seclogon - ok
19:08:19.0140 1736 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
19:08:19.0234 1736 SENS - ok
19:08:19.0296 1736 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
19:08:19.0421 1736 Serial - ok
19:08:19.0468 1736 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:08:19.0562 1736 Sfloppy - ok
19:08:19.0781 1736 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
19:08:20.0156 1736 SharedAccess - ok
19:08:20.0421 1736 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
19:08:20.0437 1736 ShellHWDetection - ok
19:08:20.0437 1736 Simbad - ok
19:08:20.0484 1736 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:08:20.0671 1736 sisagp - ok
19:08:20.0734 1736 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:08:20.0859 1736 SLIP - ok
19:08:20.0921 1736 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:08:20.0984 1736 Sparrow - ok
19:08:21.0031 1736 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:08:21.0109 1736 splitter - ok
19:08:21.0218 1736 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:08:21.0281 1736 Spooler - ok
19:08:21.0453 1736 sprtsvc_dellsupportcenter - ok
19:08:21.0562 1736 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
19:08:21.0671 1736 sr - ok
19:08:21.0828 1736 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
19:08:21.0984 1736 srservice - ok
19:08:22.0156 1736 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:08:22.0453 1736 Srv - ok
19:08:22.0562 1736 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
19:08:22.0640 1736 SSDPSRV - ok
19:08:22.0734 1736 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
19:08:22.0750 1736 StarOpen ( UnsignedFile.Multi.Generic ) - warning
19:08:22.0750 1736 StarOpen - detected UnsignedFile.Multi.Generic (1)
19:08:22.0906 1736 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
19:08:23.0296 1736 stisvc - ok
19:08:23.0375 1736 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe
19:08:23.0453 1736 stllssvr ( UnsignedFile.Multi.Generic ) - warning
19:08:23.0453 1736 stllssvr - detected UnsignedFile.Multi.Generic (1)
19:08:23.0515 1736 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:08:23.0656 1736 streamip - ok
19:08:23.0671 1736 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:08:23.0765 1736 swenum - ok
19:08:23.0812 1736 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:08:23.0968 1736 swmidi - ok
19:08:23.0968 1736 SwPrv - ok
19:08:24.0031 1736 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
19:08:24.0125 1736 symc810 - ok
19:08:24.0203 1736 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:08:24.0296 1736 symc8xx - ok
19:08:24.0312 1736 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:08:24.0453 1736 sym_hi - ok
19:08:24.0468 1736 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:08:24.0562 1736 sym_u3 - ok
19:08:24.0671 1736 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:08:24.0796 1736 sysaudio - ok
19:08:24.0968 1736 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
19:08:25.0125 1736 SysmonLog - ok
19:08:25.0250 1736 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
19:08:25.0437 1736 TapiSrv - ok
19:08:25.0671 1736 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:08:25.0937 1736 Tcpip - ok
19:08:26.0000 1736 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:08:26.0093 1736 TDPIPE - ok
19:08:26.0125 1736 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:08:26.0250 1736 TDTCP - ok
19:08:26.0296 1736 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:08:26.0406 1736 TermDD - ok
19:08:26.0593 1736 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
19:08:26.0812 1736 TermService - ok
19:08:27.0093 1736 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
19:08:27.0109 1736 Themes - ok
19:08:27.0187 1736 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
19:08:27.0296 1736 TlntSvr - ok
19:08:27.0375 1736 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
19:08:27.0453 1736 TosIde - ok
19:08:27.0546 1736 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
19:08:27.0656 1736 tosporte - ok
19:08:27.0718 1736 tosrfbd (435ac6cc2abed508ac5a495658cbaf0f) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
19:08:27.0875 1736 tosrfbd - ok
19:08:27.0937 1736 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
19:08:28.0031 1736 tosrfbnp - ok
19:08:28.0109 1736 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
19:08:28.0187 1736 Tosrfcom - ok
19:08:28.0234 1736 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
19:08:28.0343 1736 Tosrfhid - ok
19:08:28.0390 1736 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
19:08:28.0437 1736 tosrfnds - ok
19:08:28.0468 1736 Tosrfusb (6bc529c5eca0c7654943fd6fab21c5fa) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
19:08:28.0546 1736 Tosrfusb - ok
19:08:28.0656 1736 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
19:08:28.0796 1736 TrkWks - ok
19:08:28.0859 1736 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:08:29.0015 1736 Udfs - ok
19:08:29.0109 1736 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
19:08:29.0203 1736 ultra - ok
19:08:29.0296 1736 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
19:08:29.0390 1736 UMWdf - ok
19:08:29.0609 1736 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:08:30.0140 1736 Update - ok
19:08:30.0515 1736 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
19:08:30.0687 1736 upnphost - ok
19:08:30.0703 1736 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
19:08:30.0796 1736 UPS - ok
19:08:30.0828 1736 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:08:31.0000 1736 usbccgp - ok
19:08:31.0078 1736 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:08:31.0187 1736 usbehci - ok
19:08:31.0281 1736 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:08:31.0406 1736 usbhub - ok
19:08:31.0484 1736 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:08:31.0593 1736 usbprint - ok
19:08:31.0687 1736 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:08:31.0796 1736 USBSTOR - ok
19:08:31.0812 1736 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:08:31.0937 1736 usbuhci - ok
19:08:32.0093 1736 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:08:32.0234 1736 usbvideo - ok
19:08:32.0468 1736 usnjsvc (9d19b042a4fd5c02195071ea2fe0c821) C:\Programme\Windows Live\Messenger\usnsvc.exe
19:08:32.0531 1736 usnjsvc - ok
19:08:32.0609 1736 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:08:32.0718 1736 VgaSave - ok
19:08:32.0765 1736 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:08:32.0875 1736 viaagp - ok
19:08:32.0937 1736 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:08:33.0015 1736 ViaIde - ok
19:08:33.0078 1736 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
19:08:33.0171 1736 VolSnap - ok
19:08:33.0515 1736 vpnagent (d9cc6202d8a3ec84f1516f6cc3e2e6ed) C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
19:08:33.0984 1736 vpnagent - ok
19:08:34.0093 1736 vpnva (0d8df4058901616a4e716ab67d472581) C:\WINDOWS\system32\DRIVERS\vpnva.sys
19:08:34.0125 1736 vpnva - ok
19:08:34.0140 1736 vsdatant - ok
19:08:34.0390 1736 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
19:08:34.0671 1736 VSS - ok
19:08:35.0718 1736 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
19:08:36.0812 1736 vToolbarUpdater11.1.0 - ok
19:08:37.0031 1736 w32time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
19:08:37.0437 1736 w32time - ok
19:08:37.0843 1736 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:08:37.0984 1736 Wanarp - ok
19:08:38.0265 1736 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:08:38.0593 1736 Wdf01000 - ok
19:08:38.0593 1736 WDICA - ok
19:08:38.0687 1736 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:08:38.0859 1736 wdmaud - ok
19:08:38.0968 1736 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
19:08:39.0109 1736 WebClient - ok
19:08:39.0312 1736 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:08:39.0484 1736 winmgmt - ok
19:08:39.0781 1736 WLANKEEPER (4307641ca3389a210295fdffd2a73dee) C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
19:08:39.0953 1736 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning
19:08:39.0953 1736 WLANKEEPER - detected UnsignedFile.Multi.Generic (1)
19:08:40.0296 1736 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Programme\Windows Live\installer\WLSetupSvc.exe
19:08:40.0531 1736 WLSetupSvc - ok
19:08:40.0609 1736 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
19:08:40.0687 1736 WmdmPmSN - ok
19:08:41.0171 1736 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
19:08:41.0546 1736 Wmi - ok
19:08:41.0703 1736 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:08:41.0890 1736 WmiAcpi - ok
19:08:42.0312 1736 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:08:42.0468 1736 WmiApSrv - ok
19:08:42.0531 1736 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
19:08:42.0609 1736 WpdUsb - ok
19:08:42.0734 1736 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
19:08:42.0906 1736 wscsvc - ok
19:08:42.0953 1736 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:08:43.0046 1736 WSTCODEC - ok
19:08:43.0125 1736 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
19:08:43.0218 1736 wuauserv - ok
19:08:43.0484 1736 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
19:08:43.0906 1736 WZCSVC - ok
19:08:44.0015 1736 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
19:08:44.0218 1736 xmlprov - ok
19:08:44.0312 1736 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:08:45.0093 1736 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:08:45.0093 1736 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:08:45.0093 1736 Boot (0x1200) (1d523dd709f6d9fbfce536ee5fbb881f) \Device\Harddisk0\DR0\Partition0
19:08:45.0109 1736 \Device\Harddisk0\DR0\Partition0 - ok
19:08:45.0109 1736 ============================================================
19:08:45.0109 1736 Scan finished
19:08:45.0109 1736 ============================================================
19:08:45.0218 7044 Detected object count: 9
19:08:45.0218 7044 Actual detected object count: 9
19:08:59.0421 7044 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:59.0421 7044 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:08:59.0437 7044 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:59.0437 7044 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:08:59.0437 7044 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:59.0437 7044 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:08:59.0437 7044 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:59.0437 7044 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:08:59.0437 7044 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:59.0437 7044 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:08:59.0437 7044 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:59.0437 7044 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:08:59.0437 7044 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:59.0437 7044 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:08:59.0453 7044 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:59.0453 7044 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:08:59.0453 7044 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:08:59.0453 7044 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
|
|
| Themen zu PC plötzlich verlangsamt |
| avg, beseitigt, edition, erweiterungen, free, freundin, hochfahren, hören, installiert, länger, minute, minuten, mozilla, offline, online, plötzlich, problem, remover, ruckel, sachen, suche, tipps, video, windows, windows xp |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
