| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Cain.exe auf Asus Eee PC 1000H XP HomeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.06.2012, 23:01
| #1 |
 |  Cain.exe auf Asus Eee PC 1000H XP Home Hallo Trojaner Board-Team, mein EEE PC von Asus (ein 1000H mit XP Home als Betriebssystem) hat sich cain.exe eingefangen. Ich kann leider nicht genau sagen, wann und wie ich mir diesen eingefangen habe, weil er auf meinem Admin-Konto ist, was ich nur äußert selten zum installieren von Programmen nutze, während ich meine normalen Arbeiten (E-Mails lesen, Internet surfen usw.) mit dem EEE PC auf einem Konto mit eingeschränkten Benutzerrechten durchführe. Bei meiner vorletzten Nutzung des Admin-Kontos war noch alles in Ordnung. Bei der letzten Nutzung des Admin-Kontos erschien jedoch die Warnung von Antivir, dass ich mir cain.exe eingefangen hätte. Und jedesmal wenn ich auf entfernen klickte und Antivir damit began, bekam ich von Antivir wieder die Meldung, dass es cain.exe gefunden hätte, was zu insgesamt drei sich überlagernden Meldungen/Löschvorgängen von antivir führte. Da habe ich mich dann abgemeldet, um den Schaden nicht noch größer zu machen. Bei dem Konto mit eingeschränkten Benutzerrechten habe ich bis jetzt noch keine Probleme festgestellt, bis auf die Tatsache, dass ich bei Ordnern nicht mehr nach unten scrollen kann, sondern die Bildlaufleiste immer automatisch nach oben springt. Ich danke euch für eure Hilfe. Viele Grüße FCK191 |
|
21.06.2012, 15:29
| #2 |
| /// Malwareteam    | Cain.exe auf Asus Eee PC 1000H XP Home Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Schritt 1: OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
Schritt 2: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
21.06.2012, 20:17
| #3 |
| | Cain.exe auf Asus Eee PC 1000H XP Home Hallo Marius,
__________________hier die OTL.txt: [CODE] OTL Logfile:OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.06.2012 18:02:56 - Run 1 OTL by OldTimer - Version 3.2.17.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.015,00 Mb Total Physical Memory | 287,00 Mb Available Physical Memory | 28,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 66,00% Paging File free Paging file location(s): C:\pagefile.sys 1522 1522 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 79,99 Gb Total Space | 31,70 Gb Free Space | 39,63% Space Free | Partition Type: NTFS Drive D: | 61,20 Gb Total Space | 9,10 Gb Free Space | 14,86% Space Free | Partition Type: NTFS Computer Name: ***_LAPTOP | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***_2\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - D:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - D:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) PRC - D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.) PRC - C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\Elantech\ETDDECT.EXE (ELANTECH Devices Corp.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation) PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP) PRC - C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd.exe (Hewlett-Packard) PRC - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Elantech\ETDAPIX.DLL (ELANTECH Devices Corp.) MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.) MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll () ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG) SRV - (osppsvc) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbdev) -- C:\WINDOWS\system32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (Ktp) -- C:\WINDOWS\system32\drivers\ETD.sys (ELANTECH Devices Corp.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.) DRV - (RT80x86) -- C:\WINDOWS\system32\drivers\rt2860.sys (Ralink Technology, Corp.) DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.) DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://eeepc.asus.com/global IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.29 20:01:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.29 20:01:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.05.29 19:56:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.05.29 20:03:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2012.05.29 19:59:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins [2012.05.29 20:03:03 | 000,000,000 | ---D | M] [2010.10.23 22:52:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2012.06.21 17:54:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\89kb8qzn.default\extensions [2010.12.03 15:58:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\89kb8qzn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard) O4 - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.) O4 - HKLM..\Run: [ETDWareDetect] C:\Programme\Elantech\ETDDECT.EXE (ELANTECH Devices Corp.) O4 - HKLM..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Programme\Gemeinsame Dateien\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\programme\update\realsched.exe (RealNetworks, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SuperHybridEngine.lnk = C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\***_2\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O12 - Plugin for: .spop - C:\Programme\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.08.11 16:19:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{5151e45e-67bf-11dd-865e-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{5151e45e-67bf-11dd-865e-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5151e45e-67bf-11dd-865e-806d6172696f}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O33 - MountPoints2\{8a2c4714-de3a-11df-863d-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{8a2c4714-de3a-11df-863d-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{8a2c4714-de3a-11df-863d-806d6172696f}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.06.21 17:56:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012.06.11 19:41:53 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox [2012.05.29 20:03:23 | 000,000,000 | ---D | C] -- C:\Programme\templates [2012.05.29 20:03:22 | 000,016,896 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\wmdmhelper.dll [2012.05.29 20:03:07 | 000,000,000 | ---D | C] -- C:\Programme\Devices [2012.05.29 20:03:07 | 000,000,000 | ---D | C] -- C:\Programme\CDBurning [2012.05.29 20:03:06 | 000,139,264 | ---- | C] (Inner Media, Inc.) -- C:\Programme\dunzip32.dll [2012.05.29 20:03:05 | 000,361,984 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjdlg.dll [2012.05.29 20:03:05 | 000,034,304 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjprog.dll [2012.05.29 20:03:04 | 000,656,896 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjbres.dll [2012.05.29 20:03:03 | 000,045,056 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\ierjplug.dll [2012.05.29 20:03:01 | 000,009,728 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\fixrjb.exe [2012.05.29 20:02:59 | 001,115,376 | ---- | C] (Gracenote) -- C:\Programme\cddbmusicid.dll [2012.05.29 20:02:58 | 000,943,344 | ---- | C] (Gracenote) -- C:\Programme\cddblink.dll [2012.05.29 20:02:50 | 002,041,072 | ---- | C] (Gracenote, Inc.) -- C:\Programme\cddbcontrol.dll [2012.05.29 20:02:49 | 000,045,056 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\mmcdda32.dll [2012.05.29 20:02:49 | 000,023,552 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\tnetdtct.dll [2012.05.29 20:02:48 | 000,074,240 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\tsasdk.dll [2012.05.29 20:02:47 | 000,048,640 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\tpasdk.dll [2012.05.29 20:02:44 | 000,067,584 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpwa3260.dll [2012.05.29 20:02:40 | 000,045,728 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpshellsearch.dll [2012.05.29 20:02:07 | 000,375,416 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\realconverter.exe [2012.05.29 20:02:07 | 000,349,304 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\convert.exe [2012.05.29 20:01:58 | 000,390,384 | ---- | C] (MainConcept GmbH) -- C:\Programme\mc_enc_mp4v.dll [2012.05.29 20:01:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\xing shared [2012.05.29 20:01:47 | 000,000,000 | ---D | C] -- C:\Programme\Producer [2012.05.29 20:01:45 | 000,381,040 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\realtrimmer.exe [2012.05.29 20:01:45 | 000,129,648 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\realshare.exe [2012.05.29 20:01:45 | 000,000,000 | ---D | C] -- C:\Programme\Flash [2012.05.29 20:01:33 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Programme\dbghelp.dll [2012.05.29 20:01:28 | 000,072,192 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjwmapln.dll [2012.05.29 19:59:54 | 000,000,000 | ---D | C] -- C:\Programme\Visualizations [2012.05.29 19:59:52 | 000,046,592 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpau3260.dll [2012.05.29 19:59:22 | 000,000,000 | ---D | C] -- C:\Programme\Codecs [2012.05.29 19:58:46 | 000,000,000 | ---D | C] -- C:\Programme\DataCache [2012.05.29 19:58:45 | 000,029,824 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rndevicedbbuilder.exe [2012.05.29 19:58:45 | 000,000,000 | ---D | C] -- C:\Programme\mpaplugins [2012.05.29 19:58:43 | 000,000,000 | ---D | C] -- C:\Programme\Netscape6 [2012.05.29 19:58:42 | 000,116,888 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rdsf3260.dll [2012.05.29 19:58:42 | 000,088,064 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\hxaudiodevicehook.dll [2012.05.29 19:58:41 | 000,086,528 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpplugprot.dll [2012.05.29 19:58:41 | 000,064,656 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpshell.dll [2012.05.29 19:58:40 | 000,000,000 | ---D | C] -- C:\Programme\rcaplugins [2012.05.29 19:58:40 | 000,000,000 | ---D | C] -- C:\Programme\library [2012.05.29 19:58:36 | 000,000,000 | ---D | C] -- C:\Programme\rpplugins [2012.05.29 19:58:35 | 000,018,072 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rphelperapp.exe [2012.05.29 19:58:35 | 000,010,240 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\realjbox.exe [2012.05.29 19:58:34 | 000,499,312 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\realplay.exe [2012.05.29 19:58:29 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2012.05.29 19:58:16 | 000,439,464 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\recordingmanager.exe [2012.05.29 19:58:16 | 000,000,000 | ---D | C] -- C:\Programme\Plugins [2012.05.29 19:58:08 | 000,000,000 | ---D | C] -- C:\Programme\Common [2012.05.29 19:57:55 | 000,000,000 | ---D | C] -- C:\Programme\Setup [2008.08.11 19:17:59 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Programme\U1 Setup.exe [2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.21 18:34:03 | 000,001,218 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1301747544-1680805754-3394773290-1006UA.job [2012.06.21 18:15:01 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.06.21 17:51:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job [2012.06.21 17:45:35 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.06.21 17:45:34 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1301747544-1680805754-3394773290-1008.job [2012.06.21 17:45:34 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1301747544-1680805754-3394773290-1007.job [2012.06.21 17:45:34 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1301747544-1680805754-3394773290-1006.job [2012.06.21 17:38:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.06.21 11:34:00 | 000,001,166 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1301747544-1680805754-3394773290-1006Core.job [2012.06.20 22:27:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.20 22:26:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.17 00:59:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1301747544-1680805754-3394773290-1008.job [2012.06.16 15:33:10 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.06.15 14:51:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1301747544-1680805754-3394773290-1006.job [2012.06.15 12:28:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1301747544-1680805754-3394773290-1007.job [2012.06.13 13:46:12 | 000,298,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.06.13 13:39:40 | 000,488,178 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.06.13 13:39:40 | 000,444,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.06.13 13:39:40 | 000,095,986 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.06.13 13:39:40 | 000,072,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.06.13 05:28:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.05.29 20:03:06 | 000,139,264 | ---- | M] (Inner Media, Inc.) -- C:\Programme\dunzip32.dll [2012.05.29 20:03:02 | 000,002,851 | ---- | M] () -- C:\Programme\cdroms.cfg [2012.05.29 20:02:59 | 001,115,376 | ---- | M] (Gracenote) -- C:\Programme\cddbmusicid.dll [2012.05.29 20:02:58 | 000,943,344 | ---- | M] (Gracenote) -- C:\Programme\cddblink.dll [2012.05.29 20:02:50 | 002,041,072 | ---- | M] (Gracenote, Inc.) -- C:\Programme\cddbcontrol.dll [2012.05.29 20:02:45 | 000,119,808 | ---- | M] () -- C:\Programme\waiting.avi [2012.05.29 20:02:45 | 000,027,278 | ---- | M] () -- C:\Programme\frw.bmp [2012.05.29 20:02:44 | 000,016,296 | ---- | M] () -- C:\Programme\realtfon.fon [2012.05.29 20:02:42 | 000,067,473 | ---- | M] () -- C:\Programme\realplay.chm [2012.05.29 20:02:42 | 000,057,762 | ---- | M] () -- C:\Programme\howto.chm [2012.05.29 20:02:40 | 000,000,663 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RealPlayer.lnk [2012.05.29 20:02:36 | 000,000,177 | ---- | M] () -- C:\Programme\freeoffers.rnx [2012.05.29 20:02:07 | 000,818,622 | ---- | M] () -- C:\Programme\converter.vs [2012.05.29 20:01:58 | 000,390,384 | ---- | M] (MainConcept GmbH) -- C:\Programme\mc_enc_mp4v.dll [2012.05.29 20:01:45 | 000,045,443 | ---- | M] () -- C:\Programme\sharemedia.vs [2012.05.29 20:01:43 | 000,001,209 | ---- | M] () -- C:\Programme\flvplay.swf [2012.05.29 19:59:52 | 000,033,157 | ---- | M] () -- C:\Programme\RealNetworks License.html [2012.05.29 19:59:52 | 000,033,157 | ---- | M] () -- C:\Programme\playrlic.html [2012.05.29 19:59:29 | 000,055,043 | ---- | M] () -- C:\Programme\presets.rnx [2012.05.29 19:59:28 | 000,000,480 | ---- | M] () -- C:\Programme\keys.dat [2012.05.29 19:59:21 | 000,994,751 | ---- | M] () -- C:\Programme\normal.vs [2012.05.29 19:59:21 | 000,061,495 | ---- | M] () -- C:\Programme\ssimages.vs [2012.05.29 19:58:41 | 000,001,161 | ---- | M] () -- C:\Programme\autoplaylist.dat [2012.05.29 19:58:40 | 000,000,043 | ---- | M] () -- C:\Programme\strs23.dat [2012.05.29 19:58:40 | 000,000,013 | ---- | M] () -- C:\Programme\strs26.dat [2012.05.29 19:58:31 | 000,427,405 | ---- | M] () -- C:\Programme\calibrate.rv [2012.05.29 19:58:31 | 000,023,558 | ---- | M] () -- C:\Programme\freeoffers.ico [2012.05.29 19:58:31 | 000,017,846 | ---- | M] () -- C:\Programme\videotest.rm [2012.05.29 19:58:31 | 000,000,221 | ---- | M] () -- C:\Programme\subscription.rnx [2012.05.29 19:58:29 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.29 20:03:02 | 000,002,851 | ---- | C] () -- C:\Programme\cdroms.cfg [2012.05.29 20:02:45 | 000,119,808 | ---- | C] () -- C:\Programme\waiting.avi [2012.05.29 20:02:45 | 000,027,278 | ---- | C] () -- C:\Programme\frw.bmp [2012.05.29 20:02:44 | 000,016,296 | ---- | C] () -- C:\Programme\realtfon.fon [2012.05.29 20:02:42 | 000,067,473 | ---- | C] () -- C:\Programme\realplay.chm [2012.05.29 20:02:42 | 000,057,762 | ---- | C] () -- C:\Programme\howto.chm [2012.05.29 20:02:40 | 000,000,663 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RealPlayer.lnk [2012.05.29 20:02:07 | 000,818,622 | ---- | C] () -- C:\Programme\converter.vs [2012.05.29 20:01:45 | 000,045,443 | ---- | C] () -- C:\Programme\sharemedia.vs [2012.05.29 20:01:43 | 000,001,209 | ---- | C] () -- C:\Programme\flvplay.swf [2012.05.29 19:59:52 | 000,033,157 | ---- | C] () -- C:\Programme\RealNetworks License.html [2012.05.29 19:59:52 | 000,033,157 | ---- | C] () -- C:\Programme\playrlic.html [2012.05.29 19:59:52 | 000,032,068 | ---- | C] () -- C:\Programme\RealNetworks License.txt [2012.05.29 19:59:51 | 000,032,068 | ---- | C] () -- C:\Programme\playrlic.txt [2012.05.29 19:59:29 | 000,055,043 | ---- | C] () -- C:\Programme\presets.rnx [2012.05.29 19:59:28 | 000,000,480 | ---- | C] () -- C:\Programme\keys.dat [2012.05.29 19:59:21 | 000,994,751 | ---- | C] () -- C:\Programme\normal.vs [2012.05.29 19:59:21 | 000,061,495 | ---- | C] () -- C:\Programme\ssimages.vs [2012.05.29 19:58:41 | 000,001,161 | ---- | C] () -- C:\Programme\autoplaylist.dat [2012.05.29 19:58:40 | 000,000,043 | ---- | C] () -- C:\Programme\strs23.dat [2012.05.29 19:58:40 | 000,000,013 | ---- | C] () -- C:\Programme\strs26.dat [2012.05.29 19:58:31 | 000,023,558 | ---- | C] () -- C:\Programme\freeoffers.ico [2012.05.29 19:58:31 | 000,017,846 | ---- | C] () -- C:\Programme\videotest.rm [2012.05.29 19:58:31 | 000,000,221 | ---- | C] () -- C:\Programme\subscription.rnx [2012.05.29 19:58:31 | 000,000,177 | ---- | C] () -- C:\Programme\freeoffers.rnx [2012.05.29 19:58:30 | 000,427,405 | ---- | C] () -- C:\Programme\calibrate.rv [2012.05.27 03:38:35 | 000,172,136 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.02.19 17:18:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.05.30 13:59:58 | 000,012,327 | ---- | C] () -- C:\WINDOWS\hpdj5600.ini [2011.02.24 15:47:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011.02.24 15:45:28 | 000,008,704 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.03 15:24:55 | 000,000,539 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Rim.Desktop.Exception.log [2010.11.28 06:38:33 | 000,000,755 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Rim.Desktop.HttpServerSetup.log [2010.10.26 16:58:32 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2010.10.23 02:21:04 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2008.08.13 05:44:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008.08.11 19:39:13 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2008.08.11 19:39:13 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2008.08.11 19:39:13 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2008.08.11 19:39:13 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2008.08.11 19:39:13 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2008.08.11 19:39:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008.08.11 17:58:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll [2008.08.11 17:12:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.08.11 16:04:43 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2008.07.30 19:31:52 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini [2008.07.30 10:55:02 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.03.17 15:54:36 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll ========== LOP Check ========== [2011.10.30 17:35:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Advanced Chemistry Development [2011.06.20 01:03:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO [2010.11.28 06:37:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Research In Motion [2010.10.26 03:22:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2010.10.24 01:31:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.10.24 03:09:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\.purple [2011.10.30 17:35:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Advanced Chemistry Development [2010.12.03 17:05:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Blackberry Desktop [2012.06.21 18:35:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox [2010.10.23 22:07:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ElevatedDiagnostics [2010.10.24 02:21:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\enchant [2011.06.13 18:49:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\go [2011.05.30 14:04:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterTrust [2010.12.03 15:53:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\LuckaSoft [2011.05.13 09:09:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\LyX2.0 [2010.10.24 02:04:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera [2010.12.03 15:26:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Research In Motion [2011.02.13 18:06:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TeamViewer [2010.10.27 13:29:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search [2012.06.21 17:51:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job ========== Purity Check ========== < End of report > und die Extras.txt: [CODE] OTL Logfile:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.06.2012 18:02:56 - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.015,00 Mb Total Physical Memory | 287,00 Mb Available Physical Memory | 28,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): C:\pagefile.sys 1522 1522 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 79,99 Gb Total Space | 31,70 Gb Free Space | 39,63% Space Free | Partition Type: NTFS
Drive D: | 61,20 Gb Total Space | 9,10 Gb Free Space | 14,86% Space Free | Partition Type: NTFS
Computer Name: ***_LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Programme\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"D:\Programme\Microsoft Office\Office14\ONENOTE.EXE" = D:\Programme\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"D:\Programme\Microsoft Office\Office14\OUTLOOK.EXE" = D:\Programme\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\***_2\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\***_2\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"D:\Programme\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = D:\Programme\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Programme\TeamViewer\Version6\TeamViewer.exe" = C:\Programme\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"D:\Programme\TightVNC\tvnserver.exe" = D:\Programme\TightVNC\tvnserver.exe:*:Enabled:TightVNC Server -- File not found
"D:\Programme\TightVNC\vncviewer.exe" = D:\Programme\TightVNC\vncviewer.exe:*:Enabled:TightVNC Viewer -- File not found
"C:\Dokumente und Einstellungen\***_2\Lokale Einstellungen\Anwendungsdaten\Programs\Opera\opera.exe" = C:\Dokumente und Einstellungen\***_2\Lokale Einstellungen\Anwendungsdaten\Programs\Opera\opera.exe:*:Disabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"D:\Programme\iTunes\iTunes.exe" = D:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AC49543-9CE2-4434-AD42-5AA6E2967FA5}" = Windows Live Toolbar
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{18499419-2B80-4C3F-86D3-C6C45CD2062E}" = ML-1710 Series
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FB81FBD-A607-46AF-AB88-CE0E8CD607FF}" = Remotedesktopverbindung
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C52CED3-D45C-4DA9-932F-B91BD44BB461}" = Adabas D 13.01.00
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E4DAE31-7CF3-441A-B6E5-B014D63C80CD}" = Eee Instant Key
"{6F498E3F-616E-4368-0086-3F260E8FAB40}" = 2002 FIFA World Cup TM
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 14
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9510AB97-A36C-4352-8725-E72E5528FA1B}" = StarOffice 8 ASUS Edition
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{DB5518BE-F40F-407A-B451-012625D4497B}" = hp deskjet 5600
"{DF71EB8A-6E59-4249-BCB8-38EC406E4353}" = CIB pdf brewer
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ACDLabs in D__Programme_ACDFREE12_" = ACD/Labs Software in D:\Programme\ACDFREE12\
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aspell" = Aspell Data
"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)
"Aspell6-Dictionary-en" = Aspell 0.6 Dictionary (Language: en)
"Aspell6-Dictionary-es" = Aspell 0.6 Dictionary (Language: es)
"Aspell6-Dictionary-fr" = Aspell 0.6 Dictionary (Language: fr)
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"Cain & Abel v4.9.42" = Cain & Abel v4.9.42
"Eee Storage" = Eee Storage 1.1.15.197
"Elantech" = ETDWare PS/2-x86 7.0.3.8 WHQL 03Sep08
"EngInSite DataFreeway_is1" = EngInSite DataFreeway 2.8.4.233
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"GoogleVideoPlayer" = Google Video Player
"Gwyddion" = Gwyddion
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"hp print screen utility" = hp print screen utility
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"LyX" = LyX 1.6.9-2
"LyX20" = LyX 2.0.0-3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX 2.9" = MiKTeX 2.9
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird (3.1.5)" = Mozilla Thunderbird (3.1.5)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Office14.SingleImage" = Microsoft Office Professional 2010
"Opera 11.01.1190" = Opera 11.01
"Pidgin" = Pidgin
"RealPlayer 15.0" = RealPlayer
"ST6UNST #1" = PDF Maker DLL
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.10
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Live Toolbar" = Windows Live Toolbar
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.06.2012 16:36:13 | Computer Name = ***_LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5922
Error - 17.06.2012 16:36:13 | Computer Name = ***_LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5922
Error - 17.06.2012 16:36:16 | Computer Name = ***_LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.06.2012 17:21:06 | Computer Name = ***_LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8235
Error - 17.06.2012 17:21:06 | Computer Name = ***_LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8235
Error - 17.06.2012 20:51:13 | Computer Name = ***_LAPTOP | Source = Microsoft Office 14 | ID = 5000
Description = EventType officelifeboathang, P1 outlook.exe, P2 14.0.6117.5001, P3
wwlib.dll, P4 14.0.6024.1000, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 20.06.2012 16:35:31 | Computer Name = ***_LAPTOP | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 21.06.2012 12:06:30 | Computer Name = ***_LAPTOP | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 21.06.2012 12:06:32 | Computer Name = ***_LAPTOP | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 21.06.2012 12:06:32 | Computer Name = ***_LAPTOP | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
[ System Events ]
Error - 15.06.2012 14:13:05 | Computer Name = ***_LAPTOP | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst iPod-Dienst.
Error - 15.06.2012 14:13:05 | Computer Name = ***_LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iPod-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 17.06.2012 09:16:46 | Computer Name = ***_LAPTOP | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.86 für die Netzwerkkarte mit der Netzwerkadresse
0015AFDCDEBE wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 20.06.2012 16:34:59 | Computer Name = ***_LAPTOP | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "iPod
Service" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}
Error - 20.06.2012 16:34:59 | Computer Name = ***_LAPTOP | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst iPod-Dienst.
Error - 20.06.2012 16:34:59 | Computer Name = ***_LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iPod-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 20.06.2012 16:35:36 | Computer Name = ***_LAPTOP | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
Error - 20.06.2012 16:35:37 | Computer Name = ***_LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 20.06.2012 16:36:24 | Computer Name = ***_LAPTOP | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Gatewaydienst
auf Anwendungsebene.
Error - 20.06.2012 16:36:25 | Computer Name = ***_LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
< End of report >
Und der Log von TDSS-Killer (TDSSKiller.2.7.41.0_21.06.2012_18.06.54_log.txt): Code:
ATTFilter 18:06:54.0343 3408 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
18:06:55.0859 3408 ============================================================
18:06:55.0859 3408 Current date / time: 2012/06/21 18:06:55.0859
18:06:55.0859 3408 SystemInfo:
18:06:55.0859 3408
18:06:55.0859 3408 OS Version: 5.1.2600 ServicePack: 3.0
18:06:55.0859 3408 Product type: Workstation
18:06:55.0859 3408 ComputerName: ***_LAPTOP
18:06:55.0875 3408 UserName: ***
18:06:55.0875 3408 Windows directory: C:\WINDOWS
18:06:55.0875 3408 System windows directory: C:\WINDOWS
18:06:55.0875 3408 Processor architecture: Intel x86
18:06:55.0875 3408 Number of processors: 2
18:06:55.0875 3408 Page size: 0x1000
18:06:55.0875 3408 Boot type: Normal boot
18:06:55.0875 3408 ============================================================
18:07:28.0453 3408 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x976A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x80, Type 'K0', Flags 0x00000054
18:07:29.0093 3408 ============================================================
18:07:29.0109 3408 \Device\Harddisk0\DR0:
18:07:29.0140 3408 MBR partitions:
18:07:29.0140 3408 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9FF9EC1
18:07:29.0140 3408 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9FF9F00, BlocksNum 0x7A68980
18:07:29.0140 3408 ============================================================
18:07:29.0234 3408 C: <-> \Device\Harddisk0\DR0\Partition0
18:07:29.0484 3408 D: <-> \Device\Harddisk0\DR0\Partition1
18:07:29.0484 3408 ============================================================
18:07:29.0484 3408 Initialize success
18:07:29.0484 3408 ============================================================
18:08:24.0218 2228 ============================================================
18:08:24.0218 2228 Scan started
18:08:24.0218 2228 Mode: Manual; TDLFS;
18:08:24.0218 2228 ============================================================
18:10:10.0843 2228 Abiosdsk - ok
18:10:10.0843 2228 abp480n5 - ok
18:10:14.0562 2228 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:10:14.0578 2228 ACPI - ok
18:10:14.0640 2228 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:10:14.0656 2228 ACPIEC - ok
18:10:18.0046 2228 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:10:18.0109 2228 AdobeFlashPlayerUpdateSvc - ok
18:10:18.0109 2228 adpu160m - ok
18:10:18.0921 2228 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:10:19.0046 2228 aec - ok
18:10:31.0937 2228 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:10:32.0156 2228 AFD - ok
18:10:39.0531 2228 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
18:10:39.0609 2228 AFS2K - ok
18:10:39.0609 2228 Aha154x - ok
18:10:39.0640 2228 aic78u2 - ok
18:10:39.0656 2228 aic78xx - ok
18:10:39.0812 2228 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
18:10:39.0812 2228 Alerter - ok
18:10:39.0859 2228 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
18:10:39.0859 2228 ALG - ok
18:10:39.0875 2228 AliIde - ok
18:10:39.0890 2228 amsint - ok
18:10:44.0562 2228 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) D:\Programme\Avira\AntiVir Desktop\sched.exe
18:10:44.0609 2228 AntiVirSchedulerService - ok
18:10:45.0015 2228 AntiVirService (a489be6bb0aa1ff406b488b60542314b) D:\Programme\Avira\AntiVir Desktop\avguard.exe
18:10:45.0015 2228 AntiVirService - ok
18:10:45.0343 2228 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:10:45.0359 2228 Apple Mobile Device - ok
18:10:45.0359 2228 AppMgmt - ok
18:10:48.0265 2228 AR5211 (6d5f95602b8d0d994d31a864872b38ef) C:\WINDOWS\system32\DRIVERS\ar5211.sys
18:10:48.0781 2228 AR5211 - ok
18:10:48.0781 2228 asc - ok
18:10:48.0796 2228 asc3350p - ok
18:10:48.0812 2228 asc3550 - ok
18:10:50.0171 2228 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:10:50.0515 2228 aspnet_state - ok
18:10:50.0656 2228 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
18:10:50.0718 2228 AsusACPI - ok
18:10:50.0796 2228 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:10:50.0828 2228 AsyncMac - ok
18:10:51.0671 2228 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:10:51.0796 2228 atapi - ok
18:10:51.0796 2228 Atdisk - ok
18:10:52.0500 2228 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:10:52.0500 2228 Atmarpc - ok
18:10:52.0859 2228 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
18:10:52.0875 2228 AudioSrv - ok
18:10:53.0015 2228 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:10:53.0031 2228 audstub - ok
18:10:53.0609 2228 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:10:53.0625 2228 avgntflt - ok
18:10:53.0765 2228 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:10:53.0781 2228 avipbb - ok
18:10:53.0828 2228 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
18:10:53.0859 2228 avkmgr - ok
18:10:53.0953 2228 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:10:53.0953 2228 Beep - ok
18:10:55.0109 2228 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
18:10:55.0484 2228 BITS - ok
18:10:56.0843 2228 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe
18:10:56.0859 2228 Bonjour Service - ok
18:10:57.0546 2228 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
18:10:57.0546 2228 Browser - ok
18:10:58.0703 2228 btaudio (4b43dfe1c1fbb305a1dc5504ef9bb34e) C:\WINDOWS\system32\drivers\btaudio.sys
18:10:59.0015 2228 btaudio - ok
18:10:59.0796 2228 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
18:10:59.0796 2228 BTDriver - ok
18:11:01.0046 2228 BTKRNL (b4355289cb2ebcc91ae995f916d271b7) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
18:11:01.0328 2228 BTKRNL - ok
18:11:02.0562 2228 btwdins (31b026add54cbd695709e56d7677a07b) C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
18:11:02.0781 2228 btwdins - ok
18:11:03.0765 2228 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
18:11:03.0828 2228 BTWDNDIS - ok
18:11:03.0890 2228 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
18:11:03.0890 2228 btwhid - ok
18:11:04.0187 2228 BTWUSB (fac7e5965162c70d184dfe92b4bcbd1b) C:\WINDOWS\system32\Drivers\btwusb.sys
18:11:04.0187 2228 BTWUSB - ok
18:11:04.0312 2228 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:11:04.0312 2228 cbidf2k - ok
18:11:04.0578 2228 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:11:04.0593 2228 CCDECODE - ok
18:11:04.0609 2228 cd20xrnt - ok
18:11:04.0718 2228 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:11:04.0765 2228 Cdaudio - ok
18:11:05.0000 2228 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:11:05.0015 2228 Cdfs - ok
18:11:05.0671 2228 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:11:05.0671 2228 Cdrom - ok
18:11:05.0687 2228 Changer - ok
18:11:07.0328 2228 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
18:11:07.0343 2228 CiSvc - ok
18:11:12.0140 2228 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
18:11:12.0140 2228 ClipSrv - ok
18:11:22.0046 2228 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:11:22.0109 2228 clr_optimization_v2.0.50727_32 - ok
18:11:22.0265 2228 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:11:22.0281 2228 CmBatt - ok
18:11:22.0281 2228 CmdIde - ok
18:11:22.0359 2228 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:11:22.0359 2228 Compbatt - ok
18:11:22.0359 2228 COMSysApp - ok
18:11:22.0390 2228 Cpqarray - ok
18:11:22.0453 2228 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
18:11:22.0468 2228 CryptSvc - ok
18:11:22.0468 2228 dac2w2k - ok
18:11:22.0484 2228 dac960nt - ok
18:11:22.0890 2228 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
18:11:22.0984 2228 DcomLaunch - ok
18:11:23.0125 2228 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
18:11:23.0140 2228 Dhcp - ok
18:11:23.0250 2228 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:11:23.0250 2228 Disk - ok
18:11:23.0281 2228 dmadmin - ok
18:11:23.0937 2228 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
18:11:24.0078 2228 dmboot - ok
18:11:24.0218 2228 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
18:11:24.0234 2228 dmio - ok
18:11:24.0328 2228 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:11:24.0328 2228 dmload - ok
18:11:24.0406 2228 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
18:11:24.0406 2228 dmserver - ok
18:11:24.0515 2228 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:11:24.0531 2228 DMusic - ok
18:11:24.0609 2228 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
18:11:24.0656 2228 Dnscache - ok
18:11:24.0734 2228 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
18:11:24.0750 2228 Dot3svc - ok
18:11:24.0765 2228 dpti2o - ok
18:11:24.0828 2228 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:11:24.0828 2228 drmkaud - ok
18:11:24.0921 2228 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
18:11:24.0984 2228 EapHost - ok
18:11:25.0031 2228 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
18:11:25.0046 2228 ERSvc - ok
18:11:25.0156 2228 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
18:11:25.0218 2228 Eventlog - ok
18:11:25.0703 2228 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
18:11:25.0875 2228 EventSystem - ok
18:11:26.0031 2228 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:11:26.0062 2228 Fastfat - ok
18:11:26.0328 2228 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
18:11:26.0343 2228 FastUserSwitchingCompatibility - ok
18:11:26.0484 2228 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:11:26.0484 2228 Fdc - ok
18:11:26.0546 2228 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
18:11:26.0546 2228 Fips - ok
18:11:26.0640 2228 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:11:26.0656 2228 Flpydisk - ok
18:11:26.0921 2228 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:11:27.0046 2228 FltMgr - ok
18:11:28.0046 2228 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:11:28.0109 2228 FontCache3.0.0.0 - ok
18:11:29.0859 2228 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:11:30.0156 2228 Fs_Rec - ok
18:11:37.0781 2228 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:11:37.0984 2228 Ftdisk - ok
18:11:39.0359 2228 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:11:39.0359 2228 GEARAspiWDM - ok
18:11:39.0437 2228 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:11:39.0437 2228 Gpc - ok
18:11:40.0359 2228 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
18:11:40.0500 2228 gupdate - ok
18:11:40.0500 2228 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
18:11:40.0515 2228 gupdatem - ok
18:11:41.0687 2228 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:11:42.0500 2228 HDAudBus - ok
18:11:47.0046 2228 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:11:47.0062 2228 helpsvc - ok
18:11:47.0171 2228 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
18:11:47.0218 2228 HidServ - ok
18:11:47.0734 2228 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:11:47.0843 2228 HidUsb - ok
18:11:47.0890 2228 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
18:11:47.0906 2228 hkmsvc - ok
18:11:47.0906 2228 hpn - ok
18:11:48.0484 2228 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:11:48.0562 2228 HTTP - ok
18:11:48.0625 2228 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
18:11:48.0625 2228 HTTPFilter - ok
18:11:48.0875 2228 hwdatacard (60aec3f4ec355d9f46d545a0fa08ce87) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
18:11:48.0890 2228 hwdatacard - ok
18:11:49.0062 2228 hwusbdev (b93d3c81ef1d372dc5bd5e6275362e1a) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
18:11:49.0078 2228 hwusbdev - ok
18:11:49.0093 2228 i2omgmt - ok
18:11:49.0109 2228 i2omp - ok
18:11:50.0953 2228 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:11:50.0953 2228 i8042prt - ok
18:12:08.0078 2228 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:12:12.0671 2228 ialm - ok
18:12:14.0328 2228 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:12:15.0078 2228 idsvc - ok
18:12:15.0859 2228 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:12:15.0875 2228 Imapi - ok
18:12:15.0984 2228 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
18:12:16.0000 2228 ImapiService - ok
18:12:16.0000 2228 ini910u - ok
18:12:18.0796 2228 IntcAzAudAddService (c73a4a48fbb3d00c7dbc6fe4f5e3675f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:12:19.0343 2228 IntcAzAudAddService - ok
18:12:20.0625 2228 IntelIde - ok
18:12:20.0750 2228 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:12:20.0750 2228 intelppm - ok
18:12:20.0812 2228 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:12:20.0859 2228 Ip6Fw - ok
18:12:21.0203 2228 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:12:21.0218 2228 IpFilterDriver - ok
18:12:21.0218 2228 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:12:21.0218 2228 IpInIp - ok
18:12:21.0343 2228 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:12:21.0343 2228 IpNat - ok
18:12:21.0906 2228 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Programme\iPod\bin\iPodService.exe
18:12:22.0203 2228 iPod Service - ok
18:12:22.0656 2228 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:12:22.0656 2228 IPSec - ok
18:12:22.0703 2228 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:12:22.0703 2228 IRENUM - ok
18:12:22.0843 2228 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:12:22.0843 2228 isapnp - ok
18:12:23.0093 2228 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
18:12:23.0125 2228 IviRegMgr - ok
18:12:23.0718 2228 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
18:12:23.0718 2228 JavaQuickStarterService - ok
18:12:23.0937 2228 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:12:23.0937 2228 Kbdclass - ok
18:12:24.0046 2228 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:12:24.0078 2228 kbdhid - ok
18:12:24.0562 2228 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:12:24.0656 2228 kmixer - ok
18:12:25.0218 2228 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:12:25.0265 2228 KSecDD - ok
18:12:25.0734 2228 Ktp (6e775ade642556c6d43450d16d763fc2) C:\WINDOWS\system32\DRIVERS\ETD.sys
18:12:25.0734 2228 Ktp - ok
18:12:26.0078 2228 L1e (303627228dd739d98289679901a38c8f) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
18:12:26.0203 2228 L1e - ok
18:12:26.0703 2228 LanmanServer (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
18:12:26.0703 2228 LanmanServer - ok
18:12:26.0984 2228 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
18:12:27.0187 2228 lanmanworkstation - ok
18:12:27.0203 2228 lbrtfdc - ok
18:12:27.0468 2228 LightScribeService (5712dcbe52d68865cca91ae04807b755) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
18:12:27.0484 2228 LightScribeService - ok
18:12:27.0609 2228 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
18:12:27.0609 2228 LmHosts - ok
18:12:27.0656 2228 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
18:12:27.0687 2228 Messenger - ok
18:12:27.0765 2228 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:12:27.0765 2228 mnmdd - ok
18:12:27.0921 2228 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
18:12:27.0921 2228 mnmsrvc - ok
18:12:27.0984 2228 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
18:12:28.0000 2228 Modem - ok
18:12:28.0109 2228 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:12:28.0109 2228 Mouclass - ok
18:12:28.0234 2228 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:12:28.0359 2228 mouhid - ok
18:12:28.0437 2228 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:12:28.0437 2228 MountMgr - ok
18:12:28.0562 2228 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
18:12:28.0578 2228 MozillaMaintenance - ok
18:12:28.0578 2228 mraid35x - ok
18:12:28.0687 2228 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:12:28.0687 2228 MRxDAV - ok
18:12:29.0140 2228 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:12:29.0281 2228 MRxSmb - ok
18:12:29.0390 2228 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
18:12:29.0406 2228 MSDTC - ok
18:12:29.0437 2228 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:12:29.0437 2228 Msfs - ok
18:12:29.0468 2228 MSIServer - ok
18:12:29.0500 2228 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:12:29.0515 2228 MSKSSRV - ok
18:12:29.0750 2228 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:12:29.0765 2228 MSPCLOCK - ok
18:12:29.0781 2228 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:12:29.0781 2228 MSPQM - ok
18:12:29.0843 2228 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:12:29.0843 2228 mssmbios - ok
18:12:29.0921 2228 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:12:29.0937 2228 MSTEE - ok
18:12:30.0015 2228 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:12:30.0031 2228 Mup - ok
18:12:30.0078 2228 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:12:30.0093 2228 NABTSFEC - ok
18:12:30.0484 2228 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
18:12:30.0656 2228 napagent - ok
18:12:31.0359 2228 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Programme\Nero\Update\NASvc.exe
18:12:31.0578 2228 NAUpdate - ok
18:12:31.0703 2228 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:12:31.0703 2228 NDIS - ok
18:12:31.0828 2228 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:12:31.0828 2228 NdisIP - ok
18:12:31.0890 2228 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:12:31.0890 2228 NdisTapi - ok
18:12:31.0968 2228 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:12:31.0968 2228 Ndisuio - ok
18:12:32.0046 2228 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:12:32.0046 2228 NdisWan - ok
18:12:32.0156 2228 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:12:32.0156 2228 NDProxy - ok
18:12:32.0312 2228 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:12:32.0312 2228 NetBIOS - ok
18:12:32.0609 2228 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:12:32.0625 2228 NetBT - ok
18:12:32.0671 2228 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
18:12:32.0671 2228 NetDDE - ok
18:12:32.0687 2228 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
18:12:32.0687 2228 NetDDEdsdm - ok
18:12:32.0890 2228 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:12:32.0890 2228 Netlogon - ok
18:12:33.0640 2228 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
18:12:33.0750 2228 Netman - ok
18:12:35.0453 2228 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:12:35.0500 2228 NetTcpPortSharing - ok
18:12:35.0687 2228 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
18:12:35.0734 2228 Nla - ok
18:12:35.0828 2228 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys
18:12:35.0828 2228 NPF - ok
18:12:36.0015 2228 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:12:36.0015 2228 Npfs - ok
18:12:36.0312 2228 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:12:36.0515 2228 Ntfs - ok
18:12:36.0515 2228 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:12:36.0515 2228 NtLmSsp - ok
18:12:36.0781 2228 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
18:12:36.0812 2228 NtmsSvc - ok
18:12:36.0953 2228 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:12:36.0953 2228 Null - ok
18:12:36.0984 2228 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:12:37.0000 2228 NwlnkFlt - ok
18:12:37.0015 2228 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:12:37.0062 2228 NwlnkFwd - ok
18:12:38.0046 2228 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
18:12:38.0234 2228 ose - ok
18:12:44.0828 2228 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:12:45.0796 2228 osppsvc - ok
18:12:49.0015 2228 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
18:12:49.0015 2228 Parport - ok
18:12:49.0406 2228 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:12:49.0437 2228 PartMgr - ok
18:12:50.0359 2228 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
18:12:50.0359 2228 ParVdm - ok
18:12:50.0625 2228 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
18:12:50.0625 2228 PCI - ok
18:12:50.0656 2228 PCIDump - ok
18:12:50.0750 2228 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:12:50.0750 2228 PCIIde - ok
18:12:51.0015 2228 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:12:51.0046 2228 Pcmcia - ok
18:12:51.0062 2228 PDCOMP - ok
18:12:51.0062 2228 PDFRAME - ok
18:12:51.0078 2228 PDRELI - ok
18:12:51.0093 2228 PDRFRAME - ok
18:12:51.0109 2228 perc2 - ok
18:12:51.0125 2228 perc2hib - ok
18:12:53.0203 2228 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
18:12:53.0203 2228 PlugPlay - ok
18:12:53.0843 2228 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:12:53.0859 2228 PolicyAgent - ok
18:12:54.0406 2228 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:12:54.0453 2228 PptpMiniport - ok
18:12:54.0453 2228 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:12:54.0453 2228 ProtectedStorage - ok
18:12:54.0875 2228 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:12:54.0906 2228 PSched - ok
18:12:55.0593 2228 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:12:55.0593 2228 Ptilink - ok
18:12:55.0609 2228 ql1080 - ok
18:12:55.0625 2228 Ql10wnt - ok
18:12:55.0640 2228 ql12160 - ok
18:12:55.0640 2228 ql1240 - ok
18:12:55.0656 2228 ql1280 - ok
18:12:56.0015 2228 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:12:56.0015 2228 RasAcd - ok
18:12:56.0046 2228 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
18:12:56.0078 2228 RasAuto - ok
18:12:56.0312 2228 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:12:56.0312 2228 Rasl2tp - ok
18:12:57.0281 2228 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
18:12:57.0281 2228 RasMan - ok
18:12:57.0500 2228 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:12:57.0515 2228 RasPppoe - ok
18:12:57.0578 2228 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:12:57.0578 2228 Raspti - ok
18:13:00.0296 2228 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:13:00.0421 2228 Rdbss - ok
18:13:00.0890 2228 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:13:00.0890 2228 RDPCDD - ok
18:13:01.0125 2228 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
18:13:01.0140 2228 RDPWD - ok
18:13:01.0984 2228 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
18:13:02.0000 2228 RDSessMgr - ok
18:13:02.0359 2228 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:13:02.0359 2228 redbook - ok
18:13:02.0687 2228 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
18:13:02.0765 2228 RemoteAccess - ok
18:13:03.0312 2228 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
18:13:03.0343 2228 RimUsb - ok
18:13:03.0640 2228 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
18:13:03.0656 2228 RimVSerPort - ok
18:13:03.0703 2228 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
18:13:03.0812 2228 ROOTMODEM - ok
18:13:04.0375 2228 rpcapd (b60f58f175de20a6739194e85b035178) C:\Programme\WinPcap\rpcapd.exe
18:13:04.0421 2228 rpcapd - ok
18:13:04.0484 2228 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
18:13:04.0515 2228 RpcLocator - ok
18:13:05.0250 2228 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
18:13:05.0250 2228 RpcSs - ok
18:13:05.0625 2228 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
18:13:05.0718 2228 RSVP - ok
18:13:07.0062 2228 RT80x86 (162d6aee49372b9ce17c418cc5cde7b5) C:\WINDOWS\system32\DRIVERS\RT2860.sys
18:13:07.0406 2228 RT80x86 - ok
18:13:07.0500 2228 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:13:07.0531 2228 SamSs - ok
18:13:07.0937 2228 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
18:13:07.0937 2228 SCardSvr - ok
18:13:08.0062 2228 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
18:13:08.0093 2228 Schedule - ok
18:13:08.0125 2228 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:13:08.0140 2228 Secdrv - ok
18:13:08.0250 2228 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
18:13:08.0250 2228 seclogon - ok
18:13:08.0312 2228 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
18:13:08.0328 2228 SENS - ok
18:13:09.0109 2228 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
18:13:09.0140 2228 Serial - ok
18:13:09.0234 2228 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:13:09.0328 2228 Sfloppy - ok
18:13:10.0875 2228 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
18:13:11.0328 2228 SharedAccess - ok
18:13:11.0843 2228 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
18:13:11.0859 2228 ShellHWDetection - ok
18:13:11.0875 2228 Simbad - ok
18:13:11.0937 2228 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:13:11.0937 2228 SLIP - ok
18:13:12.0500 2228 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
18:13:12.0500 2228 SONYPVU1 - ok
18:13:12.0500 2228 Sparrow - ok
18:13:12.0578 2228 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:13:12.0843 2228 splitter - ok
18:13:13.0125 2228 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:13:13.0156 2228 Spooler - ok
18:13:13.0218 2228 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
18:13:13.0218 2228 sr - ok
18:13:13.0296 2228 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
18:13:13.0312 2228 srservice - ok
18:13:13.0953 2228 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:13:13.0984 2228 Srv - ok
18:13:14.0578 2228 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
18:13:14.0609 2228 SSDPSRV - ok
18:13:14.0859 2228 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:13:14.0890 2228 ssmdrv - ok
18:13:15.0343 2228 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
18:13:15.0390 2228 stisvc - ok
18:13:15.0609 2228 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:13:15.0640 2228 streamip - ok
18:13:15.0781 2228 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:13:15.0781 2228 swenum - ok
18:13:16.0015 2228 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:13:16.0015 2228 swmidi - ok
18:13:16.0015 2228 SwPrv - ok
18:13:16.0031 2228 symc810 - ok
18:13:16.0046 2228 symc8xx - ok
18:13:16.0062 2228 sym_hi - ok
18:13:16.0078 2228 sym_u3 - ok
18:13:16.0125 2228 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:13:16.0125 2228 sysaudio - ok
18:13:16.0406 2228 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
18:13:16.0453 2228 SysmonLog - ok
18:13:16.0984 2228 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
18:13:17.0093 2228 TapiSrv - ok
18:13:17.0203 2228 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:13:17.0218 2228 Tcpip - ok
18:13:17.0281 2228 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:13:17.0281 2228 TDPIPE - ok
18:13:17.0281 2228 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:13:17.0296 2228 TDTCP - ok
18:13:17.0390 2228 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:13:17.0421 2228 TermDD - ok
18:13:17.0906 2228 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
18:13:17.0937 2228 TermService - ok
18:13:18.0109 2228 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
18:13:18.0125 2228 Themes - ok
18:13:18.0125 2228 TosIde - ok
18:13:18.0171 2228 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
18:13:18.0171 2228 TrkWks - ok
18:13:18.0531 2228 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:13:18.0531 2228 Udfs - ok
18:13:18.0562 2228 ultra - ok
18:13:18.0968 2228 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:13:19.0031 2228 Update - ok
18:13:19.0546 2228 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
18:13:19.0562 2228 upnphost - ok
18:13:19.0609 2228 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
18:13:19.0625 2228 UPS - ok
18:13:20.0156 2228 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:13:20.0156 2228 USBAAPL - ok
18:13:20.0234 2228 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:13:20.0281 2228 usbaudio - ok
18:13:20.0625 2228 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:13:20.0640 2228 usbccgp - ok
18:13:20.0937 2228 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:13:20.0937 2228 usbehci - ok
18:13:20.0984 2228 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:13:21.0000 2228 usbhub - ok
18:13:21.0234 2228 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:13:21.0312 2228 usbprint - ok
18:13:21.0578 2228 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:13:21.0578 2228 usbscan - ok
18:13:21.0812 2228 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:13:21.0812 2228 usbstor - ok
18:13:21.0906 2228 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:13:21.0906 2228 usbuhci - ok
18:13:22.0375 2228 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
18:13:22.0531 2228 usbvideo - ok
18:13:23.0640 2228 usnjsvc (9d19b042a4fd5c02195071ea2fe0c821) C:\Programme\Windows Live\Messenger\usnsvc.exe
18:13:23.0765 2228 usnjsvc - ok
18:13:23.0921 2228 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:13:23.0921 2228 VgaSave - ok
18:13:23.0921 2228 ViaIde - ok
18:13:24.0093 2228 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
18:13:24.0140 2228 VolSnap - ok
18:13:24.0359 2228 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
18:13:24.0453 2228 VSS - ok
18:13:24.0843 2228 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
18:13:24.0859 2228 W32Time - ok
18:13:24.0906 2228 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:13:24.0906 2228 Wanarp - ok
18:13:25.0812 2228 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:13:25.0859 2228 Wdf01000 - ok
18:13:25.0875 2228 WDICA - ok
18:13:26.0078 2228 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:13:26.0156 2228 wdmaud - ok
18:13:26.0468 2228 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
18:13:26.0562 2228 WebClient - ok
18:13:27.0750 2228 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:13:27.0781 2228 winmgmt - ok
18:13:28.0093 2228 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Programme\Windows Live\installer\WLSetupSvc.exe
18:13:28.0125 2228 WLSetupSvc - ok
18:13:28.0437 2228 WmdmPmSN (6e18978b749f0696a774de3f2cb142dd) C:\WINDOWS\system32\mspmsnsv.dll
18:13:28.0453 2228 WmdmPmSN - ok
18:13:28.0546 2228 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:13:28.0640 2228 WmiApSrv - ok
18:13:28.0953 2228 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
18:13:29.0062 2228 wscsvc - ok
18:13:29.0062 2228 WSearch - ok
18:13:29.0125 2228 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:13:29.0140 2228 WSTCODEC - ok
18:13:29.0203 2228 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
18:13:29.0234 2228 wuauserv - ok
18:13:30.0234 2228 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
18:13:30.0265 2228 WZCSVC - ok
18:13:30.0828 2228 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
18:13:30.0843 2228 xmlprov - ok
18:13:30.0906 2228 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:13:45.0609 2228 \Device\Harddisk0\DR0 - ok
18:13:45.0921 2228 Boot (0x1200) (66fcd2ad27841412eacd3d31cba39653) \Device\Harddisk0\DR0\Partition0
18:13:46.0531 2228 \Device\Harddisk0\DR0\Partition0 - ok
18:13:46.0718 2228 Boot (0x1200) (b2423d7a2cde6ddb7e7faca375397b0e) \Device\Harddisk0\DR0\Partition1
18:13:46.0890 2228 \Device\Harddisk0\DR0\Partition1 - ok
18:13:46.0890 2228 ============================================================
18:13:46.0890 2228 Scan finished
18:13:46.0890 2228 ============================================================
18:13:48.0781 0476 Detected object count: 0
18:13:48.0781 0476 Actual detected object count: 0
FCK191 Geändert von FCK191 (21.06.2012 um 20:29 Uhr) |
|
21.06.2012, 21:30
| #4 | ||
| /// Malwareteam | Cain.exe auf Asus Eee PC 1000H XP HomeZitat:
Zitat:
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
21.06.2012, 22:08
| #5 |
| | Cain.exe auf Asus Eee PC 1000H XP Home Hallo Marius, ich habe Cain & Abel jetzt ganz normal über Systemsteuerung > Software entfernt. Ich weiß wirklich nicht, wie ich da dran gekommen bin, weil ich wüsste nicht, wo zu ich entsprechende Hackersoftware brauche, weil ich kenne mich mit sowas nicht aus und will es auch nicht. Muss ich jetzt noch weitere Operationen ausführen? Viele Grüße FCK191 |
|
22.06.2012, 08:46
| #6 |
| /// Malwareteam | Cain.exe auf Asus Eee PC 1000H XP Home Gehen wir auf Nummer sicher! Gmer Bitte
__________________ --> Cain.exe auf Asus Eee PC 1000H XP Home |
|
24.06.2012, 23:33
| #7 |
| | Cain.exe auf Asus Eee PC 1000H XP Home Hallo Marius, das mit GMER funktioniert leider nicht. Während des Scans fährt der Laptop immer wieder runter und wenn ich mich dann wieder auf dem Admin-Konto anmelde startet GMER.exe nicht mehr automatisch und folglich kann ich auch keine Log-Datei erstellen. Außerdem scheint Cain.exe auch nicht vollständig entfernt zu sein, da Antivir immer noch meldet, dass seine Signatur in einer ca_setup-Datei gefunden wurde. Viele Grüße FCK191 |
|
26.06.2012, 08:56
| #8 |
| /// Malwareteam | Cain.exe auf Asus Eee PC 1000H XP Home Mach statt GMER folgendes: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
27.06.2012, 22:11
| #9 |
| | Cain.exe auf Asus Eee PC 1000H XP Home Hallo Marius, aswMBR hat sich auch mitten im Scan mit Standard-Fehlermeldung von Windows verabschiedet, aber ich konnte vorher folgenden log sichern: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-27 21:40:44
-----------------------------
21:40:44.468 OS Version: Windows 5.1.2600 Service Pack 3
21:40:44.468 Number of processors: 2 586 0x1C02
21:40:44.468 ComputerName: ***_LAPTOP UserName: ***
21:40:53.219 Initialize success
21:43:27.719 AVAST engine defs: 12062601
22:19:07.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:19:07.281 Disk 0 Vendor: ST9160310AS 0303 Size: 152627MB BusType: 3
22:19:07.469 Disk 0 MBR read successfully
22:19:07.469 Disk 0 MBR scan
22:19:15.672 Disk 0 Windows XP default MBR code
22:19:15.688 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 81907 MB offset 63
22:19:15.984 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 62673 MB offset 167747328
22:19:16.188 Disk 0 Partition 3 00 1C Hidd FAT32 LBA MSDOS5.0 8004 MB offset 296102016
22:19:16.328 Disk 0 Partition 4 00 EF EFI FAT B 39 MB offset 312496128
22:19:16.578 Disk 0 scanning sectors +312576768
22:19:16.922 Disk 0 scanning C:\WINDOWS\system32\drivers
22:20:17.844 Service scanning
22:22:20.813 Modules scanning
22:23:26.016 Disk 0 trace - called modules:
22:23:26.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
22:23:26.047 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b58ab8]
22:23:26.047 3 CLASSPNP.SYS[f7608fd7] -> nt!IofCallDriver -> \Device\00000069[0x86b7b9e8]
22:23:26.047 5 ACPI.sys[f749e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86b59940]
22:23:28.000 AVAST engine scan C:\WINDOWS
22:23:58.078 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\MBR.dat"
22:23:58.719 The log file has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\aswMBR.txt"
22:25:03.469 AVAST engine scan C:\WINDOWS\system32
22:34:04.828 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\MBR.dat"
22:34:04.828 The log file has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\aswMBR1.txt"
22:47:50.484 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\MBR.dat"
22:47:50.500 The log file has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\aswMBR2.txt"
Viele Grüße FCK191 |
|
28.06.2012, 06:54
| #10 |
| /// Malwareteam | Cain.exe auf Asus Eee PC 1000H XP Home Die MBR.dat ist eine Sicherungskopie deines Master Boot Record - da wirst du mit einem Textparser relativ wenig erkennen können!  Versuche aswMBR im Abgesicherten Modus! Abgesicherter Modus zur Bereinigung
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
Linear-Darstellung
