| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ordner verschwinden, Fenster schliesen sich allein usw.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.08.2012, 18:15
| #1 |
 |  Ordner verschwinden, Fenster schliesen sich allein usw. Hallo zusammen, habe heute mal einen Scan durch mein System laufen lassen, da ich immer wieder eigenartige Dinge auf meinem Rechner feststelle. Einmal geht der Browser von allein zu, ohne das ich nur am Rechner war. Dann verschwinden manchmal Ordner von meinem Desktop usw. Dies hier betrifft meinen eigenen Rechner und nicht wie einem anderen Thread den von meiner Schwester. Daher bitte nicht schliesen. Hier die OTL: Code:
ATTFilter OTL logfile created on: 14.08.2012 16:43:23 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Dokumente und Einstellungen\Sinus\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 69,76% Memory free
3,85 Gb Paging File | 3,27 Gb Available in Paging File | 84,93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,08 Gb Total Space | 110,12 Gb Free Space | 36,94% Space Free | Partition Type: NTFS
Drive D: | 298,08 Gb Total Space | 251,44 Gb Free Space | 84,35% Space Free | Partition Type: NTFS
Computer Name: PRIVAT-1F20F320 | User Name: Sinus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.08.14 16:43:05 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sinus\Eigene Dateien\Downloads\OTL(1).exe
PRC - [2012.08.08 22:24:33 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.20 08:49:15 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.05.08 16:47:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 16:47:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 16:47:09 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012.02.27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012.01.17 11:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.11.17 01:04:20 | 000,822,384 | ---- | M] (ACD Systems) -- C:\Programme\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
PRC - [2010.12.09 13:22:52 | 010,043,392 | ---- | M] (Gembird Europe B.V.) -- C:\Programme\Gembird\Power Manager\pm.exe
PRC - [2010.10.12 18:07:14 | 000,150,096 | ---- | M] (Paragon Software Group) -- C:\Programme\Paragon Software\Backup and Recovery 10 Suite\program\dbhservice.exe
PRC - [2010.10.12 18:07:14 | 000,068,176 | ---- | M] (Paragon Software Group) -- C:\Programme\Paragon Software\Backup and Recovery 10 Suite\program\dbhagent.exe
PRC - [2010.07.26 03:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.20 08:49:13 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.06.16 10:01:45 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012.06.16 09:57:57 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.16 09:57:45 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.06.15 20:18:11 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.05.10 10:04:55 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.10 10:04:39 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012.05.09 22:32:52 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.09 22:31:27 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.09 22:31:16 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.05.08 16:47:09 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2012.02.14 23:45:47 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3559.38265__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2012.02.14 23:45:47 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3559.38292__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2012.02.14 23:45:47 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3559.38285__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2012.02.14 23:45:47 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3559.38418__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2012.02.14 23:45:47 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3559.38418__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2012.02.14 23:45:47 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3559.38424__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2012.02.14 23:45:47 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3559.38418__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2012.02.14 23:45:46 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3559.38290__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2012.02.14 23:45:46 | 000,692,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3559.38359__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2012.02.14 23:45:46 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3559.38378__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2012.02.14 23:45:46 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3559.38372__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2012.02.14 23:45:46 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3559.38325__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2012.02.14 23:45:46 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3559.38276__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2012.02.14 23:45:45 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3559.38397__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2012.02.14 23:45:45 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3559.38275__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2012.02.14 23:45:45 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3559.38344__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2012.02.14 23:45:44 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3559.38399__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2012.02.14 23:45:44 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3559.38291__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2012.02.14 23:45:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3559.38352__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2012.02.14 23:45:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3559.38290__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2012.02.14 23:45:43 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3559.38351__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2012.02.14 23:45:43 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3559.38350__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2012.02.14 23:45:41 | 001,036,288 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Dashboard\2.0.3559.38308__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Dashboard.dll
MOD - [2012.02.14 23:45:40 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Runtime\2.0.3559.38307__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Runtime.dll
MOD - [2012.02.14 23:45:34 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3559.38328__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2012.02.14 23:45:34 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3559.38364__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2012.02.14 23:45:34 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3559.38327__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2012.02.14 23:45:33 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3559.38373__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2012.02.14 23:45:33 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3559.38278__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2012.02.14 23:45:33 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3559.38293__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2012.02.14 23:45:33 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3559.38292__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2012.02.14 23:45:33 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3559.38340__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2012.02.14 23:45:33 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3559.38298__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2012.02.14 23:45:33 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3559.38340__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2012.02.14 23:45:32 | 000,675,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3559.38346__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2012.02.14 23:45:32 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3559.38321__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2012.02.14 23:45:32 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3559.38326__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2012.02.14 23:45:32 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3559.38342__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2012.02.14 23:45:31 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3559.38326__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2012.02.14 23:45:31 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3559.38327__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2012.02.14 23:45:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2012.02.14 23:45:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2012.02.14 23:45:31 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2012.02.14 23:45:31 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2012.02.14 23:45:31 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2012.02.14 23:45:31 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2012.02.14 23:45:31 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2012.02.14 23:45:31 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2012.02.14 23:45:30 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2012.02.14 23:45:30 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2012.02.14 23:45:29 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2012.02.14 23:45:29 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2012.02.14 23:45:29 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2012.02.14 23:45:29 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2012.02.14 23:45:28 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2012.02.14 23:45:28 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2012.02.14 23:45:28 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2012.02.14 23:45:28 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2012.02.14 23:45:28 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2012.02.14 23:45:28 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2012.02.14 23:45:27 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2012.02.14 23:45:27 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2012.02.14 23:45:26 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2012.02.14 23:45:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2012.02.14 23:45:26 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2012.02.14 23:45:25 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2012.02.14 23:45:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2012.02.14 23:45:25 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2012.02.14 23:45:24 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2012.02.14 23:45:23 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.3309.28633__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.dll
MOD - [2012.02.14 23:45:22 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2012.02.14 23:45:22 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2012.02.14 23:45:22 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2012.02.14 23:45:22 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2012.02.14 23:45:21 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2012.02.14 23:45:21 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2012.02.14 23:45:21 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2012.02.14 23:45:21 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2012.02.14 23:45:21 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2012.02.14 23:45:21 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2012.02.14 23:45:21 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2012.02.14 23:45:20 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3559.38437__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2012.02.14 23:45:20 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2012.02.14 23:45:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2012.02.14 23:45:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2012.02.14 23:45:19 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3559.38390__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2012.02.14 23:45:19 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3559.38409__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2012.02.14 23:45:19 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2012.02.14 23:45:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2012.02.14 23:45:19 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2012.02.14 23:45:19 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2012.02.14 23:45:19 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3559.38259__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2012.02.14 23:45:18 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3559.38383__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2012.02.14 23:45:18 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3559.38284__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2012.02.14 23:45:18 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3559.38388__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2012.02.14 23:45:18 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3559.38264__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2012.02.14 23:45:18 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2012.02.14 23:45:18 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2012.02.14 23:45:18 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2012.02.14 23:45:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2012.02.14 23:45:17 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3559.38262__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2012.02.14 23:45:16 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2012.02.14 23:45:14 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3559.38271__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2012.02.14 23:45:14 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3559.38262__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2012.02.14 23:45:14 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3559.38261__90ba9c70f846762e\APM.Server.dll
MOD - [2012.02.14 23:45:14 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3559.38260__90ba9c70f846762e\AEM.Server.dll
MOD - [2012.02.14 23:45:14 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2012.02.14 23:45:14 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2012.02.14 23:45:14 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3559.38390__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2012.02.14 23:45:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2012.02.14 23:38:31 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012.02.14 23:38:30 | 000,430,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.10.01 17:45:50 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.07.20 08:49:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.08 16:47:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 16:47:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.02.27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.06.12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010.10.12 18:07:14 | 000,150,096 | ---- | M] (Paragon Software Group) [On_Demand | Running] -- C:\Programme\Paragon Software\Backup and Recovery 10 Suite\program\dbhservice.exe -- (Disk Utility Dienst)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 16:47:09 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 16:47:09 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.30 11:28:46 | 006,435,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011.08.02 18:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010.10.12 18:07:14 | 000,395,464 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010.10.12 18:07:12 | 000,056,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2010.10.12 18:07:12 | 000,037,080 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.09.30 06:18:22 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.11.22 09:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.klamm.de/"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Sinus\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Sinus\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.20 08:49:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.07.25 13:11:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
[2012.02.14 23:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\Mozilla\Extensions
[2012.08.11 08:26:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\Mozilla\Firefox\Profiles\gke2ytub.default\extensions
[2012.05.15 21:31:33 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\Mozilla\Firefox\Profiles\gke2ytub.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012.05.02 01:59:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\Mozilla\Firefox\Profiles\gke2ytub.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.26 15:50:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.04 19:49:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.07.26 15:50:07 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2012.08.11 08:26:16 | 000,340,132 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\SINUS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\GKE2YTUB.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012.07.30 11:07:11 | 000,526,190 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\SINUS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\GKE2YTUB.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.02.15 00:31:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.07.20 08:49:16 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Sinus\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Sinus\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Sinus\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Dokumente und Einstellungen\Sinus\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Sinus\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Sinus\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Sinus\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Sinus\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012.03.05 17:24:08 | 000,000,850 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll (www.flashget.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACPW05DE] C:\Programme\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Programme\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DBHAgent] C:\Programme\Paragon Software\Backup and Recovery 10 Suite\program\dbhagent.exe (Paragon Software Group)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Power Manager] C:\Programme\Gembird\Power Manager\pm.exe (Gembird Europe B.V.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_MX_Download-Version\Trayserver_DE.exe (MAGIX AG)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://navigram.com/engine/v1111/Navigram.cab (Navigram Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25164074-D175-4ED2-8330-E1C85E30ECF3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.02.14 20:38:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.12 21:27:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sinus\Lokale Einstellungen\Anwendungsdaten\IPaid
[2012.08.12 21:27:05 | 000,000,000 | ---D | C] -- C:\Programme\IPaid-Surfbar
[2012.08.12 21:27:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IPaid-Surfbar
[2012.08.05 11:00:13 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Sinus\Recent
[2012.07.26 15:50:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\QuickStoresToolbar
[2012.07.26 15:50:02 | 000,000,000 | ---D | C] -- C:\Programme\Unlocker
[2012.07.26 15:50:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sinus\Startmenü\Programme\Unlocker
[2012.07.26 14:49:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sinus\Desktop\Heimwerkermagazine
[2012.07.26 14:43:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sinus\Desktop\hefte
[2012.07.22 00:36:56 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\WINDOWS\System32\SER9PL.sys
[2012.07.22 00:32:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sinus\Startmenü\Programme\AviSynth 2.5
[2012.07.22 00:32:16 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5
[2012.07.22 00:32:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AviSynth 2.5
[2012.07.22 00:30:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sinus\Startmenü\Programme\Technisat
[2012.07.22 00:30:35 | 000,000,000 | ---D | C] -- C:\Programme\Technisat
[2012.07.22 00:26:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sinus\Startmenü\Programme\Audio Video Suite
[2012.07.22 00:25:35 | 000,000,000 | ---D | C] -- C:\Programme\Audio Video Suite
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.08.14 16:42:47 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Sinus\defogger_reenable
[2012.08.14 16:10:00 | 000,001,210 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1957994488-1801674531-1003UA.job
[2012.08.14 16:08:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.08.14 16:07:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.08.14 02:00:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-PRIVAT-1F20F320-Sinus.job
[2012.08.13 22:10:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1957994488-1801674531-1003Core.job
[2012.08.12 21:27:05 | 000,001,592 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\IPaid-Surfbar.lnk
[2012.08.12 09:19:11 | 000,142,336 | ---- | M] () -- C:\Dokumente und Einstellungen\Sinus\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.05 02:21:22 | 000,001,057 | ---- | M] () -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\vso_ts_preview.xml
[2012.08.05 01:07:29 | 576,841,334 | ---- | M] () -- C:\Dokumente und Einstellungen\Sinus\Eigene Dateien\ARD Mediathek Verbotene Liebe - Folge 4119 Narben frs Leben - Freitag, 03.08.2012 Das Erste_0.flv
[2012.08.02 20:47:48 | 577,261,635 | ---- | M] () -- C:\Dokumente und Einstellungen\Sinus\Eigene Dateien\ARD Mediathek Verbotene Liebe - Folge 4118 Der Beginn einer neuen ra - Mittwoch, 01.08.2012 Das Erste.flv
[2012.08.02 19:57:05 | 576,608,101 | ---- | M] () -- C:\Dokumente und Einstellungen\Sinus\Eigene Dateien\ARD Mediathek Verbotene Liebe - Folge 4117 Blockade - Montag, 30.07.2012 Das Erste.flv
[2012.07.26 15:50:07 | 000,000,208 | ---- | M] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\QuickStores.url
[2012.07.26 15:44:16 | 006,152,036 | ---- | M] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\FI089642.psd
[2012.07.26 12:30:07 | 000,234,008 | ---- | M] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\ddddddddddddddddddddddd.jpg
[2012.07.26 12:29:14 | 000,278,874 | ---- | M] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\neuer.jpg
[2012.07.26 12:28:41 | 000,283,957 | ---- | M] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\wood-floor-wallpapers_6855_1280x800222.jpg
[2012.07.26 12:27:47 | 000,336,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\wood-floor-wallpapers_6855_1280x800.jpg
[2012.07.26 12:25:14 | 000,281,776 | ---- | M] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\Nussbaum_Holz3.jpg
[2012.07.26 12:24:09 | 000,261,174 | ---- | M] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\Nussbaum_Holz2.jpg
[2012.07.26 12:20:14 | 000,683,880 | ---- | M] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\Nussbaum_Holz.JPG
[2012.07.25 16:18:24 | 000,004,060 | ---- | M] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\cm_pdf.pdf
[2012.07.22 01:49:58 | 000,000,072 | ---- | M] () -- C:\Dokumente und Einstellungen\Sinus\Mediaport.conf
[2012.07.22 00:30:40 | 000,001,652 | ---- | M] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\Mediaport.lnk
[2012.07.22 00:26:09 | 000,000,710 | ---- | M] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\Audio Video Suite.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.08.14 16:42:47 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Sinus\defogger_reenable
[2012.08.12 21:27:05 | 000,001,592 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\IPaid-Surfbar.lnk
[2012.08.05 00:30:19 | 576,841,334 | ---- | C] () -- C:\Dokumente und Einstellungen\Sinus\Eigene Dateien\ARD Mediathek Verbotene Liebe - Folge 4119 Narben frs Leben - Freitag, 03.08.2012 Das Erste_0.flv
[2012.08.02 20:10:36 | 577,261,635 | ---- | C] () -- C:\Dokumente und Einstellungen\Sinus\Eigene Dateien\ARD Mediathek Verbotene Liebe - Folge 4118 Der Beginn einer neuen ra - Mittwoch, 01.08.2012 Das Erste.flv
[2012.08.02 19:19:55 | 576,608,101 | ---- | C] () -- C:\Dokumente und Einstellungen\Sinus\Eigene Dateien\ARD Mediathek Verbotene Liebe - Folge 4117 Blockade - Montag, 30.07.2012 Das Erste.flv
[2012.07.26 15:50:07 | 000,000,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\QuickStores.url
[2012.07.26 15:44:15 | 006,152,036 | ---- | C] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\FI089642.psd
[2012.07.26 12:30:03 | 000,234,008 | ---- | C] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\ddddddddddddddddddddddd.jpg
[2012.07.26 12:29:12 | 000,278,874 | ---- | C] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\neuer.jpg
[2012.07.26 12:28:33 | 000,283,957 | ---- | C] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\wood-floor-wallpapers_6855_1280x800222.jpg
[2012.07.26 12:25:03 | 000,281,776 | ---- | C] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\Nussbaum_Holz3.jpg
[2012.07.26 12:24:00 | 000,261,174 | ---- | C] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\Nussbaum_Holz2.jpg
[2012.07.26 12:21:17 | 000,336,960 | ---- | C] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\wood-floor-wallpapers_6855_1280x800.jpg
[2012.07.26 12:20:12 | 000,683,880 | ---- | C] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\Nussbaum_Holz.JPG
[2012.07.25 16:18:24 | 000,004,060 | ---- | C] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\cm_pdf.pdf
[2012.07.22 01:49:58 | 000,000,072 | ---- | C] () -- C:\Dokumente und Einstellungen\Sinus\Mediaport.conf
[2012.07.22 00:36:56 | 000,026,719 | ---- | C] () -- C:\WINDOWS\System32\SERSPL.VXD
[2012.07.22 00:30:40 | 000,001,652 | ---- | C] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\Mediaport.lnk
[2012.07.22 00:26:09 | 000,000,710 | ---- | C] () -- C:\Dokumente und Einstellungen\Sinus\Desktop\Audio Video Suite.lnk
[2012.04.01 10:54:13 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\winscp.rnd
[2012.03.20 18:45:23 | 000,001,057 | ---- | C] () -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\vso_ts_preview.xml
[2012.03.06 00:46:17 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012.03.06 00:46:14 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012.03.06 00:46:14 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012.03.06 00:46:13 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012.03.05 16:14:29 | 000,007,460 | ---- | C] () -- C:\Dokumente und Einstellungen\Sinus\.recently-used.xbel
[2012.02.28 17:18:25 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL
[2012.02.22 20:54:13 | 000,142,336 | ---- | C] () -- C:\Dokumente und Einstellungen\Sinus\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.15 00:28:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.14 23:27:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012.02.14 23:23:10 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012.02.14 20:39:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.02.14 20:35:20 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.02.14 20:26:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.02.14 20:23:14 | 003,691,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007.03.12 18:59:00 | 000,299,008 | ---- | C] () -- C:\Programme\navigram_register.exe
========== LOP Check ==========
[2012.02.15 16:35:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2012.02.28 17:18:27 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2012.05.16 23:12:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2012.02.15 17:23:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Paragon
[2012.03.05 18:03:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2012.03.20 19:07:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vsosdk
[2012.04.16 01:53:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WindSolutions
[2012.03.01 20:26:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.02.15 16:36:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\ACD Systems
[2012.04.22 07:00:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\Canon
[2012.06.08 00:10:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\DVDVideoSoft
[2012.06.15 19:54:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\FreeVideoConverter
[2012.03.05 16:14:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\gtk-2.0
[2012.05.16 23:12:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\MAGIX
[2012.02.16 00:21:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\MobMapUpdater
[2012.05.15 21:37:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\Navigram
[2012.07.06 10:39:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\Oracle
[2012.07.06 10:37:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\Orbit
[2012.07.06 09:27:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\ProgSense
[2012.08.05 00:14:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\QuickStoresToolbar
[2012.04.02 19:47:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\TeamViewer
[2012.02.15 15:44:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\Thunderbird
[2012.08.05 02:21:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\Vso
[2012.04.16 01:54:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sinus\Anwendungsdaten\WindSolutions
========== Purity Check ==========
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 14.08.2012 16:43:23 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Dokumente und Einstellungen\Sinus\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 69,76% Memory free
3,85 Gb Paging File | 3,27 Gb Available in Paging File | 84,93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,08 Gb Total Space | 110,12 Gb Free Space | 36,94% Space Free | Partition Type: NTFS
Drive D: | 298,08 Gb Total Space | 251,44 Gb Free Space | 84,35% Space Free | Partition Type: NTFS
Computer Name: PRIVAT-1F20F320 | User Name: Sinus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 5.Manage] -- "C:\Programme\ACD Systems\ACDSee Pro\5.0\ACDSeeQVPro5.exe" "%1" (ACD Systems International Inc.)
Directory [Bridge] -- C:\Programme\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\World of Warcraft\Launcher.exe" = C:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\Launcher.patch.exe" = C:\Programme\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Programme\Gembird\Power Manager\pm.exe" = C:\Programme\Gembird\Power Manager\pm.exe:*:Enabled:pm -- (Gembird Europe B.V.)
"C:\Programme\JDownloader\jre\bin\javaw.exe" = C:\Programme\JDownloader\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\FlashGet\flashget.exe" = C:\Programme\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Programme\World of Warcraft\BackgroundDownloader.exe" = C:\Programme\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\Microsoft Office\Office14\GROOVE.EXE" = C:\Programme\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office14\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\World of Warcraft\Temp\wow-4.2.1.2727-enUS-tools-downloader.exe" = C:\Programme\World of Warcraft\Temp\wow-4.2.1.2727-enUS-tools-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Programme\World of Warcraft\Temp\wow-4.2.1.2730-enUS-tools-downloader.exe" = C:\Programme\World of Warcraft\Temp\wow-4.2.1.2730-enUS-tools-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Programme\World of Warcraft\Temp\wow-4.2.1.2736-enUS-tools-downloader.exe" = C:\Programme\World of Warcraft\Temp\wow-4.2.1.2736-enUS-tools-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Programme\Orbitdownloader\orbitdm.exe" = C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\Orbitdownloader\orbitnet.exe" = C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06053AB3-B607-B752-3252-4A2EA9E9761E}" = CCC Help Dutch
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B4A8658-43F1-50CA-AF30-C67E3AE2C9ED}" = CCC Help Greek
"{0CC61470-D776-2353-D5CB-C7BC20204863}" = CCC Help Finnish
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12655AB3-9285-A2F0-5BBC-C5C45E4D718C}" = CCC Help Czech
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1E1DFF42-2EE8-4852-A7AB-C5174321D68F}" = Paragon Backup & Recovery™ 10 Suite
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{24700C01-3A72-29D4-001B-6EE6BF71EB5E}" = CCC Help Korean
"{26262388-95BF-58B0-CD46-A8F957BB67BF}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{329376FB-FB6C-C587-F483-07E3418456F5}" = ccc-utility
"{33A38A8B-9E1E-BCBB-EA87-CE797EC75080}" = CCC Help Chinese Traditional
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}" = ACDSee Pro 5
"{369EEB32-64D1-F22A-1B2C-A3E81582E767}" = CCC Help Japanese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FCD8F30-057D-C96F-AEF4-B0D77DE9730C}" = CCC Help Portuguese
"{46605BDE-7F82-DB0F-7906-3279A7E639BE}" = Catalyst Control Center Localization All
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{480A8E00-D808-7D79-977B-CEBBB3BEB409}" = CCC Help French
"{48C7FD10-D6AD-8EE0-2E8E-0480C4EEB1BD}" = Catalyst Control Center HydraVision Full
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{534804B0-3563-434B-962A-BAF132B85F1F}" = O&O UnErase
"{5CA7ABC3-5F89-3A1D-A113-046EA4C7FCEB}" = ccc-core-static
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6635B372-E2C5-4C2F-97FB-D1766E017CEE}" = MAGIX Screenshare
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6F77AD48-BA04-F868-2D04-FC1BFF5E00BA}" = Catalyst Control Center Graphics Light
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EA55BD-535F-4AB4-AD80-A8CA331F4E6F}" = Windows Messenger 5.1
"{788907C5-C83B-9785-A1F0-67050017324E}" = CCC Help Spanish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DEE6BA-DE45-4CDC-A9CD-49DD10A54FDB}" = O&O DiskRecovery
"{7F5F1767-88C6-CBFC-5DD3-D853343FD5AE}" = CCC Help German
"{84DE3702-3262-BE38-27E8-5ED423D803C6}" = CCC Help Chinese Standard
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{95053B5A-42E0-830E-85BD-733FAFC28BA7}" = ccc-core-preinstall
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B40D533-4F38-893D-EE5A-17226104BBC2}" = Skins
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A08CB73B-5DEA-185D-5D98-2230004D75ED}" = CCC Help Danish
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A22D91C3-E7BD-CBEE-7CDC-DE4C42FA27B7}" = CCC Help Hungarian
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AD0DD974-ADC2-8C10-DFA6-C1203A6E5106}" = CCC Help Polish
"{B014F739-B305-5319-D996-6612BD60ED74}" = CCC Help Swedish
"{B04D7083-F906-4369-9AA5-DFCC98A05CD9}" = MAGIX Video deluxe MX Download-Version
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BFD631C4-FBB5-4AC5-B807-9137B265628C}" = MAGIX Speed burnR (MSI)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C570CAF4-D734-5412-C842-9AB150803074}" = Catalyst Control Center Core Implementation
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CA2CE23E-6751-4828-AF8B-66EA06E697F6}" = Power Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01F5B2C-2776-6C46-441C-E819C08DF4FF}" = CCC Help Turkish
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCA53F-F568-D08A-458F-F7C9769A30ED}" = CCC Help Norwegian
"{D89B70AB-CF91-36A4-8658-FACA3AF6A654}" = Catalyst Control Center Graphics Previews Common
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.364
"{DF1274DC-02D4-B2D7-6197-5D24E1EF84B1}" = CCC Help Thai
"{E000D42E-5842-20A6-EEB1-6DED8C2746C5}" = CCC Help Italian
"{E7679B31-21F5-4AAE-1620-0DFACF702325}" = Catalyst Control Center Graphics Full New
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F83491F9-7CDF-46A7-9994-9E002CE5CE75}" = CCC Help Russian
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FDE409B1-1FF3-DC39-083E-C0F4ED496D5E}" = CCC Help English
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Audio Video Suite" = Audio Video Suite 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"BankÜberweisung BeDrucker" = BankÜberweisung BeDrucker 1.0
"CanonMyPrinter" = Canon My Printer
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"FlashGet" = FlashGet 1.9.6.1073
"Free Video Converter_is1" = Free Video Converter V 3.1
"Free Video Dub_is1" = Free Video Dub version 2.0.8.504
"ie8" = Windows Internet Explorer 8
"IPaid-Surfbar" = IPaid-Surfbar
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.1.0 (Full)
"MAGIX_MSI_Videodeluxe18" = MAGIX Video deluxe MX Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mediaport" = Mediaport
"MHS Überweisung_is1" = MHS Überweisung 1.64
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MobMap_is1" = MobMap 4.31
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 2.0" = Canon MP Navigator 2.0
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Orbit_is1" = Orbit Downloader
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0
"Sweet Home 3D_is1" = Sweet Home 3D version 3.5
"TeamViewer 7" = TeamViewer 7
"Unlocker" = Unlocker 1.9.1
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
"winscp3_is1" = WinSCP 4.3.7
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.08.2012 13:00:59 | Computer Name = PRIVAT-1F20F320 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 04.08.2012 04:42:58 | Computer Name = PRIVAT-1F20F320 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 05.08.2012 04:43:11 | Computer Name = PRIVAT-1F20F320 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 05.08.2012 17:20:37 | Computer Name = PRIVAT-1F20F320 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 07.08.2012 14:08:40 | Computer Name = PRIVAT-1F20F320 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 08.08.2012 09:29:40 | Computer Name = PRIVAT-1F20F320 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 08.08.2012 16:24:12 | Computer Name = PRIVAT-1F20F320 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 08.08.2012 19:25:38 | Computer Name = PRIVAT-1F20F320 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 09.08.2012 14:24:44 | Computer Name = PRIVAT-1F20F320 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 11.08.2012 14:35:00 | Computer Name = PRIVAT-1F20F320 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
[ System Events ]
Error - 20.07.2012 16:08:06 | Computer Name = PRIVAT-1F20F320 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst Disk Utility Dienst.
Error - 21.07.2012 18:04:19 | Computer Name = PRIVAT-1F20F320 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst Disk Utility Dienst.
Error - 21.07.2012 18:29:21 | Computer Name = PRIVAT-1F20F320 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst Disk Utility Dienst.
Error - 21.07.2012 18:59:15 | Computer Name = PRIVAT-1F20F320 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst Disk Utility Dienst.
Error - 22.07.2012 11:46:22 | Computer Name = PRIVAT-1F20F320 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst Disk Utility Dienst.
Error - 27.07.2012 13:09:15 | Computer Name = PRIVAT-1F20F320 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst Disk Utility Dienst.
Error - 29.07.2012 13:56:49 | Computer Name = PRIVAT-1F20F320 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst Disk Utility Dienst.
Error - 12.08.2012 02:37:21 | Computer Name = PRIVAT-1F20F320 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst Disk Utility Dienst.
Error - 14.08.2012 10:07:44 | Computer Name = PRIVAT-1F20F320 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.101 für die Netzwerkkarte mit der Netzwerkadresse
0016E6D5623D wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-14 19:10:41
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-1f Hitachi_HDT725032VLA360 rev.V54OA52A
Running: g8223czs.exe; Driver: C:\DOKUME~1\Sinus\LOKALE~1\Temp\kfwyqaog.sys
---- System - GMER 1.0.15 ----
SSDT BA747E74 ZwClose
SSDT BA747E2E ZwCreateKey
SSDT BA747E7E ZwCreateSection
SSDT BA747E24 ZwCreateThread
SSDT BA747E33 ZwDeleteKey
SSDT BA747E3D ZwDeleteValueKey
SSDT BA747E6F ZwDuplicateObject
SSDT BA747E42 ZwLoadKey
SSDT BA747E10 ZwOpenProcess
SSDT BA747E15 ZwOpenThread
SSDT BA747E97 ZwQueryValueKey
SSDT BA747E4C ZwReplaceKey
SSDT BA747E88 ZwRequestWaitReplyPort
SSDT BA747E47 ZwRestoreKey
SSDT BA747E83 ZwSetContextThread
SSDT BA747E8D ZwSetSecurityObject
SSDT BA747E38 ZwSetValueKey
SSDT BA747E92 ZwSystemDebugControl
SSDT BA747E1F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB939F000, 0x1C5D38, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Mozilla Firefox\firefox.exe[236] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 0116B52A C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[236] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0141B6F5 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[236] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 0141B6D2 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[236] GDI32.dll!SetDIBitsToDevice + 20A 77EF9E14 7 Bytes JMP 0141B653 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
|
|
14.08.2012, 19:04
| #2 |
| /// Malware-holic   | Ordner verschwinden, Fenster schliesen sich allein usw. malwarebytes:
__________________Downloade Dir bitte Malwarebytes
öffne außerdem malwarebytes, berichte, poste alle bisher erstellten logs
__________________ |
|
14.08.2012, 20:25
| #3 |
| | Ordner verschwinden, Fenster schliesen sich allein usw. So hier der Log:
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.14.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Sinus :: PRIVAT-1F20F320 [Administrator] 14.08.2012 20:06:36 mbam-log-2012-08-14 (20-06-36).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 316321 Laufzeit: 1 Stunde(n), 7 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Programme\Audio Video Suite\Tools\MPEGMultiplexer.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Programme\Audio Video Suite\Tools\Muxen\Mplex\Mplex.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
14.08.2012, 20:27
| #4 |
| /// Malware-holic | Ordner verschwinden, Fenster schliesen sich allein usw. sind das alle mbam logs?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.08.2012, 20:36
| #5 |
| | Ordner verschwinden, Fenster schliesen sich allein usw. Ja sind alle die unter Logs angezeigt werden. |
|
14.08.2012, 20:40
| #6 | |
| /// Malware-holic | Ordner verschwinden, Fenster schliesen sich allein usw.Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Ordner verschwinden, Fenster schliesen sich allein usw. |
|
14.08.2012, 21:00
| #7 |
| | Ordner verschwinden, Fenster schliesen sich allein usw. Ok gemacht und hier ist das Ergebnis: Code:
ATTFilter ComboFix 12-08-14.05 - Sinus 14.08.2012 21:48:22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2046.1296 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Sinus\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Sinus\Anwendungsdaten\vso_ts_preview.xml
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-14 bis 2012-08-14 ))))))))))))))))))))))))))))))
.
.
2012-08-12 19:27 . 2012-08-12 19:27 -------- d-----w- c:\dokumente und einstellungen\Sinus\Lokale Einstellungen\Anwendungsdaten\IPaid
2012-08-12 19:27 . 2012-08-12 19:27 -------- d-----w- c:\programme\IPaid-Surfbar
2012-07-26 13:50 . 2012-08-04 22:14 -------- d-----w- c:\dokumente und einstellungen\Sinus\Anwendungsdaten\QuickStoresToolbar
2012-07-26 13:50 . 2012-07-26 13:50 -------- d-----w- c:\programme\Unlocker
2012-07-21 22:36 . 2005-08-03 14:05 35892 ----a-w- c:\windows\system32\SER9PL.sys
2012-07-21 22:36 . 2005-08-03 14:04 26719 ----a-w- c:\windows\system32\SERSPL.VXD
2012-07-21 22:32 . 2012-07-21 22:32 -------- d-----w- c:\programme\AviSynth 2.5
2012-07-21 22:30 . 2012-07-21 22:30 -------- d-----w- c:\programme\Technisat
2012-07-21 22:25 . 2012-07-21 23:50 -------- d-----w- c:\programme\Audio Video Suite
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 22:02 . 2012-06-29 09:56 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-04 22:02 . 2012-02-16 12:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-04 17:49 . 2012-03-20 12:18 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 11:46 . 2012-06-30 15:27 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-13 13:55 . 2008-04-14 12:00 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2012-02-14 18:36 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2012-02-14 18:36 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2012-02-14 18:36 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-08-06 18:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 18:24 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2012-02-14 18:36 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2012-02-14 18:36 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 18:24 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 18:24 23576 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2012-02-14 18:36 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2012-02-14 18:36 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2012-02-28 14:59 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2012-02-28 14:59 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2012-02-28 14:59 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2008-04-14 12:00 604160 ----a-w- c:\windows\system32\crypt32.dll
2007-03-12 16:59 . 2007-03-12 16:59 299008 ----a-w- c:\programme\navigram_register.exe
2012-07-20 06:49 . 2012-07-06 07:35 136672 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-17 20064872]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"Power Manager"="c:\programme\Gembird\Power Manager\pm.exe" [2010-12-09 10043392]
"ACPW05DE"="c:\programme\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" [2011-11-16 822384]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DBHAgent"="c:\programme\Paragon Software\Backup and Recovery 10 Suite\program\dbhagent.exe" [2010-10-12 68176]
"BCSSync"="c:\programme\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"AdobeAAMUpdater-1.0"="c:\programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"TrayServer"="c:\programme\MAGIX\Video_deluxe_MX_Download-Version\TrayServer_de.exe" [2008-08-07 90112]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\World of Warcraft\\Launcher.exe"=
"c:\\Programme\\Gembird\\Power Manager\\pm.exe"=
"c:\\Programme\\JDownloader\\jre\\bin\\javaw.exe"=
"c:\\Programme\\FlashGet\\flashget.exe"=
"c:\\Programme\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Programme\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Programme\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programme\\Orbitdownloader\\orbitnet.exe"=
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [15.02.2012 17:17 56208]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [14.02.2012 23:19 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [14.02.2012 23:19 86224]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe [24.05.2011 10:33 1840128]
R3 Disk Utility Dienst;Disk Utility Dienst;c:\programme\Paragon Software\Backup and Recovery 10 Suite\program\dbhservice.exe [12.10.2010 18:07 150096]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [14.02.2012 23:15 1691480]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe [26.04.2011 13:54 2702848]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [30.06.2012 17:27 22344]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\programme\Microsoft Office\Office14\GROOVE.EXE [12.06.2011 12:15 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [03.05.2012 13:07 113120]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [01.03.2012 20:25 18432]
S3 osppsvc;Office Software Protection Platform;c:\programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.01.2010 22:37 4640000]
S3 SwitchBoard;SwitchBoard;c:\programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe [19.02.2010 14:37 517096]
S4 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [30.06.2012 17:27 655944]
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-14 c:\windows\Tasks\AdobeAAMUpdater-1.0-PRIVAT-1F20F320-Sinus.job
- c:\programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-03-05 16:42]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1957994488-1801674531-1003Core.job
- c:\dokumente und einstellungen\Sinus\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2012-02-15 14:55]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1957994488-1801674531-1003UA.job
- c:\dokumente und einstellungen\Sinus\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2012-02-15 14:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Alles mit FlashGet laden - c:\programme\FlashGet\jc_all.htm
IE: &Download by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/204
IE: &Mit FlashGet laden - c:\programme\FlashGet\jc_link.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Do&wnload selected by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\Sinus\Anwendungsdaten\Mozilla\Firefox\Profiles\gke2ytub.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.klamm.de/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-14 21:52
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HDT725032VLA360 rev.V54OA52A -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-10
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2012-08-14 21:53:49
ComboFix-quarantined-files.txt 2012-08-14 19:53
.
Vor Suchlauf: 11 Verzeichnis(se), 117.815.173.120 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 118.961.393.664 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 471DF2C33AF2A3836B4541770AB43CFA
|
|
17.08.2012, 19:32
| #8 |
| /// Malware-holic | Ordner verschwinden, Fenster schliesen sich allein usw. nutze bitte den tdss killer, poste das log http://www.trojaner-board.de/82358-t...entfernen.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.08.2012, 20:55
| #9 |
| | Ordner verschwinden, Fenster schliesen sich allein usw. Habe ich gemacht: Log Code:
ATTFilter 21:51:07.0250 2860 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
21:51:07.0562 2860 ============================================================
21:51:07.0562 2860 Current date / time: 2012/08/17 21:51:07.0562
21:51:07.0562 2860 SystemInfo:
21:51:07.0562 2860
21:51:07.0562 2860 OS Version: 5.1.2600 ServicePack: 3.0
21:51:07.0562 2860 Product type: Workstation
21:51:07.0562 2860 ComputerName: PRIVAT-1F20F320
21:51:07.0562 2860 UserName: Sinus
21:51:07.0562 2860 Windows directory: C:\WINDOWS
21:51:07.0562 2860 System windows directory: C:\WINDOWS
21:51:07.0562 2860 Processor architecture: Intel x86
21:51:07.0562 2860 Number of processors: 2
21:51:07.0562 2860 Page size: 0x1000
21:51:07.0562 2860 Boot type: Normal boot
21:51:07.0562 2860 ============================================================
21:51:08.0828 2860 Drive \Device\Harddisk1\DR1 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:51:08.0828 2860 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:51:08.0843 2860 ============================================================
21:51:08.0843 2860 \Device\Harddisk1\DR1:
21:51:08.0843 2860 MBR partitions:
21:51:08.0843 2860 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
21:51:08.0843 2860 \Device\Harddisk0\DR0:
21:51:08.0843 2860 MBR partitions:
21:51:08.0843 2860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
21:51:08.0843 2860 ============================================================
21:51:26.0187 2860 D: <-> \Device\Harddisk0\DR0\Partition1
21:51:26.0218 2860 C: <-> \Device\Harddisk1\DR1\Partition1
21:51:26.0218 2860 ============================================================
21:51:26.0218 2860 Initialize success
21:51:26.0218 2860 ============================================================
21:52:30.0218 7168 ============================================================
21:52:30.0218 7168 Scan started
21:52:30.0218 7168 Mode: Manual;
21:52:30.0218 7168 ============================================================
21:52:48.0453 7168 ================ Scan services =============================
21:52:48.0515 7168 Abiosdsk - ok
21:52:48.0531 7168 abp480n5 - ok
21:52:48.0562 7168 [ ac407f1a62c3a300b4f2b5a9f1d55b2c ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:52:48.0562 7168 ACPI - ok
21:52:48.0578 7168 [ 9e1ca3160dafb159ca14f83b1e317f75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:52:48.0593 7168 ACPIEC - ok
21:52:48.0609 7168 adpu160m - ok
21:52:48.0640 7168 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:52:48.0671 7168 aec - ok
21:52:48.0703 7168 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:52:48.0703 7168 AFD - ok
21:52:48.0703 7168 Aha154x - ok
21:52:48.0703 7168 aic78u2 - ok
21:52:48.0718 7168 aic78xx - ok
21:52:48.0734 7168 [ 738d80cc01d7bc7584be917b7f544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:52:48.0765 7168 Alerter - ok
21:52:48.0781 7168 [ 190cd73d4984f94d823f9444980513e5 ] ALG C:\WINDOWS\System32\alg.exe
21:52:48.0781 7168 ALG - ok
21:52:48.0781 7168 AliIde - ok
21:52:48.0843 7168 [ 267fc636801edc5ab28e14036349e3be ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
21:52:48.0875 7168 Ambfilt - ok
21:52:48.0890 7168 amsint - ok
21:52:48.0953 7168 [ 466a0d95960dad3222c896d2cea99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
21:52:48.0953 7168 AntiVirSchedulerService - ok
21:52:48.0953 7168 [ a489be6bb0aa1ff406b488b60542314b ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
21:52:48.0968 7168 AntiVirService - ok
21:52:49.0093 7168 [ 44ee9285880603e2c7550541ea698d8d ] Apache2.4 C:\xampp\apache\bin\httpd.exe
21:52:49.0093 7168 Apache2.4 - ok
21:52:49.0140 7168 [ 7ef47644b74ebe721cc32211d3c35e76 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:52:49.0156 7168 Apple Mobile Device - ok
21:52:49.0171 7168 [ d45960be52c3c610d361977057f98c54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:52:49.0187 7168 AppMgmt - ok
21:52:49.0218 7168 [ b5b8a80875c1dededa8b02765642c32f ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:52:49.0250 7168 Arp1394 - ok
21:52:49.0250 7168 asc - ok
21:52:49.0250 7168 asc3350p - ok
21:52:49.0250 7168 asc3550 - ok
21:52:49.0328 7168 [ 776acefa0ca9df0faa51a5fb2f435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:52:49.0359 7168 aspnet_state - ok
21:52:49.0375 7168 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:52:49.0390 7168 AsyncMac - ok
21:52:49.0437 7168 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:52:49.0437 7168 atapi - ok
21:52:49.0437 7168 Atdisk - ok
21:52:49.0468 7168 [ 454dfdc3d40b777455846e749d3b49ff ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
21:52:49.0468 7168 Ati HotKey Poller - ok
21:52:49.0500 7168 [ ef94e95e9d5366a88275fbb15e9d6e74 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
21:52:49.0531 7168 ATI Smart - ok
21:52:49.0609 7168 [ c51608bba3248be2f6d21b132910752a ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:52:49.0671 7168 ati2mtag - ok
21:52:49.0703 7168 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:52:49.0718 7168 Atmarpc - ok
21:52:49.0750 7168 [ 58ed0d5452df7be732193e7999c6b9a4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:52:49.0750 7168 AudioSrv - ok
21:52:49.0796 7168 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:52:49.0828 7168 audstub - ok
21:52:49.0843 7168 [ d5541f0afb767e85fc412fc609d96a74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
21:52:49.0843 7168 avgntflt - ok
21:52:49.0875 7168 [ 7d967a682d4694df7fa57d63a2db01fe ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
21:52:49.0906 7168 avipbb - ok
21:52:49.0921 7168 [ 271cfd1a989209b1964e24d969552bf7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
21:52:49.0937 7168 avkmgr - ok
21:52:49.0968 7168 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:52:50.0000 7168 Beep - ok
21:52:50.0046 7168 [ d6f603772a789bb3228f310d650b8bd1 ] BITS C:\WINDOWS\system32\qmgr.dll
21:52:50.0062 7168 BITS - ok
21:52:50.0093 7168 [ db5bea73edaf19ac68b2c0fad0f92b1a ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
21:52:50.0109 7168 Bonjour Service - ok
21:52:50.0156 7168 [ b71549f23736adf83a571061c47777fd ] Browser C:\WINDOWS\System32\browser.dll
21:52:50.0156 7168 Browser - ok
21:52:50.0187 7168 catchme - ok
21:52:50.0203 7168 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:52:50.0218 7168 cbidf2k - ok
21:52:50.0234 7168 cd20xrnt - ok
21:52:50.0234 7168 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:52:50.0281 7168 Cdaudio - ok
21:52:50.0312 7168 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:52:50.0312 7168 Cdfs - ok
21:52:50.0343 7168 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:52:50.0359 7168 Cdrom - ok
21:52:50.0359 7168 Changer - ok
21:52:50.0375 7168 [ 28e3040d1f1ca2008cd6b29dfebc9a5e ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:52:50.0390 7168 CiSvc - ok
21:52:50.0406 7168 [ 778a30ed3c134eb7e406afc407e9997d ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:52:50.0421 7168 ClipSrv - ok
21:52:50.0484 7168 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:52:50.0562 7168 clr_optimization_v2.0.50727_32 - ok
21:52:50.0578 7168 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:52:50.0625 7168 clr_optimization_v4.0.30319_32 - ok
21:52:50.0625 7168 CmdIde - ok
21:52:50.0640 7168 COMSysApp - ok
21:52:50.0640 7168 Cpqarray - ok
21:52:50.0671 7168 [ 611f824e5c703a5a899f84c5f1699e4d ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:52:50.0671 7168 CryptSvc - ok
21:52:50.0671 7168 dac2w2k - ok
21:52:50.0671 7168 dac960nt - ok
21:52:50.0718 7168 [ 3127afbf2c1ed0ab14a1bbb7aaecb85b ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:52:50.0718 7168 DcomLaunch - ok
21:52:50.0734 7168 [ c29a1c9b75ba38fa37f8c44405dec360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:52:50.0734 7168 Dhcp - ok
21:52:50.0765 7168 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:52:50.0765 7168 Disk - ok
21:52:50.0796 7168 [ 4db1cfe7d412637608ee43575a6660c9 ] Disk Utility Dienst C:\Programme\Paragon Software\Backup and Recovery 10 Suite\program\dbhservice.exe
21:52:50.0796 7168 Disk Utility Dienst - ok
21:52:50.0796 7168 dmadmin - ok
21:52:50.0843 7168 [ 0dcfc8395a99fecbb1ef771cec7fe4ea ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:52:50.0859 7168 dmboot - ok
21:52:50.0875 7168 [ 53720ab12b48719d00e327da470a619a ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:52:50.0875 7168 dmio - ok
21:52:50.0890 7168 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:52:50.0890 7168 dmload - ok
21:52:50.0906 7168 [ 25c83ffbba13b554eb6d59a9b2e2ee78 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:52:50.0906 7168 dmserver - ok
21:52:50.0953 7168 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:52:50.0984 7168 DMusic - ok
21:52:51.0015 7168 [ 407f3227ac618fd1ca54b335b083de07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:52:51.0015 7168 Dnscache - ok
21:52:51.0046 7168 [ 676e36c4ff5bcea1900f44182b9723e6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:52:51.0062 7168 Dot3svc - ok
21:52:51.0062 7168 dpti2o - ok
21:52:51.0093 7168 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:52:51.0109 7168 drmkaud - ok
21:52:51.0140 7168 [ 4e4f2fddab0a0736d7671134dcce91fb ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:52:51.0156 7168 EapHost - ok
21:52:51.0156 7168 [ 877c18558d70587aa7823a1a308ac96b ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:52:51.0156 7168 ERSvc - ok
21:52:51.0203 7168 [ a3edbe9053889fb24ab22492472b39dc ] Eventlog C:\WINDOWS\system32\services.exe
21:52:51.0203 7168 Eventlog - ok
21:52:51.0250 7168 [ af4f6b5739d18ca7972ab53e091cbc74 ] EventSystem C:\WINDOWS\system32\es.dll
21:52:51.0250 7168 EventSystem - ok
21:52:51.0265 7168 Fabs - ok
21:52:51.0296 7168 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:52:51.0296 7168 Fastfat - ok
21:52:51.0328 7168 [ 2db7d303c36ddd055215052f118e8e75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:52:51.0328 7168 FastUserSwitchingCompatibility - ok
21:52:51.0343 7168 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:52:51.0375 7168 Fdc - ok
21:52:51.0515 7168 [ 7e76eed28b8b8696b7f7ed5f757aa304 ] FileZillaServer c:\xampp\FileZillaFTP\FileZillaServer.exe
21:52:51.0515 7168 FileZillaServer - ok
21:52:51.0546 7168 [ b0678a548587c5f1967b0d70bacad6c1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:52:51.0562 7168 Fips - ok
21:52:51.0718 7168 [ 5bd96d8c5411ace71a7eaacaf0ef2903 ] FirebirdServerMAGIXInstance C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe
21:52:51.0765 7168 FirebirdServerMAGIXInstance - ok
21:52:51.0812 7168 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:52:51.0828 7168 Flpydisk - ok
21:52:51.0843 7168 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:52:51.0859 7168 FltMgr - ok
21:52:51.0921 7168 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:52:51.0937 7168 FontCache3.0.0.0 - ok
21:52:51.0937 7168 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:52:51.0953 7168 Fs_Rec - ok
21:52:51.0968 7168 [ 8f1955ce42e1484714b542f341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:52:51.0968 7168 Ftdisk - ok
21:52:52.0000 7168 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:52:52.0015 7168 GEARAspiWDM - ok
21:52:52.0046 7168 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:52:52.0062 7168 Gpc - ok
21:52:52.0109 7168 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:52:52.0109 7168 HDAudBus - ok
21:52:52.0140 7168 [ cb66bf85bf599befd6c6a57c2e20357f ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:52:52.0140 7168 helpsvc - ok
21:52:52.0171 7168 [ b35da85e60c0103f2e4104532da2f12b ] HidServ C:\WINDOWS\System32\hidserv.dll
21:52:52.0171 7168 HidServ - ok
21:52:52.0218 7168 [ ccf82c5ec8a7326c3066de870c06daf1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:52:52.0234 7168 hidusb - ok
21:52:52.0265 7168 [ ed29f14101523a6e0e808107405d452c ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:52:52.0296 7168 hkmsvc - ok
21:52:52.0312 7168 [ 94ae0cebc2f2b4f9aaa124bd17cd0dc5 ] hotcore3 C:\WINDOWS\system32\DRIVERS\hotcore3.sys
21:52:52.0312 7168 hotcore3 - ok
21:52:52.0312 7168 hpn - ok
21:52:52.0343 7168 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:52:52.0343 7168 HTTP - ok
21:52:52.0375 7168 [ 9e4adb854cebcfb81a4b36718feecd16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:52:52.0390 7168 HTTPFilter - ok
21:52:52.0390 7168 i2omgmt - ok
21:52:52.0406 7168 i2omp - ok
21:52:52.0437 7168 [ e283b97cfbeb86c1d86baed5f7846a92 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
21:52:52.0453 7168 i8042prt - ok
21:52:52.0515 7168 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:52:52.0562 7168 idsvc - ok
21:52:52.0593 7168 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:52:52.0625 7168 Imapi - ok
21:52:52.0640 7168 [ d4b413aa210c21e46aedd2ba5b68d38e ] ImapiService C:\WINDOWS\system32\imapi.exe
21:52:52.0656 7168 ImapiService - ok
21:52:52.0656 7168 ini910u - ok
21:52:52.0796 7168 [ 85ab23f3e4ba6696fae8beb9d434edd6 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:52:52.0859 7168 IntcAzAudAddService - ok
21:52:52.0859 7168 IntelIde - ok
21:52:52.0890 7168 [ 4c7d2750158ed6e7ad642d97bffae351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:52:52.0890 7168 intelppm - ok
21:52:52.0921 7168 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:52:52.0937 7168 Ip6Fw - ok
21:52:52.0968 7168 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:52:52.0984 7168 IpFilterDriver - ok
21:52:52.0984 7168 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:52:53.0031 7168 IpInIp - ok
21:52:53.0046 7168 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:52:53.0046 7168 IpNat - ok
21:52:53.0093 7168 [ 57edb35ea2feca88f8b17c0c095c9a56 ] iPod Service C:\Programme\iPod\bin\iPodService.exe
21:52:53.0109 7168 iPod Service - ok
21:52:53.0125 7168 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:52:53.0156 7168 IPSec - ok
21:52:53.0171 7168 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:52:53.0203 7168 IRENUM - ok
21:52:53.0234 7168 [ 6dfb88f64135c525433e87648bda30de ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:52:53.0234 7168 isapnp - ok
21:52:53.0281 7168 [ a456937acc87bb40d7e2331f1e3a2ac5 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
21:52:53.0281 7168 JavaQuickStarterService - ok
21:52:53.0296 7168 [ 1704d8c4c8807b889e43c649b478a452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:52:53.0328 7168 Kbdclass - ok
21:52:53.0343 7168 [ b6d6c117d771c98130497265f26d1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:52:53.0406 7168 kbdhid - ok
21:52:53.0421 7168 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:52:53.0437 7168 kmixer - ok
21:52:53.0468 7168 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:52:53.0468 7168 KSecDD - ok
21:52:53.0500 7168 [ 2bbdcb79900990f0716dfcb714e72de7 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
21:52:53.0500 7168 LanmanServer - ok
21:52:53.0546 7168 [ 1869b14b06b44b44af70548e1ea3303f ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:52:53.0546 7168 lanmanworkstation - ok
21:52:53.0546 7168 lbrtfdc - ok
21:52:53.0593 7168 [ 636714b7d43c8d0c80449123fd266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:52:53.0593 7168 LmHosts - ok
21:52:53.0625 7168 [ 6dfe7f2e8e8a337263aa5c92a215f161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
21:52:53.0640 7168 MBAMProtector - ok
21:52:53.0687 7168 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
21:52:53.0718 7168 MBAMService - ok
21:52:53.0734 7168 [ b7550a7107281d170ce85524b1488c98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:52:53.0750 7168 Messenger - ok
21:52:53.0781 7168 Microsoft SharePoint Workspace Audit Service - ok
21:52:53.0796 7168 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:52:53.0828 7168 mnmdd - ok
21:52:53.0843 7168 [ c2f1d365fd96791b037ee504868065d3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:52:53.0859 7168 mnmsrvc - ok
21:52:53.0875 7168 [ 6fb74ebd4ec57a6f1781de3852cc3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:52:53.0890 7168 Modem - ok
21:52:53.0937 7168 [ c7d9f9717916b34c1b00dd4834af485c ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
21:52:53.0968 7168 Monfilt - ok
21:52:54.0000 7168 [ b24ce8005deab254c0251e15cb71d802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:52:54.0015 7168 Mouclass - ok
21:52:54.0046 7168 [ 66a6f73c74e1791464160a7065ce711a ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:52:54.0062 7168 mouhid - ok
21:52:54.0093 7168 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:52:54.0093 7168 MountMgr - ok
21:52:54.0140 7168 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
21:52:54.0156 7168 MozillaMaintenance - ok
21:52:54.0156 7168 mraid35x - ok
21:52:54.0156 7168 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:52:54.0156 7168 MRxDAV - ok
21:52:54.0203 7168 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:52:54.0203 7168 MRxSmb - ok
21:52:54.0218 7168 [ 35a031af38c55f92d28aa03ee9f12cc9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:52:54.0234 7168 MSDTC - ok
21:52:54.0265 7168 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:52:54.0265 7168 Msfs - ok
21:52:54.0265 7168 MSIServer - ok
21:52:54.0281 7168 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:52:54.0312 7168 MSKSSRV - ok
21:52:54.0312 7168 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:52:54.0328 7168 MSPCLOCK - ok
21:52:54.0343 7168 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:52:54.0359 7168 MSPQM - ok
21:52:54.0375 7168 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:52:54.0375 7168 mssmbios - ok
21:52:54.0406 7168 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:52:54.0406 7168 Mup - ok
21:52:54.0453 7168 mysql - ok
21:52:54.0484 7168 [ 46bb15ae2ac7d025d6d2567b876817bd ] napagent C:\WINDOWS\System32\qagentrt.dll
21:52:54.0500 7168 napagent - ok
21:52:54.0531 7168 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:52:54.0531 7168 NDIS - ok
21:52:54.0562 7168 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:52:54.0562 7168 NdisTapi - ok
21:52:54.0593 7168 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:52:54.0625 7168 Ndisuio - ok
21:52:54.0640 7168 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:52:54.0671 7168 NdisWan - ok
21:52:54.0703 7168 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:52:54.0703 7168 NDProxy - ok
21:52:54.0734 7168 [ 1352e1648213551923a0a822e441553c ] Netaapl C:\WINDOWS\system32\DRIVERS\netaapl.sys
21:52:54.0750 7168 Netaapl - ok
21:52:54.0765 7168 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:52:54.0765 7168 NetBIOS - ok
21:52:54.0781 7168 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:52:54.0812 7168 NetBT - ok
21:52:54.0828 7168 [ 8ace4251bffd09ce75679fe940e996cc ] NetDDE C:\WINDOWS\system32\netdde.exe
21:52:54.0859 7168 NetDDE - ok
21:52:54.0859 7168 [ 8ace4251bffd09ce75679fe940e996cc ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:52:54.0859 7168 NetDDEdsdm - ok
21:52:54.0890 7168 [ afb8261b56cba0d86aeb6df682af9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:52:54.0890 7168 Netlogon - ok
21:52:54.0906 7168 [ e6d88f1f6745bf00b57e7855a2ab696c ] Netman C:\WINDOWS\System32\netman.dll
21:52:54.0906 7168 Netman - ok
21:52:54.0953 7168 [ d34612c5d02d026535b3095d620626ae ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:52:54.0984 7168 NetTcpPortSharing - ok
21:52:55.0015 7168 [ e9e47cfb2d461fa0fc75b7a74c6383ea ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:52:55.0015 7168 NIC1394 - ok
21:52:55.0046 7168 [ f1b67b6b0751ae0e6e964b02821206a3 ] Nla C:\WINDOWS\System32\mswsock.dll
21:52:55.0046 7168 Nla - ok
21:52:55.0062 7168 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:52:55.0062 7168 Npfs - ok
21:52:55.0062 7168 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:52:55.0078 7168 Ntfs - ok
21:52:55.0078 7168 [ afb8261b56cba0d86aeb6df682af9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:52:55.0078 7168 NtLmSsp - ok
21:52:55.0093 7168 [ 56af4064996fa5bac9c449b1514b4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:52:55.0125 7168 NtmsSvc - ok
21:52:55.0140 7168 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
21:52:55.0171 7168 Null - ok
21:52:55.0203 7168 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:52:55.0218 7168 NwlnkFlt - ok
21:52:55.0234 7168 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:52:55.0234 7168 NwlnkFwd - ok
21:52:55.0234 7168 [ ca33832df41afb202ee7aeb05145922f ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:52:55.0250 7168 ohci1394 - ok
21:52:55.0312 7168 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
21:52:55.0328 7168 ose - ok
21:52:55.0468 7168 [ 358a9cca612c68eb2f07ddad4ce1d8d7 ] osppsvc C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:52:55.0781 7168 osppsvc - ok
21:52:55.0812 7168 [ f84785660305b9b903fb3bca8ba29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:52:55.0843 7168 Parport - ok
21:52:55.0875 7168 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:52:55.0875 7168 PartMgr - ok
21:52:55.0890 7168 [ c2bf987829099a3eaa2ca6a0a90ecb4f ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:52:55.0921 7168 ParVdm - ok
21:52:55.0921 7168 [ 387e8dedc343aa2d1efbc30580273acd ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:52:55.0921 7168 PCI - ok
21:52:55.0921 7168 PCIDump - ok
21:52:55.0937 7168 [ 59ba86d9a61cbcf4df8e598c331f5b82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:52:55.0937 7168 PCIIde - ok
21:52:55.0953 7168 [ a2a966b77d61847d61a3051df87c8c97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:52:55.0968 7168 Pcmcia - ok
21:52:55.0968 7168 PDCOMP - ok
21:52:55.0968 7168 PDFRAME - ok
21:52:55.0968 7168 PDRELI - ok
21:52:55.0968 7168 PDRFRAME - ok
21:52:55.0984 7168 perc2 - ok
21:52:55.0984 7168 perc2hib - ok
21:52:56.0015 7168 [ a3edbe9053889fb24ab22492472b39dc ] PlugPlay C:\WINDOWS\system32\services.exe
21:52:56.0015 7168 PlugPlay - ok
21:52:56.0015 7168 [ afb8261b56cba0d86aeb6df682af9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:52:56.0015 7168 PolicyAgent - ok
21:52:56.0031 7168 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:52:56.0062 7168 PptpMiniport - ok
21:52:56.0062 7168 [ afb8261b56cba0d86aeb6df682af9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:52:56.0062 7168 ProtectedStorage - ok
21:52:56.0109 7168 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:52:56.0171 7168 PSched - ok
21:52:56.0203 7168 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:52:56.0218 7168 Ptilink - ok
21:52:56.0218 7168 ql1080 - ok
21:52:56.0218 7168 Ql10wnt - ok
21:52:56.0234 7168 ql12160 - ok
21:52:56.0234 7168 ql1240 - ok
21:52:56.0234 7168 ql1280 - ok
21:52:56.0265 7168 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:52:56.0281 7168 RasAcd - ok
21:52:56.0296 7168 [ f5ba6caccdb66c8f048e867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:52:56.0343 7168 RasAuto - ok
21:52:56.0343 7168 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:52:56.0375 7168 Rasl2tp - ok
21:52:56.0406 7168 [ f9a7b66ea345726edb5862a46b1eccd5 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:52:56.0406 7168 RasMan - ok
21:52:56.0406 7168 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:52:56.0437 7168 RasPppoe - ok
21:52:56.0468 7168 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:52:56.0484 7168 Raspti - ok
21:52:56.0500 7168 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:52:56.0500 7168 Rdbss - ok
21:52:56.0531 7168 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:52:56.0546 7168 RDPCDD - ok
21:52:56.0578 7168 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:52:56.0609 7168 rdpdr - ok
21:52:56.0640 7168 [ 43af5212bd8fb5ba6eed9754358bd8f7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:52:56.0640 7168 RDPWD - ok
21:52:56.0656 7168 [ 263af18af0f3db99f574c95f284ccec9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:52:56.0671 7168 RDSessMgr - ok
21:52:56.0703 7168 [ ed761d453856f795a7fe056e42c36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:52:56.0718 7168 redbook - ok
21:52:56.0750 7168 [ 0e97ec96d6942ceec2d188cc2eb69a01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:52:56.0765 7168 RemoteAccess - ok
21:52:56.0796 7168 [ e4cd1f3d84e1c2ca0b8cf7501e201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:52:56.0796 7168 RemoteRegistry - ok
21:52:56.0812 7168 [ 2a02e21867497df20b8fc95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
21:52:56.0843 7168 RpcLocator - ok
21:52:56.0875 7168 [ 3127afbf2c1ed0ab14a1bbb7aaecb85b ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:52:56.0875 7168 RpcSs - ok
21:52:56.0890 7168 [ 4bdd71b4b521521499dfd14735c4f398 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:52:56.0906 7168 RSVP - ok
21:52:56.0921 7168 [ afb8261b56cba0d86aeb6df682af9785 ] SamSs C:\WINDOWS\system32\lsass.exe
21:52:56.0937 7168 SamSs - ok
21:52:56.0968 7168 [ dcec079fad95d36c8dd5cb6d779dfe32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:52:56.0984 7168 SCardSvr - ok
21:52:57.0015 7168 [ a050194a44d7fa8d7186ed2f4e8367ae ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:52:57.0031 7168 Schedule - ok
21:52:57.0046 7168 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:52:57.0078 7168 Secdrv - ok
21:52:57.0109 7168 [ bee4cfd1d48c23b44cf4b974b0b79b2b ] seclogon C:\WINDOWS\System32\seclogon.dll
21:52:57.0109 7168 seclogon - ok
21:52:57.0125 7168 [ 2aac9b6ed9eddffb721d6452e34d67e3 ] SENS C:\WINDOWS\system32\sens.dll
21:52:57.0125 7168 SENS - ok
21:52:57.0140 7168 [ 0f29512ccd6bead730039fb4bd2c85ce ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:52:57.0156 7168 serenum - ok
21:52:57.0187 7168 [ cf24eb4f0412c82bcd1f4f35a025e31d ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:52:57.0218 7168 Serial - ok
21:52:57.0265 7168 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:52:57.0312 7168 Sfloppy - ok
21:52:57.0375 7168 [ cad058d5f8b889a87ca3eb3cf624dcef ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:52:57.0375 7168 SharedAccess - ok
21:52:57.0390 7168 [ 2db7d303c36ddd055215052f118e8e75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:52:57.0390 7168 ShellHWDetection - ok
21:52:57.0390 7168 Simbad - ok
21:52:57.0390 7168 Sparrow - ok
21:52:57.0437 7168 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:52:57.0453 7168 splitter - ok
21:52:57.0500 7168 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:52:57.0500 7168 Spooler - ok
21:52:57.0531 7168 [ 50fa898f8c032796d3b1b9951bb5a90f ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:52:57.0531 7168 sr - ok
21:52:57.0562 7168 [ fe77a85495065f3ad59c5c65b6c54182 ] srservice C:\WINDOWS\system32\srsvc.dll
21:52:57.0562 7168 srservice - ok
21:52:57.0593 7168 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:52:57.0609 7168 Srv - ok
21:52:57.0640 7168 [ 4df5b05dfaec29e13e1ed6f6ee12c500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:52:57.0640 7168 SSDPSRV - ok
21:52:57.0671 7168 [ a36ee93698802cd899f98bfd553d8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
21:52:57.0703 7168 ssmdrv - ok
21:52:57.0718 7168 [ bc2c5985611c5356b24aeb370953ded9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:52:57.0734 7168 stisvc - ok
21:52:57.0765 7168 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:52:57.0781 7168 swenum - ok
21:52:57.0828 7168 [ f577910a133a592234ebaad3f3afa258 ] SwitchBoard C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe
21:52:57.0859 7168 SwitchBoard - ok
21:52:57.0890 7168 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:52:57.0906 7168 swmidi - ok
21:52:57.0906 7168 SwPrv - ok
21:52:57.0906 7168 symc810 - ok
21:52:57.0906 7168 symc8xx - ok
21:52:57.0906 7168 sym_hi - ok
21:52:57.0921 7168 sym_u3 - ok
21:52:57.0937 7168 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:52:57.0953 7168 sysaudio - ok
21:52:57.0984 7168 [ 2903fffa2523926d6219428040dce6b9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:52:58.0000 7168 SysmonLog - ok
21:52:58.0015 7168 [ 05903cac4b98908d55ea5774775b382e ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:52:58.0015 7168 TapiSrv - ok
21:52:58.0062 7168 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:52:58.0062 7168 Tcpip - ok
21:52:58.0093 7168 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:52:58.0125 7168 TDPIPE - ok
21:52:58.0140 7168 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:52:58.0156 7168 TDTCP - ok
21:52:58.0171 7168 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:52:58.0187 7168 TermDD - ok
21:52:58.0234 7168 [ b7de02c863d8f5a005a7bf375375a6a4 ] TermService C:\WINDOWS\System32\termsrv.dll
21:52:58.0250 7168 TermService - ok
21:52:58.0250 7168 [ 2db7d303c36ddd055215052f118e8e75 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:52:58.0250 7168 Themes - ok
21:52:58.0281 7168 [ 03681a1ce77f51586903869a5ab1deab ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:52:58.0296 7168 TlntSvr - ok
21:52:58.0296 7168 TosIde - ok
21:52:58.0343 7168 [ 626504572b175867f30f3215c04b3e2f ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:52:58.0343 7168 TrkWks - ok
21:52:58.0359 7168 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:52:58.0375 7168 Udfs - ok
21:52:58.0406 7168 [ 6e0623289d4a476bc4178999a1c7dcf6 ] UimBus C:\WINDOWS\system32\DRIVERS\UimBus.sys
21:52:58.0437 7168 UimBus - ok
21:52:58.0453 7168 [ a5637c7de21195b2591d28724f9cdad5 ] Uim_IM C:\WINDOWS\system32\Drivers\Uim_IM.sys
21:52:58.0484 7168 Uim_IM - ok
21:52:58.0484 7168 ultra - ok
21:52:58.0546 7168 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:52:58.0578 7168 Update - ok
21:52:58.0609 7168 [ 1dfd8975d8c89214b98d9387c1125b49 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:52:58.0625 7168 upnphost - ok
21:52:58.0656 7168 [ 9b11e6118958e63e1fef129466e2bda7 ] UPS C:\WINDOWS\System32\ups.exe
21:52:58.0687 7168 UPS - ok
21:52:58.0703 7168 [ eafe1e00739afe6c51487a050e772e17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
21:52:58.0765 7168 USBAAPL - ok
21:52:58.0765 7168 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:52:58.0781 7168 usbccgp - ok
21:52:58.0843 7168 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:52:58.0875 7168 usbehci - ok
21:52:58.0890 7168 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:52:58.0921 7168 usbhub - ok
21:52:58.0953 7168 [ a717c8721046828520c9edf31288fc00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:52:58.0968 7168 usbprint - ok
21:52:58.0984 7168 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:52:59.0000 7168 usbscan - ok
21:52:59.0031 7168 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:52:59.0046 7168 USBSTOR - ok
21:52:59.0062 7168 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:52:59.0078 7168 usbuhci - ok
21:52:59.0078 7168 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:52:59.0109 7168 VgaSave - ok
21:52:59.0109 7168 ViaIde - ok
21:52:59.0125 7168 [ a5a712f4e880874a477af790b5186e1d ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:52:59.0125 7168 VolSnap - ok
21:52:59.0156 7168 [ 68f106273be29e7b7ef8266977268e78 ] VSS C:\WINDOWS\System32\vssvc.exe
21:52:59.0156 7168 VSS - ok
21:52:59.0187 7168 [ 7b353059e665f8b7ad2bbeaef597cf45 ] W32Time C:\WINDOWS\system32\w32time.dll
21:52:59.0187 7168 W32Time - ok
21:52:59.0218 7168 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:52:59.0234 7168 Wanarp - ok
21:52:59.0265 7168 [ d918617b46457b9ac28027722e30f647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
21:52:59.0296 7168 Wdf01000 - ok
21:52:59.0296 7168 WDICA - ok
21:52:59.0343 7168 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:52:59.0390 7168 wdmaud - ok
21:52:59.0406 7168 [ 81727c9873e3905a2ffc1ebd07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:52:59.0406 7168 WebClient - ok
21:52:59.0484 7168 [ 6f3f3973d97714cc5f906a19fe883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:52:59.0484 7168 winmgmt - ok
21:52:59.0515 7168 [ c51b4a5c05a5475708e3c81c7765b71d ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:52:59.0531 7168 WmdmPmSN - ok
21:52:59.0546 7168 [ ffa4d901d46d07a5bab2d8307fbb51a6 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:52:59.0562 7168 Wmi - ok
21:52:59.0593 7168 [ 93908111ba57a6e60ec2fa2de202105c ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:52:59.0593 7168 WmiApSrv - ok
21:52:59.0656 7168 [ bf05650bb7df5e9ebdd25974e22403bb ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
21:52:59.0687 7168 WMPNetworkSvc - ok
21:52:59.0765 7168 [ dcf3e3edf5109ee8bc02fe6e1f045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:52:59.0812 7168 WPFFontCache_v0400 - ok
21:52:59.0828 7168 [ 6abe6e225adb5a751622a9cc3bc19ce8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:52:59.0843 7168 WS2IFSL - ok
21:52:59.0875 7168 [ 300b3e84faf1a5c1f791c159ba28035d ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:52:59.0875 7168 wscsvc - ok
21:52:59.0921 7168 [ 7b4fe05202aa6bf9f4dfd0e6a0d8a085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:52:59.0921 7168 wuauserv - ok
21:52:59.0937 7168 [ c4f109c005f6725162d2d12ca751e4a7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:52:59.0953 7168 WZCSVC - ok
21:53:00.0000 7168 [ 0ada34871a2e1cd2caafed1237a47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:53:00.0015 7168 xmlprov - ok
21:53:00.0062 7168 [ a5d4eae27e68625296d685a786897491 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
21:53:00.0078 7168 yukonwxp - ok
21:53:00.0078 7168 ================ Scan global ===============================
21:53:00.0093 7168 (2c60091ca5f67c3032eab3b30390c27f) C:\WINDOWS\system32\basesrv.dll
21:53:00.0140 7168 (a28ce25b59c90e12743001a1f2ae3613) C:\WINDOWS\system32\winsrv.dll
21:53:00.0140 7168 (a28ce25b59c90e12743001a1f2ae3613) C:\WINDOWS\system32\winsrv.dll
21:53:00.0187 7168 (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
21:53:00.0203 7168 [Global] - ok
21:53:00.0203 7168 ================ Scan MBR ==================================
21:53:00.0218 7168 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
21:53:00.0343 7168 \Device\Harddisk1\DR1 - ok
21:53:00.0359 7168 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
21:53:00.0359 7168 \Device\Harddisk0\DR0 - ok
21:53:00.0359 7168 ================ Scan VBR ==================================
21:53:00.0359 7168 Boot (0x1200) (f26d18773a0fcdd00c45ab12e05f6c42) \Device\Harddisk1\DR1\Partition1
21:53:00.0359 7168 \Device\Harddisk1\DR1\Partition1 - ok
21:53:00.0359 7168 Boot (0x1200) (9b962544d139f09b6e0bfd3496e5b49d) \Device\Harddisk0\DR0\Partition1
21:53:00.0359 7168 \Device\Harddisk0\DR0\Partition1 - ok
21:53:00.0359 7168 ============================================================
21:53:00.0359 7168 Scan finished
21:53:00.0359 7168 ============================================================
21:53:00.0375 7324 Detected object count: 0
21:53:00.0375 7324 Actual detected object count: 0
Mfg |
|
20.08.2012, 20:15
| #10 |
| /// Malware-holic | Ordner verschwinden, Fenster schliesen sich allein usw. sehr gut gibts momentan noch probleme? lade den CCleaner standard: CCleaner Download - CCleaner 3.21.1767 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.08.2012, 14:37
| #11 |
| | Ordner verschwinden, Fenster schliesen sich allein usw. Hallo, Bei nicht bekannt, habe ich auch Programme aufgeführt, welche ich nicht selbst installiert habe. Code:
ATTFilter benötigt: 7-Zip 9.20 15.03.2012 ACDSee Pro 5 ACD Systems International Inc. 15.02.2012 158,00MB 5.1.137 Adobe AIR Adobe Systems Inc. 05.03.2012 2.5.1.17730 Adobe Community Help Adobe Systems Incorporated. 05.03.2012 3.4.980 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 19.08.2012 11.3.300.257 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 19.08.2012 11.3.300.271 Adobe Photoshop CS5.1 Adobe Systems Incorporated 05.03.2012 12.1 Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 17.08.2012 122,00MB 10.1.4 Apple Application Support Apple Inc. 24.03.2012 62,74MB 2.1.7 Apple Mobile Device Support Apple Inc. 24.03.2012 24,39MB 5.1.1.4 Apple Software Update Apple Inc. 01.03.2012 2,38MB 2.1.3.127 ATI - Dienstprogramm zur Deinstallation der Software 14.02.2012 6.14.10.1022 ATI Catalyst Control Center 2.009.0929.2221 ATI Display Driver 14.02.2012 8.593.100.3-090929a-089304C-ATI Audio Video Suite 2.0 Lostech 22.07.2012 2.0 Avira Free Antivirus Avira 10.08.2012 12.0.0.1167 Bonjour Apple Inc. 01.03.2012 0,99MB 3.0.0.10 Canon MP Navigator 2.0 20.04.2012 Canon My Printer 28.02.2012 CCleaner Piriform 24.07.2012 3.21 ConvertXtoDVD 4.1.19.364 20.03.2012 4.1.19.364 FileZilla Client 3.5.3 FileZilla Project 16.08.2012 3.5.3 FlashGet3.7 hxxp://www.FlashGet.com 19.08.2012 3.7.0.1203 Google Chrome Google Inc. 15.02.2012 21.0.1180.79 iTunes Apple Inc. 29.05.2012 156,00MB 10.6.1.7 Java(TM) 7 Update 5 Oracle 06.07.2012 99,33MB 7.0.50 JavaFX 2.1.1 Oracle Corporation 06.07.2012 20,88MB 2.1.1 JDownloader 0.9 AppWork GmbH 15.02.2012 0.9 K-Lite Codec Pack 8.1.0 (Full) 05.03.2012 8.1.0 Malwarebytes Anti-Malware Version 1.62.0.1300 Malwarebytes Corporation 14.07.2012 1.62.0.1300 Marvell Miniport Driver Marvell 14.02.2012 1,03MB 9.12.4.3 Mediaport 22.07.2012 MobMap 4.31 Slarti on EU-Blackhand 15.02.2012 Mozilla Firefox 14.0.1 (x86 de) Mozilla 10.08.2012 14.0.1 Mozilla Maintenance Service Mozilla 21.07.2012 14.0.1 Mozilla Thunderbird 14.0 (x86 de) Mozilla 27.07.2012 14.0 Phase 5 HTML-Editor Systemberatung Schommer 16.08.2012 3,72MB 5.6.2.3 Pixum Fotobuch 21.08.2012 PL-2303 USB-to-Serial Prolific Technology INC 22.07.2012 1.6.0 Power Manager Gembird Electronics Ltd. 26.03.2012 4.0.2.1 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 14.02.2012 5.10.0.6449 Rossmann Fotowelt Software 4.12.1 ORWO Net 21.08.2012 4.12.1 StreamTransport version: 1.0.2.2171 06.07.2012 Sweet Home 3D version 3.5 eTeks 15.05.2012 TeamViewer 7 TeamViewer 26.06.2012 7.0.12979 Turbo Lister 2 eBay Inc. 14.03.2012 76,92MB 2.00.0000 Unlocker 1.9.1 Cedrick Collomb 26.07.2012 1.9.1 Paragon Backup & Recovery™ 10 Suite Paragon Software 15.02.2012 216,00MB 90.00.0003 WinRAR 4.10 (32-Bit) win.rar GmbH 15.02.2012 4.10.0 WinSCP 4.3.7 Martin Prikryl 01.04.2012 4.3.7 World of Warcraft Blizzard Entertainment 18.05.2012 4.3.4.15595 XAMPP 1.8.0 19.08.2012 nicht bekannt Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU Microsoft Corporation 14.02.2012 6,18MB 2.1.21022 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 15.06.2012 183,00MB 2.2.30729 Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU Microsoft Corporation 14.02.2012 16,81MB 3.1.21022 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 09.05.2012 236,00MB 3.2.30729 Microsoft .NET Framework 3.5 Language Pack - DEU Microsoft Corporation 14.02.2012 Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 09.05.2012 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 15.06.2012 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 14.02.2012 4.0.30319 Microsoft .NET Framework 4 Extended Microsoft Corporation 14.02.2012 4.0.30319 Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 14.02.2012 4.0.30319 Microsoft Office Professional Plus 2010 Microsoft Corporation 15.08.2012 14.0.6029.1000 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.05.2012 5,28MB 8.0.61001 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 21.08.2012 9,65MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 16.05.2012 10,28MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.05.2012 10,20MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 01.03.2012 14,97MB 10.0.40219 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 14.02.2012 2,70MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 14.02.2012 2,80MB 4.20.9876.0 MSXML 4.0 SP3 Parser Microsoft Corporation 16.05.2012 2,87MB 4.30.2100.0 MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 13.07.2012 2,99MB 4.30.2114.0 MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 17.05.2012 2,99MB 4.30.2107.0 Windows Genuine Advantage Validation Tool (KB892130) Microsoft Corporation 14.02.2012 Windows Internet Explorer 8 Microsoft Corporation 14.02.2012 20090308.140743 Windows Media Format 11 runtime 14.02.2012 Windows Media Player 11 14.02.2012 nicht benötigt Firebird SQL Server - MAGIX Edition MAGIX AG 16.05.2012 11,50MB 2.1.31.0 Windows Messenger 5.1 Microsoft Corporation 14.02.2012 5,35MB 5.1.0715 |
|
22.08.2012, 17:29
| #12 |
| /// Malware-holic | Ordner verschwinden, Fenster schliesen sich allein usw. beantworte die frage noch, tritt das problem des ausgangspostings noch auf
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.08.2012, 19:28
| #13 |
| | Ordner verschwinden, Fenster schliesen sich allein usw. Zur Zeit habe ich keine Probleme mehr wie im Ausgangspost. Zumindest habe ich keine feststellen können. Habe aber den Rechner in letzter Zeit nicht viel an gehabt, wegen dem Problem eben. Gibt es vlt. noch ein Programm das ich drüber laufen lassen kann und das prüft ob es sonst noch Probleme auf dem System gibt? Mfg |
|
22.08.2012, 21:50
| #14 |
| /// Malware-holic | Ordner verschwinden, Fenster schliesen sich allein usw. deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: TeamViewer : solche software würd ich nur bei bedarf instalieren. deinstaliere unnötige öffne ccleaner, analysieren starten öffne otl bereinigen pc startet neu testen wieer läuft.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Ordner verschwinden, Fenster schliesen sich allein usw. |
| 7-zip, adobe, antivir, avg, avira, bho, bonjour, branding, browser, canon, desktop, document, downloader, einstellungen, error, firefox, flash player, format, jdownloader, locker, logfile, mozilla, ntdll.dll, plug-in, realtek, registry, remote control, rundll, scan, security, senden, software, system, udp, windows internet |
Linear-Darstellung
