|
Log-Analyse und Auswertung: BundestrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.02.2013, 11:50 | #1 |
| Bundestrojaner Habe mir Otl runtergeladen und den Scan sowie den Fix gemacht, wie geh ich jetzt weiter vor? |
24.02.2013, 19:48 | #2 |
/// Malware-holic | Bundestrojaner hi klicke in otl auf scan und poste ds Log noch mal bitte
__________________
__________________ |
24.02.2013, 22:47 | #3 |
| BundestrojanerCode:
ATTFilter OTL logfile created on: 24.02.2013 21:08:03 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\user\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 65,13% Memory free 3,33 Gb Paging File | 2,70 Gb Available in Paging File | 81,06% Paging File free Paging file location(s): C:\pagefile.sys 1522 1522 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 80,01 Gb Total Space | 58,23 Gb Free Space | 72,77% Space Free | Partition Type: NTFS Drive D: | 69,00 Gb Total Space | 68,03 Gb Free Space | 98,60% Space Free | Partition Type: NTFS Drive G: | 7,52 Gb Total Space | 0,70 Gb Free Space | 9,36% Space Free | Partition Type: FAT32 Computer Name: NAME-FD00PZU2N3 | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\user\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe () PRC - C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe () PRC - C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe () PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) PRC - C:\Programme\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.) PRC - C:\Programme\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) PRC - C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\PSIService.exe () PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe () MOD - C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\btwicons.dll () MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll () MOD - C:\Programme\Avira\AntiVir PersonalEdition Classic\sqlite3.dll () MOD - C:\WINDOWS\system32\PSIService.exe () ========== Services (SafeList) ========== SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (RealNetworks Downloader Resolver Service) -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe () SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (AntiVirScheduler) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe () SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (RT80x86) -- C:\WINDOWS\system32\drivers\rt2860.sys (Ralink Technology, Corp.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.) DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (archlp) -- C:\WINDOWS\system32\drivers\archlp.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.) DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\..\SearchScopes\{24A62A83-6394-48FC-BF6C-EF6ABED09DC7}: "URL" = hxxp://www.zumie.com/?prt=ZUMIE152&keywords={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes\{24A62A83-6394-48FC-BF6C-EF6ABED09DC7}: "URL" = hxxp://www.zumie.com/?prt=ZUMIE152&keywords={searchTerms} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.windowsxlive.net IE - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) IE - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}&Form=IE8SRC IE - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006\..\SearchScopes\{94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E}: "URL" = hxxp://www.zumie.com/?prt=ZumFreez&keywords={searchTerms} IE - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 50970 FF - prefs.js..network.proxy.type: 4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Programme\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.08.09 10:01:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff [2009.03.28 00:47:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\html5video [2011.06.04 15:57:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programme\DivX\DivX Plus Web Player\firefox\wpa [2011.06.04 15:57:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.02.20 13:43:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.02.21 12:44:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.02.20 13:43:22 | 000,000,000 | ---D | M] [2009.05.18 06:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Extensions [2009.05.18 06:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2013.02.24 03:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\psifmf1e.default\extensions [2009.09.02 20:26:28 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\psifmf1e.default\extensions\moveplayer@movenetworks.com [2013.02.24 03:17:20 | 000,020,591 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\psifmf1e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013.02.13 04:20:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.21 12:44:29 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.02.21 12:44:28 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2009.07.25 04:23:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeploytk.dll [2013.02.20 13:43:22 | 000,153,296 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\mozilla firefox\plugins\nppl3260.dll [2013.02.15 23:11:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin.dll [2013.02.15 23:11:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin2.dll [2013.02.15 23:11:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin3.dll [2013.02.15 23:11:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin4.dll [2013.02.15 23:11:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin5.dll [2013.02.15 23:11:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin6.dll [2013.02.15 23:11:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin7.dll [2013.02.20 13:43:07 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Programme\mozilla firefox\plugins\nprpplugin.dll [2013.02.01 20:33:32 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.01 20:33:32 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2013.02.01 20:33:32 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2013.02.01 20:33:32 | 000,002,669 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\google.xml [2013.02.01 20:33:32 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.01 20:33:32 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.01 20:33:32 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\24.0.1312.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U15 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: DivX Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Programme\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Programme\Yahoo!\Common\npyaxmpb.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: DivX HiQ = C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\ CHR - Extension: Grass = C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla\1.0_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\ O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006\..\Toolbar\ShellBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [conhost] C:\Dokumente und Einstellungen\user\Anwendungsdaten\Microsoft\conhost.exe File not found O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\Rthdcpl.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006..\Run: [5863D912] C:\Dokumente und Einstellungen\user\Anwendungsdaten\Ppwmy\ffnttmkl.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006..\Run: [Agiqmo] C:\Dokumente und Einstellungen\user\Anwendungsdaten\Onco\awep.exe () O4 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006..\Run: [cnvztmkl] C:\Dokumente und Einstellungen\user\Anwendungsdaten\Ccwyy\avuggetmkl.exe () O4 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006..\Run: [Google Update] C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006..\Run: [ilkjspnm] C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\Zbshrzl\sbsshrispnm.exe () O4 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006..\Run: [KB00938642.exe] C:\Dokumente und Einstellungen\user\Anwendungsdaten\KB00938642.exe (Exiland Software) O4 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006..\Run: [MSMSGS] C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006..\Run: [Personal Desktop] C:\PROGRA~1\SA269F~1.D\PERSON~1\pdesk.exe File not found O4 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006..\Run: [Real Desktop] "C:\Programme\Real Desktop\Real Desktop.exe" File not found O4 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe" File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Launcher.lnk = C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SuperHybridEngine.lnk = C:\Programme\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.) O4 - Startup: C:\Dokumente und Einstellungen\user\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) F3 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006 WinNT: Load - (C:\DOKUME~1\user\LOKALE~1\Temp\csrss.exe) - File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CC471DC-772E-43A9-B69D-86059A69626F}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006 Winlogon: Shell - (C:\Dokumente und Einstellungen\user\Anwendungsdaten\dwm.exe) - File not found O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.02.19 22:23:28 | 000,000,000 | ---D | M] - G:\Autogenes Training -- [ FAT32 ] O33 - MountPoints2\{08a809ce-f624-11dd-a0b2-002243253210}\Shell\AutoRun\command - "" = wscript.exe open_website.vbs O33 - MountPoints2\{3e8d110a-72c4-11e2-a3d9-002243aff40f}\Shell - "" = AutoRun O33 - MountPoints2\{3e8d110a-72c4-11e2-a3d9-002243aff40f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3e8d110a-72c4-11e2-a3d9-002243aff40f}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{3fdb1364-737a-11e2-a3da-002243aff40f}\Shell - "" = AutoRun O33 - MountPoints2\{3fdb1364-737a-11e2-a3da-002243aff40f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3fdb1364-737a-11e2-a3da-002243aff40f}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{5c2904a4-5e8f-11e2-a3b3-002243aff40f}\Shell - "" = AutoRun O33 - MountPoints2\{5c2904a4-5e8f-11e2-a3b3-002243aff40f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5c2904a4-5e8f-11e2-a3b3-002243aff40f}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{710c01b0-7090-11e2-a3d4-002243aff40f}\Shell - "" = AutoRun O33 - MountPoints2\{710c01b0-7090-11e2-a3d4-002243aff40f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{710c01b0-7090-11e2-a3d4-002243aff40f}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.24 11:22:56 | 000,000,000 | ---D | C] -- C:\_OTL [2013.02.24 01:55:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Ppwmy [2013.02.22 22:19:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes [2013.02.22 22:17:57 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2013.02.22 22:17:49 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2013.02.22 22:17:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.02.22 18:04:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Seofu [2013.02.22 18:04:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Hukea [2013.02.22 18:04:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Guikab [2013.02.22 15:00:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Weas [2013.02.22 15:00:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Fiulon [2013.02.22 15:00:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Edihox [2013.02.20 23:14:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Zura [2013.02.20 23:14:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Irihku [2013.02.20 23:14:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Axhute [2013.02.20 13:44:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\RealNetworks [2013.02.20 13:43:51 | 000,000,000 | ---D | C] -- C:\Programme\RealNetworks [2013.02.20 13:43:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks [2013.02.20 13:43:33 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\xing shared [2013.02.20 13:43:22 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2013.02.20 13:43:20 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Symantec Shared [2013.02.20 13:43:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS [2013.02.20 13:43:08 | 000,000,000 | ---D | C] -- C:\Programme\Norton Security Scan [2013.02.20 13:43:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Norton Security Scan [2013.02.20 13:43:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0307020.00A [2013.02.20 13:43:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton [2013.02.20 13:43:02 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2013.02.20 13:43:01 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2013.02.20 13:43:01 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller [2013.02.20 13:43:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NortonInstaller [2013.02.20 13:42:59 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2013.02.20 13:42:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\RealNetworks [2013.02.20 13:42:41 | 000,000,000 | ---D | C] -- C:\Programme\Real [2013.02.20 13:41:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Real [2013.02.20 13:41:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Real [2013.02.20 13:40:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real [2013.02.15 23:11:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime [2013.02.15 23:10:53 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2013.02.14 00:25:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Valentinstag sonder Mp3 [2013.02.14 00:24:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\14.2 [2013.02.13 10:21:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Viufka [2013.02.13 10:21:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Puyhv [2013.02.13 10:21:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Fynen [2013.02.13 04:21:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla [2013.02.13 04:21:39 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2013.02.11 23:11:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\11.2 [2013.02.11 17:58:14 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\4518C85B [2013.02.11 17:57:10 | 000,098,205 | ---- | C] (Exiland Software) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\KB00938642.exe [2013.02.11 17:46:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Ufdu [2013.02.11 17:46:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Onco [2013.02.11 17:46:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Iqzada [2013.02.10 13:07:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ALDITALKVerbindungsassistent [2013.02.10 13:07:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ALDI TALK Verbindungsassistent [2013.02.10 13:07:18 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll [2013.02.10 13:07:18 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WdfCoInstaller01007.dll [2013.02.10 13:07:18 | 000,860,928 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys [2013.02.10 13:07:18 | 000,051,456 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys [2013.02.10 13:07:18 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccid.sys [2013.02.10 13:07:18 | 000,026,496 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys [2013.02.10 13:07:18 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys [2013.02.10 13:07:17 | 000,117,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys [2013.02.10 13:07:17 | 000,106,496 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys [2013.02.10 13:07:17 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys [2013.02.10 13:07:17 | 000,082,816 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys [2013.02.10 13:07:17 | 000,072,576 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys [2013.02.10 13:07:17 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys [2013.02.10 13:07:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\ALDITALKVerbindungsassistent [2013.02.10 13:06:56 | 000,000,000 | ---D | C] -- C:\Programme\ALDITALKVerbindungsassistent [2013.02.06 20:59:20 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Yywyp [2013.02.06 20:48:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Ccwyy [2013.02.06 20:05:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Temp [2013.02.05 23:12:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\5.2 [2013.02.04 22:34:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\4.2 [2010.07.10 19:31:14 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Programme\U1 Setup.exe [2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.24 18:30:00 | 000,001,206 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3444825471-2230824147-3614265266-1006UA.job [2013.02.24 11:45:54 | 000,098,205 | ---- | M] (Exiland Software) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\KB00938642.exe [2013.02.24 02:52:37 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3444825471-2230824147-3614265266-1006.job [2013.02.24 02:52:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.02.24 01:55:11 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3444825471-2230824147-3614265266-1006.job [2013.02.22 22:19:05 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2013.02.22 19:16:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013.02.22 16:35:00 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3444825471-2230824147-3614265266-1006Core.job [2013.02.20 13:44:04 | 000,000,999 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RealPlayer.lnk [2013.02.20 13:43:22 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2013.02.20 13:43:20 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for user.job [2013.02.20 13:43:14 | 000,000,951 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton Security Scan.lnk [2013.02.20 13:43:02 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2013.02.20 13:43:01 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2013.02.20 13:42:59 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2013.02.18 08:37:01 | 000,013,247 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\view_pix.aspx [2013.02.18 08:36:29 | 000,013,247 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\saarstr.16-18.aspx [2013.02.15 23:11:18 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2013.02.13 04:21:42 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2013.02.10 13:07:28 | 000,001,862 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ALDI TALK Verbindungsassistent.lnk [2013.02.10 13:07:11 | 000,001,899 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Launcher.lnk [2013.02.10 13:07:06 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll [2013.02.10 13:07:06 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WdfCoInstaller01007.dll [2013.02.10 13:07:06 | 000,860,928 | ---- | M] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys [2013.02.10 13:07:06 | 000,082,816 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys [2013.02.10 13:07:06 | 000,051,456 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys [2013.02.10 13:07:06 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccid.sys [2013.02.10 13:07:06 | 000,026,496 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys [2013.02.10 13:07:06 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys [2013.02.10 13:07:05 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys [2013.02.10 13:07:05 | 000,106,496 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys [2013.02.10 13:07:05 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys [2013.02.10 13:07:05 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys [2013.02.10 13:07:05 | 000,024,448 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys [2013.02.07 09:00:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\rpc.job [2013.02.06 20:37:33 | 000,002,357 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\Google Chrome.lnk [2013.02.05 22:34:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.31 16:23:00 | 000,459,844 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.01.31 16:23:00 | 000,441,906 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.01.31 16:23:00 | 000,085,170 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.01.31 16:23:00 | 000,071,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.22 22:19:05 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2013.02.20 22:59:33 | 000,000,268 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3444825471-2230824147-3614265266-1006.job [2013.02.20 13:44:38 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3444825471-2230824147-3614265266-1006.job [2013.02.20 13:44:04 | 000,000,999 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RealPlayer.lnk [2013.02.20 13:43:20 | 000,000,430 | -H-- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for user.job [2013.02.20 13:43:14 | 000,000,951 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton Security Scan.lnk [2013.02.20 13:43:08 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0307020.00A\isolate.ini [2013.02.18 08:37:01 | 000,013,247 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\view_pix.aspx [2013.02.18 08:36:28 | 000,013,247 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\saarstr.16-18.aspx [2013.02.15 23:11:18 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2013.02.13 04:21:42 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2013.02.13 04:21:42 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2013.02.10 13:07:28 | 000,001,862 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ALDI TALK Verbindungsassistent.lnk [2013.02.10 13:07:11 | 000,001,899 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Launcher.lnk [2012.03.16 16:54:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.05.20 21:23:55 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\moveex.exe [2011.04.18 07:45:16 | 000,000,216 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2011.03.23 07:46:03 | 000,011,862 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\4F46.7B5 [2010.02.07 18:08:30 | 000,366,212 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\mdbu.bin [2008.10.20 15:38:45 | 000,044,544 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.13 23:32:56 | 000,000,960 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\wklnhst.dat [2008.10.13 21:07:37 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2010.07.10 18:59:50 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2011.12.19 09:53:33 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.02.22 22:18:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2009.11.21 11:51:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Aldi Sued Fotoservice [2008.10.14 00:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ECAP [2009.12.04 16:50:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2010.09.01 15:12:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhotoStitch [2009.02.20 22:27:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2008.10.23 21:57:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winferno [2009.03.17 21:30:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2010.06.22 06:42:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.09.23 11:09:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009.04.10 10:46:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2013.02.10 13:07:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\ALDITALKVerbindungsassistent [2013.02.24 13:43:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\4518C85B [2008.10.26 21:26:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\AD ON Multimedia [2013.02.11 17:22:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ALDITALKVerbindungsassistent [2013.02.20 23:14:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Axhute [2009.06.23 15:59:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Canon [2013.02.06 20:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Ccwyy [2011.06.04 15:58:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\DDMSettings [2013.02.22 15:00:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Edihox [2013.02.22 15:00:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Fiulon [2013.02.13 10:21:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Fynen [2013.02.22 18:04:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Guikab [2013.02.22 18:04:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Hukea [2008.10.17 02:08:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\InterVideo [2013.02.11 17:46:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Iqzada [2013.02.20 23:14:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Irihku [2009.11.21 11:51:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\MAGIX [2013.02.11 17:46:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Onco [2008.10.26 14:11:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Personal Desktop [2013.02.24 01:55:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Ppwmy [2013.02.13 10:21:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Puyhv [2011.06.29 21:18:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\SaalDesignSoftware [2013.02.22 18:04:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Seofu [2009.03.07 19:51:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\StarOffice8 [2009.03.07 22:18:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Styler [2008.10.18 10:10:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\T-Online [2013.02.06 20:05:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Temp [2008.10.13 23:32:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Template [2013.02.24 21:03:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Ufdu [2009.02.20 16:56:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Ulead Systems [2013.02.13 10:21:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Viufka [2013.02.22 15:00:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Weas [2013.02.06 20:59:20 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Yywyp [2013.02.20 23:14:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Zura ========== Purity Check ========== < End of report > |
25.02.2013, 18:04 | #4 |
/// Malware-holic | Bundestrojaner Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL O4 - HKLM..\Run: [conhost] C:\Dokumente und Einstellungen\user\Anwendungsdaten\Microsoft\conhost.exe File not found O4 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006..\Run: [Agiqmo] C:\Dokumente und Einstellungen\user\Anwendungsdaten\Onco\awep.exe () O4 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006..\Run: [cnvztmkl] C:\Dokumente und Einstellungen\user\Anwendungsdaten\Ccwyy\avuggetmkl.exe () O4 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006..\Run: [ilkjspnm] C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\Zbshrzl\sbsshrispnm.exe () O4 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006..\Run: [KB00938642.exe] C:\Dokumente und Einstellungen\user\Anwendungsdaten\KB00938642.exe (Exiland Software) O4 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006..\Run: [Personal Desktop] C:\PROGRA~1\SA269F~1.D\PERSON~1\pdesk.exe File not found O4 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006..\Run: [Real Desktop] "C:\Programme\Real Desktop\Real Desktop.exe" File not found O4 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe" File not found F3 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006 WinNT: Load - (C:\DOKUME~1\user\LOKALE~1\Temp\csrss.exe) - File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O20 - HKU\S-1-5-21-3444825471-2230824147-3614265266-1006 Winlogon: Shell - (C:\Dokumente und Einstellungen\user\Anwendungsdaten\dwm.exe) - File not found O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found [2013.02.22 18:04:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Seofu [2013.02.22 18:04:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Hukea [2013.02.22 18:04:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Guikab [2013.02.22 15:00:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Weas [2013.02.22 15:00:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Fiulon [2013.02.22 15:00:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Edihox [2013.02.20 23:14:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Zura [2013.02.20 23:14:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Irihku [2013.02.20 23:14:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Axhute :files C:\Dokumente und Einstellungen\user\Anwendungsdaten\Onco C:\Dokumente und Einstellungen\user\Anwendungsdaten\Ccwyy C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\Zbshrzl :Commands [emptytemp]
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
25.02.2013, 22:34 | #5 |
| Bundestrojaner Hey Markus, hier das Textdokument Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\conhost not found. Registry value HKEY_USERS\S-1-5-21-3444825471-2230824147-3614265266-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Agiqmo not found. File C:\Dokumente und Einstellungen\user\Anwendungsdaten\Onco\awep.exe not found. Registry value HKEY_USERS\S-1-5-21-3444825471-2230824147-3614265266-1006\Software\Microsoft\Windows\CurrentVersion\Run\\cnvztmkl deleted successfully. C:\Dokumente und Einstellungen\user\Anwendungsdaten\Ccwyy\avuggetmkl.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-3444825471-2230824147-3614265266-1006\Software\Microsoft\Windows\CurrentVersion\Run\\ilkjspnm not found. File C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\Zbshrzl\sbsshrispnm.exe not found. Registry value HKEY_USERS\S-1-5-21-3444825471-2230824147-3614265266-1006\Software\Microsoft\Windows\CurrentVersion\Run\\KB00938642.exe not found. File C:\Dokumente und Einstellungen\user\Anwendungsdaten\KB00938642.exe (Exiland not found. Registry value HKEY_USERS\S-1-5-21-3444825471-2230824147-3614265266-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Personal Desktop deleted successfully. Registry value HKEY_USERS\S-1-5-21-3444825471-2230824147-3614265266-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Real Desktop deleted successfully. Registry value HKEY_USERS\S-1-5-21-3444825471-2230824147-3614265266-1006\Software\Microsoft\Windows\CurrentVersion\Run\\RocketDock deleted successfully. Registry value HKEY_USERS\S-1-5-21-3444825471-2230824147-3614265266-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegedit not found. Registry value HKEY_USERS\S-1-5-21-3444825471-2230824147-3614265266-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully. Registry value HKEY_USERS\S-1-5-21-3444825471-2230824147-3614265266-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegedit not found. Registry value HKEY_USERS\S-1-5-21-3444825471-2230824147-3614265266-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully. Registry value HKEY_USERS\S-1-5-21-3444825471-2230824147-3614265266-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\ deleted successfully. C:\Dokumente und Einstellungen\user\Anwendungsdaten\Seofu folder moved successfully. C:\Dokumente und Einstellungen\user\Anwendungsdaten\Hukea folder moved successfully. C:\Dokumente und Einstellungen\user\Anwendungsdaten\Guikab folder moved successfully. C:\Dokumente und Einstellungen\user\Anwendungsdaten\Weas folder moved successfully. C:\Dokumente und Einstellungen\user\Anwendungsdaten\Fiulon folder moved successfully. C:\Dokumente und Einstellungen\user\Anwendungsdaten\Edihox folder moved successfully. C:\Dokumente und Einstellungen\user\Anwendungsdaten\Zura folder moved successfully. C:\Dokumente und Einstellungen\user\Anwendungsdaten\Irihku folder moved successfully. C:\Dokumente und Einstellungen\user\Anwendungsdaten\Axhute folder moved successfully. ========== FILES ========== C:\Dokumente und Einstellungen\user\Anwendungsdaten\Onco folder moved successfully. C:\Dokumente und Einstellungen\user\Anwendungsdaten\Ccwyy folder moved successfully. C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\Zbshrzl folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 56468 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 32969 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 120330117 bytes User: user ->Temp folder emptied: 988740289 bytes ->Temporary Internet Files folder emptied: 402564916 bytes ->Java cache emptied: 67252614 bytes ->FireFox cache emptied: 55948828 bytes ->Google Chrome cache emptied: 318749883 bytes ->Apple Safari cache emptied: 13829120 bytes ->Flash cache emptied: 56473 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 13186577 bytes RecycleBin emptied: 2121101036 bytes Total Files Cleaned = 3.912,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02252013_221544 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
25.02.2013, 22:40 | #6 |
/// Malware-holic | Bundestrojaner Danke. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Bundestrojaner |
25.02.2013, 22:47 | #7 |
| Bundestrojaner Keine infizierten Objekte gefunden, hier der logfile Code:
ATTFilter 22:46:30.0515 2364 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 22:46:30.0859 2364 ============================================================ 22:46:30.0859 2364 Current date / time: 2013/02/25 22:46:30.0859 22:46:30.0859 2364 SystemInfo: 22:46:30.0859 2364 22:46:30.0859 2364 OS Version: 5.1.2600 ServicePack: 3.0 22:46:30.0859 2364 Product type: Workstation 22:46:30.0859 2364 ComputerName: NAME-FD00PZU2N3 22:46:30.0859 2364 UserName: user 22:46:30.0859 2364 Windows directory: C:\WINDOWS 22:46:30.0859 2364 System windows directory: C:\WINDOWS 22:46:30.0859 2364 Processor architecture: Intel x86 22:46:30.0859 2364 Number of processors: 2 22:46:30.0859 2364 Page size: 0x1000 22:46:30.0859 2364 Boot type: Normal boot 22:46:30.0859 2364 ============================================================ 22:46:32.0906 2364 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 22:46:32.0906 2364 ============================================================ 22:46:32.0906 2364 \Device\Harddisk0\DR0: 22:46:32.0906 2364 MBR partitions: 22:46:32.0906 2364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA00684E 22:46:32.0906 2364 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA00688D, BlocksNum 0x89FE86F 22:46:32.0906 2364 ============================================================ 22:46:32.0937 2364 C: <-> \Device\Harddisk0\DR0\Partition1 22:46:32.0968 2364 D: <-> \Device\Harddisk0\DR0\Partition2 22:46:32.0968 2364 ============================================================ 22:46:32.0968 2364 Initialize success 22:46:32.0968 2364 ============================================================ 22:46:42.0140 2824 ============================================================ 22:46:42.0140 2824 Scan started 22:46:42.0140 2824 Mode: Manual; 22:46:42.0140 2824 ============================================================ 22:46:43.0296 2824 ================ Scan system memory ======================== 22:46:43.0296 2824 System memory - ok 22:46:43.0312 2824 ================ Scan services ============================= 22:46:43.0468 2824 Abiosdsk - ok 22:46:43.0500 2824 abp480n5 - ok 22:46:43.0625 2824 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe 22:46:43.0640 2824 ACDaemon - ok 22:46:43.0687 2824 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 22:46:43.0703 2824 ACPI - ok 22:46:43.0734 2824 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 22:46:43.0734 2824 ACPIEC - ok 22:46:43.0750 2824 adpu160m - ok 22:46:43.0843 2824 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 22:46:43.0843 2824 aec - ok 22:46:43.0906 2824 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys 22:46:43.0906 2824 Afc - ok 22:46:43.0953 2824 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 22:46:43.0953 2824 AFD - ok 22:46:43.0984 2824 Aha154x - ok 22:46:44.0000 2824 aic78u2 - ok 22:46:44.0015 2824 aic78xx - ok 22:46:44.0109 2824 [ 7067AC22EB74C2E3D4C950050CBB1AC0 ] ALDITALKVerbindungsassistent_Service C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe 22:46:44.0140 2824 ALDITALKVerbindungsassistent_Service - ok 22:46:44.0187 2824 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll 22:46:44.0187 2824 Alerter - ok 22:46:44.0250 2824 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe 22:46:44.0250 2824 ALG - ok 22:46:44.0265 2824 AliIde - ok 22:46:44.0281 2824 amsint - ok 22:46:44.0375 2824 [ D6C8942BEA3698A2E7559BD423BFA5D7 ] AntiVirScheduler C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe 22:46:44.0375 2824 AntiVirScheduler - ok 22:46:44.0406 2824 [ 335A142923FE7F97E8C8388ACD067568 ] AntiVirService C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe 22:46:44.0421 2824 AntiVirService - ok 22:46:44.0484 2824 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe 22:46:44.0484 2824 Apple Mobile Device - ok 22:46:44.0500 2824 AppMgmt - ok 22:46:44.0562 2824 [ 57C1ACB60AA2AEE0D61FAC52E9DD6D9F ] archlp C:\WINDOWS\system32\drivers\archlp.sys 22:46:44.0562 2824 archlp - ok 22:46:44.0578 2824 asc - ok 22:46:44.0609 2824 asc3350p - ok 22:46:44.0640 2824 asc3550 - ok 22:46:44.0750 2824 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 22:46:44.0796 2824 aspnet_state - ok 22:46:44.0843 2824 [ 784FCB197F9A50A419D8CE4980655AE4 ] AsusACPI C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys 22:46:44.0843 2824 AsusACPI - ok 22:46:44.0890 2824 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 22:46:44.0921 2824 AsyncMac - ok 22:46:44.0953 2824 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 22:46:44.0953 2824 atapi - ok 22:46:44.0968 2824 Atdisk - ok 22:46:45.0031 2824 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 22:46:45.0031 2824 Atmarpc - ok 22:46:45.0078 2824 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 22:46:45.0078 2824 AudioSrv - ok 22:46:45.0156 2824 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 22:46:45.0156 2824 audstub - ok 22:46:45.0171 2824 [ 87828ECD657F81503465AC705E845076 ] avgio C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys 22:46:45.0171 2824 avgio - ok 22:46:45.0203 2824 [ FCB30820BED1D3FEB55E3DD55A3F947F ] avgntflt C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys 22:46:45.0203 2824 avgntflt - ok 22:46:45.0281 2824 [ 0B09DF022250FB7BA91FB932EAC6EA9B ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys 22:46:45.0281 2824 avipbb - ok 22:46:45.0328 2824 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 22:46:45.0328 2824 Beep - ok 22:46:45.0406 2824 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll 22:46:45.0500 2824 BITS - ok 22:46:45.0593 2824 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe 22:46:45.0609 2824 Bonjour Service - ok 22:46:45.0671 2824 [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser C:\WINDOWS\System32\browser.dll 22:46:45.0671 2824 Browser - ok 22:46:45.0750 2824 [ FABA1418646A2B433C0BDED6FF92D2FA ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys 22:46:45.0765 2824 btaudio - ok 22:46:45.0812 2824 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys 22:46:45.0828 2824 BTDriver - ok 22:46:45.0937 2824 [ AEF038061BC1CAFB4865D43A85BEB1A1 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys 22:46:45.0968 2824 BTKRNL - ok 22:46:46.0062 2824 [ F20629FF9ED48EFA98FDC5D99919E8C0 ] btwdins C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe 22:46:46.0093 2824 btwdins - ok 22:46:46.0125 2824 [ 80F61DE965C116051614AC2F04222FF7 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys 22:46:46.0140 2824 BTWDNDIS - ok 22:46:46.0171 2824 [ 949ECA9C56F657C06D3166D51F3226C7 ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys 22:46:46.0187 2824 btwhid - ok 22:46:46.0218 2824 [ 179A37C86FD2B9CC28EB93D093D394C7 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys 22:46:46.0218 2824 BTWUSB - ok 22:46:46.0281 2824 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 22:46:46.0281 2824 cbidf2k - ok 22:46:46.0328 2824 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 22:46:46.0328 2824 CCDECODE - ok 22:46:46.0343 2824 cd20xrnt - ok 22:46:46.0390 2824 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 22:46:46.0390 2824 Cdaudio - ok 22:46:46.0453 2824 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 22:46:46.0453 2824 Cdfs - ok 22:46:46.0500 2824 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 22:46:46.0515 2824 Cdrom - ok 22:46:46.0531 2824 Changer - ok 22:46:46.0562 2824 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe 22:46:46.0578 2824 CiSvc - ok 22:46:46.0625 2824 [ AA29A9B4B06FBEBC5918D697A97A8AC6 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 22:46:46.0640 2824 ClipSrv - ok 22:46:46.0671 2824 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:46:46.0765 2824 clr_optimization_v2.0.50727_32 - ok 22:46:46.0812 2824 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 22:46:46.0812 2824 CmBatt - ok 22:46:46.0828 2824 CmdIde - ok 22:46:46.0859 2824 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 22:46:46.0859 2824 Compbatt - ok 22:46:46.0906 2824 COMSysApp - ok 22:46:46.0937 2824 Cpqarray - ok 22:46:47.0000 2824 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 22:46:47.0000 2824 CryptSvc - ok 22:46:47.0015 2824 dac2w2k - ok 22:46:47.0031 2824 dac960nt - ok 22:46:47.0093 2824 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 22:46:47.0125 2824 DcomLaunch - ok 22:46:47.0171 2824 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 22:46:47.0171 2824 Dhcp - ok 22:46:47.0234 2824 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 22:46:47.0234 2824 Disk - ok 22:46:47.0265 2824 dmadmin - ok 22:46:47.0328 2824 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 22:46:47.0375 2824 dmboot - ok 22:46:47.0437 2824 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys 22:46:47.0453 2824 dmio - ok 22:46:47.0484 2824 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 22:46:47.0484 2824 dmload - ok 22:46:47.0515 2824 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll 22:46:47.0531 2824 dmserver - ok 22:46:47.0562 2824 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 22:46:47.0562 2824 DMusic - ok 22:46:47.0609 2824 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 22:46:47.0609 2824 Dnscache - ok 22:46:47.0671 2824 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 22:46:47.0671 2824 Dot3svc - ok 22:46:47.0703 2824 dpti2o - ok 22:46:47.0734 2824 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 22:46:47.0750 2824 drmkaud - ok 22:46:47.0781 2824 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll 22:46:47.0812 2824 EapHost - ok 22:46:47.0828 2824 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll 22:46:47.0828 2824 ERSvc - ok 22:46:47.0890 2824 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe 22:46:47.0906 2824 Eventlog - ok 22:46:47.0953 2824 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll 22:46:47.0953 2824 EventSystem - ok 22:46:48.0031 2824 [ A52794C010C6DF5B4BC70C4AB5E04088 ] ewusbnet C:\WINDOWS\system32\DRIVERS\ewusbnet.sys 22:46:48.0031 2824 ewusbnet - ok 22:46:48.0093 2824 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys 22:46:48.0093 2824 ew_hwusbdev - ok 22:46:48.0140 2824 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 22:46:48.0140 2824 Fastfat - ok 22:46:48.0203 2824 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 22:46:48.0203 2824 FastUserSwitchingCompatibility - ok 22:46:48.0296 2824 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 22:46:48.0296 2824 Fdc - ok 22:46:48.0343 2824 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 22:46:48.0343 2824 Fips - ok 22:46:48.0375 2824 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 22:46:48.0375 2824 Flpydisk - ok 22:46:48.0453 2824 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys 22:46:48.0453 2824 FltMgr - ok 22:46:48.0515 2824 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 22:46:48.0515 2824 FontCache3.0.0.0 - ok 22:46:48.0578 2824 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 22:46:48.0578 2824 Fs_Rec - ok 22:46:48.0625 2824 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 22:46:48.0625 2824 Ftdisk - ok 22:46:48.0687 2824 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 22:46:48.0687 2824 GEARAspiWDM - ok 22:46:48.0734 2824 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 22:46:48.0734 2824 Gpc - ok 22:46:48.0796 2824 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 22:46:48.0812 2824 HDAudBus - ok 22:46:48.0890 2824 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 22:46:48.0906 2824 helpsvc - ok 22:46:48.0968 2824 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll 22:46:48.0968 2824 HidServ - ok 22:46:49.0000 2824 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 22:46:49.0000 2824 HidUsb - ok 22:46:49.0046 2824 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 22:46:49.0062 2824 hkmsvc - ok 22:46:49.0078 2824 hpn - ok 22:46:49.0140 2824 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 22:46:49.0140 2824 HTTP - ok 22:46:49.0187 2824 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 22:46:49.0203 2824 HTTPFilter - ok 22:46:49.0234 2824 [ 1F40368DC40B17DE3FA0FBE8A9D82F9E ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys 22:46:49.0234 2824 hwdatacard - ok 22:46:49.0250 2824 i2omgmt - ok 22:46:49.0281 2824 i2omp - ok 22:46:49.0343 2824 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 22:46:49.0359 2824 i8042prt - ok 22:46:49.0703 2824 [ 0F68E2EC713F132FFB19E45415B09679 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 22:46:49.0921 2824 ialm - ok 22:46:50.0000 2824 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 22:46:50.0031 2824 idsvc - ok 22:46:50.0062 2824 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 22:46:50.0078 2824 Imapi - ok 22:46:50.0109 2824 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe 22:46:50.0125 2824 ImapiService - ok 22:46:50.0171 2824 ini910u - ok 22:46:50.0437 2824 [ 47C79F7E330CBB829934D00F64D55FC9 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys 22:46:50.0515 2824 IntcAzAudAddService - ok 22:46:50.0546 2824 IntelIde - ok 22:46:50.0609 2824 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 22:46:50.0609 2824 intelppm - ok 22:46:50.0656 2824 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 22:46:50.0656 2824 Ip6Fw - ok 22:46:50.0671 2824 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 22:46:50.0671 2824 IpFilterDriver - ok 22:46:50.0687 2824 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 22:46:50.0687 2824 IpInIp - ok 22:46:50.0734 2824 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 22:46:50.0734 2824 IpNat - ok 22:46:50.0796 2824 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Programme\iPod\bin\iPodService.exe 22:46:50.0812 2824 iPod Service - ok 22:46:50.0875 2824 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 22:46:50.0875 2824 IPSec - ok 22:46:50.0906 2824 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 22:46:50.0906 2824 IRENUM - ok 22:46:50.0953 2824 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 22:46:50.0953 2824 isapnp - ok 22:46:51.0015 2824 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe 22:46:51.0015 2824 IviRegMgr - ok 22:46:51.0125 2824 [ 112325F53AB720CA77825726D427FBDC ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe 22:46:51.0125 2824 JavaQuickStarterService - ok 22:46:51.0187 2824 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 22:46:51.0187 2824 Kbdclass - ok 22:46:51.0218 2824 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 22:46:51.0218 2824 kmixer - ok 22:46:51.0265 2824 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 22:46:51.0296 2824 KSecDD - ok 22:46:51.0312 2824 [ 9EA9D6BA04629CB14260F46FF8BBD65A ] Ktp C:\WINDOWS\system32\DRIVERS\ETD.sys 22:46:51.0312 2824 Ktp - ok 22:46:51.0343 2824 [ 303627228DD739D98289679901A38C8F ] L1e C:\WINDOWS\system32\DRIVERS\l1e51x86.sys 22:46:51.0343 2824 L1e - ok 22:46:51.0406 2824 [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll 22:46:51.0406 2824 LanmanServer - ok 22:46:51.0453 2824 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 22:46:51.0500 2824 lanmanworkstation - ok 22:46:51.0515 2824 lbrtfdc - ok 22:46:51.0578 2824 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 22:46:51.0578 2824 LmHosts - ok 22:46:51.0609 2824 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys 22:46:51.0609 2824 MBAMProtector - ok 22:46:51.0671 2824 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe 22:46:51.0687 2824 MBAMScheduler - ok 22:46:51.0765 2824 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe 22:46:51.0796 2824 MBAMService - ok 22:46:51.0828 2824 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll 22:46:51.0859 2824 Messenger - ok 22:46:51.0890 2824 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 22:46:51.0890 2824 mnmdd - ok 22:46:51.0921 2824 [ 0F668A65FDE565D0C040FAB3B5B6CAB6 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 22:46:51.0937 2824 mnmsrvc - ok 22:46:51.0968 2824 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 22:46:51.0968 2824 Modem - ok 22:46:52.0000 2824 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 22:46:52.0031 2824 Mouclass - ok 22:46:52.0046 2824 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 22:46:52.0046 2824 mouhid - ok 22:46:52.0093 2824 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 22:46:52.0093 2824 MountMgr - ok 22:46:52.0140 2824 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 22:46:52.0156 2824 MozillaMaintenance - ok 22:46:52.0171 2824 mraid35x - ok 22:46:52.0203 2824 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 22:46:52.0234 2824 MRxDAV - ok 22:46:52.0281 2824 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 22:46:52.0328 2824 MRxSmb - ok 22:46:52.0359 2824 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe 22:46:52.0375 2824 MSDTC - ok 22:46:52.0437 2824 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 22:46:52.0437 2824 Msfs - ok 22:46:52.0453 2824 MSIServer - ok 22:46:52.0484 2824 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 22:46:52.0484 2824 MSKSSRV - ok 22:46:52.0531 2824 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 22:46:52.0531 2824 MSPCLOCK - ok 22:46:52.0562 2824 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 22:46:52.0562 2824 MSPQM - ok 22:46:52.0609 2824 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 22:46:52.0609 2824 mssmbios - ok 22:46:52.0656 2824 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 22:46:52.0656 2824 MSTEE - ok 22:46:52.0703 2824 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 22:46:52.0718 2824 Mup - ok 22:46:52.0765 2824 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 22:46:52.0765 2824 NABTSFEC - ok 22:46:52.0953 2824 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll 22:46:53.0078 2824 napagent - ok 22:46:53.0140 2824 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 22:46:53.0140 2824 NDIS - ok 22:46:53.0171 2824 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 22:46:53.0171 2824 NdisIP - ok 22:46:53.0218 2824 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 22:46:53.0218 2824 NdisTapi - ok 22:46:53.0265 2824 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 22:46:53.0265 2824 Ndisuio - ok 22:46:53.0281 2824 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 22:46:53.0296 2824 NdisWan - ok 22:46:53.0359 2824 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 22:46:53.0359 2824 NDProxy - ok 22:46:53.0421 2824 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\WINDOWS\system32\DRIVERS\netaapl.sys 22:46:53.0421 2824 Netaapl - ok 22:46:53.0468 2824 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 22:46:53.0468 2824 NetBIOS - ok 22:46:53.0515 2824 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 22:46:53.0531 2824 NetBT - ok 22:46:53.0562 2824 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe 22:46:53.0578 2824 NetDDE - ok 22:46:53.0609 2824 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 22:46:53.0640 2824 NetDDEdsdm - ok 22:46:53.0687 2824 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe 22:46:53.0687 2824 Netlogon - ok 22:46:53.0703 2824 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll 22:46:53.0718 2824 Netman - ok 22:46:53.0765 2824 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:46:53.0765 2824 NetTcpPortSharing - ok 22:46:53.0812 2824 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll 22:46:53.0828 2824 Nla - ok 22:46:53.0890 2824 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys 22:46:53.0906 2824 nm - ok 22:46:53.0937 2824 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 22:46:53.0937 2824 Npfs - ok 22:46:54.0015 2824 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 22:46:54.0046 2824 Ntfs - ok 22:46:54.0062 2824 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 22:46:54.0078 2824 NtLmSsp - ok 22:46:54.0140 2824 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 22:46:54.0171 2824 NtmsSvc - ok 22:46:54.0218 2824 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 22:46:54.0218 2824 Null - ok 22:46:54.0250 2824 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 22:46:54.0250 2824 NwlnkFlt - ok 22:46:54.0265 2824 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 22:46:54.0281 2824 NwlnkFwd - ok 22:46:54.0390 2824 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE 22:46:54.0453 2824 odserv - ok 22:46:54.0484 2824 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 22:46:54.0484 2824 ose - ok 22:46:54.0531 2824 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 22:46:54.0531 2824 Parport - ok 22:46:54.0578 2824 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 22:46:54.0578 2824 PartMgr - ok 22:46:54.0609 2824 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 22:46:54.0609 2824 ParVdm - ok 22:46:54.0625 2824 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 22:46:54.0640 2824 PCI - ok 22:46:54.0640 2824 PCIDump - ok 22:46:54.0656 2824 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 22:46:54.0656 2824 PCIIde - ok 22:46:54.0718 2824 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 22:46:54.0718 2824 Pcmcia - ok 22:46:54.0734 2824 PDCOMP - ok 22:46:54.0750 2824 PDFRAME - ok 22:46:54.0765 2824 PDRELI - ok 22:46:54.0781 2824 PDRFRAME - ok 22:46:54.0781 2824 perc2 - ok 22:46:54.0812 2824 perc2hib - ok 22:46:54.0875 2824 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe 22:46:54.0875 2824 PlugPlay - ok 22:46:54.0890 2824 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 22:46:54.0890 2824 PolicyAgent - ok 22:46:54.0906 2824 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 22:46:54.0906 2824 PptpMiniport - ok 22:46:54.0921 2824 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 22:46:54.0921 2824 ProtectedStorage - ok 22:46:54.0984 2824 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe 22:46:54.0984 2824 ProtexisLicensing - ok 22:46:54.0984 2824 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 22:46:55.0000 2824 PSched - ok 22:46:55.0015 2824 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 22:46:55.0015 2824 Ptilink - ok 22:46:55.0062 2824 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 22:46:55.0062 2824 PxHelp20 - ok 22:46:55.0062 2824 ql1080 - ok 22:46:55.0093 2824 Ql10wnt - ok 22:46:55.0109 2824 ql12160 - ok 22:46:55.0125 2824 ql1240 - ok 22:46:55.0140 2824 ql1280 - ok 22:46:55.0156 2824 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 22:46:55.0156 2824 RasAcd - ok 22:46:55.0203 2824 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll 22:46:55.0203 2824 RasAuto - ok 22:46:55.0234 2824 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 22:46:55.0234 2824 Rasl2tp - ok 22:46:55.0250 2824 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll 22:46:55.0265 2824 RasMan - ok 22:46:55.0281 2824 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 22:46:55.0281 2824 RasPppoe - ok 22:46:55.0312 2824 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 22:46:55.0312 2824 Raspti - ok 22:46:55.0343 2824 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 22:46:55.0343 2824 Rdbss - ok 22:46:55.0390 2824 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 22:46:55.0390 2824 RDPCDD - ok 22:46:55.0437 2824 [ 5B3055DAA788BD688594D2F5981F2A83 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 22:46:55.0437 2824 RDPWD - ok 22:46:55.0500 2824 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 22:46:55.0500 2824 RDSessMgr - ok 22:46:55.0546 2824 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe 22:46:55.0562 2824 RealNetworks Downloader Resolver Service - ok 22:46:55.0593 2824 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 22:46:55.0593 2824 redbook - ok 22:46:55.0625 2824 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 22:46:55.0640 2824 RemoteAccess - ok 22:46:55.0703 2824 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys 22:46:55.0703 2824 ROOTMODEM - ok 22:46:55.0734 2824 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe 22:46:55.0750 2824 RpcLocator - ok 22:46:55.0812 2824 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll 22:46:55.0812 2824 RpcSs - ok 22:46:55.0843 2824 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe 22:46:55.0843 2824 RSVP - ok 22:46:55.0906 2824 [ 162D6AEE49372B9CE17C418CC5CDE7B5 ] RT80x86 C:\WINDOWS\system32\DRIVERS\RT2860.sys 22:46:55.0921 2824 RT80x86 - ok 22:46:55.0953 2824 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe 22:46:55.0953 2824 SamSs - ok 22:46:56.0000 2824 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 22:46:56.0031 2824 SCardSvr - ok 22:46:56.0046 2824 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll 22:46:56.0046 2824 Schedule - ok 22:46:56.0093 2824 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 22:46:56.0093 2824 Secdrv - ok 22:46:56.0125 2824 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll 22:46:56.0125 2824 seclogon - ok 22:46:56.0187 2824 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll 22:46:56.0187 2824 SENS - ok 22:46:56.0218 2824 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys 22:46:56.0218 2824 Serial - ok 22:46:56.0250 2824 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys 22:46:56.0250 2824 Sfloppy - ok 22:46:56.0312 2824 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 22:46:56.0312 2824 SharedAccess - ok 22:46:56.0359 2824 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 22:46:56.0359 2824 ShellHWDetection - ok 22:46:56.0375 2824 Simbad - ok 22:46:56.0437 2824 [ 011E958267FEB6ED72F1BFA80072943C ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe 22:46:56.0468 2824 SkypeUpdate - ok 22:46:56.0500 2824 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 22:46:56.0515 2824 SLIP - ok 22:46:56.0531 2824 Sparrow - ok 22:46:56.0578 2824 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 22:46:56.0578 2824 splitter - ok 22:46:56.0609 2824 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 22:46:56.0609 2824 Spooler - ok 22:46:56.0656 2824 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 22:46:56.0656 2824 sr - ok 22:46:56.0687 2824 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll 22:46:56.0687 2824 srservice - ok 22:46:56.0718 2824 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 22:46:56.0765 2824 Srv - ok 22:46:56.0812 2824 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 22:46:56.0812 2824 SSDPSRV - ok 22:46:56.0859 2824 [ 71D609C5DFF067906D930BDE031C4CFE ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 22:46:56.0859 2824 ssmdrv - ok 22:46:56.0906 2824 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll 22:46:56.0921 2824 stisvc - ok 22:46:56.0968 2824 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 22:46:56.0968 2824 streamip - ok 22:46:57.0000 2824 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 22:46:57.0000 2824 swenum - ok 22:46:57.0062 2824 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 22:46:57.0062 2824 swmidi - ok 22:46:57.0078 2824 SwPrv - ok 22:46:57.0093 2824 symc810 - ok 22:46:57.0093 2824 symc8xx - ok 22:46:57.0109 2824 sym_hi - ok 22:46:57.0125 2824 sym_u3 - ok 22:46:57.0156 2824 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 22:46:57.0156 2824 sysaudio - ok 22:46:57.0218 2824 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 22:46:57.0218 2824 SysmonLog - ok 22:46:57.0250 2824 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 22:46:57.0250 2824 TapiSrv - ok 22:46:57.0296 2824 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 22:46:57.0312 2824 Tcpip - ok 22:46:57.0343 2824 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 22:46:57.0343 2824 TDPIPE - ok 22:46:57.0359 2824 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 22:46:57.0359 2824 TDTCP - ok 22:46:57.0406 2824 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 22:46:57.0406 2824 TermDD - ok 22:46:57.0437 2824 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll 22:46:57.0437 2824 TermService - ok 22:46:57.0468 2824 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll 22:46:57.0468 2824 Themes - ok 22:46:57.0500 2824 TosIde - ok 22:46:57.0546 2824 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll 22:46:57.0562 2824 TrkWks - ok 22:46:57.0625 2824 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 22:46:57.0625 2824 Udfs - ok 22:46:57.0640 2824 ultra - ok 22:46:57.0687 2824 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 22:46:57.0718 2824 Update - ok 22:46:57.0734 2824 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll 22:46:57.0750 2824 upnphost - ok 22:46:57.0765 2824 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe 22:46:57.0781 2824 UPS - ok 22:46:57.0828 2824 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys 22:46:57.0828 2824 USBAAPL - ok 22:46:57.0875 2824 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 22:46:57.0875 2824 usbccgp - ok 22:46:57.0937 2824 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 22:46:57.0937 2824 usbehci - ok 22:46:57.0953 2824 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 22:46:57.0953 2824 usbhub - ok 22:46:58.0000 2824 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 22:46:58.0000 2824 usbscan - ok 22:46:58.0031 2824 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:46:58.0031 2824 usbstor - ok 22:46:58.0046 2824 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 22:46:58.0046 2824 usbuhci - ok 22:46:58.0093 2824 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys 22:46:58.0093 2824 usbvideo - ok 22:46:58.0109 2824 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 22:46:58.0125 2824 VgaSave - ok 22:46:58.0156 2824 ViaIde - ok 22:46:58.0187 2824 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 22:46:58.0187 2824 VolSnap - ok 22:46:58.0234 2824 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe 22:46:58.0265 2824 VSS - ok 22:46:58.0296 2824 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll 22:46:58.0296 2824 W32Time - ok 22:46:58.0343 2824 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 22:46:58.0343 2824 Wanarp - ok 22:46:58.0406 2824 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys 22:46:58.0421 2824 Wdf01000 - ok 22:46:58.0453 2824 WDICA - ok 22:46:58.0484 2824 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 22:46:58.0500 2824 wdmaud - ok 22:46:58.0562 2824 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll 22:46:58.0562 2824 WebClient - ok 22:46:58.0625 2824 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 22:46:58.0625 2824 winmgmt - ok 22:46:58.0703 2824 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 22:46:58.0718 2824 WmdmPmSN - ok 22:46:58.0750 2824 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 22:46:58.0750 2824 WmiApSrv - ok 22:46:58.0812 2824 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll 22:46:58.0812 2824 wscsvc - ok 22:46:58.0859 2824 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 22:46:58.0859 2824 WSTCODEC - ok 22:46:58.0921 2824 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 22:46:58.0921 2824 wuauserv - ok 22:46:58.0953 2824 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 22:46:58.0968 2824 WudfPf - ok 22:46:59.0000 2824 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 22:46:59.0015 2824 WudfRd - ok 22:46:59.0046 2824 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 22:46:59.0046 2824 WudfSvc - ok 22:46:59.0093 2824 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 22:46:59.0109 2824 WZCSVC - ok 22:46:59.0156 2824 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 22:46:59.0156 2824 xmlprov - ok 22:46:59.0218 2824 ================ Scan global =============================== 22:46:59.0265 2824 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll 22:46:59.0281 2824 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 22:46:59.0328 2824 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 22:46:59.0359 2824 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe 22:46:59.0390 2824 [Global] - ok 22:46:59.0390 2824 ================ Scan MBR ================================== 22:46:59.0406 2824 [ 3051207086651214E435112E51817DC5 ] \Device\Harddisk0\DR0 22:46:59.0640 2824 \Device\Harddisk0\DR0 - ok 22:46:59.0640 2824 ================ Scan VBR ================================== 22:46:59.0640 2824 [ 412E605D63C78DBD70CCBB277E9EC288 ] \Device\Harddisk0\DR0\Partition1 22:46:59.0656 2824 \Device\Harddisk0\DR0\Partition1 - ok 22:46:59.0687 2824 [ 57EED6C3A17F27569B640362533DF957 ] \Device\Harddisk0\DR0\Partition2 22:46:59.0687 2824 \Device\Harddisk0\DR0\Partition2 - ok 22:46:59.0687 2824 ============================================================ 22:46:59.0687 2824 Scan finished 22:46:59.0687 2824 ============================================================ 22:46:59.0718 2772 Detected object count: 0 22:46:59.0718 2772 Actual detected object count: 0 22:47:11.0593 2380 Deinitialize success |
25.02.2013, 22:48 | #8 |
/// Malware-holic | Bundestrojaner bitte noch mal bilder der Anleitung prüfen und erneut scannen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
25.02.2013, 22:53 | #9 |
| Bundestrojaner Wo finde ich denn eine bebilderte Anleitung? |
25.02.2013, 22:54 | #10 |
/// Malware-holic | Bundestrojaner in dem tdss text von mir oben, da sind 2 links.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
25.02.2013, 22:58 | #11 |
| Bundestrojaner Ach ja..sorry bin bisschen übermüdet habs gefunden und jetzt richtig gemacht Code:
ATTFilter 22:53:16.0515 0936 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 22:53:16.0843 0936 ============================================================ 22:53:16.0843 0936 Current date / time: 2013/02/25 22:53:16.0843 22:53:16.0843 0936 SystemInfo: 22:53:16.0843 0936 22:53:16.0843 0936 OS Version: 5.1.2600 ServicePack: 3.0 22:53:16.0843 0936 Product type: Workstation 22:53:16.0843 0936 ComputerName: NAME-FD00PZU2N3 22:53:16.0843 0936 UserName: user 22:53:16.0843 0936 Windows directory: C:\WINDOWS 22:53:16.0843 0936 System windows directory: C:\WINDOWS 22:53:16.0843 0936 Processor architecture: Intel x86 22:53:16.0843 0936 Number of processors: 2 22:53:16.0843 0936 Page size: 0x1000 22:53:16.0843 0936 Boot type: Normal boot 22:53:16.0843 0936 ============================================================ 22:53:18.0890 0936 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 22:53:18.0890 0936 ============================================================ 22:53:18.0890 0936 \Device\Harddisk0\DR0: 22:53:18.0890 0936 MBR partitions: 22:53:18.0890 0936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA00684E 22:53:18.0890 0936 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA00688D, BlocksNum 0x89FE86F 22:53:18.0890 0936 ============================================================ 22:53:18.0937 0936 C: <-> \Device\Harddisk0\DR0\Partition1 22:53:18.0953 0936 D: <-> \Device\Harddisk0\DR0\Partition2 22:53:18.0953 0936 ============================================================ 22:53:18.0953 0936 Initialize success 22:53:18.0953 0936 ============================================================ 22:57:52.0515 2404 ============================================================ 22:57:52.0515 2404 Scan started 22:57:52.0515 2404 Mode: Manual; SigCheck; TDLFS; 22:57:52.0531 2404 ============================================================ 22:57:52.0984 2404 ================ Scan system memory ======================== 22:57:52.0984 2404 System memory - ok 22:57:52.0984 2404 ================ Scan services ============================= 22:57:53.0109 2404 Abiosdsk - ok 22:57:53.0140 2404 abp480n5 - ok 22:57:53.0265 2404 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe 22:57:53.0625 2404 ACDaemon - ok 22:57:53.0687 2404 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 22:57:55.0484 2404 ACPI - ok 22:57:55.0562 2404 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 22:57:55.0859 2404 ACPIEC - ok 22:57:55.0875 2404 adpu160m - ok 22:57:55.0953 2404 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 22:57:56.0265 2404 aec - ok 22:57:56.0359 2404 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys 22:57:56.0406 2404 Afc ( UnsignedFile.Multi.Generic ) - warning 22:57:56.0406 2404 Afc - detected UnsignedFile.Multi.Generic (1) 22:57:56.0437 2404 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 22:57:56.0484 2404 AFD - ok 22:57:56.0500 2404 Aha154x - ok 22:57:56.0515 2404 aic78u2 - ok 22:57:56.0531 2404 aic78xx - ok 22:57:56.0625 2404 [ 7067AC22EB74C2E3D4C950050CBB1AC0 ] ALDITALKVerbindungsassistent_Service C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe 22:57:56.0687 2404 ALDITALKVerbindungsassistent_Service - ok 22:57:56.0703 2404 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll 22:57:57.0000 2404 Alerter - ok 22:57:57.0078 2404 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe 22:57:57.0203 2404 ALG - ok 22:57:57.0234 2404 AliIde - ok 22:57:57.0234 2404 amsint - ok 22:57:57.0296 2404 [ D6C8942BEA3698A2E7559BD423BFA5D7 ] AntiVirScheduler C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe 22:57:57.0296 2404 AntiVirScheduler ( UnsignedFile.Multi.Generic ) - warning 22:57:57.0296 2404 AntiVirScheduler - detected UnsignedFile.Multi.Generic (1) 22:57:57.0328 2404 [ 335A142923FE7F97E8C8388ACD067568 ] AntiVirService C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe 22:57:57.0343 2404 AntiVirService ( UnsignedFile.Multi.Generic ) - warning 22:57:57.0343 2404 AntiVirService - detected UnsignedFile.Multi.Generic (1) 22:57:57.0421 2404 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe 22:57:57.0468 2404 Apple Mobile Device - ok 22:57:57.0468 2404 AppMgmt - ok 22:57:57.0500 2404 [ 57C1ACB60AA2AEE0D61FAC52E9DD6D9F ] archlp C:\WINDOWS\system32\drivers\archlp.sys 22:57:57.0515 2404 archlp - ok 22:57:57.0531 2404 asc - ok 22:57:57.0546 2404 asc3350p - ok 22:57:57.0562 2404 asc3550 - ok 22:57:57.0703 2404 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 22:57:57.0750 2404 aspnet_state - ok 22:57:57.0781 2404 [ 784FCB197F9A50A419D8CE4980655AE4 ] AsusACPI C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys 22:57:57.0843 2404 AsusACPI - ok 22:57:57.0875 2404 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 22:57:58.0265 2404 AsyncMac - ok 22:57:58.0328 2404 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 22:57:58.0671 2404 atapi - ok 22:57:58.0671 2404 Atdisk - ok 22:57:58.0765 2404 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 22:57:59.0046 2404 Atmarpc - ok 22:57:59.0109 2404 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 22:57:59.0390 2404 AudioSrv - ok 22:57:59.0421 2404 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 22:57:59.0687 2404 audstub - ok 22:57:59.0734 2404 [ 87828ECD657F81503465AC705E845076 ] avgio C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys 22:57:59.0750 2404 avgio - ok 22:57:59.0796 2404 [ FCB30820BED1D3FEB55E3DD55A3F947F ] avgntflt C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys 22:57:59.0796 2404 avgntflt - ok 22:57:59.0828 2404 [ 0B09DF022250FB7BA91FB932EAC6EA9B ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys 22:57:59.0843 2404 avipbb - ok 22:57:59.0890 2404 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 22:58:00.0171 2404 Beep - ok 22:58:00.0265 2404 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll 22:58:00.0640 2404 BITS - ok 22:58:00.0750 2404 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe 22:58:00.0812 2404 Bonjour Service - ok 22:58:00.0843 2404 [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser C:\WINDOWS\System32\browser.dll 22:58:01.0140 2404 Browser - ok 22:58:01.0234 2404 [ FABA1418646A2B433C0BDED6FF92D2FA ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys 22:58:01.0296 2404 btaudio - ok 22:58:01.0375 2404 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys 22:58:01.0390 2404 BTDriver - ok 22:58:01.0468 2404 [ AEF038061BC1CAFB4865D43A85BEB1A1 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys 22:58:01.0546 2404 BTKRNL - ok 22:58:01.0640 2404 [ F20629FF9ED48EFA98FDC5D99919E8C0 ] btwdins C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe 22:58:01.0687 2404 btwdins - ok 22:58:01.0734 2404 [ 80F61DE965C116051614AC2F04222FF7 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys 22:58:01.0765 2404 BTWDNDIS - ok 22:58:01.0781 2404 [ 949ECA9C56F657C06D3166D51F3226C7 ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys 22:58:01.0796 2404 btwhid - ok 22:58:01.0843 2404 [ 179A37C86FD2B9CC28EB93D093D394C7 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys 22:58:01.0890 2404 BTWUSB - ok 22:58:01.0937 2404 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 22:58:02.0218 2404 cbidf2k - ok 22:58:02.0250 2404 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 22:58:02.0546 2404 CCDECODE - ok 22:58:02.0578 2404 cd20xrnt - ok 22:58:02.0640 2404 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 22:58:02.0906 2404 Cdaudio - ok 22:58:03.0000 2404 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 22:58:03.0281 2404 Cdfs - ok 22:58:03.0359 2404 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 22:58:03.0640 2404 Cdrom - ok 22:58:03.0656 2404 Changer - ok 22:58:03.0718 2404 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe 22:58:04.0015 2404 CiSvc - ok 22:58:04.0093 2404 [ AA29A9B4B06FBEBC5918D697A97A8AC6 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 22:58:04.0125 2404 ClipSrv ( UnsignedFile.Multi.Generic ) - warning 22:58:04.0125 2404 ClipSrv - detected UnsignedFile.Multi.Generic (1) 22:58:04.0187 2404 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:58:04.0187 2404 clr_optimization_v2.0.50727_32 - ok 22:58:04.0234 2404 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 22:58:04.0500 2404 CmBatt - ok 22:58:04.0500 2404 CmdIde - ok 22:58:04.0578 2404 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 22:58:04.0859 2404 Compbatt - ok 22:58:04.0859 2404 COMSysApp - ok 22:58:04.0875 2404 Cpqarray - ok 22:58:04.0953 2404 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 22:58:05.0265 2404 CryptSvc - ok 22:58:05.0281 2404 dac2w2k - ok 22:58:05.0281 2404 dac960nt - ok 22:58:05.0390 2404 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 22:58:05.0484 2404 DcomLaunch - ok 22:58:05.0531 2404 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 22:58:05.0796 2404 Dhcp - ok 22:58:05.0875 2404 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 22:58:06.0171 2404 Disk - ok 22:58:06.0187 2404 dmadmin - ok 22:58:06.0281 2404 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 22:58:06.0562 2404 dmboot - ok 22:58:06.0640 2404 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys 22:58:06.0921 2404 dmio - ok 22:58:06.0984 2404 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 22:58:07.0296 2404 dmload - ok 22:58:07.0359 2404 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll 22:58:07.0625 2404 dmserver - ok 22:58:07.0718 2404 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 22:58:08.0015 2404 DMusic - ok 22:58:08.0093 2404 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 22:58:08.0171 2404 Dnscache - ok 22:58:08.0218 2404 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 22:58:08.0484 2404 Dot3svc - ok 22:58:08.0500 2404 dpti2o - ok 22:58:08.0578 2404 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 22:58:08.0875 2404 drmkaud - ok 22:58:08.0937 2404 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll 22:58:09.0234 2404 EapHost - ok 22:58:09.0312 2404 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll 22:58:09.0562 2404 ERSvc - ok 22:58:09.0656 2404 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe 22:58:09.0718 2404 Eventlog - ok 22:58:09.0750 2404 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll 22:58:09.0812 2404 EventSystem - ok 22:58:09.0859 2404 [ A52794C010C6DF5B4BC70C4AB5E04088 ] ewusbnet C:\WINDOWS\system32\DRIVERS\ewusbnet.sys 22:58:09.0921 2404 ewusbnet - ok 22:58:09.0937 2404 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys 22:58:10.0031 2404 ew_hwusbdev - ok 22:58:10.0078 2404 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 22:58:10.0406 2404 Fastfat - ok 22:58:10.0500 2404 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 22:58:10.0562 2404 FastUserSwitchingCompatibility - ok 22:58:10.0609 2404 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 22:58:10.0953 2404 Fdc - ok 22:58:10.0968 2404 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 22:58:11.0343 2404 Fips - ok 22:58:11.0406 2404 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 22:58:11.0671 2404 Flpydisk - ok 22:58:11.0750 2404 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys 22:58:12.0031 2404 FltMgr - ok 22:58:12.0125 2404 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 22:58:12.0140 2404 FontCache3.0.0.0 - ok 22:58:12.0171 2404 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 22:58:12.0500 2404 Fs_Rec - ok 22:58:12.0546 2404 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 22:58:12.0796 2404 Ftdisk - ok 22:58:12.0890 2404 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 22:58:12.0921 2404 GEARAspiWDM - ok 22:58:12.0968 2404 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 22:58:13.0312 2404 Gpc - ok 22:58:13.0390 2404 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 22:58:13.0687 2404 HDAudBus - ok 22:58:13.0781 2404 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 22:58:14.0046 2404 helpsvc - ok 22:58:14.0125 2404 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll 22:58:14.0359 2404 HidServ - ok 22:58:14.0453 2404 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 22:58:14.0734 2404 HidUsb - ok 22:58:14.0812 2404 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 22:58:15.0062 2404 hkmsvc - ok 22:58:15.0062 2404 hpn - ok 22:58:15.0171 2404 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 22:58:15.0234 2404 HTTP - ok 22:58:15.0265 2404 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 22:58:15.0578 2404 HTTPFilter - ok 22:58:15.0625 2404 [ 1F40368DC40B17DE3FA0FBE8A9D82F9E ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys 22:58:15.0734 2404 hwdatacard - ok 22:58:15.0750 2404 i2omgmt - ok 22:58:15.0765 2404 i2omp - ok 22:58:15.0796 2404 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 22:58:16.0125 2404 i8042prt - ok 22:58:16.0437 2404 [ 0F68E2EC713F132FFB19E45415B09679 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 22:58:16.0875 2404 ialm - ok 22:58:16.0953 2404 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 22:58:17.0078 2404 idsvc - ok 22:58:17.0125 2404 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 22:58:17.0406 2404 Imapi - ok 22:58:17.0453 2404 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe 22:58:17.0734 2404 ImapiService - ok 22:58:17.0765 2404 ini910u - ok 22:58:18.0031 2404 [ 47C79F7E330CBB829934D00F64D55FC9 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys 22:58:18.0437 2404 IntcAzAudAddService - ok 22:58:18.0453 2404 IntelIde - ok 22:58:18.0500 2404 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 22:58:18.0859 2404 intelppm - ok 22:58:18.0921 2404 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 22:58:19.0218 2404 Ip6Fw - ok 22:58:19.0296 2404 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 22:58:19.0578 2404 IpFilterDriver - ok 22:58:19.0593 2404 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 22:58:19.0875 2404 IpInIp - ok 22:58:19.0921 2404 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 22:58:20.0187 2404 IpNat - ok 22:58:20.0328 2404 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Programme\iPod\bin\iPodService.exe 22:58:20.0390 2404 iPod Service - ok 22:58:20.0421 2404 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 22:58:20.0718 2404 IPSec - ok 22:58:20.0796 2404 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 22:58:20.0906 2404 IRENUM - ok 22:58:21.0000 2404 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 22:58:21.0250 2404 isapnp - ok 22:58:21.0359 2404 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe 22:58:21.0375 2404 IviRegMgr - ok 22:58:21.0484 2404 [ 112325F53AB720CA77825726D427FBDC ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe 22:58:21.0546 2404 JavaQuickStarterService - ok 22:58:21.0609 2404 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 22:58:21.0968 2404 Kbdclass - ok 22:58:22.0046 2404 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 22:58:22.0328 2404 kmixer - ok 22:58:22.0390 2404 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 22:58:22.0468 2404 KSecDD - ok 22:58:22.0500 2404 [ 9EA9D6BA04629CB14260F46FF8BBD65A ] Ktp C:\WINDOWS\system32\DRIVERS\ETD.sys 22:58:22.0578 2404 Ktp - ok 22:58:22.0625 2404 [ 303627228DD739D98289679901A38C8F ] L1e C:\WINDOWS\system32\DRIVERS\l1e51x86.sys 22:58:22.0656 2404 L1e - ok 22:58:22.0703 2404 [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll 22:58:22.0765 2404 LanmanServer - ok 22:58:22.0812 2404 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 22:58:22.0890 2404 lanmanworkstation - ok 22:58:22.0921 2404 lbrtfdc - ok 22:58:23.0015 2404 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 22:58:23.0421 2404 LmHosts - ok 22:58:23.0484 2404 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys 22:58:23.0500 2404 MBAMProtector - ok 22:58:23.0578 2404 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe 22:58:23.0859 2404 MBAMScheduler - ok 22:58:23.0875 2404 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe 22:58:23.0937 2404 MBAMService - ok 22:58:23.0984 2404 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll 22:58:24.0375 2404 Messenger - ok 22:58:24.0437 2404 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 22:58:24.0718 2404 mnmdd - ok 22:58:24.0781 2404 [ 0F668A65FDE565D0C040FAB3B5B6CAB6 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 22:58:24.0781 2404 mnmsrvc ( UnsignedFile.Multi.Generic ) - warning 22:58:24.0781 2404 mnmsrvc - detected UnsignedFile.Multi.Generic (1) 22:58:24.0812 2404 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 22:58:25.0078 2404 Modem - ok 22:58:25.0125 2404 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 22:58:25.0406 2404 Mouclass - ok 22:58:25.0453 2404 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 22:58:25.0734 2404 mouhid - ok 22:58:25.0796 2404 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 22:58:26.0078 2404 MountMgr - ok 22:58:26.0187 2404 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 22:58:26.0218 2404 MozillaMaintenance - ok 22:58:26.0218 2404 mraid35x - ok 22:58:26.0281 2404 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 22:58:26.0546 2404 MRxDAV - ok 22:58:26.0609 2404 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 22:58:26.0718 2404 MRxSmb - ok 22:58:26.0765 2404 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe 22:58:27.0046 2404 MSDTC - ok 22:58:27.0125 2404 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 22:58:27.0406 2404 Msfs - ok 22:58:27.0406 2404 MSIServer - ok 22:58:27.0500 2404 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 22:58:27.0781 2404 MSKSSRV - ok 22:58:27.0843 2404 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 22:58:28.0093 2404 MSPCLOCK - ok 22:58:28.0156 2404 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 22:58:28.0468 2404 MSPQM - ok 22:58:28.0546 2404 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 22:58:28.0828 2404 mssmbios - ok 22:58:28.0890 2404 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 22:58:29.0156 2404 MSTEE - ok 22:58:29.0234 2404 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 22:58:29.0281 2404 Mup - ok 22:58:29.0312 2404 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 22:58:29.0593 2404 NABTSFEC - ok 22:58:29.0640 2404 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll 22:58:29.0953 2404 napagent - ok 22:58:30.0031 2404 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 22:58:30.0343 2404 NDIS - ok 22:58:30.0406 2404 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 22:58:30.0656 2404 NdisIP - ok 22:58:30.0718 2404 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 22:58:30.0750 2404 NdisTapi - ok 22:58:30.0796 2404 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 22:58:31.0078 2404 Ndisuio - ok 22:58:31.0109 2404 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 22:58:31.0343 2404 NdisWan - ok 22:58:31.0406 2404 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 22:58:31.0484 2404 NDProxy - ok 22:58:31.0531 2404 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\WINDOWS\system32\DRIVERS\netaapl.sys 22:58:31.0593 2404 Netaapl - ok 22:58:31.0640 2404 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 22:58:31.0937 2404 NetBIOS - ok 22:58:32.0046 2404 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 22:58:32.0375 2404 NetBT - ok 22:58:32.0437 2404 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe 22:58:32.0734 2404 NetDDE - ok 22:58:32.0765 2404 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 22:58:33.0046 2404 NetDDEdsdm - ok 22:58:33.0109 2404 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe 22:58:33.0390 2404 Netlogon - ok 22:58:33.0453 2404 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll 22:58:33.0734 2404 Netman - ok 22:58:33.0781 2404 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:58:33.0812 2404 NetTcpPortSharing - ok 22:58:33.0859 2404 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll 22:58:33.0906 2404 Nla - ok 22:58:33.0953 2404 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys 22:58:34.0203 2404 nm - ok 22:58:34.0265 2404 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 22:58:34.0515 2404 Npfs - ok 22:58:34.0609 2404 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 22:58:34.0906 2404 Ntfs - ok 22:58:34.0968 2404 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 22:58:35.0203 2404 NtLmSsp - ok 22:58:35.0281 2404 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 22:58:35.0562 2404 NtmsSvc - ok 22:58:35.0671 2404 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 22:58:35.0937 2404 Null - ok 22:58:36.0015 2404 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 22:58:36.0281 2404 NwlnkFlt - ok 22:58:36.0296 2404 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 22:58:36.0562 2404 NwlnkFwd - ok 22:58:36.0703 2404 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE 22:58:36.0750 2404 odserv - ok 22:58:36.0812 2404 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 22:58:36.0843 2404 ose - ok 22:58:36.0859 2404 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 22:58:37.0203 2404 Parport - ok 22:58:37.0281 2404 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 22:58:37.0578 2404 PartMgr - ok 22:58:37.0656 2404 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 22:58:37.0921 2404 ParVdm - ok 22:58:38.0000 2404 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 22:58:38.0265 2404 PCI - ok 22:58:38.0281 2404 PCIDump - ok 22:58:38.0296 2404 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 22:58:38.0546 2404 PCIIde - ok 22:58:38.0640 2404 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 22:58:38.0937 2404 Pcmcia - ok 22:58:38.0937 2404 PDCOMP - ok 22:58:38.0953 2404 PDFRAME - ok 22:58:38.0968 2404 PDRELI - ok 22:58:38.0984 2404 PDRFRAME - ok 22:58:39.0015 2404 perc2 - ok 22:58:39.0015 2404 perc2hib - ok 22:58:39.0093 2404 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe 22:58:39.0125 2404 PlugPlay - ok 22:58:39.0140 2404 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 22:58:39.0406 2404 PolicyAgent - ok 22:58:39.0453 2404 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 22:58:39.0750 2404 PptpMiniport - ok 22:58:39.0796 2404 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 22:58:40.0078 2404 ProtectedStorage - ok 22:58:40.0140 2404 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe 22:58:40.0171 2404 ProtexisLicensing - ok 22:58:40.0187 2404 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 22:58:40.0437 2404 PSched - ok 22:58:40.0515 2404 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 22:58:40.0812 2404 Ptilink - ok 22:58:40.0890 2404 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 22:58:40.0906 2404 PxHelp20 - ok 22:58:40.0921 2404 ql1080 - ok 22:58:40.0937 2404 Ql10wnt - ok 22:58:40.0953 2404 ql12160 - ok 22:58:40.0953 2404 ql1240 - ok 22:58:40.0968 2404 ql1280 - ok 22:58:41.0015 2404 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 22:58:41.0281 2404 RasAcd - ok 22:58:41.0359 2404 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll 22:58:41.0625 2404 RasAuto - ok 22:58:41.0687 2404 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 22:58:41.0968 2404 Rasl2tp - ok 22:58:42.0046 2404 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll 22:58:42.0328 2404 RasMan - ok 22:58:42.0359 2404 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 22:58:42.0625 2404 RasPppoe - ok 22:58:42.0671 2404 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 22:58:43.0000 2404 Raspti - ok 22:58:43.0093 2404 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 22:58:43.0453 2404 Rdbss - ok 22:58:43.0484 2404 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 22:58:43.0843 2404 RDPCDD - ok 22:58:43.0953 2404 [ 5B3055DAA788BD688594D2F5981F2A83 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 22:58:43.0984 2404 RDPWD - ok 22:58:44.0046 2404 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 22:58:44.0328 2404 RDSessMgr - ok 22:58:44.0421 2404 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe 22:58:44.0437 2404 RealNetworks Downloader Resolver Service - ok 22:58:44.0500 2404 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 22:58:44.0750 2404 redbook - ok 22:58:44.0843 2404 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 22:58:45.0093 2404 RemoteAccess - ok 22:58:45.0171 2404 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys 22:58:45.0437 2404 ROOTMODEM - ok 22:58:45.0500 2404 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe 22:58:45.0812 2404 RpcLocator - ok 22:58:45.0906 2404 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll 22:58:45.0968 2404 RpcSs - ok 22:58:46.0015 2404 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe 22:58:46.0281 2404 RSVP - ok 22:58:46.0390 2404 [ 162D6AEE49372B9CE17C418CC5CDE7B5 ] RT80x86 C:\WINDOWS\system32\DRIVERS\RT2860.sys 22:58:46.0500 2404 RT80x86 - ok 22:58:46.0531 2404 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe 22:58:46.0812 2404 SamSs - ok 22:58:46.0875 2404 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 22:58:47.0203 2404 SCardSvr - ok 22:58:47.0312 2404 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll 22:58:47.0546 2404 Schedule - ok 22:58:47.0578 2404 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 22:58:47.0703 2404 Secdrv - ok 22:58:47.0750 2404 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll 22:58:48.0015 2404 seclogon - ok 22:58:48.0109 2404 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll 22:58:48.0328 2404 SENS - ok 22:58:48.0390 2404 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys 22:58:48.0718 2404 Serial - ok 22:58:48.0781 2404 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys 22:58:49.0046 2404 Sfloppy - ok 22:58:49.0140 2404 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 22:58:49.0406 2404 SharedAccess - ok 22:58:49.0468 2404 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 22:58:49.0515 2404 ShellHWDetection - ok 22:58:49.0531 2404 Simbad - ok 22:58:49.0578 2404 [ 011E958267FEB6ED72F1BFA80072943C ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe 22:58:49.0609 2404 SkypeUpdate - ok 22:58:49.0656 2404 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 22:58:49.0937 2404 SLIP - ok 22:58:49.0953 2404 Sparrow - ok 22:58:50.0046 2404 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 22:58:50.0343 2404 splitter - ok 22:58:50.0421 2404 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 22:58:50.0468 2404 Spooler - ok 22:58:50.0515 2404 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 22:58:50.0640 2404 sr - ok 22:58:50.0718 2404 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll 22:58:50.0828 2404 srservice - ok 22:58:50.0921 2404 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 22:58:51.0015 2404 Srv - ok 22:58:51.0062 2404 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 22:58:51.0218 2404 SSDPSRV - ok 22:58:51.0296 2404 [ 71D609C5DFF067906D930BDE031C4CFE ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 22:58:51.0312 2404 ssmdrv ( UnsignedFile.Multi.Generic ) - warning 22:58:51.0312 2404 ssmdrv - detected UnsignedFile.Multi.Generic (1) 22:58:51.0375 2404 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll 22:58:51.0687 2404 stisvc - ok 22:58:51.0765 2404 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 22:58:52.0015 2404 streamip - ok 22:58:52.0093 2404 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 22:58:52.0359 2404 swenum - ok 22:58:52.0421 2404 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 22:58:52.0703 2404 swmidi - ok 22:58:52.0703 2404 SwPrv - ok 22:58:52.0718 2404 symc810 - ok 22:58:52.0734 2404 symc8xx - ok 22:58:52.0750 2404 sym_hi - ok 22:58:52.0765 2404 sym_u3 - ok 22:58:52.0812 2404 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 22:58:53.0062 2404 sysaudio - ok 22:58:53.0125 2404 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 22:58:53.0406 2404 SysmonLog - ok 22:58:53.0500 2404 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 22:58:53.0812 2404 TapiSrv - ok 22:58:53.0859 2404 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 22:58:53.0890 2404 Tcpip - ok 22:58:53.0937 2404 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 22:58:54.0203 2404 TDPIPE - ok 22:58:54.0218 2404 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 22:58:54.0484 2404 TDTCP - ok 22:58:54.0546 2404 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 22:58:54.0812 2404 TermDD - ok 22:58:54.0875 2404 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll 22:58:55.0156 2404 TermService - ok 22:58:55.0234 2404 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll 22:58:55.0281 2404 Themes - ok 22:58:55.0296 2404 TosIde - ok 22:58:55.0343 2404 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll 22:58:55.0625 2404 TrkWks - ok 22:58:55.0656 2404 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 22:58:55.0953 2404 Udfs - ok 22:58:55.0953 2404 ultra - ok 22:58:56.0062 2404 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 22:58:56.0359 2404 Update - ok 22:58:56.0468 2404 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll 22:58:56.0593 2404 upnphost - ok 22:58:56.0609 2404 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe 22:58:56.0875 2404 UPS - ok 22:58:56.0953 2404 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys 22:58:56.0968 2404 USBAAPL ( UnsignedFile.Multi.Generic ) - warning 22:58:56.0968 2404 USBAAPL - detected UnsignedFile.Multi.Generic (1) 22:58:57.0031 2404 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 22:58:57.0281 2404 usbccgp - ok 22:58:57.0328 2404 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 22:58:57.0578 2404 usbehci - ok 22:58:57.0625 2404 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 22:58:57.0859 2404 usbhub - ok 22:58:57.0921 2404 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 22:58:58.0187 2404 usbscan - ok 22:58:58.0265 2404 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:58:58.0578 2404 usbstor - ok 22:58:58.0656 2404 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 22:58:58.0890 2404 usbuhci - ok 22:58:58.0968 2404 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys 22:58:59.0234 2404 usbvideo - ok 22:58:59.0281 2404 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 22:58:59.0515 2404 VgaSave - ok 22:58:59.0531 2404 ViaIde - ok 22:58:59.0609 2404 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 22:58:59.0890 2404 VolSnap - ok 22:58:59.0984 2404 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe 22:59:00.0109 2404 VSS - ok 22:59:00.0203 2404 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll 22:59:00.0468 2404 W32Time - ok 22:59:00.0531 2404 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 22:59:00.0796 2404 Wanarp - ok 22:59:00.0875 2404 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys 22:59:00.0921 2404 Wdf01000 - ok 22:59:00.0937 2404 WDICA - ok 22:59:01.0000 2404 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 22:59:01.0296 2404 wdmaud - ok 22:59:01.0359 2404 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll 22:59:01.0640 2404 WebClient - ok 22:59:01.0703 2404 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 22:59:01.0984 2404 winmgmt - ok 22:59:02.0078 2404 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 22:59:02.0125 2404 WmdmPmSN - ok 22:59:02.0171 2404 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 22:59:02.0421 2404 WmiApSrv - ok 22:59:02.0531 2404 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll 22:59:02.0796 2404 wscsvc - ok 22:59:02.0875 2404 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 22:59:03.0140 2404 WSTCODEC - ok 22:59:03.0234 2404 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 22:59:03.0500 2404 wuauserv - ok 22:59:03.0578 2404 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 22:59:03.0640 2404 WudfPf - ok 22:59:03.0671 2404 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 22:59:03.0734 2404 WudfRd - ok 22:59:03.0765 2404 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 22:59:03.0796 2404 WudfSvc - ok 22:59:03.0843 2404 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 22:59:04.0156 2404 WZCSVC - ok 22:59:04.0234 2404 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 22:59:04.0546 2404 xmlprov - ok 22:59:04.0578 2404 ================ Scan global =============================== 22:59:04.0687 2404 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll 22:59:04.0703 2404 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 22:59:04.0750 2404 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 22:59:04.0765 2404 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe 22:59:04.0765 2404 [Global] - ok 22:59:04.0765 2404 ================ Scan MBR ================================== 22:59:04.0796 2404 [ 3051207086651214E435112E51817DC5 ] \Device\Harddisk0\DR0 22:59:05.0109 2404 \Device\Harddisk0\DR0 - ok 22:59:05.0109 2404 ================ Scan VBR ================================== 22:59:05.0125 2404 [ 412E605D63C78DBD70CCBB277E9EC288 ] \Device\Harddisk0\DR0\Partition1 22:59:05.0125 2404 \Device\Harddisk0\DR0\Partition1 - ok 22:59:05.0171 2404 [ 57EED6C3A17F27569B640362533DF957 ] \Device\Harddisk0\DR0\Partition2 22:59:05.0171 2404 \Device\Harddisk0\DR0\Partition2 - ok 22:59:05.0187 2404 ============================================================ 22:59:05.0187 2404 Scan finished 22:59:05.0187 2404 ============================================================ 22:59:05.0359 0556 Detected object count: 7 22:59:05.0359 0556 Actual detected object count: 7 22:59:55.0062 0556 Afc ( UnsignedFile.Multi.Generic ) - skipped by user 22:59:55.0062 0556 Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:59:55.0062 0556 AntiVirScheduler ( UnsignedFile.Multi.Generic ) - skipped by user 22:59:55.0062 0556 AntiVirScheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:59:55.0062 0556 AntiVirService ( UnsignedFile.Multi.Generic ) - skipped by user 22:59:55.0062 0556 AntiVirService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:59:55.0078 0556 ClipSrv ( UnsignedFile.Multi.Generic ) - skipped by user 22:59:55.0078 0556 ClipSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:59:55.0078 0556 mnmsrvc ( UnsignedFile.Multi.Generic ) - skipped by user 22:59:55.0078 0556 mnmsrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:59:55.0078 0556 ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user 22:59:55.0078 0556 ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:59:55.0093 0556 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user 22:59:55.0093 0556 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:00:07.0015 2748 Deinitialize success |
25.02.2013, 23:00 | #12 |
/// Malware-holic | Bundestrojaner hi kannst du deine Dokumente bilder, etc öffnen?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
26.02.2013, 14:23 | #13 |
| Bundestrojaner Hey, ja kann alles öffnen.Muss ich jetzt noch irgendwas machen oder beachten? |
26.02.2013, 15:56 | #14 |
/// Malware-holic | Bundestrojaner hi nutzt du das gerät für Onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
26.02.2013, 22:33 | #15 |
| Bundestrojaner Nee, habs nur leihweise von nem Bekannten, nutz es eigentlich nur für meine Emails |
Themen zu Bundestrojaner |
bundes, bundestrojaner, desktop.ini, fix, runtergeladen, scan |