| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner - Windows XP 32BitWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.05.2013, 19:22
| #1 |
 |  GVU-Trojaner - Windows XP 32Bit Hallo, ich benötige bitte Eure Hilfe, ein Freund von mir ist vom GVU-Trojaner erwischt worden. Da er ein sehr unerfahrener Anwender ist, bat er mich Ihm zu helfen. Ein änlicher Trojaner (Bundeskriminalamt) war vor zirka einem Jahr auf dem Rechner, den habe ich entfernen können (vieleicht auch nicht vollständig) mit Hilfe der Anleitung von Chip. Wollte zuerst eine Systemwiederherstellung versuchen, aber in diversen Foren wird davon abgeraten. Nun bin ich auf Euch gestoßen, und möchte Euch bitten mir dabei zu helfen den Rechner wieder sauber zu machen. Zumal auch einige wichtige Daten drauf sind, die benötigt werden. Der Rechner läßt sich im abgesicherten Modus starten. Betriebssystem: Windows XP Prof. Ich habe mir bereits OTL.exe heruntergeladen und einen Scan durchgeführt. Ich hoffe, dass ich nicht zu voreilig war. Anbei die Scan's OLT.txt Code:
ATTFilter OTL logfile created on: 29.05.2013 18:20:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = f:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 90,84% Memory free 4,03 Gb Paging File | 3,99 Gb Available in Paging File | 98,83% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,52 Gb Total Space | 38,19 Gb Free Space | 51,24% Space Free | Partition Type: NTFS Drive D: | 76,69 Gb Total Space | 54,75 Gb Free Space | 71,39% Space Free | Partition Type: NTFS Drive F: | 7,81 Gb Total Space | 7,81 Gb Free Space | 99,99% Space Free | Partition Type: FAT32 Computer Name: FPOTTHAS-DA2972 | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.29 17:52:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- f:\OTL.exe PRC - [2008.04.14 04:22:38 | 000,401,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn -- (Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn) SRV - File not found [On_Demand | Stopped] -- Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0200.PlugIn -- (Datev.Unternehmen.SystemComponents.ServiceBus.V0200.PlugIn) SRV - File not found [On_Demand | Stopped] -- C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -- (Datev.Framework.RemoteServices) SRV - File not found [Auto | Stopped] -- C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -- (Datev.Framework.RemoteServiceModel.EnablerService) SRV - File not found [On_Demand | Stopped] -- C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 -- (Datev.Database.Conserve) SRV - [2013.05.15 19:14:46 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.06 13:18:21 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013.04.08 02:20:00 | 000,087,040 | ---- | M] (DATEV eG) [Auto | Stopped] -- C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe -- (DatevPrintService) SRV - [2013.03.28 08:43:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.28 08:42:24 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.20 03:01:00 | 000,158,304 | ---- | M] (DATEV eG) [Auto | Stopped] -- C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe -- (DATEV Update-Service) SRV - [2011.12.01 22:43:58 | 004,913,608 | ---- | M] (SafeNet Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\hasplms.exe -- (hasplms) SRV - [2010.10.20 11:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.05.02 22:25:44 | 000,498,096 | ---- | M] (REINER SCT) [Auto | Stopped] -- C:\WINDOWS\system32\cjpcsc.exe -- (cjpcsc) SRV - [2008.12.01 11:59:52 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.03.28 08:43:10 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.28 08:43:10 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.28 08:43:10 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.02.23 12:50:59 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2011.10.04 13:03:48 | 000,367,560 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge) DRV - [2011.08.10 14:05:24 | 000,596,424 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock) DRV - [2011.06.17 21:28:18 | 000,240,736 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0151.sys -- (RsFx0151) DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.02.26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010.02.26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2010.02.07 14:50:38 | 000,023,040 | ---- | M] (REINER SCT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cjusb.sys -- (cjusb) DRV - [2009.01.10 16:32:38 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.08.05 10:08:22 | 000,093,312 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cxbu1wdm.sys -- (cxbu1wdm) DRV - [2007.06.15 03:58:56 | 002,301,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2007.05.31 08:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\bizVSerialNT.sys -- (bizVSerial) DRV - [2007.05.10 11:28:00 | 004,419,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2006.12.14 10:44:06 | 000,085,120 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006.06.19 00:38:18 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006.06.12 03:36:30 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK) DRV - [2001.08.17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {17B82017-3626-4335-9B2E-8E362809DA8A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{17B82017-3626-4335-9B2E-8E362809DA8A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {17B82017-3626-4335-9B2E-8E362809DA8A} IE - HKU\.DEFAULT\..\SearchScopes\{11D452CD-B362-4073-96B2-813A6355CCE8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=cffcc3ea-8fa4-4922-9a02-2d58f1bdc6ad&apn_sauid=19C2FE10-B660-4A7F-9D0D-2ABC9C734C73 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {17B82017-3626-4335-9B2E-8E362809DA8A} IE - HKU\S-1-5-18\..\SearchScopes\{11D452CD-B362-4073-96B2-813A6355CCE8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=cffcc3ea-8fa4-4922-9a02-2d58f1bdc6ad&apn_sauid=19C2FE10-B660-4A7F-9D0D-2ABC9C734C73 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2007.10.29 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DATALINE Office Updater] C:\Programme\DATALINE Office Update\updctrl.exe (DATALINE GmbH & Co. KG) O4 - HKLM..\Run: [DATEV Update-Monitor] C:\DATEV\PROGRAMM\Install\DvInesASDMon.exe (DATEV eG) O4 - HKLM..\Run: [SfWinStartInfo] C:\Programme\SFirm32\sfWinStartupInfo.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [ToolBoxFX] C:\Programme\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Basisschnittstelle Office Initialisierung.lnk = C:\DATEV\PROGRAMM\BSOffice\service\OfficeDiag.exe (DATEV eG) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\CleanupPrintJobs.lnk = C:\DATEV\PROGRAMM\B0001401\CleanupPrintJobs.exe (DATEV eG) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Lizenz-Manager Server.lnk = C:\DATEV\PROGRAMM\Sws\LiMaServer.exe (DATEV eG) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MWSE-Backup.lnk = C:\Programme\MWSE\MWSE-BACKUP\mwse-backup.exe (M.W.S.E) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SkyUserDevmode-Update.lnk = C:\DATEV\PROGRAMM\B0001401\UpdateDevmode.exe (DATEV eG) O4 - Startup: C:\Dokumente und Einstellungen\Fiedi\Startmenü\Programme\Autostart\ctfmon.lnk = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lsass.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1454471165-796845957-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1327306912921 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1566A2A8-F9C1-4735-925B-8E10E68ECD8A}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.01.10 16:13:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.29 18:15:33 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien [2013.05.28 16:20:23 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rundll32.exe [2013.05.14 10:00:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 8 [2013.05.14 10:00:22 | 000,000,000 | ---D | C] -- C:\Programme\TeamViewer [2012.10.28 15:29:37 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lsass.exe [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.29 18:15:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.29 18:14:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.05.29 12:59:24 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dzholv.pad [2013.05.29 12:57:51 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.05.29 12:55:00 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2013.05.29 12:48:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.05.29 12:14:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.05.28 16:20:35 | 000,003,099 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dzholv.js [2013.05.28 16:20:23 | 000,159,744 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vlohzd.dat [2013.05.28 16:20:23 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rundll32.exe [2013.05.24 17:49:31 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2013.05.20 21:46:32 | 000,000,836 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2013.05.20 21:32:27 | 000,002,517 | ---- | M] () -- C:\Dokumente [2013.05.20 19:18:26 | 000,000,021 | ---- | M] () -- C:\WINDOWS\DvInesKurusOleServer003.INI [2013.05.20 19:06:11 | 000,000,805 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DATEV Arbeitsplatz pro V.3.2.lnk [2013.05.20 19:01:03 | 000,000,871 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Basisschnittstelle Office Initialisierung.lnk [2013.05.20 18:56:42 | 000,001,685 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\CleanupPrintJobs.lnk [2013.05.20 18:56:42 | 000,001,674 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SkyUserDevmode-Update.lnk [2013.05.20 18:44:51 | 000,000,740 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Lizenz-Manager Server.lnk [2013.05.20 18:38:00 | 000,000,108 | ---- | M] () -- C:\WINDOWS\Startup.INI [2013.05.15 19:14:45 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.05.15 19:14:45 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.05.15 11:50:57 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.05.15 11:26:34 | 000,593,780 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.05.15 11:26:34 | 000,568,702 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.05.15 11:26:34 | 000,131,490 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.05.15 11:26:34 | 000,114,018 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.05.15 11:18:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.05.14 10:00:26 | 000,000,787 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 8.lnk [2013.05.07 06:27:17 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.28 16:20:35 | 000,003,099 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dzholv.js [2013.05.28 16:20:32 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dzholv.pad [2013.05.28 16:20:23 | 000,159,744 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vlohzd.dat [2013.05.20 19:06:13 | 000,000,805 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DATEV Arbeitsplatz pro V.3.2.lnk [2013.05.14 10:00:26 | 000,000,787 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 8.lnk [2013.03.14 04:05:35 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2013.01.30 19:04:27 | 000,093,312 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\cxbu1wdm.sys [2013.01.01 15:44:21 | 000,294,056 | ---- | C] () -- C:\WINDOWS\System32\ProUninstall.exe [2012.10.28 15:29:38 | 083,023,306 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.pad [2012.10.19 20:10:14 | 000,000,227 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft.SqlServer.Compact.351.32.bc [2012.10.19 19:43:14 | 000,000,103 | ---- | C] () -- C:\WINDOWS\WinInit.Ini [2012.06.28 07:40:07 | 000,000,029 | ---- | C] () -- C:\WINDOWS\hbcikrnl.ini.lock [2012.06.28 07:35:34 | 000,000,103 | ---- | C] () -- C:\WINDOWS\Setup_tmp.ini [2012.02.14 23:56:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.03.21 16:24:33 | 000,354,291 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1454471165-796845957-725345543-1004-0.dat [2011.03.01 22:13:30 | 001,206,850 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1454471165-796845957-725345543-1003-0.dat [2011.03.01 22:13:29 | 000,160,474 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat ========== ZeroAccess Check ========== [2009.01.10 16:24:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009.10.29 07:24:34 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.05.2013 18:20:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = f:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,87 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 90,84% Memory free
4,03 Gb Paging File | 3,99 Gb Available in Paging File | 98,83% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,52 Gb Total Space | 38,19 Gb Free Space | 51,24% Space Free | Partition Type: NTFS
Drive D: | 76,69 Gb Total Space | 54,75 Gb Free Space | 71,39% Space Free | Partition Type: NTFS
Drive F: | 7,81 Gb Total Space | 7,81 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
Computer Name: FPOTTHAS-DA2972 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1947:TCP" = 1947:TCP:*:Enabled:HASP SRM
"1947:UDP" = 1947:UDP:*:Enabled:HASP SRM
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\DATEV\PROGRAMM\SWS\Limaservice.exe" = C:\DATEV\PROGRAMM\SWS\LimaService.exe:*:Enabled:LimaService.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe" = C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\R0000135\EOR.EXE" = C:\DATEV\PROGRAMM\R0000135\EOR:*:Enabled:EOR.exe -- (DATEV e.G.)
"C:\DATEV\PROGRAMM\Install\ExecDll\ExecDllExe.exe" = C:\DATEV\PROGRAMM\Install\ExecDll\ExecDllExe.exe:*:Enabled:ExecDllExe.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Install\Uninstal.exe" = C:\DATEV\PROGRAMM\Install\Uninstal.exe:*:Enabled:Uninstal.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\LimaServer.exe" = C:\DATEV\PROGRAMM\SWS\LimaServer.exe:*:Enabled:LimaServer.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\LimaAdmin.exe" = C:\DATEV\PROGRAMM\SWS\LimaAdmin.exe:*:Enabled:LimaAdmin.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\LimaPing.exe" = C:\DATEV\PROGRAMM\SWS\LimaPing.exe:*:Enabled:LimaPing.exe -- ()
"C:\DATEV\PROGRAMM\SWS\StartCIOProfile.exe" = C:\DATEV\PROGRAMM\SWS\StartCIOProfile.exe:*:Enabled:StartCIOProfile.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\MasterSWM_Viewer.exe" = C:\DATEV\PROGRAMM\SWS\MasterSWM_Viewer.exe:*:Enabled:MasterSWM_Viewer.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\LimaLicFile.exe" = C:\DATEV\PROGRAMM\SWS\LimaLicFile.exe:*:Enabled:LimaLicFile.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\StartCIO.exe" = C:\DATEV\PROGRAMM\SWS\StartCIO.exe:*:Enabled:StartCIO.exe -- ()
"C:\DATEV\PROGRAMM\SWS\TestTCP.exe" = C:\DATEV\PROGRAMM\SWS\TestTCP.exe:*:Enabled:TestTCP.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\LimaStatus.exe" = C:\DATEV\PROGRAMM\SWS\LimaStatus.exe:*:Enabled:LimaStatus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Mandant\Mandant.exe" = C:\DATEV\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\K0005000\Arbeitsplatz.exe" = C:\DATEV\PROGRAMM\K0005000\Arbeitsplatz.exe:*:Enabled:Arbeitsplatz.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DvpExe.exe" = C:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DcomSrv.exe" = C:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe" = C:\DATEV\PROGRAMM\RWAPPLIC\Datev.Irw.Managed.ServiceProvider.exe:*:Enabled:DATEV IRW ServiceProvider -- (DATEV eG)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Download\p2015n\hp_LJ_P2015_Full_Solution\setup\HPZnet01.exe" = C:\Download\p2015n\hp_LJ_P2015_Full_Solution\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- (Hewlett-Packard)
"C:\Download\p2015n\hp_LJ_P2015_Full_Solution\setup\hppapd.exe" = C:\Download\p2015n\hp_LJ_P2015_Full_Solution\setup\hppapd.exe:*:Enabled:hppapd.exe -- ()
"C:\Download\p2015n\hp_LJ_P2015_Full_Solution\setup\hpntwkexe.exe" = C:\Download\p2015n\hp_LJ_P2015_Full_Solution\setup\hpntwkexe.exe:*:Enabled:hpntwkexe.exe -- (Hewlett-Packard)
"C:\DATEV\PROGRAMM\SWS\Limaservice.exe" = C:\DATEV\PROGRAMM\SWS\LimaService.exe:*:Enabled:LimaService.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe" = C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\R0000135\EOR.EXE" = C:\DATEV\PROGRAMM\R0000135\EOR:*:Enabled:EOR.exe -- (DATEV e.G.)
"C:\Programme\IncrediMail\Bin\IncMail.exe" = C:\Programme\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail
"C:\Programme\IncrediMail\Bin\ImApp.exe" = C:\Programme\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail
"C:\Programme\IncrediMail\Bin\ImpCnt.exe" = C:\Programme\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail
"C:\DATEV\PROGRAMM\Install\ExecDll\ExecDllExe.exe" = C:\DATEV\PROGRAMM\Install\ExecDll\ExecDllExe.exe:*:Enabled:ExecDllExe.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Install\Uninstal.exe" = C:\DATEV\PROGRAMM\Install\Uninstal.exe:*:Enabled:Uninstal.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\LimaServer.exe" = C:\DATEV\PROGRAMM\SWS\LimaServer.exe:*:Enabled:LimaServer.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\LimaAdmin.exe" = C:\DATEV\PROGRAMM\SWS\LimaAdmin.exe:*:Enabled:LimaAdmin.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\LimaPing.exe" = C:\DATEV\PROGRAMM\SWS\LimaPing.exe:*:Enabled:LimaPing.exe -- ()
"C:\DATEV\PROGRAMM\SWS\StartCIOProfile.exe" = C:\DATEV\PROGRAMM\SWS\StartCIOProfile.exe:*:Enabled:StartCIOProfile.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\MasterSWM_Viewer.exe" = C:\DATEV\PROGRAMM\SWS\MasterSWM_Viewer.exe:*:Enabled:MasterSWM_Viewer.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\LimaLicFile.exe" = C:\DATEV\PROGRAMM\SWS\LimaLicFile.exe:*:Enabled:LimaLicFile.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\StartCIO.exe" = C:\DATEV\PROGRAMM\SWS\StartCIO.exe:*:Enabled:StartCIO.exe -- ()
"C:\DATEV\PROGRAMM\SWS\TestTCP.exe" = C:\DATEV\PROGRAMM\SWS\TestTCP.exe:*:Enabled:TestTCP.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\LimaStatus.exe" = C:\DATEV\PROGRAMM\SWS\LimaStatus.exe:*:Enabled:LimaStatus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Mandant\Mandant.exe" = C:\DATEV\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\K0005000\Arbeitsplatz.exe" = C:\DATEV\PROGRAMM\K0005000\Arbeitsplatz.exe:*:Enabled:Arbeitsplatz.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DvpExe.exe" = C:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DcomSrv.exe" = C:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe" = C:\DATEV\PROGRAMM\RWAPPLIC\Datev.Irw.Managed.ServiceProvider.exe:*:Enabled:DATEV IRW ServiceProvider -- (DATEV eG)
"C:\Programme\TeamViewer\Version8\TeamViewer.exe" = C:\Programme\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\WINDOWS\system32\hasplms.exe" = C:\WINDOWS\system32\hasplms.exe:*:Enabled:Sentinel License Manager -- (SafeNet Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024729A3-6BE9-F0DD-E6C4-A95CF7159A1C}" = CCC Help Thai
"{03E26CB2-2D09-EE9E-7C42-F9EDDBA61292}" = Catalyst Control Center Localization Portuguese
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06A7EA72-0F00-4D53-A81C-A5D925711141}" = SQL Server 2008 R2 SP1 Full text search
"{0881ECE5-DCA1-462D-B515-F1732875EC74}" = DATEV Infragistics Runtime V.3.2
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1114F843-609B-E030-D9E9-D4BE7772B36C}" = Catalyst Control Center Localization Czech
"{135BA9A6-495A-4FE9-B1A1-AB4DA449CAB1}" = hppLJP2015
"{17F2ACCF-309D-2B41-3D40-A3F569F57EDA}" = CCC Help Finnish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185292F7-7C0A-4F72-B2CC-CBEBD40B050E}" = Microsoft SQL Server 2008 R2 Native Client
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D893CF9-2C8D-3B98-457D-EB5F3578BC30}" = CCC Help Italian
"{1DD34CAF-3E11-B6F8-70CD-D281DFA7CA52}" = Skins
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F73D672-6175-4A1D-B3C1-420439D03D0F}" = Product_SF_Full_QFolder
"{2105D2A8-6360-6AB2-1889-95286C9E1757}" = Catalyst Control Center Localization Italian
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 30
"{2B0838A1-05EB-A135-550A-84CE19A4FB8B}" = Catalyst Control Center Localization Norwegian
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31D72A9B-F7A1-4FE9-A9BC-45D2BE2610D4}" = SQLXML4
"{32A41613-DBF2-8AD3-244C-E9CC9C9B630D}" = CCC Help Chinese Traditional
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{39C3617A-C7AC-EDF0-DD71-77A1AF8ACD4B}" = CCC Help Portuguese
"{39FDE6F8-5D02-EC16-967E-3D36AE3D9C4E}" = Catalyst Control Center Graphics Full Existing
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
"{41C77DAD-7A71-9108-442A-0D134D75AF48}" = CCC Help Spanish
"{4413D70B-5617-3718-B3DB-E83E9F2A20C9}" = CCC Help Hungarian
"{450DA020-DB18-E288-31C3-3B3F872A776E}" = CCC Help English
"{455B0AC4-7C7E-440D-8B1E-19967C87C31B}_" = DATALINE Olümp
"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
"{48B08845-0CB0-45EC-893C-15319ADDA312}" = Microsoft SQL Server 2008 R2 Setup (English)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{4E544E75-4FC7-5224-9C37-3D2831CDB017}" = Catalyst Control Center Localization Russian
"{561D20B1-766E-4EA5-8A1D-B7357D903673}" = hppIOFiles
"{567D03AD-B75E-0F08-087B-13C1FF67C7D7}" = Catalyst Control Center Graphics Full New
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = SQL Server 2008 R2 SP1 Database Engine Services
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5F1B0D76-AFC0-6382-C507-D61E0D4CD3DC}" = Catalyst Control Center Core Implementation
"{6007A8A9-231B-44B9-961F-639428E6C3B8}" = DFL2010 Microkernel
"{62834027-0A20-19E2-8ADA-8AC11DA07723}" = CCC Help Russian
"{636BAD38-26BC-4BD8-802B-F18ED2D48D65}" = G&D StarSign USB Token für ELSTER
"{63A9FB11-2708-7EAE-4AE4-765115E4151D}" = CCC Help Turkish
"{6441FECE-0E73-4326-81BF-68503E897820}" = CorePLS_Min_QFolder
"{66CB0251-AB0E-5D30-4A04-7C9F9F26B7EE}" = Catalyst Control Center Localization Turkish
"{68C37F3D-2038-A60A-3DC4-60CAC421CF15}" = CCC Help Japanese
"{69E6C13B-CF6B-47A6-B7A5-77FE82B2CB40}" = hppFonts
"{6A1DA78D-8895-3411-5954-3DE90EB4839A}" = CCC Help Chinese Standard
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E9087C5-4D61-8AE6-0972-3C7A0BAC64D7}" = Catalyst Control Center Localization Finnish
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{706A3FF0-1EA1-3FF0-69A5-DE0B22F5230A}" = CCC Help Greek
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71649C44-99E4-4355-883A-18B5CF876D30}_" = DATALINE Olümp
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77E033C3-D3EB-ECAA-7815-2C7DBBDF1AF3}" = Catalyst Control Center Localization Spanish
"{78F4F3F8-6ED5-34AD-CAD2-AC6127729138}" = CCC Help Swedish
"{7A178F2E-92F6-437C-A709-69685D1C0F2B}" = hppTLBXFXP2015
"{7CC7F961-1F31-39AD-8423-8E9220676B2E}" = CCC Help Polish
"{7F26BC94-9AAA-4FD2-A38A-F13B3ECA3426}" = Crystal Reports Runtime XI
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{889BCCBD-8C77-8D09-9BDF-DE6210E70AF2}" = CCC Help Norwegian
"{8AF1BF2B-FA5E-1A95-60DB-F28CB2070FBC}" = Catalyst Control Center Localization Greek
"{8BEA6A31-651C-C4DC-E174-561BB14120B3}" = Catalyst Control Center Localization French
"{8C0118CC-F720-45FF-A4DA-44AD77B2E73C}" = CorePLS_Full_QFolder
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901C0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002 Runtime
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{92F0B124-1C08-0F00-47FA-9581A74EF0FA}" = ccc-utility
"{93968FB2-C67A-4A9B-80C2-5D4D9393058E}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{939913F9-F134-4E9E-B879-BE6755B69952}" = USB CCID Smartcard Reader - Version 1.2.0.5
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{93C069D4-2F86-4570-A6DF-BFABBA1E4AFD}" = hpzTLBXFX
"{948B21FA-48AF-AA3E-9770-02625F0108AC}" = Catalyst Control Center Localization Swedish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{972826C4-7E9D-F0DA-1EA9-B2D223722370}" = CCC Help Czech
"{98E8285F-6B11-4ABD-15BA-2A369C3FDD86}" = Catalyst Control Center Localization Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0794C57-D8F2-5423-CA67-384D45EB382B}" = CCC Help Danish
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A41A8666-3EC8-51B2-2927-493FBA5CE2B5}" = CCC Help French
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB}" = PC Connectivity Solution
"{A600A500-6AAC-48AB-B29C-145483B3A127}" = SFirm
"{A828F8F2-BD8C-6F85-7280-0D252D34AC5D}" = Catalyst Control Center Localization Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2F2C082-77FD-6C2C-2EC8-FBB852B8B51A}" = CCC Help Korean
"{B305A97D-E41F-4CA5-889D-E312F8D167D8}" = DFL2010 ConfigDB
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 SP1 Database Engine Services
"{BA235311-3EA5-83C7-F0E4-3FFED48A3110}" = ccc-core-preinstall
"{BDDC6360-A196-49D8-89A2-DCDC84FD4D57}" = DATALINE Olümp
"{BDDC6360-A196-49D8-89A2-DCDC84FD4D57}_" = DATALINE Olümp
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{BFB450D8-BCCB-C608-C2D3-2F863B0A1A09}" = CCC Help Dutch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C5CBEBFF-3DB4-4271-A706-757BBE3BD5AE}" = KOBIL CCID driver x64x86
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 SP1 Common Files
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB99356B-F8B6-EE9B-806F-57E58CDB8A49}" = Catalyst Control Center Graphics Light
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{CFB61D8C-D651-4D7C-80B4-C78676A0AF1F}" = hppusgP2015
"{D2C811DF-7927-A826-DD0A-F4BD7756A09B}" = Catalyst Control Center Localization Chinese Standard
"{D30125D5-23F3-BD39-DE6B-6483E21F34C1}" = Catalyst Control Center Localization Chinese Traditional
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D4BA9D57-F9DB-479D-8D85-449F4ACA6BBE}_" = DATALINE Olümp
"{D6D2D227-3431-82D1-08CA-D48F7D5B12FF}" = Catalyst Control Center Localization Polish
"{D7CC2103-F5A3-E151-F2E9-C94513A47F3F}" = Catalyst Control Center Localization Dutch
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7A679C2-2A9C-4008-9CF9-178A6C13D923}" = Dialogseminar online V.3.02
"{ECDD7BD7-AA20-A0EC-C91A-34FDB52E171B}" = CCC Help German
"{EDAE4F43-833C-443B-8DB5-129F897DF3E8}" = hppWebRegMM
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F38D0F99-1BFC-47AB-AC36-8D9D43700CFB}" = hppManualsP2015
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F5461972-F6A5-853A-1B4B-F5AD2CB78A89}" = Catalyst Control Center Localization Japanese
"{F68A5AEF-061D-0A49-D440-C54D96496CE8}" = ccc-core-static
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B37275-A11B-0B97-6F69-038E9569002E}" = Catalyst Control Center Localization Korean
"{F8AEA743-A9CB-453C-9B3C-53D7F1D0CC22}" = B1315AppGuid
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 SP1 Common Files
"{FF04C032-D077-4E74-4BBD-B44B0C82CD2D}" = Catalyst Control Center Localization German
"{FFA07CE3-8ABF-F029-657D-422FDAE76594}" = Catalyst Control Center Localization Danish
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"DATEVB00000482.0" = DATEV Installation V.3.1
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"Google Chrome" = Google Chrome
"HP LaserJet P2015" = HP LaserJet P2015 Series 1.0
"HPExtendedCapabilities" = HP Extended Capabilities 6.0
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{636BAD38-26BC-4BD8-802B-F18ED2D48D65}" = G&D StarSign USB Token für ELSTER
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWSE-BACKUP" = MWSE-BACKUP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PERFIDIA Standalone" = PERFIDIA Standalone
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoMail" = PhotoMail Maker
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 8" = TeamViewer 8
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 29.05.2013 02:20:26 | Computer Name = FPOTTHAS-DA2972 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DATEV DFL-Service-Manager" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 29.05.2013 06:57:48 | Computer Name = FPOTTHAS-DA2972 | Source = SCardSvr | ID = 602
Description = Die WDM-Lesertreiberinitialisierung konnte den Leser nicht öffnen:
Das System kann den angegebenen Pfad nicht finden.
Error - 29.05.2013 06:57:48 | Computer Name = FPOTTHAS-DA2972 | Source = SCardSvr | ID = 602
Description = Die WDM-Lesertreiberinitialisierung konnte den Leser nicht öffnen:
Das System kann den angegebenen Pfad nicht finden.
Error - 29.05.2013 12:15:13 | Computer Name = FPOTTHAS-DA2972 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 29.05.2013 12:15:27 | Computer Name = FPOTTHAS-DA2972 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 29.05.2013 12:15:27 | Computer Name = FPOTTHAS-DA2972 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 29.05.2013 12:15:27 | Computer Name = FPOTTHAS-DA2972 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 29.05.2013 12:15:27 | Computer Name = FPOTTHAS-DA2972 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 29.05.2013 12:15:27 | Computer Name = FPOTTHAS-DA2972 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD AmdK8 avipbb avkmgr bizVSerial Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip
Error - 29.05.2013 12:16:04 | Computer Name = FPOTTHAS-DA2972 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
Gruß Harald |
|
29.05.2013, 19:28
| #2 |
| /// Malware-holic   | GVU-Trojaner - Windows XP 32Bit Hi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O4 - Startup: C:\Dokumente und Einstellungen\Fiedi\Startmenü\Programme\Autostart\ctfmon.lnk = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lsass.exe
(Microsoft Corporation)
[2013.05.28 16:20:23 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rundll32.exe
[2012.10.28 15:29:37 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lsass.exe
[2013.05.29 12:59:24 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dzholv.pad
[2013.05.28 16:20:35 | 000,003,099 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dzholv.js
[2013.05.28 16:20:23 | 000,159,744 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vlohzd.dat
:files
:Commands
[emptytemp]
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
29.05.2013, 20:26
| #3 |
| | GVU-Trojaner - Windows XP 32Bit Hallo,
__________________Upload hat wohl funktioniert Windows ist bei dem Rechner sauber gestartet hier noch das fixlog vom otl Code:
ATTFilter All processes killed
========== OTL ==========
C:\Dokumente und Einstellungen\Fiedi\Startmenü\Programme\Autostart\ctfmon.lnk moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lsass.exe moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rundll32.exe moved successfully.
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lsass.exe not found.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dzholv.pad moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dzholv.js moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vlohzd.dat moved successfully.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: Andrea
->Temp folder emptied: 18538166 bytes
->Temporary Internet Files folder emptied: 33999632 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 3036 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Fiedi
->Temp folder emptied: 580036264 bytes
->Temporary Internet Files folder emptied: 151440031 bytes
->Java cache emptied: 2096459 bytes
->Google Chrome cache emptied: 46549052 bytes
->Flash cache emptied: 7419 bytes
User: Fiedi_old
->Temp folder emptied: 568769087 bytes
->Temporary Internet Files folder emptied: 622101899 bytes
->Java cache emptied: 1303396 bytes
->Flash cache emptied: 487 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 1423809 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2155701 bytes
%systemroot%\System32 .tmp files removed: 2833287 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17820473 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.954,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05292013_204320
Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZX3OLQO8\4VaqaFZRjYOtQlJFvqii-VoSt7-3F5YDYNgu1BWEutt5wk6AiTLNMJMR5CZSfAPU3i2RtR03a7Q4iYoPC2Rl1PCoHWHPMZCe9ZNMYHV59w4lD_OhAkcrCEt7-fV46Xwv5IVWEHMy71sdMqjieHQ[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZX3OLQO8\8EwujWpyWJQBPf0sSQ7CxEi9VwDVwzc38nh3JwEht79ZiX6id5yfR1YM5duC3SZTHHKRCYawuwC8k5FhT0TDnNlhYp0GBgfISuAE3yYUuXWgqwNHReBvt0HqTaMizGhGikq4OXp3xC3Mgb6quTs[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZX3OLQO8\8IypB8357eR_ZrGjgpBZHFPXcbb8rf1i0GdRcJCCqRNivXtIIIH-uFEZC_3LEnv5dA1qALLiuYm4YOD8uwLH4GppfuUyNKeJdjcGcvaCfc95BlXOO6PddQUAw&callback=google.LU[1].featureMap not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZX3OLQO8\data=DkDO_j1oleNy4ZU86-W2NiZUucgTNFgplm4,4GR0T6XSvOkJOxFRa_aAR8e7awY65G2auEyfK3-yWjXSNTgcIVYtZu4LOnXJY3UfMa30EjDRRA5i-w&callback=google.LU[1].featureMap not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZX3OLQO8\glpQaPzWvMsA9FMwyQFfHqtvGHD1pzLEghNHLqOv3FUfDId6vbqVBuxjlQ-NbfasGn2tIPb5iCHq_rGm0lrLw7vGU4blgdZLV_VuJtqWjtikje8L0NOOqY7j7rYlDF20tiTVO3Q3Qq3dgHnVEOg[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZX3OLQO8\p87qEzykRo_xKfV4-dPMrJ8LMaYDE5Vw4CHMuny4rCnxjicqcFyrmmXLsUuYIqo9s-JOnvfYvozavDtYCXBupSShBzW5rQVmqkJry-bOHtZrH-oYpwoQA7M1rTr1rnXTbDZ0bLnnjRrMggvlbrg[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZX3OLQO8\uVmtrPugZ3J3TAqxm96z9pTBr8qkaGWChKK1_1MnE1x7MlkVh_GAu9TqfQ_XZuUUJd3W3LFgJ9xoWZbLYBYRxqLjNjGWNk03QdTd2r9nOheaxyzcVDC7XeJRXozEIPMUYN6ja9Mp10u9tqfYcUV[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZUGAIY60\Fgplm4,OBvFLmULV3N8K4YOrqVKv5AR97PFOlpoQ9IrMrjAjQNstOuddRXD2dBvqp8guZXs9j8xsxriTrDb_JSf1CX0Rl_rLmku0OQ6uAaInltmKBmB9oyvHA&callback=google.LU[1].featureMap not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZTQ4PCZR\I00MjUIwWevK_iRHopoJwZiedSEKJOXya5Ai9aYOloOK40oFftSiiEVyobP7e-KOC-AhjgdlGjIiRiI1LKTLz33tP01hqcJBz1ZhTxSdFqMzVRA&callback=google.LU[1].loadFeaturemap_452_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZTQ4PCZR\MzFUPrGtAzNP_rM2a5xhRTaz_huSN1dzcFrciF346N1ihFg902LPYP9LGf8vlCmQHqrq6rx6kjV2IUymso3-DgdFDtpBL4-wAhyYUZjLjDhVT3g&callback=google.LU[1].loadFeaturemap_356_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZTQ4PCZR\sFqtJkpcmXxne5oMLsCI_AQgOPsuJkxkvOye_NMmHC8M-8-l9HmNm5V76jV90JA-vBeZ8Hc9vbUEtFt2FAyXmFd_sqjvOdy1LX-8Ez08aLYsZ-A&callback=google.LU[1].loadFeaturemap_123_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZTQ4PCZR\sgZqakHczhSK_0At0PywLL9UOfbeNOQp32jKPyCjQmcedlBwC49y2_0_Z-1inFsvvAFp2SbwzMTuvSvFvDIzMux1OjXzXpJ7nmYOYgW3M_hwsWA&callback=google.LU[1].loadFeaturemap_306_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZTQ4PCZR\u9XwJ55OX7Ag,yreWLfTgoBt--u4RpidSZiDQE8jIbVRW4wjMJlEwVHZs2CeQPRSrd1YM-hrWhDU1kl56CF-8gk-EQ5cvVBfdXJjngwb0bEkPvnYYfc_H0AjfqpV8h_CNLiDT_yAQnAWysawmOw[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZTQ4PCZR\_LjvMXjDEaes_12wlQIs4d4WgUkoyuV8XljY0wJCaGUvF_RvuNSkWlGKT1SKRfRNmT6q5mUSTQCXi0WGHRa3SkSbbXSJTQDyhq6AEslhYDaTScd2-7pBINF6T7hkHWa5pVuA9_5vGfQrV3rFdKA[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YG3YBH5Q\Fgplm4,4Uh2YLb20H3F7qrm6mlbf4aeZejxSfqb0ja0fHpIJlpqx9sQ9IiPcZN4uCB1eT6GFqwcyaHh-FlLhHFJNyIDpSq-jt3xYg1HLntN-ajjk9Q752msfg&callback=google.LU[1].featureMap not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y7IR97XD\5vmxkBhedUwtFix7KLTdQW8Z705lmbOZfhmFnRJVO4tz0gLC97vb0jt3zKomsal8hSADQTsqAnTL5hdguIyXgwX5wl08tj4meZ-NsYEcXOlTjhA&callback=google.LU[1].loadFeaturemap_527_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y7IR97XD\DkcimYUie7R-kCoOLrxP5it4Fs6ZnlY7Put5pACR2ir9QMHy9l77sElDgbMCUGM60d6eeB9SqxK7pyY9xsU7u6f8FTuix8m56eCvXbCCmoQzLm7Kv_AvzOMy7K2YfM-DX9-9FJp0Ok4nc-VgZbw[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y7IR97XD\JCFahxQXn-Mtywd96cLepSysI9D4z_OYSaEPEsE0Yda68RGv4_5NRiA1vXb05Pkpljnmuaaxi_zdLrRaDEz6S8ZpunGPUsizg0vVY0rnr2Zi72w&callback=google.LU[1].loadFeaturemap_339_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y7IR97XD\mTkOLBCs-LZqYKzOIfd-47gxNqc199HtJvZGjxvlBCfs55I1DhqZXMeQgaO4zZrMB9EO4rWdgTMtoWsloMDCjoMdZp1LJ3uE1ARzahG4lGZrDPg&callback=google.LU[1].loadFeaturemap_140_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y7IR97XD\u9XwJ55OX7Ag,E7XNj_c9CbI3YIcSkSI1D73i7abqJ3WXU_YH0zRVnRc9gdck3_9gEFh0uKHd5wSS-QeegPyzUhskTayt-VcLu_p8yxUqK4gLXWtcqS64K6c9P9vjwaKYsVz17_8-2WE25Iz_yQ[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y7IR97XD\u9XwJ55OX7Ag,Lp69TvqsaxkbxQljMUwH2b8fKb6NDh4rB0HXj8Ns2uESI3fVCAkNDVRBhF0hcQnZ90vF-0lZPlz4cJljLLolZuBptg8cX3yL4At2wlu7buK2fWYExMVfBo4zggWDCRks5-vuVg[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y7IR97XD\u9XwJ55OX7Ag,T7WkM7CNv4fWW5fzCWvMOGgUu5hXNbAORM6hRl9ErzmeIiCVq3-R14dHDDuV3LM4O3aN2TPsM64TGdf5MlSlBUkF22pqYWY-3IfxjvOr53mCCynHD--89iWi-e4QsHbzEM9PGw[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y4ET84ME\Fgplm4,DED95_DjaWlQxVc0dpoN5sfetoQdZmkasqZXyFHvknfQH_hOvK81pY6vHFMCcyTSvWpjEiXlmGgUs_ETgkdqfF5ztE-3Wk_GF0qKFBLGmGgbxFCkuw&callback=google.LU[1].featureMap not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WRETJY2T\DIzus9l4BOJPFxOZkDMUsb6ZjXOAmDp19VtSyvbiR4f-a0-51fmRe-nvnswUoQ1tGLD7QIq-3oVQhGRciEVFTe2LAkdDngW-CRS-pMCt0AlAwBw&callback=google.LU[1].loadFeaturemap_762_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WRETJY2T\ptRaMrmDWXAs4P4GBL9B38dnZcYi8jkqRyy20scWDdn-dBjFTvqb_2Q24IZuIXqkFBljZo6QFKtDGPgq3kelXaTEag7xOxX_MU4nTNzVUlwQKW0nD-k7woDnL2C7icrkx9pAke7cRsq07Vn8d5s[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WRETJY2T\u9XwJ55OX7Ag,wDsa--81S4PjnWrBe7w8KhjzUaESZaCnXX8-NIhryxaAuYcM_n_6rY6tYfs1JDp71lQpOfKudRjk8uwhDcw-x3yvgpzzvRZkPYhSy7jXY9q_j2YGNR92mZnIBSlcsFRAYnVKag[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WRETJY2T\xvZu9XwJ55OX7Ag,UvUkhZ08tve4FETFN3ACFIhvV55rqjnWn55iD1LHLB9MmGHpOnAbcYomb9d6Aapqy0C6dRkYswdAsximW6XuXJMhwT6UXwH2OiTsTKMH2l41Qf8q3mJnjQIdNUlIcL2VygE[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PM3QEQV1\I00MjUIwWevK_iRHopoJwZiedSEKJOXya5Ai9aYOloOK40oFftSiiEVyobP7e-KOC-AhjgdlGjIiRiI1LKTLz33tP01hqcJBz1ZhTxSdFqMzVRA&callback=google.LU[1].loadFeaturemap_807_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PM3QEQV1\LzJ-daWPItRIXz_RaRoutVtCkKL1Jnj_h9YEjFbrkIwCunx6rkA4Pc8ngyZXCoezxpOrbAa1zVVtlP5neKSLEO5t2dKCnDUMKAbYrMJ5Z4m0MhK0glJwTNGkathsbJswym7BeYdBFUsgDTrRbzQ[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PM3QEQV1\PslQ3owNcnbjF97L351VvE5tg10Ldo1Ugk8HEXDepRiprv7-ktxpON3GInAoEZNs8CzLiIatYQWCYIS2RGQ3uBdfNezrEbxXgrFhvMrTz3FhYTk&callback=google.LU[1].loadFeaturemap_319_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PM3QEQV1\u9XwJ55OX7Ag,z0Thg6Lls-e-o_uQVtNdroosgZqakHczhSK_0At0PywLL9UOfbeNOQp32jKPyCjQmcedlBwC49y2_0_Z-1inFsvvAFp2SbwzMTuvSvFvDIzMux1OjXzXpJ7nmYOYgW3M_hwsWA[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PGHL0EHN\23tC7-9d74TTBYlo55b2VoUXATsb-1TPE6Ll8q_XdTZU9hwouJS8gsldoQfDTjS21NIchjJjnPgS2IrAhcoarG1o4QtR48vZGlFpRRfNhvr-_M-kG3do0CWVCsnBMZzbne3auTPl22hcPK7M3XE[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PGHL0EHN\MzWdy51wHRvPFtSzLHgI0TKRmtf4Tz8Oc0oSgckeZ0tpdkDdm7mlXN-1E09ChvtrMF5cbTrc-yWe6GWW9QZ8xofXPIshA1QZ9LpKL2xRjdvPLUA&callback=google.LU[1].loadFeaturemap_703_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PGHL0EHN\u9XwJ55OX7Ag,2EFKfD60zM_YwsRc-n7rK36DIzus9l4BOJPFxOZkDMUsb6ZjXOAmDp19VtSyvbiR4f-a0-51fmRe-nvnswUoQ1tGLD7QIq-3oVQhGRciEVFTe2LAkdDngW-CRS-pMCt0AlAwBw[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PGHL0EHN\u9XwJ55OX7Ag,d5rSuXNfr0WZ9BaAmr43OxVcHjhdzX1Wd2cM83va_o_FpGWkImtWZZJsh12FNLpSQ8ZDyKtKPvDaPCcGum9cF_B35e1yi9OcNW3SGxPGMxD8KEQLkcksMFT8Lj3wEwbIyZsG_w[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PGHL0EHN\u9XwJ55OX7Ag,P93Jiw2AzG0dVKF34AoCHf2sFqtJkpcmXxne5oMLsCI_AQgOPsuJkxkvOye_NMmHC8M-8-l9HmNm5V76jV90JA-vBeZ8Hc9vbUEtFt2FAyXmFd_sqjvOdy1LX-8Ez08aLYsZ-A[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PGHL0EHN\u9XwJ55OX7Ag,uI5LumubDXy5xIto9O5cQDh1MJXYS-kwMSdB0hoJS3BpUbv3MJ-NjbqTv8leWGEZuM1AAVL1FKWVeB5gUTcszXEg_R-Mgcv1ff66o5s1ZDmaBnsyOq_g26Xk9z7NZQ7tTtZFVA[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PGHL0EHN\u9XwJ55OX7Ag,xby-6kgLkxDqbT2hcAcFWaLkcq3PHcVoFh1ZQPOtEO2MJjhuSUp_03pGsKm4Qew14GpxxpJrFGmzSP0Mbppf8F9djSCs86Z5kz6mrLSj5Ao0Wn_Vn19n5kpwHgyjKr9V0j1NxQ[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\P5N07CJY\dclFVpYtiT6Ml3R0G8VrUB89TJx0Pkj_JJPhiHhQRdonsmwv8ZnjjnyHIbqxt8ZvVgTcdLJoC9ccZhN6q8uUQmAfjz-StZaHxBSjUY1BEeE5QPmLmGbtFl56ycM_TpKj3SuOsV6xIAgN2JluFm4[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\P5N07CJY\eJL1SgCx-lMDMnoqFvGCvxyms4qrAmPn4cMIkrgo00ayMJ-ylA3KDHILLQ5pBEstlqjWLOTPkPN9-jpDWUp-XlCC7zW7DKdkJ_UR_Ss4bmcKJ-g&callback=google.LU[1].loadFeaturemap_640_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\P5N07CJY\ksfAciwiBAu7cwQt-tW6Fk0aifuNID7bEEPvUBNQAFDSwDSY_Y33_mh1wZGkfluAFxzbBraUK0K-vgth2PYghbs6dEdoBs4krinHpJGlVaIjorw&callback=google.LU[1].loadFeaturemap_198_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\P5N07CJY\sgZqakHczhSK_0At0PywLL9UOfbeNOQp32jKPyCjQmcedlBwC49y2_0_Z-1inFsvvAFp2SbwzMTuvSvFvDIzMux1OjXzXpJ7nmYOYgW3M_hwsWA&callback=google.LU[1].loadFeaturemap_795_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\P5N07CJY\u9XwJ55OX7Ag,ag4HxbxDz_CkGHKqEeNoK5F5vmxkBhedUwtFix7KLTdQW8Z705lmbOZfhmFnRJVO4tz0gLC97vb0jt3zKomsal8hSADQTsqAnTL5hdguIyXgwX5wl08tj4meZ-NsYEcXOlTjhA[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\P5N07CJY\u9XwJ55OX7Ag,XxlBGMD1c8Fc4ziMo0HVY0yMzWdy51wHRvPFtSzLHgI0TKRmtf4Tz8Oc0oSgckeZ0tpdkDdm7mlXN-1E09ChvtrMF5cbTrc-yWe6GWW9QZ8xofXPIshA1QZ9LpKL2xRjdvPLUA[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\P5N07CJY\XjU1XLv3mffm6TeZdEkc8WUpwZr8xZWfUAIOPPmB64S-ffWIxr1s8Paets7v19aGYo988luvRXahMpbByrfTmwT4OLTXBh-x-BUSpuFB16soO7A&callback=google.LU[1].loadFeaturemap_749_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\NLZAP304\-aWpnhD9ILBJDEsEdGW6gwhuVCsCGjVqF5ksblYypIvPcEAAln1OCpk1sOchZX5W8ViNq5cSkaYNHDYKP8KvUhvXGPrzqIkFCQu5sV5eA0NHYlYw65oEiEZf9qPqMDXQLeqhOuMHrIaK5knhuNw[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\NLZAP304\2uMrXt6aj73o6sTFq2bIXCmVd9rd1aO_MWaDETOpmaj8eZG6kYP1cHQrj0_Or_clXso78Wd14hfPpH2Aws6y-U23-lFgzsYeiz0ECk68LyCzfYNnQDsQMDVn-eyM4xgg1CFtAtQcm9Hfzv5IncQ[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\NLZAP304\5XlhYt8XcNhrCiFNm3EawOVpXKTh9RegDmhBrdviVNNqv4OHPmfGOkn7cn2zBfZSlw6UeQainwc9PVBTlEXig7UREMiodJPF10_9cQitLqxa4-gPibBiWmcT_nDkVCOPGrn_BbY0I9osjzMyI9Q[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\NLZAP304\eFIwinNeCRfvVDaCIganaOs_ixZXIwDoCyJBIAik6srLwbu-16gJjC2S8PxXpJff73y-CUghDVOa8kG6JSSz5_th4-IeRsypL6X93GwfU9rF8XFpzHGve2BHTLtRBHzBz010Q6FXO8PCzCiyPck[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\NLZAP304\u9XwJ55OX7Ag,mdyFBxXVFiz3wIf30TgFuwLkOS0iiBdCUXrjtvD7naC5rSet6gFcb4Oz6rNefcPCeQaicWujzsnQGn6GWTwscOi52-Nfz3rG7zVdql3MwdNmgEsDTMxGIz659kWZ9y5DzKCVfA[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GLM60PY3\LtgX-e3f8ctI3U5dJtbt7EJ1ZfRneYme,hiKVvdVysVVuuY7re-vjUScjkSnK6LnEf0qd4ESXKpYA-h7r_ODhdAGt0zKbBeHDp12D8IFcPydpRUiuVpT4KWDuGePD0FaAok5Wtb_RL8At0U9G8Q[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GLM60PY3\LtgX-e3f8ctI3U5dJtbt7EJ1ZfRneYme,OIFzWk7p46od0E1q4npLMhPRp29Np5_zENtBNZRpfD7yECNRZx6G2YYBB-pVFP1QYftKl2mqCRv2HPKB5I2eTm8d4_5P8l-1lcHZTNbiNvapkkRLnQ[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\FPKEJEH0\8q_XdTZU9hwouJS8gsldoQfDTjS21NIchjJjnPgS2IrAhcoarG1o4QtR48vZGlFpRRfNhvr-_M-kG3do0CWVCsnBMZzbne3auTPl22hcPK7M3XE&callback=google.LU[1].loadFeaturemap_841_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\FPKEJEH0\u9XwJ55OX7Ag,Cdd8WQGirE9n6bWUbXm1RVIa559rBvkyf10UwruX7-9pjr2p-w-yuD4Wss8_CcHl0Sy7SyDi6Xr-8pDsHNLmJEP8E1z_3AZUkNlxaduJsOzJEZuBPl7GgPFgcL1JeaHFTkNr_A[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\FPKEJEH0\u9XwJ55OX7Ag,u0ZVx8FMraojQLdswALje3veJL1SgCx-lMDMnoqFvGCvxyms4qrAmPn4cMIkrgo00ayMJ-ylA3KDHILLQ5pBEstlqjWLOTPkPN9-jpDWUp-XlCC7zW7DKdkJ_UR_Ss4bmcKJ-g[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\FPKEJEH0\u9XwJ55OX7Ag,yVI2669oEFjJWDjOUd8yEs0kdHiA5lEno34kc1bRdmH7f15RP_L98Cauhm9wKgwa258K18bBoEO8VqmBR0tpbmk88n1sTBz_QtuSW6LoTelQya2ayzf2SdgMFcDE7QV-NS2qJw[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\F9COGY1X\IAik6srLwbu-16gJjC2S8PxXpJff73y-CUghDVOa8kG6JSSz5_th4-IeRsypL6X93GwfU9rF8XFpzHGve2BHTLtRBHzBz010Q6FXO8PCzCiyPck&callback=google.LU[1].loadFeaturemap_116_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\F9COGY1X\kOS0iiBdCUXrjtvD7naC5rSet6gFcb4Oz6rNefcPCeQaicWujzsnQGn6GWTwscOi52-Nfz3rG7zVdql3MwdNmgEsDTMxGIz659kWZ9y5DzKCVfA&callback=google.LU[1].loadFeaturemap_756_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\F9COGY1X\mcPSaWh4vpyFpWq30Tsf0H8oreUHXXUNLYdfEvuvQVgatS0TM9jDWArAtmor5Wnvzynn2GnDqp8QOTCYVjaTlu_zI7wBFMjDJFuyOgF9AwqZhINEDA_n1wXMpWbck1dRNoHYjRy-aQgQXnl1hGA[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\F9COGY1X\u9XwJ55OX7Ag,MhVCRDkkFYAai3QVt6wVwFWffgD1aLIiyHplkqfob6NxSexLOsH9CNCWIbMTdwcorEJJGM6h_kLuqhN2k064h5tXdEK8N_cS3yPwNwYLWThu2SzLTb_x-R3rpqbD5HwJ7WS0kQ[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\EU9MEPKN\3mFOyuFrQVnfN3C_cFGa7b8QCXT85bHdaqVl7JfrP0NYkRFGI3Qa5m-KnYBZb4oObAU9YRZdA-hTUaOl1kIYfne6T_6l7HJrUXDa0Kq0ehVwRpL&callback=google.LU[1].loadFeaturemap_518_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\EU9MEPKN\6DIzus9l4BOJPFxOZkDMUsb6ZjXOAmDp19VtSyvbiR4f-a0-51fmRe-nvnswUoQ1tGLD7QIq-3oVQhGRciEVFTe2LAkdDngW-CRS-pMCt0AlAwBw&callback=google.LU[1].loadFeaturemap_34_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\EU9MEPKN\jFbrkIwCunx6rkA4Pc8ngyZXCoezxpOrbAa1zVVtlP5neKSLEO5t2dKCnDUMKAbYrMJ5Z4m0MhK0glJwTNGkathsbJswym7BeYdBFUsgDTrRbzQ&callback=google.LU[1].loadFeaturemap_678_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\EU9MEPKN\lqCzKYlWyy_uHySpo3qkHuE5PxodErZY4RvdGbrcVwWf977LjUf1JE3dIxf6XDznMdPYn4gWasIVBj6c0UFtIUB55-QHmCYXcIikvcL3LnpazcQ&callback=google.LU[1].loadFeaturemap_115_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\EU9MEPKN\LSv4grofDmKVof2ITPt3uK85BAaTBWiATGDU3keH2fJFXinDOLPI2U0oHoLIgnRZspV0iMuWSyYQBK63k-ow1h5tI0ixg_UGDNkL1fa7HK45rcJg&callback=google.LU[1].loadFeaturemap_97_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\EU9MEPKN\r2vQLUEzQW86uAx5_FCkzMSbBdXxerztf0TOMzFUPrGtAzNP_rM2a5xhRTaz_huSN1dzcFrciF346N1ihFg902LPYP9LGf8vlCmQHqrq6rx6kjV2IUymso3-DgdFDtpBL4-wAhyYUZjLjDhVT3g[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\EU9MEPKN\u9XwJ55OX7Ag,8J2kNFbmxShNWKW6kQ99Tyi_jVlFjNIFh9mVl_EcOMmLA2n9kmWxyBzajUIL6CQrfM1bwZiM0EKmoLz_t9pr-F4bFrsBo89lfJJNl0eDsizDbnlel36F8IZCzsO-377zkPIP3g[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\E3DM12D0\0kdHiA5lEno34kc1bRdmH7f15RP_L98Cauhm9wKgwa258K18bBoEO8VqmBR0tpbmk88n1sTBz_QtuSW6LoTelQya2ayzf2SdgMFcDE7QV-NS2qJw&callback=google.LU[1].loadFeaturemap_18_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\E3DM12D0\EeYPJOoWLytkRMrNCIW58x-lyol37u_w9EGxrQ09BDmaLYlzaS2RdU-vIRMxvWpHUW37SHMUyxol-BO3CCkyNGwBFwFbPSNhd-qivbcuT_Y7Q3yJ9dvWWXQzNnxhY6mVVjjScaOvDAhFVTUvj5H[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\E3DM12D0\IG6qbQrf0WSGmif4glLy9scfg7iTXRvogC36Mr7s1ZDETEMm74KvJ-UIY0ESsN8vlHC5qyN5jd0elJ6Th8dfeBBy_HCig7KtmpLf0TFS5Z7nCRHGH-xZATV83WK1bGjq74PmcpjIgAyV-CeQGLQ[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\E3DM12D0\r5FGf7CyQJbyiZzPPm4GiKW5Ebz3njClg_bC_TIB3YZsR-SbSu3r6S-tu4l0A4VDEoa088tqgv1DhwNQOHn2krn_GWJRjiXnMaH67NTI7Jbv_iGwFhY0_jk2MH_ZTfuHIQPiXR4G5KNGrN-QX87[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\E3DM12D0\u9XwJ55OX7Ag,F6eu7q3ChEOKniHZfOjM0SWXjU1XLv3mffm6TeZdEkc8WUpwZr8xZWfUAIOPPmB64S-ffWIxr1s8Paets7v19aGYo988luvRXahMpbByrfTmwT4OLTXBh-x-BUSpuFB16soO7A[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\E3DM12D0\u9XwJ55OX7Ag,vPuNUkGnW_nCmn0_UtDXs55uSHfBXBNGxjjal8KyLJ8rLxNING72B7kCF1XuqnMMNIExzWlPIU-ch0vzZQMi9st_KzSBfsZ6Fff8MBNTFnRph8jDiEmWKf_oQbMzgCf3s9mwAg[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CHYHSDJ5\DIzus9l4BOJPFxOZkDMUsb6ZjXOAmDp19VtSyvbiR4f-a0-51fmRe-nvnswUoQ1tGLD7QIq-3oVQhGRciEVFTe2LAkdDngW-CRS-pMCt0AlAwBw&callback=google.LU[1].loadFeaturemap_413_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CHYHSDJ5\StMCJ-mZX8hte6CMKZbhWdXr8ywQ3np2ZxoqB4glChKFkgk4QaiLKQLDkPoJQcYJ08Q32SEl-7LAa6TvYRgPGf-wYA8ZvmDJUVVibqS2hMWdH1ciWioxPZf9Qbc_8pzr0Bm4E8ha4pZIZ_Q9PcQ[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CHYHSDJ5\u9XwJ55OX7Ag,ZVIzWx8gf2zEYu0nrS0J2sCCvRITBG-HPJngcmfh63TtS4cJk8nix68bB034zf3fWUS0tbdUhT1aYcLx40moSCvIaif8m65Gj6LlqsbgeklyFi9IHWCHNK8saHVfjE0qv-tQ0g[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CHYHSDJ5\Uu5hXNbAORM6hRl9ErzmeIiCVq3-R14dHDDuV3LM4O3aN2TPsM64TGdf5MlSlBUkF22pqYWY-3IfxjvOr53mCCynHD--89iWi-e4QsHbzEM9PGw&callback=google.LU[1].loadFeaturemap_255_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BMTIB2LL\a9mner2-ztQqeO4y1nI2_4bmTlG2fpJZDKY7-Eb3pN3FXoq5wf7Y_ccIgp65vo0umYNbqiwfAMERwQlD-wEDfZWCgpDz90pvKRUNyuVgcscQGEaYOGTB4dehIBX7WoHilrIKVkD1Li3Ctvy84De[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BMTIB2LL\h06Zen4vz6DJc2YYuOeG-auPlAK_Hvu2xIl_yiKhKy9zJVNSixuhI4KIhHFuUa_iaQKVxKkpjGAIVSHKArXfOhw2N_7g4JVdnSNFaobwNKglKkw&callback=google.LU[1].loadFeaturemap_710_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BMTIB2LL\i7abqJ3WXU_YH0zRVnRc9gdck3_9gEFh0uKHd5wSS-QeegPyzUhskTayt-VcLu_p8yxUqK4gLXWtcqS64K6c9P9vjwaKYsVz17_8-2WE25Iz_yQ&callback=google.LU[1].loadFeaturemap_256_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BMTIB2LL\u9XwJ55OX7Ag,KJeZSxQq64xH09mng-mPYKG0JdQI0cmCPLJV6uZQY3krpA9ihJ9iij8V-hCH8o2aAZQdvhBZh60C5iQS9YNsG5eXWJ_mRnSRl8Hni05ipBRLa3gPlLEabLcBcX4GsjJM6oJttQ[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BMTIB2LL\u9XwJ55OX7Ag,o5yNdtSwND6F5H82V3VXpezuvnVV1ene3JAQFcRCu-VRB8fnuUea4POOJ6CfWwYe5UE3P6jqEuimFJ8lEw5mqFHRcTk82LLzrUWE_FdI_9k1eLaOaunQ-tJtYItRy2u30msJdg[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BMTIB2LL\u9XwJ55OX7Ag,XXuHUX3WwWnAJKq9Bp_iamgksfAciwiBAu7cwQt-tW6Fk0aifuNID7bEEPvUBNQAFDSwDSY_Y33_mh1wZGkfluAFxzbBraUK0K-vgth2PYghbs6dEdoBs4krinHpJGlVaIjorw[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BGPGKUM2\blYypIvPcEAAln1OCpk1sOchZX5W8ViNq5cSkaYNHDYKP8KvUhvXGPrzqIkFCQu5sV5eA0NHYlYw65oEiEZf9qPqMDXQLeqhOuMHrIaK5knhuNw&callback=google.LU[1].loadFeaturemap_792_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BGPGKUM2\I00MjUIwWevK_iRHopoJwZiedSEKJOXya5Ai9aYOloOK40oFftSiiEVyobP7e-KOC-AhjgdlGjIiRiI1LKTLz33tP01hqcJBz1ZhTxSdFqMzVRA&callback=google.LU[1].loadFeaturemap_318_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BGPGKUM2\I00MjUIwWevK_iRHopoJwZiedSEKJOXya5Ai9aYOloOK40oFftSiiEVyobP7e-KOC-AhjgdlGjIiRiI1LKTLz33tP01hqcJBz1ZhTxSdFqMzVRA&callback=google.LU[1].loadFeaturemap_635_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BGPGKUM2\u9XwJ55OX7Ag,lNrQ8Lyukx0NZY0kmFjuLIHh06Zen4vz6DJc2YYuOeG-auPlAK_Hvu2xIl_yiKhKy9zJVNSixuhI4KIhHFuUa_iaQKVxKkpjGAIVSHKArXfOhw2N_7g4JVdnSNFaobwNKglKkw[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BGPGKUM2\u9XwJ55OX7Ag,SNmFm8TSS_LSmxOz7sS91Ru0k2Hmd0F34K51fXW1YCmsni9Vhf48N6r44Ru0YLAKkJbLNSyaKFbHnKGGGTZctlo6pAZSs7fYEtEmb9wSxmIQYXZWB3Ft6b_rU2k21i74TpJc4w[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\81Z1VO0X\FqVFSTEsvvR3vTrCN8j_kuia-0PTmpBlX3-J3mFOyuFrQVnfN3C_cFGa7b8QCXT85bHdaqVl7JfrP0NYkRFGI3Qa5m-KnYBZb4oObAU9YRZdA-hTUaOl1kIYfne6T_6l7HJrUXDa0Kq0ehVwRpL[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\81Z1VO0X\nI0e4ojoXqzCvtCZJi1wrEls_sxEysgzW1CAcIgNZNPBwqIvMs8TS6fd8lUgMTI9qvCerwo2COCs8r0twgexkyhdjty0RJXEA_u3fK3rlnHW2uQUt3zI7nsEhqQnbYH98Ig7PmshNPkfQqjU0WV[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\81Z1VO0X\QK20SAG9lefxDFtR5nIDwwbGHA-sSNPbzYFSgbHQX7pwaDZVTfMLY4m2pp04IKMqAAiYR-5qmkVPBD6lLdlbyOSc186IS89jZ7dabvzqViO6Mividv6iVSEdx0Zbiyty6ajNGOxnlLO64GPXvY7[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\81Z1VO0X\sFqtJkpcmXxne5oMLsCI_AQgOPsuJkxkvOye_NMmHC8M-8-l9HmNm5V76jV90JA-vBeZ8Hc9vbUEtFt2FAyXmFd_sqjvOdy1LX-8Ez08aLYsZ-A&callback=google.LU[1].loadFeaturemap_469_0 not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\81Z1VO0X\u9XwJ55OX7Ag,JyjBcm-QGTo5-y9YYAZ4O8JI00MjUIwWevK_iRHopoJwZiedSEKJOXya5Ai9aYOloOK40oFftSiiEVyobP7e-KOC-AhjgdlGjIiRiI1LKTLz33tP01hqcJBz1ZhTxSdFqMzVRA[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\7GN5DK8X\u9XwJ55OX7Ag,rvJyjT8umoDfGBvonFgTeuCNAZ-eqnTbVf0-ILVN3aONrkcQa7iScTZXS4RpjMNfsRwib5sdg3HVrz82QHRYnzLPPrsugrL6oXG3PbiBXmvgd5PM0CgljL6g_x7ksMExTD_luw[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\7GN5DK8X\u9XwJ55OX7Ag,vRmUr5vIXu3cIJKC0rrGD4Twdfc_ZgNSL-tYvGT78imGcLd7OiMUyidtN6XJQzmL_mSYcDRP0shnyXfO7w14-3GWCrg-ZU9tLZmLNrTHua7fbGAjyWE4h4bHepniDy7yxe8yeQ[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\7GN5DK8X\u9XwJ55OX7Ag,Zdf2rPepgj9zjuD_rCy6nQLSv4grofDmKVof2ITPt3uK85BAaTBWiATGDU3keH2fJFXinDOLPI2U0oHoLIgnRZspV0iMuWSyYQBK63k-ow1h5tI0ixg_UGDNkL1fa7HK45rcJg[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\Fiedi_old\Lokale Einstellungen\Temporary Internet Files\Content.IE5\7GN5DK8X\ySZRe1usy-hF6stX1W_CmAITu2zTfImfvAYrwsdgn56PBlrRA5tadn6DfPK_aF3a2c-K2cjg6DtxUaFtwAWrWO8oY-m5wjZFw-f4wUNAjaVUYoV4JvPlggfmgZmu-lMTcDVd_HCRAbyU2VTaKjA[1].gif not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
29.05.2013, 21:05
| #4 |
| /// Malware-holic | GVU-Trojaner - Windows XP 32Bit So soll es sein :-) Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.05.2013, 21:12
| #5 |
| | GVU-Trojaner - Windows XP 32Bit danke für die Info, dann werde ich den Rechner mal ins Netz bringen und deiner Anleitung folge leisten. |
|
29.05.2013, 21:13
| #6 |
| /// Malware-holic | GVU-Trojaner - Windows XP 32Bit bitte lasse solche zwischenposts weg, da neue Posts an diesen angehangen werden, muss ich dann immer unnötigerweise hier reingucken, danke.
__________________ --> GVU-Trojaner - Windows XP 32Bit |
|
29.05.2013, 21:27
| #7 |
| | GVU-Trojaner - Windows XP 32Bit so, hier das log-File vom Killer Code:
ATTFilter 22:19:55.0390 2404 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:19:55.0515 2404 ============================================================
22:19:55.0515 2404 Current date / time: 2013/05/29 22:19:55.0515
22:19:55.0515 2404 SystemInfo:
22:19:55.0515 2404
22:19:55.0515 2404 OS Version: 5.1.2600 ServicePack: 3.0
22:19:55.0515 2404 Product type: Workstation
22:19:55.0515 2404 ComputerName: FPOTTHAS-DA2972
22:19:55.0515 2404 UserName: Fiedi
22:19:55.0515 2404 Windows directory: C:\WINDOWS
22:19:55.0515 2404 System windows directory: C:\WINDOWS
22:19:55.0515 2404 Processor architecture: Intel x86
22:19:55.0515 2404 Number of processors: 2
22:19:55.0515 2404 Page size: 0x1000
22:19:55.0515 2404 Boot type: Normal boot
22:19:55.0515 2404 ============================================================
22:19:57.0312 2404 Drive \Device\Harddisk0\DR0 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:19:57.0328 2404 Drive \Device\Harddisk1\DR1 - Size: 0x132C467E00 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:19:57.0328 2404 ============================================================
22:19:57.0328 2404 \Device\Harddisk0\DR0:
22:19:57.0343 2404 MBR partitions:
22:19:57.0343 2404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
22:19:57.0343 2404 \Device\Harddisk1\DR1:
22:19:57.0343 2404 MBR partitions:
22:19:57.0343 2404 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x996051C
22:19:57.0343 2404 ============================================================
22:19:57.0375 2404 C: <-> \Device\Harddisk0\DR0\Partition1
22:19:57.0406 2404 D: <-> \Device\Harddisk1\DR1\Partition1
22:19:57.0421 2404 ============================================================
22:19:57.0421 2404 Initialize success
22:19:57.0421 2404 ============================================================
22:20:35.0921 3768 ============================================================
22:20:35.0921 3768 Scan started
22:20:35.0921 3768 Mode: Manual; SigCheck; TDLFS;
22:20:35.0921 3768 ============================================================
22:20:36.0875 3768 ================ Scan system memory ========================
22:20:37.0625 3768 System memory - ok
22:20:37.0625 3768 ================ Scan services =============================
22:20:37.0718 3768 Abiosdsk - ok
22:20:37.0734 3768 abp480n5 - ok
22:20:37.0781 3768 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:20:38.0125 3768 ACPI - ok
22:20:38.0171 3768 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:20:38.0296 3768 ACPIEC - ok
22:20:38.0390 3768 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:20:38.0406 3768 AdobeFlashPlayerUpdateSvc - ok
22:20:38.0421 3768 adpu160m - ok
22:20:38.0437 3768 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:20:38.0578 3768 aec - ok
22:20:38.0625 3768 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:20:38.0671 3768 AFD - ok
22:20:38.0687 3768 Aha154x - ok
22:20:38.0687 3768 aic78u2 - ok
22:20:38.0703 3768 aic78xx - ok
22:20:38.0765 3768 [ A7F74629628B7F16734418121B61CA99 ] aksfridge C:\WINDOWS\system32\drivers\aksfridge.sys
22:20:38.0984 3768 aksfridge - ok
22:20:39.0031 3768 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:20:39.0171 3768 Alerter - ok
22:20:39.0187 3768 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
22:20:39.0312 3768 ALG - ok
22:20:39.0312 3768 AliIde - ok
22:20:39.0359 3768 [ 22AD3EC1F0486C863D70CDD50B97761B ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
22:20:39.0390 3768 AmdK8 - ok
22:20:39.0406 3768 amsint - ok
22:20:39.0515 3768 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
22:20:39.0531 3768 AntiVirSchedulerService - ok
22:20:39.0578 3768 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
22:20:39.0593 3768 AntiVirService - ok
22:20:39.0656 3768 [ 9EDAE2D1CA368E8D01BEE8BFBC9488E4 ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
22:20:39.0687 3768 AntiVirWebService - ok
22:20:39.0734 3768 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:20:39.0890 3768 AppMgmt - ok
22:20:39.0890 3768 asc - ok
22:20:39.0906 3768 asc3350p - ok
22:20:39.0906 3768 asc3550 - ok
22:20:40.0031 3768 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:20:40.0062 3768 aspnet_state - ok
22:20:40.0093 3768 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:20:40.0218 3768 AsyncMac - ok
22:20:40.0234 3768 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:20:40.0359 3768 atapi - ok
22:20:40.0359 3768 Atdisk - ok
22:20:40.0421 3768 [ 1CE690D5C4BAF51B6CFB3EC9CB1A74F5 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
22:20:40.0484 3768 Ati HotKey Poller - ok
22:20:40.0562 3768 [ CD5C874245435C9CE7E347E28CF3C6B5 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:20:40.0640 3768 ati2mtag - ok
22:20:40.0718 3768 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:20:40.0843 3768 Atmarpc - ok
22:20:40.0921 3768 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:20:41.0031 3768 AudioSrv - ok
22:20:41.0078 3768 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:20:41.0218 3768 audstub - ok
22:20:41.0265 3768 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:20:41.0312 3768 avgntflt - ok
22:20:41.0375 3768 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:20:41.0406 3768 avipbb - ok
22:20:41.0406 3768 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
22:20:41.0437 3768 avkmgr - ok
22:20:41.0484 3768 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:20:41.0625 3768 Beep - ok
22:20:41.0687 3768 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
22:20:41.0843 3768 BITS - ok
22:20:41.0875 3768 [ 66F655B08EED3230E059D197C8A1969B ] bizVSerial C:\WINDOWS\system32\drivers\bizVSerialNT.sys
22:20:41.0890 3768 bizVSerial ( UnsignedFile.Multi.Generic ) - warning
22:20:41.0890 3768 bizVSerial - detected UnsignedFile.Multi.Generic (1)
22:20:41.0937 3768 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
22:20:41.0953 3768 Browser - ok
22:20:42.0000 3768 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
22:20:42.0062 3768 BrScnUsb - ok
22:20:42.0078 3768 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:20:42.0234 3768 cbidf2k - ok
22:20:42.0234 3768 cd20xrnt - ok
22:20:42.0265 3768 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:20:42.0406 3768 Cdaudio - ok
22:20:42.0468 3768 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:20:42.0578 3768 Cdfs - ok
22:20:42.0593 3768 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:20:42.0718 3768 Cdrom - ok
22:20:42.0718 3768 Changer - ok
22:20:42.0750 3768 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:20:42.0890 3768 CiSvc - ok
22:20:42.0968 3768 [ EBF03DB02CDB10724498AA1660047138 ] cjpcsc C:\WINDOWS\system32\cjpcsc.exe
22:20:42.0984 3768 cjpcsc - ok
22:20:43.0031 3768 [ 1DA35415E7414FB1F547E0B79579768F ] cjusb C:\WINDOWS\system32\DRIVERS\cjusb.sys
22:20:43.0062 3768 cjusb - ok
22:20:43.0109 3768 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:20:43.0234 3768 ClipSrv - ok
22:20:43.0296 3768 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:20:43.0312 3768 clr_optimization_v2.0.50727_32 - ok
22:20:43.0359 3768 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:20:43.0375 3768 clr_optimization_v4.0.30319_32 - ok
22:20:43.0390 3768 CmdIde - ok
22:20:43.0390 3768 COMSysApp - ok
22:20:43.0406 3768 Cpqarray - ok
22:20:43.0453 3768 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:20:43.0578 3768 CryptSvc - ok
22:20:43.0609 3768 [ 95D218D7E004A1CFFF507A8E4B544B63 ] cxbu1wdm C:\WINDOWS\system32\DRIVERS\cxbu1wdm.sys
22:20:43.0687 3768 cxbu1wdm - ok
22:20:43.0703 3768 dac2w2k - ok
22:20:43.0703 3768 dac960nt - ok
22:20:43.0812 3768 [ 18A44B51DF55527E13688107B60B1C86 ] DATEV Update-Service C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe
22:20:43.0828 3768 DATEV Update-Service - ok
22:20:43.0843 3768 Datev.Database.Conserve - ok
22:20:43.0859 3768 Datev.Framework.RemoteServiceModel.EnablerService - ok
22:20:43.0859 3768 Datev.Framework.RemoteServices - ok
22:20:43.0859 3768 Datev.Unternehmen.SystemComponents.ServiceBus.V0200.PlugIn - ok
22:20:43.0875 3768 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn - ok
22:20:43.0968 3768 [ CE1D22A4FC9D17D4B0887C565E3BADD0 ] DatevPrintService C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE
22:20:43.0984 3768 DatevPrintService ( UnsignedFile.Multi.Generic ) - warning
22:20:43.0984 3768 DatevPrintService - detected UnsignedFile.Multi.Generic (1)
22:20:44.0031 3768 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:20:44.0140 3768 DcomLaunch - ok
22:20:44.0187 3768 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:20:44.0343 3768 Dhcp - ok
22:20:44.0359 3768 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:20:44.0484 3768 Disk - ok
22:20:44.0484 3768 dmadmin - ok
22:20:44.0546 3768 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:20:44.0718 3768 dmboot - ok
22:20:44.0734 3768 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:20:44.0843 3768 dmio - ok
22:20:44.0875 3768 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:20:45.0015 3768 dmload - ok
22:20:45.0062 3768 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:20:45.0171 3768 dmserver - ok
22:20:45.0187 3768 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:20:45.0312 3768 DMusic - ok
22:20:45.0359 3768 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:20:45.0421 3768 Dnscache - ok
22:20:45.0468 3768 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:20:45.0593 3768 Dot3svc - ok
22:20:45.0593 3768 dpti2o - ok
22:20:45.0640 3768 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:20:45.0765 3768 drmkaud - ok
22:20:45.0781 3768 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:20:45.0921 3768 EapHost - ok
22:20:45.0968 3768 [ 6E883BF518296A40959131C2304AF714 ] EL90XBC C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
22:20:46.0093 3768 EL90XBC - ok
22:20:46.0140 3768 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:20:46.0250 3768 ERSvc - ok
22:20:46.0296 3768 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
22:20:46.0328 3768 Eventlog - ok
22:20:46.0375 3768 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
22:20:46.0421 3768 EventSystem - ok
22:20:46.0437 3768 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:20:46.0562 3768 Fastfat - ok
22:20:46.0609 3768 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:20:46.0656 3768 FastUserSwitchingCompatibility - ok
22:20:46.0687 3768 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
22:20:46.0796 3768 Fdc - ok
22:20:46.0843 3768 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:20:46.0968 3768 Fips - ok
22:20:46.0984 3768 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
22:20:47.0109 3768 Flpydisk - ok
22:20:47.0156 3768 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:20:47.0281 3768 FltMgr - ok
22:20:47.0359 3768 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:20:47.0375 3768 FontCache3.0.0.0 - ok
22:20:47.0406 3768 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:20:47.0546 3768 Fs_Rec - ok
22:20:47.0562 3768 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:20:47.0718 3768 Ftdisk - ok
22:20:47.0750 3768 [ 54789F9BA0D59072CDD4E7C200E122C4 ] gdrv C:\WINDOWS\gdrv.sys
22:20:47.0765 3768 gdrv - ok
22:20:47.0796 3768 [ 7BEC703F31E1D441DB16886C9AA4CBA9 ] getPlus(R) Helper C:\Programme\NOS\bin\getPlus_HelperSvc.exe
22:20:47.0828 3768 getPlus(R) Helper - ok
22:20:47.0875 3768 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:20:48.0000 3768 Gpc - ok
22:20:48.0109 3768 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
22:20:48.0125 3768 gupdate - ok
22:20:48.0140 3768 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
22:20:48.0156 3768 gupdatem - ok
22:20:48.0203 3768 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
22:20:48.0218 3768 gusvc - ok
22:20:48.0281 3768 [ 506097D91E96AEE4BAD61800782E8FB6 ] hardlock C:\WINDOWS\system32\drivers\hardlock.sys
22:20:48.0390 3768 hardlock - ok
22:20:48.0390 3768 hasplms - ok
22:20:48.0421 3768 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:20:48.0546 3768 HDAudBus - ok
22:20:48.0625 3768 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:20:48.0750 3768 helpsvc - ok
22:20:48.0750 3768 HidServ - ok
22:20:48.0796 3768 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:20:48.0921 3768 HidUsb - ok
22:20:48.0968 3768 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:20:49.0078 3768 hkmsvc - ok
22:20:49.0109 3768 [ E4E0B356A8756066CF89080D9DA69F22 ] HPFXBULK C:\WINDOWS\system32\drivers\hpfxbulk.sys
22:20:49.0171 3768 HPFXBULK - ok
22:20:49.0171 3768 hpn - ok
22:20:49.0218 3768 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:20:49.0265 3768 HTTP - ok
22:20:49.0296 3768 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:20:49.0421 3768 HTTPFilter - ok
22:20:49.0421 3768 i2omgmt - ok
22:20:49.0437 3768 i2omp - ok
22:20:49.0484 3768 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:20:49.0593 3768 i8042prt - ok
22:20:49.0640 3768 [ B1A28FA1AFDE10B95FF9354B15701D70 ] ICQ Service C:\Programme\ICQ6Toolbar\ICQ Service.exe
22:20:49.0656 3768 ICQ Service - ok
22:20:49.0750 3768 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:20:49.0843 3768 idsvc - ok
22:20:49.0875 3768 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:20:50.0000 3768 Imapi - ok
22:20:50.0046 3768 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
22:20:50.0171 3768 ImapiService - ok
22:20:50.0187 3768 ini910u - ok
22:20:50.0343 3768 [ A799E941C3D19BCF6F93CBE12B55BC17 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:20:50.0515 3768 IntcAzAudAddService - ok
22:20:50.0531 3768 IntelIde - ok
22:20:50.0578 3768 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
22:20:50.0687 3768 Ip6Fw - ok
22:20:50.0718 3768 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:20:50.0890 3768 IpFilterDriver - ok
22:20:50.0921 3768 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:20:51.0046 3768 IpInIp - ok
22:20:51.0078 3768 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:20:51.0171 3768 IpNat - ok
22:20:51.0234 3768 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:20:51.0343 3768 IPSec - ok
22:20:51.0375 3768 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:20:51.0500 3768 IRENUM - ok
22:20:51.0515 3768 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:20:51.0625 3768 isapnp - ok
22:20:51.0703 3768 [ 9AA67569D5257462E230767510B0C815 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
22:20:51.0718 3768 JavaQuickStarterService - ok
22:20:51.0734 3768 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:20:51.0843 3768 Kbdclass - ok
22:20:51.0890 3768 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:20:52.0000 3768 kbdhid - ok
22:20:52.0062 3768 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:20:52.0187 3768 kmixer - ok
22:20:52.0250 3768 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:20:52.0312 3768 KSecDD - ok
22:20:52.0359 3768 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:20:52.0390 3768 lanmanserver - ok
22:20:52.0437 3768 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:20:52.0484 3768 lanmanworkstation - ok
22:20:52.0484 3768 lbrtfdc - ok
22:20:52.0531 3768 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:20:52.0625 3768 LmHosts - ok
22:20:52.0656 3768 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:20:52.0781 3768 Messenger - ok
22:20:52.0828 3768 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:20:52.0953 3768 mnmdd - ok
22:20:53.0000 3768 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:20:53.0093 3768 mnmsrvc - ok
22:20:53.0140 3768 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:20:53.0265 3768 Modem - ok
22:20:53.0281 3768 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:20:53.0390 3768 Mouclass - ok
22:20:53.0406 3768 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:20:53.0531 3768 mouhid - ok
22:20:53.0546 3768 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:20:53.0656 3768 MountMgr - ok
22:20:53.0656 3768 mraid35x - ok
22:20:53.0671 3768 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:20:53.0781 3768 MRxDAV - ok
22:20:53.0828 3768 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:20:53.0906 3768 MRxSmb - ok
22:20:53.0953 3768 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:20:54.0062 3768 MSDTC - ok
22:20:54.0093 3768 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:20:54.0187 3768 Msfs - ok
22:20:54.0203 3768 MSIServer - ok
22:20:54.0218 3768 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:20:54.0312 3768 MSKSSRV - ok
22:20:54.0359 3768 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:20:54.0500 3768 MSPCLOCK - ok
22:20:54.0515 3768 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:20:54.0687 3768 MSPQM - ok
22:20:54.0750 3768 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:20:54.0843 3768 mssmbios - ok
22:20:54.0937 3768 MSSQL$DATEV_DBENGINE - ok
22:20:54.0968 3768 [ AE0277B34DC0F8E0F8257690BECFC4BA ] MSSQLFDLauncher$DATEV_DBENGINE C:\Programme\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe
22:20:54.0984 3768 MSSQLFDLauncher$DATEV_DBENGINE - ok
22:20:55.0031 3768 [ 8E8E74C953EB0C4F8828D99D6F27FD6F ] MSSQLServerADHelper100 C:\Programme\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
22:20:55.0046 3768 MSSQLServerADHelper100 - ok
22:20:55.0078 3768 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:20:55.0140 3768 Mup - ok
22:20:55.0187 3768 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
22:20:55.0328 3768 napagent - ok
22:20:55.0343 3768 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:20:55.0468 3768 NDIS - ok
22:20:55.0500 3768 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:20:55.0546 3768 NdisTapi - ok
22:20:55.0578 3768 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:20:55.0703 3768 Ndisuio - ok
22:20:55.0718 3768 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:20:55.0843 3768 NdisWan - ok
22:20:55.0875 3768 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:20:55.0937 3768 NDProxy - ok
22:20:55.0984 3768 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:20:56.0093 3768 NetBIOS - ok
22:20:56.0109 3768 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:20:56.0250 3768 NetBT - ok
22:20:56.0296 3768 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
22:20:56.0390 3768 NetDDE - ok
22:20:56.0421 3768 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:20:56.0531 3768 NetDDEdsdm - ok
22:20:56.0578 3768 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:20:56.0671 3768 Netlogon - ok
22:20:56.0703 3768 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
22:20:56.0812 3768 Netman - ok
22:20:56.0843 3768 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:20:56.0875 3768 NetTcpPortSharing - ok
22:20:56.0906 3768 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
22:20:56.0937 3768 Nla - ok
22:20:56.0968 3768 [ C3963D85B721A7F80D8A55F4E2867A3A ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
22:20:57.0156 3768 nmwcd - ok
22:20:57.0203 3768 [ 3859C69A77793180548802DAC9F34A38 ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
22:20:57.0265 3768 nmwcdc - ok
22:20:57.0312 3768 [ 338F83EE9CB9E15EEACF0CBB90218CBF ] nmwcdnsu C:\WINDOWS\system32\drivers\nmwcdnsu.sys
22:20:57.0390 3768 nmwcdnsu - ok
22:20:57.0421 3768 [ D15BAC979144FB69ED28F97B2DD84D48 ] nmwcdnsuc C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
22:20:57.0484 3768 nmwcdnsuc - ok
22:20:57.0531 3768 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:20:57.0625 3768 Npfs - ok
22:20:57.0640 3768 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:20:57.0781 3768 Ntfs - ok
22:20:57.0781 3768 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:20:57.0890 3768 NtLmSsp - ok
22:20:57.0937 3768 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:20:58.0093 3768 NtmsSvc - ok
22:20:58.0109 3768 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:20:58.0250 3768 Null - ok
22:20:58.0281 3768 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:20:58.0421 3768 NwlnkFlt - ok
22:20:58.0437 3768 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:20:58.0593 3768 NwlnkFwd - ok
22:20:58.0687 3768 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
22:20:58.0718 3768 ose - ok
22:20:58.0765 3768 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:20:58.0875 3768 Parport - ok
22:20:58.0890 3768 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:20:59.0000 3768 PartMgr - ok
22:20:59.0031 3768 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:20:59.0171 3768 ParVdm - ok
22:20:59.0203 3768 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
22:20:59.0265 3768 pccsmcfd - ok
22:20:59.0296 3768 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:20:59.0406 3768 PCI - ok
22:20:59.0406 3768 PCIDump - ok
22:20:59.0453 3768 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:20:59.0593 3768 PCIIde - ok
22:20:59.0640 3768 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:20:59.0750 3768 Pcmcia - ok
22:20:59.0765 3768 PDCOMP - ok
22:20:59.0765 3768 PDFRAME - ok
22:20:59.0781 3768 PDRELI - ok
22:20:59.0781 3768 PDRFRAME - ok
22:20:59.0796 3768 perc2 - ok
22:20:59.0796 3768 perc2hib - ok
22:20:59.0859 3768 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
22:20:59.0859 3768 PlugPlay - ok
22:20:59.0890 3768 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:21:00.0000 3768 PolicyAgent - ok
22:21:00.0046 3768 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:21:00.0156 3768 PptpMiniport - ok
22:21:00.0171 3768 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
22:21:00.0281 3768 Processor - ok
22:21:00.0296 3768 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:21:00.0390 3768 ProtectedStorage - ok
22:21:00.0406 3768 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:21:00.0515 3768 PSched - ok
22:21:00.0578 3768 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:21:00.0718 3768 Ptilink - ok
22:21:00.0734 3768 ql1080 - ok
22:21:00.0734 3768 Ql10wnt - ok
22:21:00.0750 3768 ql12160 - ok
22:21:00.0750 3768 ql1240 - ok
22:21:00.0765 3768 ql1280 - ok
22:21:00.0781 3768 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:21:00.0937 3768 RasAcd - ok
22:21:00.0968 3768 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:21:01.0093 3768 RasAuto - ok
22:21:01.0125 3768 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:21:01.0218 3768 Rasl2tp - ok
22:21:01.0281 3768 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:21:01.0375 3768 RasMan - ok
22:21:01.0390 3768 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:21:01.0515 3768 RasPppoe - ok
22:21:01.0515 3768 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:21:01.0656 3768 Raspti - ok
22:21:01.0671 3768 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:21:01.0781 3768 Rdbss - ok
22:21:01.0781 3768 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:21:01.0921 3768 RDPCDD - ok
22:21:01.0984 3768 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:21:02.0093 3768 rdpdr - ok
22:21:02.0140 3768 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:21:02.0203 3768 RDPWD - ok
22:21:02.0234 3768 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:21:02.0359 3768 RDSessMgr - ok
22:21:02.0375 3768 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:21:02.0500 3768 redbook - ok
22:21:02.0531 3768 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:21:02.0656 3768 RemoteAccess - ok
22:21:02.0703 3768 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:21:02.0796 3768 RemoteRegistry - ok
22:21:02.0828 3768 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
22:21:02.0953 3768 RpcLocator - ok
22:21:03.0000 3768 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:21:03.0015 3768 RpcSs - ok
22:21:03.0062 3768 [ 66A54BF20084400A7DD5E3B69E008799 ] RsFx0151 C:\WINDOWS\system32\DRIVERS\RsFx0151.sys
22:21:03.0093 3768 RsFx0151 - ok
22:21:03.0125 3768 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:21:03.0296 3768 RSVP - ok
22:21:03.0343 3768 [ 1E11171C0B9989E1BDAA59E96B2E81C4 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
22:21:03.0437 3768 RTL8023xp - ok
22:21:03.0437 3768 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
22:21:03.0531 3768 SamSs - ok
22:21:03.0578 3768 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:21:03.0687 3768 SCardSvr - ok
22:21:03.0734 3768 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:21:03.0843 3768 Schedule - ok
22:21:03.0875 3768 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:21:03.0984 3768 Secdrv - ok
22:21:04.0015 3768 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
22:21:04.0125 3768 seclogon - ok
22:21:04.0140 3768 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
22:21:04.0234 3768 SENS - ok
22:21:04.0250 3768 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:21:04.0359 3768 serenum - ok
22:21:04.0390 3768 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:21:04.0500 3768 Serial - ok
22:21:04.0578 3768 [ D0D2FF6132DB177A5192891A8CC9578C ] ServiceLayer C:\Programme\PC Connectivity Solution\ServiceLayer.exe
22:21:04.0656 3768 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
22:21:04.0656 3768 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
22:21:04.0718 3768 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:21:04.0828 3768 Sfloppy - ok
22:21:04.0875 3768 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:21:04.0984 3768 SharedAccess - ok
22:21:05.0000 3768 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:21:05.0031 3768 ShellHWDetection - ok
22:21:05.0046 3768 Simbad - ok
22:21:05.0046 3768 Sparrow - ok
22:21:05.0078 3768 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:21:05.0187 3768 splitter - ok
22:21:05.0234 3768 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:21:05.0296 3768 Spooler - ok
22:21:05.0328 3768 [ 230C6AA1091190D2FDB40766CBD3DBBD ] SQLAgent$DATEV_DBENGINE C:\Programme\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE
22:21:05.0390 3768 SQLAgent$DATEV_DBENGINE - ok
22:21:05.0453 3768 [ 7D67C07C63796775CC5492BCFEAFF125 ] SQLBrowser C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
22:21:05.0468 3768 SQLBrowser - ok
22:21:05.0515 3768 [ 8E6E5CFA06769A417B03FD6FAA29E010 ] SQLWriter C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:21:05.0531 3768 SQLWriter - ok
22:21:05.0578 3768 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:21:05.0671 3768 sr - ok
22:21:05.0734 3768 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
22:21:05.0843 3768 srservice - ok
22:21:05.0890 3768 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:21:05.0984 3768 Srv - ok
22:21:06.0031 3768 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:21:06.0140 3768 SSDPSRV - ok
22:21:06.0171 3768 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:21:06.0203 3768 ssmdrv - ok
22:21:06.0218 3768 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:21:06.0328 3768 stisvc - ok
22:21:06.0359 3768 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:21:06.0453 3768 swenum - ok
22:21:06.0500 3768 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:21:06.0609 3768 swmidi - ok
22:21:06.0609 3768 SwPrv - ok
22:21:06.0625 3768 symc810 - ok
22:21:06.0640 3768 symc8xx - ok
22:21:06.0640 3768 sym_hi - ok
22:21:06.0656 3768 sym_u3 - ok
22:21:06.0671 3768 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:21:06.0781 3768 sysaudio - ok
22:21:06.0812 3768 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:21:06.0953 3768 SysmonLog - ok
22:21:07.0000 3768 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:21:07.0109 3768 TapiSrv - ok
22:21:07.0156 3768 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:21:07.0218 3768 Tcpip - ok
22:21:07.0281 3768 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:21:07.0390 3768 TDPIPE - ok
22:21:07.0406 3768 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:21:07.0515 3768 TDTCP - ok
22:21:07.0656 3768 [ 7C8DD5576695B3362202EF09B20C425E ] TeamViewer8 C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
22:21:07.0796 3768 TeamViewer8 - ok
22:21:07.0843 3768 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:21:07.0953 3768 TermDD - ok
22:21:08.0015 3768 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
22:21:08.0125 3768 TermService - ok
22:21:08.0140 3768 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
22:21:08.0156 3768 Themes - ok
22:21:08.0203 3768 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:21:08.0312 3768 TlntSvr - ok
22:21:08.0312 3768 TosIde - ok
22:21:08.0375 3768 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:21:08.0484 3768 TrkWks - ok
22:21:08.0500 3768 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:21:08.0593 3768 Udfs - ok
22:21:08.0609 3768 ultra - ok
22:21:08.0671 3768 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:21:08.0859 3768 Update - ok
22:21:08.0890 3768 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:21:09.0031 3768 upnphost - ok
22:21:09.0046 3768 [ 0CCADC7391021376EDBB8AA649D04E68 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
22:21:09.0125 3768 upperdev - ok
22:21:09.0171 3768 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
22:21:09.0328 3768 UPS - ok
22:21:09.0375 3768 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:21:09.0484 3768 usbccgp - ok
22:21:09.0515 3768 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:21:09.0640 3768 usbehci - ok
22:21:09.0671 3768 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:21:09.0781 3768 usbhub - ok
22:21:09.0812 3768 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:21:09.0953 3768 usbohci - ok
22:21:09.0984 3768 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:21:10.0078 3768 usbprint - ok
22:21:10.0125 3768 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:21:10.0250 3768 usbscan - ok
22:21:10.0296 3768 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
22:21:10.0406 3768 usbser - ok
22:21:10.0421 3768 [ 68B4F83CCCF70A2FF32EE142C234332A ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
22:21:10.0484 3768 UsbserFilt - ok
22:21:10.0546 3768 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:21:10.0656 3768 USBSTOR - ok
22:21:10.0703 3768 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:21:10.0828 3768 VgaSave - ok
22:21:10.0828 3768 ViaIde - ok
22:21:10.0875 3768 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:21:10.0984 3768 VolSnap - ok
22:21:11.0031 3768 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
22:21:11.0171 3768 VSS - ok
22:21:11.0203 3768 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
22:21:11.0312 3768 W32Time - ok
22:21:11.0359 3768 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:21:11.0468 3768 Wanarp - ok
22:21:11.0515 3768 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
22:21:11.0578 3768 Wdf01000 - ok
22:21:11.0578 3768 WDICA - ok
22:21:11.0640 3768 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:21:11.0765 3768 wdmaud - ok
22:21:11.0812 3768 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:21:11.0906 3768 WebClient - ok
22:21:12.0000 3768 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:21:12.0109 3768 winmgmt - ok
22:21:12.0156 3768 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:21:12.0265 3768 WmdmPmSN - ok
22:21:12.0296 3768 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
22:21:12.0343 3768 Wmi - ok
22:21:12.0406 3768 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:21:12.0500 3768 WmiApSrv - ok
22:21:12.0593 3768 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
22:21:12.0734 3768 WMPNetworkSvc - ok
22:21:12.0796 3768 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:21:12.0828 3768 WpdUsb - ok
22:21:12.0906 3768 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:21:13.0015 3768 WPFFontCache_v0400 - ok
22:21:13.0062 3768 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:21:13.0171 3768 wscsvc - ok
22:21:13.0187 3768 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:21:13.0296 3768 wuauserv - ok
22:21:13.0359 3768 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:21:13.0390 3768 WudfPf - ok
22:21:13.0406 3768 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:21:13.0453 3768 WudfRd - ok
22:21:13.0468 3768 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
22:21:13.0500 3768 WudfSvc - ok
22:21:13.0546 3768 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:21:13.0671 3768 WZCSVC - ok
22:21:13.0718 3768 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:21:13.0843 3768 xmlprov - ok
22:21:13.0843 3768 ================ Scan global ===============================
22:21:13.0890 3768 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
22:21:13.0921 3768 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
22:21:13.0937 3768 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
22:21:13.0953 3768 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
22:21:13.0953 3768 [Global] - ok
22:21:13.0953 3768 ================ Scan MBR ==================================
22:21:13.0984 3768 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
22:21:14.0203 3768 \Device\Harddisk0\DR0 - ok
22:21:14.0203 3768 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
22:21:14.0484 3768 \Device\Harddisk1\DR1 - ok
22:21:14.0484 3768 ================ Scan VBR ==================================
22:21:14.0484 3768 [ 220C48906BFD3879C6F7C09C7F86B569 ] \Device\Harddisk0\DR0\Partition1
22:21:14.0484 3768 \Device\Harddisk0\DR0\Partition1 - ok
22:21:14.0484 3768 [ 0494B92BF77EB82524242C801B0F69C7 ] \Device\Harddisk1\DR1\Partition1
22:21:14.0500 3768 \Device\Harddisk1\DR1\Partition1 - ok
22:21:14.0500 3768 ============================================================
22:21:14.0500 3768 Scan finished
22:21:14.0500 3768 ============================================================
22:21:14.0609 1064 Detected object count: 3
22:21:14.0609 1064 Actual detected object count: 3
22:21:53.0203 1064 bizVSerial ( UnsignedFile.Multi.Generic ) - skipped by user
22:21:53.0203 1064 bizVSerial ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:21:53.0203 1064 DatevPrintService ( UnsignedFile.Multi.Generic ) - skipped by user
22:21:53.0203 1064 DatevPrintService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:21:53.0203 1064 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
22:21:53.0203 1064 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
29.05.2013, 21:43
| #8 |
| /// Malware-holic | GVU-Trojaner - Windows XP 32Bit Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Textbox. 
WARNUNG an die MITLESER: 
Linear-Darstellung
