|
Plagegeister aller Art und deren Bekämpfung: systemcare antivirus auf windows xp laptopWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.06.2013, 15:43 | #1 |
| systemcare antivirus auf windows xp laptop Hallo, ich habe mir leider den Systemcare Antivirus eingefangen. Habe dann im Internet nach einer Lösung gesucht und das Systemcare erstmal mit einem Code "aktiviert", um wieder Zugriff auf das System zu bekommen. Avira hat bei einem Durchlauf (vor der Aktivierung) folgende Datei gefunden: C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Temp\eL9PxniS.exe.part Könnt Ihr mir helfen, den Virus jetzt komplett vom Laptop runter zu kriegen? Schöne Grüße und vielen Dank im Vorraus stefki |
14.06.2013, 15:48 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | systemcare antivirus auf windows xp laptop Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
14.06.2013, 15:56 | #3 |
| systemcare antivirus auf windows xp laptop Danke für die schnelle Antwort!
__________________ich habe nur dieses eine log von avira: Code:
ATTFilter Exportierte Ereignisse: 06.06.2013 16:34 [System Scanner] Malware gefunden Die Datei 'C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Temp\eL9PxniS.exe.part' enthielt einen Virus oder unerwünschtes Programm 'ADWARE/InstallCore.AM' [adware]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55b03ae7.qua' verschoben! |
14.06.2013, 16:01 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | systemcare antivirus auf windows xp laptop Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
14.06.2013, 16:24 | #5 |
| systemcare antivirus auf windows xp laptop Hallo, also der OTL ist ohne Probleme durchgelaufen. Hier die logs: OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.06.2013 17:08:19 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Steffi\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,38% Memory free 4,83 Gb Paging File | 3,88 Gb Available in Paging File | 80,19% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 58,59 Gb Total Space | 22,52 Gb Free Space | 38,44% Space Free | Partition Type: NTFS Drive D: | 90,45 Gb Total Space | 85,71 Gb Free Space | 94,76% Space Free | Partition Type: NTFS Computer Name: STEFANIE | User Name: Steffi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Steffi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\WINDOWS\system32\CNAB4RPK.EXE (CANON INC.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll () MOD - C:\Programme\avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\Spybot - Search & Destroy 2\av\BDSmartDB.dll () MOD - C:\WINDOWS\system32\bcm1xsup.dll () MOD - C:\WINDOWS\system32\preflib.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - \\?\C:\Programme\Spybot - Search & Destroy 2\av\avxdisk.dll () MOD - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe () MOD - C:\WINDOWS\system32\msdmo.dll () ========== Services (SafeList) ========== SRV - (SDWSCService) -- C:\Programme\Spybot File not found SRV - (SDUpdateService) -- C:\Programme\Spybot File not found SRV - (SDScannerService) -- C:\Programme\Spybot File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Programme\office 2010\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (osppsvc) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) DRV - (HpqKbFiltr) -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1078081533-1275210071-1801674531-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1078081533-1275210071-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1078081533-1275210071-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-1078081533-1275210071-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\pxcviewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\OFFICE~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\OFFICE~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.30 23:47:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Programme\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.05.27 09:32:08 | 000,000,000 | ---D | M] [2011.10.31 15:14:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Mozilla\Extensions [2013.05.09 12:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Mozilla\Firefox\Profiles\triez2vb.default\extensions [2013.05.09 12:18:32 | 000,870,680 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Mozilla\Firefox\Profiles\triez2vb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.27 09:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.27 09:32:18 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\office 2010\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\Cpqset.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SDTray] C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1078081533-1275210071-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\office 2010\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\office 2010\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\office 2010\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\office 2010\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20938AA4-AC9A-4AAC-A714-68F1ABC0FED7}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.10.31 12:43:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.14 17:06:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Steffi\Desktop\OTL.exe [2013.06.08 14:51:03 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Steffi\IECompatCache [2013.06.08 11:46:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2013.06.08 11:45:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2 [2013.06.08 11:45:49 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe [2013.06.08 11:45:42 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy 2 [2013.06.07 22:47:23 | 036,271,144 | ---- | C] (Safer-Networking Ltd. ) -- C:\Dokumente und Einstellungen\Steffi\Desktop\spybot-2.1.exe [2013.06.05 18:33:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\D8AA5EE120E1A1990000D8A9863CA6A5 [2013.05.27 09:32:06 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\Dokumente und Einstellungen\Steffi\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Steffi\Desktop\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.14 17:06:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Steffi\Desktop\OTL.exe [2013.06.14 12:04:04 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2013.06.14 12:03:50 | 000,000,636 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013.06.14 12:03:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.06.14 12:03:13 | 3212,103,680 | -HS- | M] () -- C:\hiberfil.sys [2013.06.14 11:55:17 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.06.12 21:32:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.06.08 11:46:09 | 000,000,608 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.06.08 11:46:09 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job [2013.06.08 11:45:54 | 000,001,800 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk [2013.06.07 22:37:34 | 036,271,144 | ---- | M] (Safer-Networking Ltd. ) -- C:\Dokumente und Einstellungen\Steffi\Desktop\spybot-2.1.exe [2013.05.23 10:48:03 | 000,258,361 | ---- | M] () -- C:\Dokumente und Einstellungen\Steffi\Desktop\Super-PIN.pdf [2013.05.19 11:45:55 | 000,002,469 | ---- | M] () -- C:\Dokumente und Einstellungen\Steffi\Desktop\Microsoft Word 2010.lnk [2013.05.18 00:00:46 | 006,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2013.05.16 15:39:18 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.05.15 20:37:02 | 000,464,476 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.05.15 20:37:02 | 000,445,738 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.05.15 20:37:02 | 000,086,200 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.05.15 20:37:02 | 000,070,712 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\Dokumente und Einstellungen\Steffi\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Steffi\Desktop\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.08 11:46:08 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job [2013.06.08 11:46:07 | 000,000,636 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013.06.08 11:46:07 | 000,000,608 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.06.08 11:45:54 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk [2013.06.08 11:45:54 | 000,001,800 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk [2013.05.23 10:48:02 | 000,258,361 | ---- | C] () -- C:\Dokumente und Einstellungen\Steffi\Desktop\Super-PIN.pdf [2012.05.16 12:03:33 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2012.02.17 09:13:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.11.05 10:26:51 | 000,018,944 | ---- | C] () -- C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.31 15:22:58 | 002,215,364 | ---- | C] () -- C:\WINDOWS\System32\igklg400.bin [2011.10.31 15:22:58 | 001,971,732 | ---- | C] () -- C:\WINDOWS\System32\igklg450.bin [2011.10.31 15:22:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4935.dll [2011.10.31 15:22:58 | 000,029,932 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.bin [2011.10.31 15:03:08 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2011.10.31 15:03:08 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2011.10.31 15:03:08 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE [2011.10.31 12:45:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.10.31 12:40:34 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011.10.31 12:32:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.10.31 12:31:43 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2011.12.19 10:53:33 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > [/CODE] OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.06.2013 17:08:19 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Steffi\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,38% Memory free 4,83 Gb Paging File | 3,88 Gb Available in Paging File | 80,19% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 58,59 Gb Total Space | 22,52 Gb Free Space | 38,44% Space Free | Partition Type: NTFS Drive D: | 90,45 Gb Total Space | 85,71 Gb Free Space | 94,76% Space Free | Partition Type: NTFS Computer Name: STEFANIE | User Name: Steffi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_USERS\S-1-5-21-1078081533-1275210071-1801674531-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\office 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\office 2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\vlc player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\vlc player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\ICQ7.6\ICQ.exe" = C:\Programme\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\office 2010\Office14\GROOVE.EXE" = C:\Programme\office 2010\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation) "C:\Programme\office 2010\Office14\ONENOTE.EXE" = C:\Programme\office 2010\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation) "C:\Programme\office 2010\Office14\OUTLOOK.EXE" = C:\Programme\office 2010\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Programme\ICQ7.6\ICQ.exe" = C:\Programme\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.) "C:\WINDOWS\system32\CNAB4RPK.EXE" = C:\WINDOWS\system32\CNAB4RPK.EXE:*:Enabled:Canon LBP2900 RPC Server Process -- (CANON INC.) "C:\Programme\Spybot - Search & Destroy 2\SDTray.exe" = C:\Programme\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 F1 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0 "{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 14 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "Broadcom 802.11 Application" = Broadcom Wireless-Dienstprogramm "Broadcom 802.11b Network Adapter" = Broadcom 802.11-WLAN-Adapter "Canon LBP2900" = Canon LBP2900 "DivX Setup" = DivX-Setup "HDMI" = Intel(R) Graphics Media Accelerator Driver "ie8" = Windows Internet Explorer 8 "IrfanView" = IrfanView (remove only) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "MiKTeX 2.9" = MiKTeX 2.9 "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "PROSet" = Intel(R) PRO Network Connections Drivers "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1 "VLC media player" = VLC media player 1.1.11 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 ========== Last 20 Event Log Errors ========== [ System Events ] Error - 10.06.2013 09:47:41 | Computer Name = STEFANIE | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 12.06.2013 10:06:14 | Computer Name = STEFANIE | Source = ipnathlp | ID = 30005 Description = Ein DHCP-Server mit der IP-Adresse 192.168.0.1 wurde von der DHCP-Zuweisung im selben Netzwerk gefunden, wie die Schnittstelle mit der IP-Adresse 192.168.0.12. Die Zuweisung wurde auf der Schnittstelle automatisch deaktiviert, um DHCP-Clientkonflikte zu vermeiden. Error - 14.06.2013 05:55:53 | Computer Name = STEFANIE | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error - 14.06.2013 05:55:53 | Computer Name = STEFANIE | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 14.06.2013 05:57:45 | Computer Name = STEFANIE | Source = atapi | ID = 262153 Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 14.06.2013 05:57:55 | Computer Name = STEFANIE | Source = atapi | ID = 262153 Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 14.06.2013 06:03:43 | Computer Name = STEFANIE | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie chkdsk auf Volume "D:" aus. Error - 14.06.2013 06:03:43 | Computer Name = STEFANIE | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie chkdsk auf Volume "D:" aus. Error - 14.06.2013 06:03:53 | Computer Name = STEFANIE | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error - 14.06.2013 06:03:53 | Computer Name = STEFANIE | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > [/CODE] |
14.06.2013, 18:11 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | systemcare antivirus auf windows xp laptopZitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
__________________ --> systemcare antivirus auf windows xp laptop |
14.06.2013, 18:53 | #7 |
| systemcare antivirus auf windows xp laptop Nein, es ist ein privat genutzter Laptop. Ich habe das Win xp mal von einem Bekannten bekommen. Schöne Grüße, stefki |
14.06.2013, 18:54 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | systemcare antivirus auf windows xp laptop Ich hoffe, es hat dir da keine gecrackte Version angedreht Rootkitscan mit GMER Bitte lade dir GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
14.06.2013, 20:17 | #9 |
| systemcare antivirus auf windows xp laptop Das Windows xp war eine Original-Version. Habe die beiden Scans durchlaufen lassen. Hier der Log von Gmer: Code:
ATTFilter GMER Logfile: und das log von MBAR (lief durch ohne was zu finden): Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1003 www.malwarebytes.org Database version: v2013.06.14.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Steffi :: STEFANIE [administrator] 14.06.2013 20:52:57 mbar-log-2013-06-14 (20-52-57).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: Deep Anti-Rootkit Scan | PUP Objects scanned: 195233 Time elapsed: 10 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) stefki |
14.06.2013, 20:29 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | systemcare antivirus auf windows xp laptop Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
14.06.2013, 22:40 | #11 |
| systemcare antivirus auf windows xp laptop Habe Combofix ausgeführt: Code:
ATTFilter Combofix Logfile: |
15.06.2013, 00:24 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | systemcare antivirus auf windows xp laptop Combofix-Skript
__________________ Logfiles bitte immer in CODE-Tags posten |
15.06.2013, 09:24 | #13 |
| systemcare antivirus auf windows xp laptop Hallo, Danke für die schnelle Antwort! Habe das jetzt nochmal durchlaufen lassen (wie du es beschrieben hast): Code:
ATTFilter Combofix Logfile: Stefki ps: mache ich mit der code-Umgebung irgendwas falsch? Habe den Eindruck,dass da immer zwei geschachtelt werden, obwohl ich nur eine erstelle und die logs dann dazwischen kopiere? |
15.06.2013, 15:13 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | systemcare antivirus auf windows xp laptop aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
15.06.2013, 16:43 | #15 |
| systemcare antivirus auf windows xp laptop Hallo, habe die beiden Sachen gemacht. Hier das Ergebnis vom aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-06-15 16:40:27 ----------------------------- 16:40:27.031 OS Version: Windows 5.1.2600 Service Pack 3 16:40:27.031 Number of processors: 1 586 0x1601 16:40:27.031 ComputerName: STEFANIE UserName: Steffi 16:40:27.343 Initialize success 16:54:10.734 AVAST engine defs: 13061300 16:55:26.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 16:55:26.765 Disk 0 Vendor: WDC_WD1600BEVT-60ZCT1 13.01A13 Size: 152627MB BusType: 3 16:55:26.906 Disk 0 MBR read successfully 16:55:26.906 Disk 0 MBR scan 16:55:26.968 Disk 0 Windows XP default MBR code 16:55:26.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 60000 MB offset 63 16:55:26.968 Disk 0 Partition - 00 0F Extended LBA 92616 MB offset 122881185 16:55:27.000 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 92616 MB offset 122881248 16:55:27.015 Disk 0 scanning sectors +312560640 16:55:27.078 Disk 0 scanning C:\WINDOWS\system32\drivers 16:55:33.125 Service scanning 16:55:47.750 Modules scanning 16:55:51.546 Disk 0 trace - called modules: 16:55:52.093 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 16:55:52.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a2cdab8] 16:55:52.109 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000071[0x8a2829e8] 16:55:52.109 5 ACPI.sys[f735d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a249940] 16:55:52.343 AVAST engine scan C:\WINDOWS 16:56:01.625 AVAST engine scan C:\WINDOWS\system32 16:57:42.500 AVAST engine scan C:\WINDOWS\system32\drivers 16:57:51.296 AVAST engine scan C:\Dokumente und Einstellungen\Steffi 17:00:30.718 File: C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\29\5bd0fbdd-16b194cf **INFECTED** Win32:Rootkit-gen [Rtk] 17:00:45.218 AVAST engine scan C:\Dokumente und Einstellungen\All Users 17:01:01.328 Scan finished successfully 17:15:03.062 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Steffi\Desktop\MBR.dat" 17:15:03.078 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Steffi\Desktop\aswMBR.txt" und der Log vom TDSS-Killer: Code:
ATTFilter 17:20:12.0609 3432 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 17:20:12.0734 3432 ============================================================ 17:20:12.0734 3432 Current date / time: 2013/06/15 17:20:12.0734 17:20:12.0734 3432 SystemInfo: 17:20:12.0734 3432 17:20:12.0734 3432 OS Version: 5.1.2600 ServicePack: 3.0 17:20:12.0734 3432 Product type: Workstation 17:20:12.0734 3432 ComputerName: STEFANIE 17:20:12.0734 3432 UserName: Steffi 17:20:12.0734 3432 Windows directory: C:\WINDOWS 17:20:12.0734 3432 System windows directory: C:\WINDOWS 17:20:12.0734 3432 Processor architecture: Intel x86 17:20:12.0734 3432 Number of processors: 1 17:20:12.0734 3432 Page size: 0x1000 17:20:12.0734 3432 Boot type: Normal boot 17:20:12.0734 3432 ============================================================ 17:20:14.0109 3432 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 17:20:14.0109 3432 ============================================================ 17:20:14.0109 3432 \Device\Harddisk0\DR0: 17:20:14.0109 3432 MBR partitions: 17:20:14.0109 3432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462 17:20:14.0125 3432 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0xB4E4720 17:20:14.0125 3432 ============================================================ 17:20:14.0140 3432 C: <-> \Device\Harddisk0\DR0\Partition1 17:20:14.0187 3432 D: <-> \Device\Harddisk0\DR0\Partition2 17:20:14.0187 3432 ============================================================ 17:20:14.0187 3432 Initialize success 17:20:14.0187 3432 ============================================================ 17:20:29.0421 3148 ============================================================ 17:20:29.0421 3148 Scan started 17:20:29.0421 3148 Mode: Manual; SigCheck; TDLFS; 17:20:29.0421 3148 ============================================================ 17:20:30.0109 3148 ================ Scan system memory ======================== 17:20:30.0109 3148 System memory - ok 17:20:30.0109 3148 ================ Scan services ============================= 17:20:30.0265 3148 Abiosdsk - ok 17:20:30.0265 3148 abp480n5 - ok 17:20:30.0312 3148 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 17:20:30.0625 3148 ACPI - ok 17:20:30.0640 3148 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 17:20:30.0765 3148 ACPIEC - ok 17:20:30.0812 3148 [ DFC0162928BFA584B5E5C0CC4A07DFD1 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys 17:20:30.0875 3148 ADIHdAudAddService - ok 17:20:30.0875 3148 adpu160m - ok 17:20:30.0890 3148 [ FFF87A9B1AB36EE4B7BEC98A4CB01B79 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys 17:20:30.0906 3148 AEAudio - ok 17:20:30.0921 3148 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 17:20:31.0046 3148 aec - ok 17:20:31.0093 3148 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 17:20:31.0140 3148 AFD - ok 17:20:31.0156 3148 Aha154x - ok 17:20:31.0156 3148 aic78u2 - ok 17:20:31.0171 3148 aic78xx - ok 17:20:31.0187 3148 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll 17:20:31.0281 3148 Alerter - ok 17:20:31.0296 3148 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe 17:20:31.0375 3148 ALG - ok 17:20:31.0375 3148 AliIde - ok 17:20:31.0390 3148 amsint - ok 17:20:31.0484 3148 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe 17:20:31.0515 3148 AntiVirSchedulerService - ok 17:20:31.0531 3148 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe 17:20:31.0546 3148 AntiVirService - ok 17:20:31.0578 3148 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 17:20:31.0640 3148 AppMgmt - ok 17:20:31.0640 3148 asc - ok 17:20:31.0640 3148 asc3350p - ok 17:20:31.0656 3148 asc3550 - ok 17:20:31.0734 3148 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 17:20:31.0750 3148 aspnet_state - ok 17:20:31.0781 3148 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 17:20:31.0890 3148 AsyncMac - ok 17:20:31.0937 3148 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 17:20:32.0046 3148 atapi - ok 17:20:32.0046 3148 Atdisk - ok 17:20:32.0078 3148 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 17:20:32.0187 3148 Atmarpc - ok 17:20:32.0203 3148 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 17:20:32.0296 3148 AudioSrv - ok 17:20:32.0328 3148 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 17:20:32.0437 3148 audstub - ok 17:20:32.0437 3148 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys 17:20:32.0531 3148 avgntflt - ok 17:20:32.0609 3148 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys 17:20:32.0640 3148 avipbb - ok 17:20:32.0671 3148 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys 17:20:32.0687 3148 avkmgr - ok 17:20:32.0750 3148 [ 9208C78BD9283F79A30252AD954C77A2 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 17:20:32.0843 3148 BCM43XX - ok 17:20:32.0859 3148 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 17:20:32.0984 3148 Beep - ok 17:20:33.0031 3148 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll 17:20:33.0156 3148 BITS - ok 17:20:33.0187 3148 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll 17:20:33.0234 3148 Browser - ok 17:20:33.0359 3148 catchme - ok 17:20:33.0375 3148 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 17:20:33.0500 3148 cbidf2k - ok 17:20:33.0515 3148 cd20xrnt - ok 17:20:33.0531 3148 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 17:20:33.0656 3148 Cdaudio - ok 17:20:33.0703 3148 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 17:20:33.0796 3148 Cdfs - ok 17:20:33.0828 3148 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 17:20:33.0953 3148 Cdrom - ok 17:20:33.0953 3148 Changer - ok 17:20:33.0968 3148 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe 17:20:34.0093 3148 CiSvc - ok 17:20:34.0093 3148 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 17:20:34.0203 3148 ClipSrv - ok 17:20:34.0234 3148 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:20:34.0265 3148 clr_optimization_v4.0.30319_32 - ok 17:20:34.0296 3148 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 17:20:34.0421 3148 CmBatt - ok 17:20:34.0421 3148 CmdIde - ok 17:20:34.0484 3148 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 17:20:34.0515 3148 Com4QLBEx - ok 17:20:34.0515 3148 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 17:20:34.0625 3148 Compbatt - ok 17:20:34.0625 3148 COMSysApp - ok 17:20:34.0640 3148 Cpqarray - ok 17:20:34.0671 3148 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 17:20:34.0796 3148 CryptSvc - ok 17:20:34.0812 3148 dac2w2k - ok 17:20:34.0812 3148 dac960nt - ok 17:20:34.0859 3148 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 17:20:34.0875 3148 DcomLaunch - ok 17:20:34.0921 3148 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 17:20:35.0031 3148 Dhcp - ok 17:20:35.0046 3148 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 17:20:35.0171 3148 Disk - ok 17:20:35.0171 3148 dmadmin - ok 17:20:35.0234 3148 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 17:20:35.0359 3148 dmboot - ok 17:20:35.0359 3148 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys 17:20:35.0515 3148 dmio - ok 17:20:35.0531 3148 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 17:20:35.0640 3148 dmload - ok 17:20:35.0656 3148 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll 17:20:35.0765 3148 dmserver - ok 17:20:35.0812 3148 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 17:20:35.0937 3148 DMusic - ok 17:20:35.0953 3148 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 17:20:35.0984 3148 Dnscache - ok 17:20:36.0015 3148 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 17:20:36.0140 3148 Dot3svc - ok 17:20:36.0140 3148 dpti2o - ok 17:20:36.0171 3148 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 17:20:36.0281 3148 drmkaud - ok 17:20:36.0328 3148 [ ED91F1042071A36F54E7C430E130E4CD ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys 17:20:36.0359 3148 e1express - ok 17:20:36.0390 3148 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll 17:20:36.0515 3148 EapHost - ok 17:20:36.0531 3148 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll 17:20:36.0640 3148 ERSvc - ok 17:20:36.0671 3148 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe 17:20:36.0703 3148 Eventlog - ok 17:20:36.0750 3148 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll 17:20:36.0781 3148 EventSystem - ok 17:20:36.0812 3148 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 17:20:36.0937 3148 Fastfat - ok 17:20:36.0968 3148 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 17:20:37.0000 3148 FastUserSwitchingCompatibility - ok 17:20:37.0031 3148 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 17:20:37.0140 3148 Fdc - ok 17:20:37.0156 3148 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 17:20:37.0250 3148 Fips - ok 17:20:37.0250 3148 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 17:20:37.0375 3148 Flpydisk - ok 17:20:37.0421 3148 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys 17:20:37.0531 3148 FltMgr - ok 17:20:37.0546 3148 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 17:20:37.0656 3148 Fs_Rec - ok 17:20:37.0671 3148 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 17:20:37.0781 3148 Ftdisk - ok 17:20:37.0796 3148 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 17:20:37.0921 3148 Gpc - ok 17:20:37.0953 3148 [ 407E41DDB2BFECE109132AEC296E0D98 ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys 17:20:37.0984 3148 HBtnKey - ok 17:20:38.0031 3148 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 17:20:38.0171 3148 HDAudBus - ok 17:20:38.0218 3148 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 17:20:38.0328 3148 helpsvc - ok 17:20:38.0328 3148 HidServ - ok 17:20:38.0375 3148 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys 17:20:38.0484 3148 hidusb - ok 17:20:38.0515 3148 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 17:20:38.0625 3148 hkmsvc - ok 17:20:38.0640 3148 hpn - ok 17:20:38.0640 3148 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys 17:20:38.0687 3148 HpqKbFiltr - ok 17:20:38.0734 3148 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Programme\Hewlett-Packard\Shared\hpqWmiEx.exe 17:20:38.0765 3148 hpqwmiex - ok 17:20:38.0781 3148 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 17:20:38.0843 3148 HTTP - ok 17:20:38.0875 3148 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 17:20:39.0000 3148 HTTPFilter - ok 17:20:39.0000 3148 i2omgmt - ok 17:20:39.0015 3148 i2omp - ok 17:20:39.0015 3148 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 17:20:39.0140 3148 i8042prt - ok 17:20:39.0328 3148 [ CD32607F1CC8AC67224334AE123F7B98 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 17:20:39.0562 3148 ialm - ok 17:20:39.0578 3148 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 17:20:39.0703 3148 Imapi - ok 17:20:39.0750 3148 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe 17:20:39.0859 3148 ImapiService - ok 17:20:39.0875 3148 ini910u - ok 17:20:39.0875 3148 IntelIde - ok 17:20:39.0921 3148 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 17:20:40.0046 3148 intelppm - ok 17:20:40.0062 3148 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 17:20:40.0156 3148 Ip6Fw - ok 17:20:40.0187 3148 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 17:20:40.0296 3148 IpFilterDriver - ok 17:20:40.0312 3148 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 17:20:40.0406 3148 IpInIp - ok 17:20:40.0421 3148 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 17:20:40.0531 3148 IpNat - ok 17:20:40.0546 3148 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 17:20:40.0656 3148 IPSec - ok 17:20:40.0703 3148 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 17:20:40.0765 3148 IRENUM - ok 17:20:40.0796 3148 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 17:20:40.0906 3148 isapnp - ok 17:20:40.0968 3148 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe 17:20:40.0984 3148 JavaQuickStarterService - ok 17:20:41.0000 3148 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 17:20:41.0109 3148 Kbdclass - ok 17:20:41.0156 3148 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys 17:20:41.0406 3148 kbdhid - ok 17:20:41.0437 3148 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 17:20:41.0562 3148 kmixer - ok 17:20:41.0562 3148 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 17:20:41.0625 3148 KSecDD - ok 17:20:41.0671 3148 [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll 17:20:41.0734 3148 LanmanServer - ok 17:20:41.0796 3148 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 17:20:41.0828 3148 lanmanworkstation - ok 17:20:41.0843 3148 lbrtfdc - ok 17:20:41.0875 3148 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 17:20:42.0000 3148 LmHosts - ok 17:20:42.0031 3148 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll 17:20:42.0140 3148 Messenger - ok 17:20:42.0234 3148 Microsoft SharePoint Workspace Audit Service - ok 17:20:42.0265 3148 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 17:20:42.0375 3148 mnmdd - ok 17:20:42.0421 3148 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 17:20:42.0531 3148 mnmsrvc - ok 17:20:42.0546 3148 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 17:20:42.0671 3148 Modem - ok 17:20:42.0703 3148 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 17:20:42.0812 3148 Mouclass - ok 17:20:42.0859 3148 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 17:20:42.0953 3148 mouhid - ok 17:20:42.0984 3148 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 17:20:43.0093 3148 MountMgr - ok 17:20:43.0140 3148 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 17:20:43.0156 3148 MozillaMaintenance - ok 17:20:43.0171 3148 mraid35x - ok 17:20:43.0171 3148 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 17:20:43.0281 3148 MRxDAV - ok 17:20:43.0328 3148 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 17:20:43.0390 3148 MRxSmb - ok 17:20:43.0437 3148 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe 17:20:43.0546 3148 MSDTC - ok 17:20:43.0546 3148 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 17:20:43.0671 3148 Msfs - ok 17:20:43.0671 3148 MSIServer - ok 17:20:43.0703 3148 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 17:20:43.0796 3148 MSKSSRV - ok 17:20:43.0828 3148 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 17:20:43.0937 3148 MSPCLOCK - ok 17:20:43.0953 3148 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 17:20:44.0078 3148 MSPQM - ok 17:20:44.0109 3148 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 17:20:44.0203 3148 mssmbios - ok 17:20:44.0234 3148 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 17:20:44.0265 3148 Mup - ok 17:20:44.0312 3148 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll 17:20:44.0468 3148 napagent - ok 17:20:44.0500 3148 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 17:20:44.0609 3148 NDIS - ok 17:20:44.0640 3148 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 17:20:44.0687 3148 NdisTapi - ok 17:20:44.0718 3148 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 17:20:44.0843 3148 Ndisuio - ok 17:20:44.0859 3148 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 17:20:44.0968 3148 NdisWan - ok 17:20:44.0984 3148 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 17:20:45.0015 3148 NDProxy - ok 17:20:45.0031 3148 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 17:20:45.0140 3148 NetBIOS - ok 17:20:45.0156 3148 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 17:20:45.0281 3148 NetBT - ok 17:20:45.0328 3148 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe 17:20:45.0437 3148 NetDDE - ok 17:20:45.0437 3148 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 17:20:45.0546 3148 NetDDEdsdm - ok 17:20:45.0578 3148 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe 17:20:45.0687 3148 Netlogon - ok 17:20:45.0718 3148 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll 17:20:45.0843 3148 Netman - ok 17:20:45.0875 3148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 17:20:45.0890 3148 NetTcpPortSharing - ok 17:20:45.0921 3148 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll 17:20:45.0953 3148 Nla - ok 17:20:46.0015 3148 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CDBurnerXP\NMSAccessU.exe 17:20:46.0031 3148 NMSAccess - ok 17:20:46.0046 3148 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 17:20:46.0156 3148 Npfs - ok 17:20:46.0171 3148 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 17:20:46.0328 3148 Ntfs - ok 17:20:46.0328 3148 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 17:20:46.0421 3148 NtLmSsp - ok 17:20:46.0453 3148 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 17:20:46.0562 3148 NtmsSvc - ok 17:20:46.0593 3148 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 17:20:46.0687 3148 Null - ok 17:20:46.0703 3148 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 17:20:46.0828 3148 NwlnkFlt - ok 17:20:46.0828 3148 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 17:20:46.0937 3148 NwlnkFwd - ok 17:20:46.0984 3148 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 17:20:47.0015 3148 ose - ok 17:20:47.0187 3148 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 17:20:47.0421 3148 osppsvc - ok 17:20:47.0437 3148 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 17:20:47.0531 3148 Parport - ok 17:20:47.0578 3148 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 17:20:47.0687 3148 PartMgr - ok 17:20:47.0734 3148 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 17:20:47.0843 3148 ParVdm - ok 17:20:47.0859 3148 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 17:20:47.0968 3148 PCI - ok 17:20:47.0984 3148 PCIDump - ok 17:20:47.0984 3148 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 17:20:48.0078 3148 PCIIde - ok 17:20:48.0109 3148 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 17:20:48.0218 3148 Pcmcia - ok 17:20:48.0218 3148 PDCOMP - ok 17:20:48.0234 3148 PDFRAME - ok 17:20:48.0234 3148 PDRELI - ok 17:20:48.0250 3148 PDRFRAME - ok 17:20:48.0250 3148 perc2 - ok 17:20:48.0250 3148 perc2hib - ok 17:20:48.0296 3148 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe 17:20:48.0296 3148 PlugPlay - ok 17:20:48.0312 3148 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 17:20:48.0406 3148 PolicyAgent - ok 17:20:48.0453 3148 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 17:20:48.0546 3148 PptpMiniport - ok 17:20:48.0562 3148 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 17:20:48.0656 3148 ProtectedStorage - ok 17:20:48.0656 3148 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 17:20:48.0781 3148 PSched - ok 17:20:48.0796 3148 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 17:20:48.0890 3148 Ptilink - ok 17:20:48.0921 3148 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 17:20:48.0937 3148 PxHelp20 - ok 17:20:48.0937 3148 ql1080 - ok 17:20:48.0953 3148 Ql10wnt - ok 17:20:48.0953 3148 ql12160 - ok 17:20:48.0968 3148 ql1240 - ok 17:20:48.0968 3148 ql1280 - ok 17:20:48.0984 3148 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 17:20:49.0078 3148 RasAcd - ok 17:20:49.0109 3148 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll 17:20:49.0218 3148 RasAuto - ok 17:20:49.0250 3148 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 17:20:49.0359 3148 Rasl2tp - ok 17:20:49.0390 3148 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll 17:20:49.0500 3148 RasMan - ok 17:20:49.0500 3148 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 17:20:49.0609 3148 RasPppoe - ok 17:20:49.0609 3148 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 17:20:49.0718 3148 Raspti - ok 17:20:49.0750 3148 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 17:20:49.0843 3148 Rdbss - ok 17:20:49.0859 3148 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 17:20:49.0953 3148 RDPCDD - ok 17:20:50.0000 3148 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 17:20:50.0093 3148 rdpdr - ok 17:20:50.0156 3148 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 17:20:50.0203 3148 RDPWD - ok 17:20:50.0265 3148 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 17:20:50.0375 3148 RDSessMgr - ok 17:20:50.0421 3148 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 17:20:50.0531 3148 redbook - ok 17:20:50.0562 3148 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 17:20:50.0687 3148 RemoteAccess - ok 17:20:50.0718 3148 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 17:20:50.0843 3148 RemoteRegistry - ok 17:20:50.0875 3148 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe 17:20:51.0000 3148 RpcLocator - ok 17:20:51.0031 3148 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\System32\rpcss.dll 17:20:51.0046 3148 RpcSs - ok 17:20:51.0093 3148 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe 17:20:51.0187 3148 RSVP - ok 17:20:51.0218 3148 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe 17:20:51.0312 3148 SamSs - ok 17:20:51.0359 3148 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 17:20:51.0468 3148 SCardSvr - ok 17:20:51.0515 3148 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll 17:20:51.0640 3148 Schedule - ok 17:20:51.0734 3148 [ 95AA9E165C7DE1B64A11E8B18E91E499 ] SDScannerService C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe 17:20:51.0843 3148 SDScannerService - ok 17:20:51.0890 3148 [ D31398D4BB4907B517B6E784C2100C4A ] SDUpdateService C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe 17:20:51.0953 3148 SDUpdateService - ok 17:20:51.0968 3148 [ 6AE8E702D1027A9627DDE2B77BB9992B ] SDWSCService C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe 17:20:52.0000 3148 SDWSCService - ok 17:20:52.0015 3148 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 17:20:52.0078 3148 Secdrv - ok 17:20:52.0109 3148 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll 17:20:52.0234 3148 seclogon - ok 17:20:52.0250 3148 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll 17:20:52.0359 3148 SENS - ok 17:20:52.0390 3148 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys 17:20:52.0500 3148 Serial - ok 17:20:52.0546 3148 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 17:20:52.0640 3148 Sfloppy - ok 17:20:52.0671 3148 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 17:20:52.0828 3148 SharedAccess - ok 17:20:52.0859 3148 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 17:20:52.0875 3148 ShellHWDetection - ok 17:20:52.0875 3148 Simbad - ok 17:20:52.0890 3148 Sparrow - ok 17:20:52.0921 3148 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 17:20:53.0031 3148 splitter - ok 17:20:53.0046 3148 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 17:20:53.0078 3148 Spooler - ok 17:20:53.0125 3148 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 17:20:53.0187 3148 sr - ok 17:20:53.0203 3148 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll 17:20:53.0265 3148 srservice - ok 17:20:53.0296 3148 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 17:20:53.0328 3148 Srv - ok 17:20:53.0375 3148 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 17:20:53.0421 3148 SSDPSRV - ok 17:20:53.0453 3148 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 17:20:53.0484 3148 ssmdrv - ok 17:20:53.0500 3148 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys 17:20:53.0500 3148 StarOpen ( UnsignedFile.Multi.Generic ) - warning 17:20:53.0500 3148 StarOpen - detected UnsignedFile.Multi.Generic (1) 17:20:53.0531 3148 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll 17:20:53.0640 3148 stisvc - ok 17:20:53.0671 3148 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 17:20:53.0765 3148 swenum - ok 17:20:53.0781 3148 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 17:20:53.0890 3148 swmidi - ok 17:20:53.0890 3148 SwPrv - ok 17:20:53.0906 3148 symc810 - ok 17:20:53.0906 3148 symc8xx - ok 17:20:53.0906 3148 sym_hi - ok 17:20:53.0921 3148 sym_u3 - ok 17:20:53.0953 3148 [ 926E0BB4CAC05D9A0C3B59DC16FE2F1C ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys 17:20:54.0000 3148 SynTP - ok 17:20:54.0000 3148 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 17:20:54.0109 3148 sysaudio - ok 17:20:54.0140 3148 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 17:20:54.0250 3148 SysmonLog - ok 17:20:54.0281 3148 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 17:20:54.0390 3148 TapiSrv - ok 17:20:54.0421 3148 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 17:20:54.0453 3148 Tcpip - ok 17:20:54.0484 3148 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 17:20:54.0593 3148 TDPIPE - ok 17:20:54.0609 3148 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 17:20:54.0718 3148 TDTCP - ok 17:20:54.0750 3148 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 17:20:54.0859 3148 TermDD - ok 17:20:54.0890 3148 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll 17:20:55.0015 3148 TermService - ok 17:20:55.0031 3148 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll 17:20:55.0046 3148 Themes - ok 17:20:55.0078 3148 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 17:20:55.0156 3148 TlntSvr - ok 17:20:55.0156 3148 TosIde - ok 17:20:55.0187 3148 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll 17:20:55.0296 3148 TrkWks - ok 17:20:55.0312 3148 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 17:20:55.0437 3148 Udfs - ok 17:20:55.0437 3148 ultra - ok 17:20:55.0468 3148 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 17:20:55.0593 3148 Update - ok 17:20:55.0609 3148 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll 17:20:55.0671 3148 upnphost - ok 17:20:55.0687 3148 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe 17:20:55.0796 3148 UPS - ok 17:20:55.0828 3148 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 17:20:55.0937 3148 usbehci - ok 17:20:55.0953 3148 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 17:20:56.0078 3148 usbhub - ok 17:20:56.0109 3148 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 17:20:56.0234 3148 usbprint - ok 17:20:56.0265 3148 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 17:20:56.0375 3148 usbscan - ok 17:20:56.0421 3148 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 17:20:56.0531 3148 USBSTOR - ok 17:20:56.0546 3148 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 17:20:56.0640 3148 usbuhci - ok 17:20:56.0656 3148 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 17:20:56.0750 3148 VgaSave - ok 17:20:56.0765 3148 ViaIde - ok 17:20:56.0781 3148 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 17:20:56.0890 3148 VolSnap - ok 17:20:56.0921 3148 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe 17:20:56.0984 3148 VSS - ok 17:20:57.0015 3148 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll 17:20:57.0109 3148 W32Time - ok 17:20:57.0125 3148 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 17:20:57.0234 3148 Wanarp - ok 17:20:57.0265 3148 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 17:20:57.0296 3148 Wdf01000 - ok 17:20:57.0312 3148 WDICA - ok 17:20:57.0328 3148 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 17:20:57.0453 3148 wdmaud - ok 17:20:57.0468 3148 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll 17:20:57.0578 3148 WebClient - ok 17:20:57.0640 3148 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 17:20:57.0765 3148 winmgmt - ok 17:20:57.0781 3148 wltrysvc - ok 17:20:57.0812 3148 [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll 17:20:57.0921 3148 WmdmPmSN - ok 17:20:57.0953 3148 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll 17:20:57.0984 3148 Wmi - ok 17:20:57.0984 3148 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 17:20:58.0093 3148 WmiAcpi - ok 17:20:58.0125 3148 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 17:20:58.0234 3148 WmiApSrv - ok 17:20:58.0312 3148 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 17:20:58.0359 3148 WPFFontCache_v0400 - ok 17:20:58.0406 3148 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys 17:20:58.0515 3148 WS2IFSL - ok 17:20:58.0546 3148 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll 17:20:58.0656 3148 wscsvc - ok 17:20:58.0703 3148 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 17:20:58.0796 3148 wuauserv - ok 17:20:58.0828 3148 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 17:20:58.0968 3148 WZCSVC - ok 17:20:59.0000 3148 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 17:20:59.0109 3148 xmlprov - ok 17:20:59.0109 3148 ================ Scan global =============================== 17:20:59.0156 3148 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll 17:20:59.0203 3148 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll 17:20:59.0234 3148 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll 17:20:59.0250 3148 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe 17:20:59.0250 3148 [Global] - ok 17:20:59.0250 3148 ================ Scan MBR ================================== 17:20:59.0265 3148 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0 17:20:59.0593 3148 \Device\Harddisk0\DR0 - ok 17:20:59.0609 3148 ================ Scan VBR ================================== 17:20:59.0609 3148 [ E256CB5A68938581BCB7E1DF96193DB2 ] \Device\Harddisk0\DR0\Partition1 17:20:59.0609 3148 \Device\Harddisk0\DR0\Partition1 - ok 17:20:59.0609 3148 [ AD575B058BBFFA7CCB91A07BA9B004C1 ] \Device\Harddisk0\DR0\Partition2 17:20:59.0609 3148 \Device\Harddisk0\DR0\Partition2 - ok 17:20:59.0625 3148 ============================================================ 17:20:59.0625 3148 Scan finished 17:20:59.0625 3148 ============================================================ 17:20:59.0734 2684 Detected object count: 1 17:20:59.0734 2684 Actual detected object count: 1 17:22:20.0406 2684 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user 17:22:20.0406 2684 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:22:39.0296 1580 Deinitialize success |
Themen zu systemcare antivirus auf windows xp laptop |
aktiviert, aktivierung, antivirus, code, datei, dokumente, durchlauf, einstellungen, folge, folgende, gefunde, gesuch, gesucht, interne, internet, komplett, kriege, laptop, lokale, lösung, runter, temp, windows, windows xp, zugriff |