Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   W32/Induc.A, TR/Dropper.Gen, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen3 gefunden - wie entfernen (https://www.trojaner-board.de/93340-w32-induc-a-tr-dropper-gen-tr-crypt-zpack-gen-tr-crypt-xpack-gen3-gefunden-entfernen.html)

Koelli91 29.11.2010 23:51
W32/Induc.A, TR/Dropper.Gen, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen3 gefunden - wie entfernen
 
Hallo!

In den letzten Tagenvon wurden von Antivir so einige Schädlinge gefunden. Wie soll ich an die ganze Sache nun am Besten rangehen?

Hier der Log von AntiVir:
Code:
Exportierte Ereignisse:

29.11.2010 17:35 [Guard] Malware gefunden
      In der Datei 'D:\Games\Call of Duty 5 - World at War\CoDWaW.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

28.11.2010 19:47 [Scanner] Malware gefunden
      Die Datei 'D:\Games\CS1.6\cstrike\config.exe'
      enthielt einen Virus oder unerwünschtes Programm 'W32/Induc.A' [virus].
      Ausgeführte Aktion: Zugriff verweigern

28.11.2010 19:46 [Scanner] Malware gefunden
      Die Datei 'D:\Games\Crysis WARHEAD\Bin32\Crysis.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan].
      Ausgeführte Aktion: Zugriff verweigern

28.11.2010 19:12 [Guard] Malware gefunden
      In der Datei 'D:\Games\CS1.6\cstrike\config.exe'
      wurde ein Virus oder unerwünschtes Programm 'W32/Induc.A' [virus] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

28.11.2010 19:11 [Guard] Malware gefunden
      In der Datei 'D:\Games\CS1.6\cstrike\config.exe'
      wurde ein Virus oder unerwünschtes Programm 'W32/Induc.A' [virus] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

28.11.2010 18:04 [Guard] Malware gefunden
      In der Datei 'D:\Games\Crysis WARHEAD\Bin32\Crysis.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

28.11.2010 18:04 [Guard] Malware gefunden
      In der Datei 'D:\Games\Crysis WARHEAD\Bin32\Crysis.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

28.11.2010 07:07 [Guard] Malware gefunden
      In der Datei 'D:\Games\Böse Nachbarn\bin\game.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

27.11.2010 15:40 [Scanner] Malware gefunden
      Die Datei 'D:\Downloads\Games\Super_Bros_3_Mario_Forever_v44.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49dbb9f9.qua'
      verschoben!

27.11.2010 10:14 [Guard] Malware gefunden
      In der Datei 'D:\Downloads\Games\Super_Bros_3_Mario_Forever_v44.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.11.2010 17:19 [Guard] Malware gefunden
      In der Datei 'D:\Downloads\Games\Super_Bros_3_Mario_Forever_v44.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.11.2010 17:19 [Guard] Malware gefunden
      In der Datei 'D:\Downloads\Games\Super_Bros_3_Mario_Forever_v44.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

19.11.2010 21:56 [Guard] Malware gefunden
      In der Datei 'D:\Games\CS1.6\cstrike\config.exe'
      wurde ein Virus oder unerwünschtes Programm 'W32/Induc.A' [virus] gefunden.
      Ausgeführte Aktion: Zugriff verweigern
Ich hoffe auf professionelle Hilfe!

Danke schonmal im Voraus,
Koelli91

kira 30.11.2010 08:22
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vB Code Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
- Lade dir Random's System Information Tool (RSIT) von random/random herunter
- an einen Ort deiner Wahl und führe die rsit.exe aus
- wird "Hijackthis" auch von Rsit installiert und ausgeführt
- RSIT erstellt 2 Logfiles (C:\rsit\log.txt und C:\rsit\info.txt) mit erweiterten Infos von deinem System - diese beide bitte komplett hier posten

3.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

4.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.
** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten

5.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
→ "Download"→ " Download from FileHippo.com"
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
gruß
Coverflow

Koelli91 30.11.2010 21:06
Zu 1.:
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5217

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

30.11.2010 20:55:50
mbam-log-2010-11-30 (20-55-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Durchsuchte Objekte: 548670
Laufzeit: 1 Stunde(n), 10 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
D:\Downloads\Games\D3DWindower-English\D3dHook.dll (Trojan.KillDisk) -> Quarantined and deleted successfully.
Zu 2.:
log.txt:
RSIT Logfile:
Code:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Kevin Köllmann at 2010-11-30 20:57:58
Microsoft Windows 7 Home Premium 
System drive C: has 23 GB (41%) free of 57 GB
Total RAM: 4094 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:58:12, on 30.11.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
D:\Downloads\Sicherheit & Wartung\RSIT.exe
C:\Program Files (x86)\trend micro\Kevin Köllmann.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - (no file)
O4 - HKLM\..\Run: [Kone] "C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PureSync] "C:\Program Files (x86)\PureSync\PureSyncTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9276 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID-Anmelde-Hilfsprogramm - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-11-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Kone"=C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE [2009-09-15 180224]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2010-11-02 281768]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DisplayFusion"=C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [2010-09-14 1275624]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"PureSync"=C:\Program Files (x86)\PureSync\PureSyncTray.exe [2010-11-16 809024]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"ShutdownWithoutLogon"=1
"NoDispCPL"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoResolveTrack"=1
"NoViewContextMenu"=0
"NoFileAssociate"=0
"NoRun"=0
"NoClose"=0
"StartMenuLogoff"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-11-30 20:57:58 ----D---- C:\rsit
2010-11-30 20:57:58 ----D---- C:\Program Files (x86)\trend micro
2010-11-30 14:07:52 ----D---- C:\Users\Kevin Köllmann\AppData\Roaming\Malwarebytes
2010-11-30 14:07:42 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
2010-11-30 14:07:40 ----D---- C:\ProgramData\Malwarebytes
2010-11-30 14:07:38 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-29 22:40:23 ----D---- C:\Users\Kevin Köllmann\AppData\Roaming\Mozilla
2010-11-29 22:40:13 ----D---- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7
2010-11-29 21:54:06 ----D---- C:\Program Files (x86)\DesktopFun
2010-11-27 16:54:14 ----D---- C:\Program Files (x86)\ICQ Contact Revealer
2010-11-27 01:05:57 ----D---- C:\Users\Kevin Köllmann\AppData\Roaming\Jumping Bytes
2010-11-27 01:05:49 ----D---- C:\Program Files (x86)\PureSync
2010-11-27 01:05:49 ----D---- C:\Program Files (x86)\Common Files\Jumping Bytes
2010-11-24 17:23:01 ----A---- C:\Windows\SysWOW64\xinput1_1.dll
2010-11-24 17:23:01 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll
2010-11-24 17:23:01 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll
2010-11-24 17:22:57 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll
2010-11-24 17:22:57 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll
2010-11-24 17:22:57 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll
2010-11-24 17:22:56 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll
2010-11-24 17:22:56 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll
2010-11-24 17:22:55 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll
2010-11-24 17:22:54 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll
2010-11-24 00:36:53 ----A---- C:\Windows\SysWOW64\ieui.dll
2010-11-24 00:36:52 ----A---- C:\Windows\SysWOW64\ieframe.dll
2010-11-24 00:36:50 ----A---- C:\Windows\SysWOW64\mshtml.dll
2010-11-20 22:51:03 ----D---- C:\Users\Kevin Köllmann\AppData\Roaming\Rainmeter
2010-11-20 00:02:21 ----D---- C:\Program Files (x86)\Common Files\Java
2010-11-20 00:02:13 ----A---- C:\Windows\SysWOW64\javaws.exe
2010-11-20 00:02:13 ----A---- C:\Windows\SysWOW64\javaw.exe
2010-11-20 00:02:13 ----A---- C:\Windows\SysWOW64\java.exe
2010-11-19 21:20:35 ----D---- C:\Program Files (x86)\iTunes
2010-11-18 22:22:51 ----D---- C:\Program Files (x86)\ORKTOOLS
2010-11-18 22:17:58 ----D---- C:\Program Files (x86)\vvr
2010-11-18 14:03:52 ----D---- C:\Program Files (x86)\OfficeCM
2010-11-17 16:51:47 ----D---- C:\ProgramData\eBay
2010-11-17 16:51:47 ----D---- C:\Program Files (x86)\eBay
2010-11-16 21:36:09 ----D---- C:\Program Files (x86)\ICQ7.2
2010-11-15 23:23:50 ----D---- C:\Users\Kevin Köllmann\AppData\Roaming\mkvtoolnix
2010-11-14 20:08:33 ----D---- C:\Users\Kevin Köllmann\AppData\Roaming\Ashampoo
2010-11-14 20:07:59 ----D---- C:\ProgramData\ashampoo
2010-11-10 23:25:06 ----D---- C:\ProgramData\eMule
2010-11-07 00:00:12 ----A---- C:\Windows\SysWOW64\devil.dll
2010-11-07 00:00:11 ----A---- C:\Windows\SysWOW64\avisynth.dll
2010-11-07 00:00:08 ----A---- C:\Windows\SysWOW64\yv12vfw.dll
2010-11-07 00:00:08 ----A---- C:\Windows\SysWOW64\i420vfw.dll
2010-11-07 00:00:08 ----A---- C:\Windows\SysWOW64\AVSredirect.dll
2010-11-07 00:00:07 ----D---- C:\Program Files (x86)\AviSynth 2.5
2010-11-06 23:57:42 ----A---- C:\Windows\SysWOW64\pncrt.dll
2010-11-06 23:57:41 ----RSH---- C:\Windows\SysWOW64\nbDX.dll
2010-11-06 23:57:41 ----RSH---- C:\Windows\SysWOW64\msfDX.dll
2010-11-06 23:57:41 ----RSH---- C:\Windows\SysWOW64\flvDX.dll
2010-11-06 23:57:14 ----D---- C:\Program Files (x86)\eRightSoft
2010-11-06 15:45:19 ----D---- C:\Program Files (x86)\Sweet Home 3D
2010-11-06 15:34:58 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll
2010-11-06 15:34:52 ----D---- C:\Program Files (x86)\MSXML 4.0
2010-11-05 15:21:02 ----D---- C:\Program Files (x86)\Microsoft WSE
2010-11-04 17:57:18 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2010-11-04 16:39:24 ----A---- C:\Windows\SysWOW64\ff_vfw.dll
2010-11-04 16:39:23 ----D---- C:\Program Files (x86)\ffdshow
2010-11-04 16:38:24 ----D---- C:\Program Files (x86)\Haali
2010-11-04 16:26:24 ----D---- C:\Users\Kevin Köllmann\AppData\Roaming\DivX
2010-11-04 16:25:11 ----D---- C:\Users\Kevin Köllmann\AppData\Roaming\NVIDIA 3D Vision Video Player
2010-11-04 16:22:08 ----D---- C:\Program Files (x86)\SPlayer
2010-11-04 15:50:51 ----D---- C:\Program Files (x86)\Common Files\Akamai
2010-11-04 15:49:15 ----D---- C:\Program Files (x86)\Adobe Media Player
2010-11-04 15:48:15 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR
2010-11-02 03:00:19 ----SHD---- C:\Windows\SysWOW64\%APPDATA%
2010-11-01 22:31:29 ----D---- C:\Program Files (x86)\Microsoft Synchronization Services
2010-11-01 22:31:29 ----D---- C:\Program Files (x86)\Common Files\DESIGNER
2010-11-01 22:28:21 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2010-11-01 11:02:14 ----D---- C:\Users\Kevin Köllmann\AppData\Roaming\Canneverbe Limited
2010-11-01 11:02:13 ----D---- C:\ProgramData\Canneverbe Limited
2010-10-31 21:36:02 ----A---- C:\Windows\SysWOW64\OpenCL.dll
2010-10-31 21:36:02 ----A---- C:\Windows\SysWOW64\nvoglv32.dll
2010-10-31 21:36:02 ----A---- C:\Windows\SysWOW64\nvcuvid.dll
2010-10-31 21:36:02 ----A---- C:\Windows\SysWOW64\nvcuvenc.dll
2010-10-31 21:36:02 ----A---- C:\Windows\SysWOW64\nvcuda.dll
2010-10-31 21:36:01 ----A---- C:\Windows\SysWOW64\nvdecodemft.dll
2010-10-31 21:36:01 ----A---- C:\Windows\SysWOW64\nvcompiler.dll

======List of files/folders modified in the last 1 months======

2010-11-30 20:58:10 ----D---- C:\Windows\Prefetch
2010-11-30 20:58:08 ----D---- C:\Windows\Temp
2010-11-30 20:57:58 ----RD---- C:\Program Files (x86)
2010-11-30 20:57:53 ----D---- C:\Users\Kevin Köllmann\AppData\Roaming\NetSpeedMonitor
2010-11-30 20:49:44 ----D---- C:\Users\Kevin Köllmann\AppData\Roaming\DisplayFusion
2010-11-30 14:28:53 ----D---- C:\Windows
2010-11-30 14:28:46 ----D---- C:\Windows\winsxs
2010-11-30 14:28:35 ----SHD---- C:\System Volume Information
2010-11-30 14:19:56 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-11-30 14:19:43 ----D---- C:\Program Files (x86)\CCleaner
2010-11-30 14:11:33 ----SHD---- C:\Windows\Installer
2010-11-30 14:11:33 ----D---- C:\Windows\AppPatch
2010-11-30 14:11:14 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2010-11-30 14:09:51 ----D---- C:\Windows\SysWOW64
2010-11-30 14:07:42 ----D---- C:\Windows\SysWOW64\drivers
2010-11-30 14:07:40 ----HD---- C:\ProgramData
2010-11-30 13:58:03 ----D---- C:\Windows\System32
2010-11-30 13:58:03 ----D---- C:\Windows\inf
2010-11-29 22:42:02 ----D---- C:\Users\Kevin Köllmann\AppData\Roaming\ICQ
2010-11-29 00:01:10 ----D---- C:\Windows\LiveKernelReports
2010-11-27 01:05:49 ----D---- C:\Program Files (x86)\Common Files
2010-11-26 12:54:43 ----D---- C:\Program Files (x86)\JDownloader
2010-11-24 22:37:34 ----D---- C:\Users\Kevin Köllmann\AppData\Roaming\vlc
2010-11-24 17:23:01 ----RSD---- C:\Windows\assembly
2010-11-21 01:54:08 ----SD---- C:\Users\Kevin Köllmann\AppData\Roaming\Microsoft
2010-11-20 22:50:13 ----RSD---- C:\Windows\Fonts
2010-11-20 22:50:12 ----RD---- C:\Program Files
2010-11-20 17:46:01 ----RD---- C:\Users
2010-11-20 17:46:01 ----D---- C:\Windows\registration
2010-11-20 00:02:28 ----D---- C:\Users\Kevin Köllmann\AppData\Roaming\Apple Computer
2010-11-20 00:02:09 ----A---- C:\Windows\SysWOW64\deployJava1.dll
2010-11-19 21:20:36 ----D---- C:\Program Files (x86)\Common Files\Apple
2010-11-19 21:20:35 ----D---- C:\ProgramData\Apple Computer
2010-11-19 17:19:42 ----D---- C:\Windows\rescache
2010-11-18 22:22:08 ----A---- C:\Windows\ODBC.INI
2010-11-18 21:38:40 ----D---- C:\ProgramData\Adobe
2010-11-18 21:38:02 ----D---- C:\Users\Kevin Köllmann\AppData\Roaming\Adobe
2010-11-18 21:37:09 ----D---- C:\Program Files (x86)\Common Files\Adobe
2010-11-18 21:37:07 ----D---- C:\Program Files (x86)\Adobe
2010-11-18 15:31:25 ----D---- C:\Windows\debug
2010-11-17 17:45:22 ----D---- C:\Windows\Microsoft.NET
2010-11-16 00:47:57 ----D---- C:\Windows\SysWOW64\de-DE
2010-11-16 00:47:57 ----D---- C:\Windows\ehome
2010-11-16 00:47:56 ----D---- C:\Windows\PolicyDefinitions
2010-11-16 00:13:04 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2010-11-15 16:24:18 ----D---- C:\ProgramData\NVIDIA
2010-11-10 19:31:15 ----D---- C:\ProgramData\Microsoft Help
2010-11-08 23:17:44 ----D---- C:\ProgramData\Xfire
2010-11-05 15:11:25 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-11-05 13:57:55 ----D---- C:\Windows\Logs
2010-11-04 23:19:36 ----D---- C:\Windows\SysWOW64\LogFiles
2010-11-04 23:19:36 ----D---- C:\Users\Kevin Köllmann\AppData\Roaming\uTorrent
2010-11-04 23:19:36 ----D---- C:\Users\Kevin Köllmann\AppData\Roaming\skypePM
2010-11-04 17:56:06 ----D---- C:\Program Files (x86)\Common Files\ArcSoft
2010-11-01 22:31:12 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-11-01 22:31:12 ----D---- C:\Program Files (x86)\Microsoft Office
2010-11-01 22:29:27 ----SD---- C:\ProgramData\Microsoft
2010-11-01 22:28:22 ----D---- C:\Windows\ShellNew
2010-11-01 16:20:49 ----D---- C:\Program Files (x86)\Common Files\System
2010-11-01 16:18:48 ----D---- C:\Program Files (x86)\MSBuild
2010-11-01 16:17:22 ----A---- C:\Windows\win.ini
2010-10-31 14:56:14 ----D---- C:\Users\Kevin Köllmann\AppData\Roaming\gtk-2.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys []
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys []
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 KoneFltr;ROCCAT Kone; C:\Windows\system32\drivers\Kone.sys []
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys []
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM; C:\Windows\system32\DRIVERS\nvoclk64.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
S3 ab8yfxoj;ab8yfxoj; C:\Windows\SysWOW64\drivers\ab8yfxoj.sys []
S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys []
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 CQDETECT;Compaq Hardware Detection Service; C:\Windows\system32\drivers\cqdetect.sys [2010-10-23 8416]
S3 E100B;Intel(R) PRO-Adaptertreiber; C:\Windows\system32\DRIVERS\efe5b32e.sys []
S3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys []
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 StarOpen;StarOpen; C:\Windows\SysWOW64\drivers\StarOpen.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-11-02 267944]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 nTuneService;Performance Service; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [2010-03-22 276584]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 UpdateCenterService;Update Center Service; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [2009-11-06 282728]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-11-17 932640]
S3 ose;Office  Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-10-13 411432]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 Bonjour Service;Dienst "Bonjour"; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-07-27 345376]
S4 EPSON_EB_RPCV4_01;EPSON V5 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [2007-12-17 163840]
S4 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [2007-01-11 126464]
S4 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-05-06 357456]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------
--- --- ---

info.txt:
[CODE]info.txtRSIT Logfile:
Code:
logfile of random's system information tool 1.08 2010-11-30 20:58:13

======Uninstall list======

µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
3D-Fahrschule-->"C:\Program Files (x86)\Sybex\3D-Fahrschule 5\uninstall.exe"
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin
Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Photoshop CS5-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{15FEDA5F-141C-4127-8D7E-B962D1742728}"
Adobe Reader X - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-AA0000000001}
Apple Application Support-->MsiExec.exe /I{EE6097DD-05F4-4178-9719-D3170BF098E8}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
BlueJ 3.0.1-->"C:\BlueJ\uninst\unins000.exe"
Counter-Strike: Source-->"D:\Games\Steam\steam.exe" steam://uninstall/240
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Definition update for Microsoft Office 2010 (KB982726)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{820F2EBF-0AEC-46F1-9DCD-66CAAD8344D3}" "1031" "0"
Die*Sims™*3-->"C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x0007 -removeonly
DisplayFusion 3.2.0-->"C:\Program Files (x86)\DisplayFusion\unins000.exe"
DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
eReg-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
ffdshow v1.1.3562 [2010-09-07]-->"C:\Program Files (x86)\ffdshow\unins000.exe"
FileZilla Client 3.3.4.1-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
Freemake Video Downloader version 1.1.12-->"C:\Program Files (x86)\Freemake\Freemake Video Downloader\Uninstall\unins000.exe"
GIMP 2.6.11-->"C:\Program Files (x86)\GIMP-2.0\setup\unins000.exe"
Haali Media Splitter-->"C:\Program Files (x86)\Haali\MatroskaSplitter\uninstall.exe"
Harry Potter und der Feuerkelch™-->D:\Games\Harry Potter und der Feuerkelch\EAUninstall.exe
ICQ7.2-->"C:\Program Files (x86)\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) Programm für Prozessor-IDs-->MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328}
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
JDownloader-->C:\Program Files (x86)\JDownloader\uninstall.exe
LPS 2009v 3.0 USB-->"C:\Program Files (x86)\vvr\LPS2009_USB\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Microsoft Office 2003 Resource Kit-->MsiExec.exe /I{90240409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access 2003 Runtime-->MsiExec.exe /I{901C0407-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access MUI (German) 2010-->MsiExec.exe /X{90140000-0015-0407-0000-0000000FF1CE}
Microsoft Office Converter Pack-->MsiExec.exe /X{6EECB283-E65F-40EF-86D3-D51BF02A8D43}
Microsoft Office Excel MUI (German) 2010-->MsiExec.exe /X{90140000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2010-->MsiExec.exe /X{90140000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2010-->MsiExec.exe /X{90140000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2010-->MsiExec.exe /X{90140000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2010-->MsiExec.exe /X{90140000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2010-->MsiExec.exe /X{90140000-0018-0407-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{91140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2010-->MsiExec.exe /X{90140000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2010-->MsiExec.exe /X{90140000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2010-->MsiExec.exe /X{90140000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2010-->MsiExec.exe /X{90140000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2010-->MsiExec.exe /X{90140000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Mozilla Firefox 4.0b7 (x86 de)-->C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\uninstall\helper.exe
Mozilla Thunderbird (3.1.6)-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NVIDIA Performance-->"C:\Program Files (x86)\InstallShield Installation Information\{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}\setup.exe" -runfromtemp -l0x0407 -removeonly
NVIDIA Performance-->MsiExec.exe /I{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}
NVIDIA PhysX-->MsiExec.exe /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}
NVIDIA System Monitor-->"C:\Program Files (x86)\InstallShield Installation Information\{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}\setup.exe" -runfromtemp -l0x0407 -removeonly
NVIDIA System Monitor-->MsiExec.exe /I{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}
NVIDIA System Update-->"C:\Program Files (x86)\InstallShield Installation Information\{65A92AAA-3D05-4C94-9F70-731C05E60C16}\setup.exe" -runfromtemp -l0x0407 -removeonly
NVIDIA System Update-->MsiExec.exe /I{65A92AAA-3D05-4C94-9F70-731C05E60C16}
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
Picasa 3-->"C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"
PureSync 2.7.4-->msiexec.exe /x {1C46C865-E9D4-4B53-99EE-FF9436A1C989}
PureSync-->MsiExec.exe /I{1C46C865-E9D4-4B53-99EE-FF9436A1C989}
QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D}
Rainmeter (remove only)-->"C:\Program Files\Rainmeter\uninst.exe"
Realtek Ethernet Controller Driver For Windows Vista and Later-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe"  -removeonly
ROCCAT Kone Mouse Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9733747E-E53D-4C17-977E-3A872AFB93E1}\Setup.exe"
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft Office 2010 (KB2289161)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{F134C2C6-30B3-4169-A325-58482B4CE6FC}" "1031" "0"
Security Update for Microsoft Word 2010 (KB2345000)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{A6D422EE-1196-45EE-B9AE-6B5B64975E8B}" "1031" "0"
Skype™ 5.0-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPER © Version 2010.bld.41 (Oct 31, 2010)-->C:\PROGRA~2\ERIGHT~1\SUPER\Setup.exe /remove /q0
Sweet Home 3D version 2.5-->"C:\Program Files (x86)\Sweet Home 3D\unins000.exe"
TmNationsForever-->"D:\Games\TmNationsForever\unins000.exe"
Update for Microsoft Office 2010 (KB2202188)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{86B7A074-265D-420C-9E1E-7A920EF0ECA7}" "1031" "0"
Update for Microsoft OneNote 2010 (KB2288640)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{521AB5E8-5FFF-45C8-B750-6967F8C0A2B9}" "1031" "0"
Update for Microsoft Outlook Social Connector (KB2289116)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{75F91382-920C-4AE1-B9E6-FFFCEDA797E8}" "1031" "0"
Update für Microsoft Outlook Social Connector (KB2289116)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0407-0000-0000000FF1CE}" "{10B1662A-566C-43C2-8469-5A470E0C7D7B}" "1031" "0"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Visual Studio 2008 x64 Redistributables-->MsiExec.exe /I{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}
VLC media player 1.1.4-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}
Windows Live Fotogalerie-->MsiExec.exe /X{B113D18C-67B0-4FB7-B329-E89B66194AE6}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mesh ActiveX control for remote connections-->MsiExec.exe /I{C5398A89-516C-4DAF-BA07-EE7949090E56}
Windows Live Mesh-->MsiExec.exe /I{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Movie Maker-->MsiExec.exe /X{E4E88B54-4777-4659-967A-2EED1E6AFD83}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{9E48FF52-082C-4CC2-BB67-6E10D09C0431}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
WinSnap-->C:\Program Files\WinSnap\uninst64.exe
Xfire (remove only)-->"C:\Program Files (x86)\Xfire\uninst.exe"

======Hosts File======

127.0.0.1 im.adtech.de
127.0.0.1 adserver.adtech.de
127.0.0.1 adtech.de
127.0.0.1 ar.atwola.com
127.0.0.1 atwola.com
127.0.0.1 adserver.71i.de
127.0.0.1 adicqserver.71i.de
127.0.0.1 71i.de
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com

======System event log======

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Dienst "Cryptographic Services" befindet sich jetzt im Status "stopped".
Record Number: 5
Source Name: Service Control Manager
Time Written: 20090714051424.262212-000
Event Type: Informationen
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Dienst "Windows Modules Installer" befindet sich jetzt im Status "stopped".
Record Number: 4
Source Name: Service Control Manager
Time Written: 20090714051424.168612-000
Event Type: Informationen
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Dienst "Software Protection" befindet sich jetzt im Status "stopped".
Record Number: 3
Source Name: Service Control Manager
Time Written: 20090714051424.059412-000
Event Type: Informationen
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Dienst "Windows Event Log" befindet sich jetzt im Status "stopped".
Record Number: 2
Source Name: Service Control Manager
Time Written: 20090714051424.012612-000
Event Type: Informationen
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Dienst "Volume Shadow Copy" befindet sich jetzt im Status "stopped".
Record Number: 1
Source Name: Service Control Manager
Time Written: 20090714051423.934612-000
Event Type: Informationen
User:

=====Application event log=====

Computer Name: 37L4247E29-32
Event Code: 1001
Message: Fehlerbucket , Typ 0
Ereignisname: PnPDeviceProblemCode
Antwort: Nicht verfügbar
CAB-Datei-ID: 0

Problemsignatur:
P1: x64
P2: wpdbusenum\fs
P3: {eec5ad98-8080-425f-922a-dabf3de3f69a}
P4: 0000000A
P5: WUDFRd.sys
P6: 6.1.7600.16385
P7: 07-14-2009
P8:
P9:
P10:

Angefügte Dateien:
C:\Windows\Temp\DMI45D5.tmp.log.xml
C:\Windows\Temp\LOG45D6.tmp
C:\Windows\inf\wpdfs.inf

Diese Dateien befinden sich möglicherweise hier:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_9c379636690c47e285f28fe39a2cf1946e7f45d_cab_067945d5

Analysesymbol:
Es wird erneut nach einer Lösung gesucht: 0
Berichts-ID: 4c3d3ec1-d6ce-11df-bab4-9bddc4f16306
Berichtstatus: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20101013133218.000000-000
Event Type: Informationen
User:

Computer Name: 37L4247E29-32
Event Code: 5617
Message: Die Subsysteme des Windows-Verwaltungsinstrumentationsdienstes wurden erfolgreich initialisiert.
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20101013133121.000000-000
Event Type: Informationen
User:

Computer Name: 37L4247E29-32
Event Code: 5615
Message: Der Windows-Verwaltungsinstrumentationsdienst wurde erfolgreich gestartet.
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20101013133121.000000-000
Event Type: Informationen
User:

Computer Name: 37L4247E29-32
Event Code: 1531
Message: Der Benutzerprofildienst wurde erfolgreich gestartet. 


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20101013133121.116843-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: 37L4247E29-32
Event Code: 4625
Message: Das EventSystem-Subsystem unterdrückt duplizierte Ereignisprotokolleinträge für eine Dauer von 86400 Sekunden. Dieses Zeitlimit kann durch den REG_DWORD-Wert SuppressDuplicateDuration unter folgendem Registrierungsschlüssel gesteuert werden: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20101013133121.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: Kevin-PC
Event Code: 5061
Message: Kryptografievorgang.

Antragsteller:
        Sicherheits-ID:        S-1-5-19
        Kontoname:        LOKALER DIENST
        Kontodomäne:        NT-AUTORITÄT
        Anmelde-ID:        0x3e5

Kryptografische Parameter:
        Anbietername:        Microsoft Software Key Storage Provider
        Algorithmusname:        RSA
        Schlüsselname:        ca011384-6547-4e5e-96df-77b748460a4b
        Schlüsseltyp:        Computerschlüssel.

Kryptografischer Vorgang:
        Vorgang:        Schlüssel öffnen.
        Rückgabecode:        0x0
Record Number: 6289
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101029120431.389382-000
Event Type: Überwachung erfolgreich
User:

Computer Name: Kevin-PC
Event Code: 5058
Message: Schlüsseldateivorgang.
Antragsteller:
        Sicherheits-ID:                S-1-5-19
        Kontoname:                LOKALER DIENST
        Kontodomäne:                NT-AUTORITÄT
        Anmelde-ID:                0x3e5

Kryptografische Parameter:
        Anbietername:                Microsoft Software Key Storage Provider
        Algorithmusname:        Nicht verfügbar.

Schlüsselname:        ca011384-6547-4e5e-96df-77b748460a4b
        Schlüsseltyp:        Computerschlüssel.

Informationen zum Schlüsseldateivorgang:
        Dateipfad:        C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b39d8263a6893f7ff74bdc4b22fdd531_d33af415-7475-492f-b803-063f254beb06
        Vorgang:        Persistenten Schlüssel aus Datei lesen.
        Rückgabecode:        0x0
Record Number: 6288
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101029120431.389382-000
Event Type: Überwachung erfolgreich
User:

Computer Name: Kevin-PC
Event Code: 4634
Message: Ein Konto wurde abgemeldet.

Antragsteller:
        Sicherheits-ID:                S-1-5-21-1999863797-3632684815-3671747862-1001
        Kontoname:                Kevin Köllmann
        Kontodomäne:                Kevin-PC
        Anmelde-ID:                0x1941c07

Anmeldetyp:                        7

Dieses Ereignis wird generiert, wenn eine Anmeldesitzung zerstört wird. Es kann anhand des Wertes der Anmelde-ID positiv mit einem Anmeldeereignis korreliert werden. Anmelde-IDs sind nur zwischen Neustarts auf demselben Computer eindeutig.
Record Number: 6287
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101029120338.833264-000
Event Type: Überwachung erfolgreich
User:

Computer Name: Kevin-PC
Event Code: 4634
Message: Ein Konto wurde abgemeldet.

Antragsteller:
        Sicherheits-ID:                S-1-5-21-1999863797-3632684815-3671747862-1001
        Kontoname:                Kevin Köllmann
        Kontodomäne:                Kevin-PC
        Anmelde-ID:                0x1941c15

Anmeldetyp:                        7

Dieses Ereignis wird generiert, wenn eine Anmeldesitzung zerstört wird. Es kann anhand des Wertes der Anmelde-ID positiv mit einem Anmeldeereignis korreliert werden. Anmelde-IDs sind nur zwischen Neustarts auf demselben Computer eindeutig.
Record Number: 6286
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101029120338.833264-000
Event Type: Überwachung erfolgreich
User:

Computer Name: Kevin-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
        Sicherheits-ID:                S-1-5-21-1999863797-3632684815-3671747862-1001
        Kontoname:                Kevin Köllmann
        Kontodomäne:                Kevin-PC
        Anmelde-ID:                0x1941c07

Berechtigungen:                SeSecurityPrivilege
                        SeTakeOwnershipPrivilege
                        SeLoadDriverPrivilege
                        SeBackupPrivilege
                        SeRestorePrivilege
                        SeDebugPrivilege
                        SeSystemEnvironmentPrivilege
                        SeImpersonatePrivilege
Record Number: 6285
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101029120338.833264-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\ArcSoft\Bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
--- --- ---


Zu 4.:
Code:
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
                        º                                    º
                                    hjtscanlist v2.0             
                        º                                    º
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Microsoft Windows [Version 6.1.7600]
 
 
C:

  30.11.2010 20:58    C:\rsit --------- 0 
  30.11.2010 20:57    C:\Program Files (x86) --------- 24576 
  30.11.2010 14:28    C:\Windows --------- 16384 
  30.11.2010 14:28    C:\System Volume Information --------- 16384 
  30.11.2010 14:09    C:\InstallHelper.log --------- 1566 
  30.11.2010 14:07    C:\ProgramData --------- 8192 
      C:\pagefile.sys ---------   
      C:\hiberfil.sys ---------   
  20.11.2010 22:50    C:\Program Files --------- 8192 
  20.11.2010 17:46    C:\Users --------- 4096 
  28.10.2010 21:05    C:\BlueJ --------- 4096 
  13.10.2010 14:43    C:\$Recycle.Bin --------- 0 
  13.10.2010 14:42    C:\Recovery --------- 0 
  13.10.2010 14:42    C:\Programme --------- 0 
  13.10.2010 14:42    C:\Dokumente und Einstellungen --------- 0 
  14.07.2009 06:08    C:\Documents and Settings --------- 0 
  14.07.2009 04:20    C:\PerfLogs --------- 0 
----------------------------------------

 
C:\Windows

  30.11.2010 20:56    C:\Windows\WindowsUpdate.log --------- 1973423 
  30.11.2010 13:52    C:\Windows\bootstat.dat --------- 67584 
  18.11.2010 22:22    C:\Windows\ODBC.INI --------- 400 
  01.11.2010 16:17    C:\Windows\win.ini --------- 387 
  13.10.2010 14:53    C:\Windows\ctfile.rfc --------- 159 
  22.09.2010 23:32    C:\Windows\WLXPGSS.SCR --------- 301936 
  24.11.2009 10:40    C:\Windows\RtlExUpd.dll --------- 838176 
  31.10.2009 07:34    C:\Windows\explorer.exe --------- 2870272 
  14.07.2009 05:54    C:\Windows\WindowsShell.Manifest --------- 749 
  14.07.2009 02:39    C:\Windows\write.exe --------- 10240 
  14.07.2009 02:39    C:\Windows\splwow64.exe --------- 61952 
  14.07.2009 02:39    C:\Windows\regedit.exe --------- 427008 
  14.07.2009 02:39    C:\Windows\notepad.exe --------- 193536 
  14.07.2009 02:39    C:\Windows\hh.exe --------- 16896 
  14.07.2009 02:39    C:\Windows\HelpPane.exe --------- 733696 
  14.07.2009 02:39    C:\Windows\fveupdate.exe --------- 15360 
  14.07.2009 02:38    C:\Windows\bfsvc.exe --------- 71168 
  14.07.2009 02:16    C:\Windows\twain_32.dll --------- 51200 
  14.07.2009 02:14    C:\Windows\winhlp32.exe --------- 9728 
  14.07.2009 02:14    C:\Windows\twunk_32.exe --------- 31232 
  14.07.2009 00:06    C:\Windows\mib.bin --------- 43131 
  10.06.2009 22:41    C:\Windows\twunk_16.exe --------- 49680 
  10.06.2009 22:41    C:\Windows\twain.dll --------- 94784 
  10.06.2009 22:08    C:\Windows\system.ini --------- 219 
  10.06.2009 21:52    C:\Windows\WMSysPr9.prx --------- 316640 
  10.06.2009 21:36    C:\Windows\msdfmap.ini --------- 1405 
  10.06.2009 21:31    C:\Windows\Starter.xml --------- 48201 
  10.06.2009 21:30    C:\Windows\HomePremium.xml --------- 48265 
  01.08.1995 03:44    C:\Windows\PCDLIB32.DLL --------- 212480 
----------------------------------------

 
C:\Windows\System

----------------------------------------

 
C:\Windows\System32

 30.11.2010 15:00    C:\Windows\system32\LogFiles --------- 4096 
 30.11.2010 14:28    C:\Windows\system32\catroot --------- 4096 
 30.11.2010 14:27    C:\Windows\system32\catroot2 --------- 20480 
 30.11.2010 14:26    C:\Windows\system32\config --------- 12288 
 30.11.2010 14:07    C:\Windows\system32\drivers --------- 65536 
 30.11.2010 13:59    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 14608 
 30.11.2010 13:59    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 14608 
 30.11.2010 13:58    C:\Windows\system32\perfc009.dat --------- 106190 
 30.11.2010 13:58    C:\Windows\system32\perfh009.dat --------- 615810 
 30.11.2010 13:58    C:\Windows\system32\perfh007.dat --------- 653928 
 30.11.2010 13:58    C:\Windows\system32\perfc007.dat --------- 129800 
 30.11.2010 13:58    C:\Windows\system32\PerfStringBackup.INI --------- 1498506 
 30.11.2010 08:47    C:\Windows\system32\spool --------- 4096 
 29.11.2010 22:57    C:\Windows\system32\Tasks --------- 4096 
 20.11.2010 17:46    C:\Windows\system32\FNTCACHE.DAT --------- 4970400 
 20.11.2010 17:46    C:\Windows\system32\wfp --------- 0 
 20.11.2010 17:46    C:\Windows\system32\wbem --------- 65536 
 20.11.2010 17:46    C:\Windows\system32\NDF --------- 0 
 19.11.2010 21:19    C:\Windows\system32\DriverStore --------- 4096 
 16.11.2010 00:47    C:\Windows\system32\de-DE --------- 327680 
 10.11.2010 19:30    C:\Windows\system32\MRT.exe --------- 37628360 
 09.11.2010 05:05    C:\Windows\system32\mshtml.dll --------- 16623616 
 09.11.2010 05:00    C:\Windows\system32\ieframe.dll --------- 13632512 
 09.11.2010 04:55    C:\Windows\system32\inetcpl.cpl --------- 1502208 
 09.11.2010 04:52    C:\Windows\system32\mshtml.tlb --------- 2381824 
 09.11.2010 04:50    C:\Windows\system32\ieui.dll --------- 242688 
 23.10.2010 22:02    C:\Windows\system32\wdi --------- 4096 
 22.10.2010 07:23    C:\Windows\system32\OpenCL.dll --------- 67176 
 22.10.2010 07:23    C:\Windows\system32\nvwgf2umx.dll --------- 7491688 
 22.10.2010 07:23    C:\Windows\system32\nvoglv64.dll --------- 20284008 
 22.10.2010 07:23    C:\Windows\system32\nvinfo.pb --------- 7877 
 22.10.2010 07:23    C:\Windows\system32\nvgenco642030.dll --------- 1308776 
 22.10.2010 07:23    C:\Windows\system32\nvdispco642050.dll --------- 1500264 
 22.10.2010 07:23    C:\Windows\system32\nvdecodemft.dll --------- 386152 
 22.10.2010 07:23    C:\Windows\system32\nvd3dumx.dll --------- 12788840 
 22.10.2010 07:23    C:\Windows\system32\nvcuvid.dll --------- 3112552 
 22.10.2010 07:23    C:\Windows\system32\nvcuvenc.dll --------- 2934888 
 22.10.2010 07:23    C:\Windows\system32\nvcuda.dll --------- 6471784 
 22.10.2010 07:23    C:\Windows\system32\nvcompiler.dll --------- 18597480 
 22.10.2010 07:23    C:\Windows\system32\nvapi64.dll --------- 2161256 
 19.10.2010 10:41    C:\Windows\system32\MpSigStub.exe --------- 270720 
 16.10.2010 13:13    C:\Windows\system32\nvcpl.dll --------- 5901416 
 16.10.2010 13:13    C:\Windows\system32\nvsvc64.dll --------- 2590824 
 16.10.2010 13:13    C:\Windows\system32\nvmctray.dll --------- 116328 
 16.10.2010 13:13    C:\Windows\system32\nvvsvc.exe --------- 989800 
 16.10.2010 13:13    C:\Windows\system32\nvsvcr.dll --------- 1881704 
 15.10.2010 23:49    C:\Windows\system32\en-US --------- 8192 
 13.10.2010 15:51    C:\Windows\system32\migration --------- 0 
 13.10.2010 15:47    C:\Windows\system32\DRVSTORE --------- 0 
 13.10.2010 15:02    C:\Windows\system32\javaws.exe --------- 183296 
 13.10.2010 15:02    C:\Windows\system32\java.exe --------- 165888 
 13.10.2010 15:02    C:\Windows\system32\deployJava1.dll --------- 468480 
 13.10.2010 15:02    C:\Windows\system32\javaw.exe --------- 165888 
 13.10.2010 14:49    C:\Windows\system32\restore --------- 0 
 13.10.2010 14:45    C:\Windows\system32\CodeIntegrity --------- 0 
 13.10.2010 14:42    C:\Windows\system32\Recovery --------- 0 
 13.10.2010 14:34    C:\Windows\system32\license.rtf --------- 52953 
 13.10.2010 14:34    C:\Windows\system32\sysprep --------- 0 
 29.09.2010 22:03    C:\Windows\system32\Notepad2.ini --------- 23282 
 21.09.2010 13:49    C:\Windows\system32\LIVESSP.DLL --------- 252800 
 07.09.2010 21:09    C:\Windows\system32\nvhdap64.dll --------- 29288 
 07.09.2010 21:08    C:\Windows\system32\nvgenco64.dll --------- 1308776 
 01.09.2010 06:21    C:\Windows\system32\wmp.dll --------- 14627840 
 01.09.2010 06:12    C:\Windows\system32\wmploc.DLL --------- 12625920 
 01.09.2010 03:58    C:\Windows\system32\win32k.sys --------- 3123712 
 31.08.2010 23:54    C:\Windows\system32\iedkcs32.dll --------- 394040 
 31.08.2010 23:43    C:\Windows\system32\urlmon.dll --------- 1253888 
 31.08.2010 23:43    C:\Windows\system32\ieapfltr.dll --------- 545792 
 31.08.2010 23:43    C:\Windows\system32\html.iec --------- 448512 
 31.08.2010 23:42    C:\Windows\system32\wininet.dll --------- 1360896 
 31.08.2010 23:42    C:\Windows\system32\jscript9.dll --------- 1633280 
 31.08.2010 23:42    C:\Windows\system32\webcheck.dll --------- 250368 
 31.08.2010 23:42    C:\Windows\system32\msrating.dll --------- 197120 
 31.08.2010 23:42    C:\Windows\system32\licmgr10.dll --------- 27136 
 31.08.2010 23:42    C:\Windows\system32\occache.dll --------- 147968 
 31.08.2010 23:42    C:\Windows\system32\jsproxy.dll --------- 84480 
 31.08.2010 23:42    C:\Windows\system32\url.dll --------- 112128 
 31.08.2010 23:42    C:\Windows\system32\jscript.dll --------- 819712 
 31.08.2010 23:41    C:\Windows\system32\vbscript.dll --------- 601088 
 31.08.2010 23:41    C:\Windows\system32\iesysprep.dll --------- 136704 
 31.08.2010 23:41    C:\Windows\system32\ieUnatt.exe --------- 173056 
 31.08.2010 23:41    C:\Windows\system32\SetIEInstalledDate.exe --------- 93184 
 31.08.2010 23:41    C:\Windows\system32\iertutil.dll --------- 2431488 
 31.08.2010 23:41    C:\Windows\system32\RegisterIEPKEYs.exe --------- 90624 
 31.08.2010 23:41    C:\Windows\system32\ie4uinit.exe --------- 93696 
 31.08.2010 23:41    C:\Windows\system32\ieaksie.dll --------- 263168 
 31.08.2010 23:41    C:\Windows\system32\admparse.dll --------- 60416 
 31.08.2010 23:41    C:\Windows\system32\ieakui.dll --------- 163840 
 31.08.2010 23:41    C:\Windows\system32\ieakeng.dll --------- 157696 
 31.08.2010 23:41    C:\Windows\system32\iesetup.dll --------- 85504 
 31.08.2010 23:41    C:\Windows\system32\inseng.dll --------- 102400 
 31.08.2010 23:41    C:\Windows\system32\iernonce.dll --------- 39424 
 31.08.2010 23:41    C:\Windows\system32\IEAdvpack.dll --------- 133632 
 31.08.2010 23:41    C:\Windows\system32\msfeeds.dll --------- 690176 
 31.08.2010 23:41    C:\Windows\system32\wextract.exe --------- 159232 
 31.08.2010 23:41    C:\Windows\system32\iexpress.exe --------- 165888 
 31.08.2010 23:41    C:\Windows\system32\dxtmsft.dll --------- 532480 
 31.08.2010 23:41    C:\Windows\system32\dxtrans.dll --------- 313344 
 31.08.2010 23:41    C:\Windows\system32\iepeers.dll --------- 147456 
 31.08.2010 23:41    C:\Windows\system32\msfeedsbs.dll --------- 52224 
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 30.11.2010 13:52    C:\Windows\Tasks\SA.DAT --------- 6 
 14.07.2009 06:08    C:\Windows\Tasks\SCHEDLGU.TXT --------- 6174 
----------------------------------------

 
C:\Windows\Temp

 30.11.2010 20:58    C:\Windows\Temp\MpCmdRun.log --------- 2516 
----------------------------------------

 
C:\Users\KEVINK~1\AppData\Local\Temp

 30.11.2010 14:37    C:\Users\KEVINK~1\AppData\Local\Temp\foxtab --------- 0 
 30.11.2010 14:33    C:\Users\KEVINK~1\AppData\Local\Temp\plugtmp --------- 0 
 30.11.2010 14:20    C:\Users\KEVINK~1\AppData\Local\Temp\netview.txt --------- 276 
 29.11.2010 22:37    C:\Users\KEVINK~1\AppData\Local\Temp\Low --------- 0 
----------------------------------------

 
C:\Program Files

----------------------------------------

 
C:\ProgramData\..

Kevin K”llmann   
Gast   
Default   
Public   
All Users   
Default User   
desktop.ini   
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1 im.adtech.de
127.0.0.1 adserver.adtech.de
127.0.0.1 adtech.de
127.0.0.1 ar.atwola.com
127.0.0.1 atwola.com
127.0.0.1 adserver.71i.de
127.0.0.1 adicqserver.71i.de
127.0.0.1 71i.de
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com
127.0.0.1        www.123moviedownload.com
127.0.0.1        123simsen.com
127.0.0.1        www.123simsen.com
127.0.0.1        123topsearch.com
127.0.0.1        www.123topsearch.com
127.0.0.1        125sms.co.uk
127.0.0.1        www.125sms.co.uk
127.0.0.1        125sms.com
127.0.0.1        www.125sms.com
127.0.0.1        132.com
127.0.0.1        www.132.com
127.0.0.1        1337crew.info
127.0.0.1        www.1337crew.info
127.0.0.1        www.1337-crew.to
127.0.0.1        1337-crew.to
127.0.0.1        136136.net
127.0.0.1        www.136136.net
127.0.0.1        150freesms.de
127.0.0.1        www.150freesms.de
127.0.0.1        163ns.com
127.0.0.1        www.163ns.com
127.0.0.1        171203.com
127.0.0.1        17concepts.info
127.0.0.1        www.17concepts.info
127.0.0.1        17-plus.com
127.0.0.1        www.1800searchonline.com
127.0.0.1        1800searchonline.com
127.0.0.1        180searchassistant.com
127.0.0.1        www.180searchassistant.com
127.0.0.1        180solutions.com
127.0.0.1        www.180solutions.com
127.0.0.1        181.365soft.info
127.0.0.1        www.181.365soft.info
127.0.0.1        1987324.com
127.0.0.1        www.1987324.com
127.0.0.1        www.1-domains-registrations.com
127.0.0.1        1-domains-registrations.com
127.0.0.1        www.1ghporn.info
127.0.0.1        1ghporn.info
127.0.0.1        www.1importantiamreal.com
127.0.0.1        1importantiamreal.com
127.0.0.1        www.1mybigdreamnowreal.com

----------------------------------------

 

Abbildname                    PID Sitzungsname      Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                  0            24 K
System                          4 Services                  0        1.908 K
smss.exe                      280 Services                  0          552 K
csrss.exe                      432 Services                  0        3.872 K
wininit.exe                    492 Services                  0        1.832 K
csrss.exe                      504 Console                    1        8.616 K
services.exe                  548 Services                  0        5.532 K
lsass.exe                      560 Services                  0        10.824 K
lsm.exe                        568 Services                  0        2.280 K
svchost.exe                    692 Services                  0        5.000 K
winlogon.exe                  724 Console                    1        3.332 K
nvvsvc.exe                    812 Services                  0        3.644 K
svchost.exe                    852 Services                  0        5.344 K
svchost.exe                    924 Services                  0        18.760 K
svchost.exe                    956 Services                  0      145.520 K
svchost.exe                    988 Services                  0        29.844 K
svchost.exe                  1076 Services                  0        8.332 K
svchost.exe                  1108 Services                  0        18.100 K
NvXDSync.exe                  1176 Console                    1        7.124 K
nvvsvc.exe                    1192 Console                    1        3.224 K
spoolsv.exe                  1368 Services                  0        8.228 K
sched.exe                    1420 Services                  0        1.896 K
svchost.exe                  1448 Services                  0        8.648 K
svchost.exe                  1568 Services                  0        6.780 K
avguard.exe                  1596 Services                  0        22.060 K
AppleMobileDeviceService.    1624 Services                  0        2.956 K
svchost.exe                  1708 Services                  0        13.584 K
nTuneService.exe              1764 Services                  0        3.428 K
svchost.exe                  1800 Services                  0        2.776 K
UpdateCenterService.exe      1852 Services                  0        2.452 K
WLIDSVC.EXE                  1928 Services                  0        6.112 K
SDWinSec.exe                  2028 Services                  0        7.192 K
WLIDSVCM.EXE                  1872 Services                  0        1.108 K
avshadow.exe                  2068 Services                  0        1.236 K
conhost.exe                  2080 Services                  0        1.096 K
svchost.exe                  2724 Services                  0        2.624 K
taskhost.exe                  2900 Console                    1        5.860 K
dwm.exe                      2944 Console                    1        60.800 K
explorer.exe                  2984 Console                    1        71.312 K
RAVCpl64.exe                  2404 Console                    1        4.460 K
SetPoint.exe                  1916 Console                    1        5.168 K
KHALMNPR.exe                  3024 Console                    1        2.304 K
DisplayFusion.exe              340 Console                    1        1.492 K
sidebar.exe                    296 Console                    1        48.480 K
TeaTimer.exe                  2760 Console                    1        76.040 K
Rainmeter.exe                3120 Console                    1        18.600 K
nTuneCmd.exe                  3280 Console                    1        2.732 K
KoneHID.EXE                  3332 Console                    1        3.684 K
avgnt.exe                    3348 Console                    1        5.748 K
SearchIndexer.exe            3592 Services                  0        35.144 K
DisplayFusionHookx86.exe      3896 Console                    1        1.624 K
wmpnetwk.exe                  3928 Services                  0        14.480 K
OSD.exe                      3944 Console                    1        1.720 K
svchost.exe                  3376 Services                  0        10.068 K
dllhost.exe                  4496 Services                  0        2.596 K
firefox.exe                  4064 Console                    1      317.488 K
plugin-container.exe          3464 Console                    1        7.280 K
svchost.exe                    404 Services                  0        29.144 K
svchost.exe                  3720 Services                  0        2.272 K
thunderbird.exe              4604 Console                    1        43.108 K
TrustedInstaller.exe          448 Services                  0        4.180 K
wuauclt.exe                  4304 Console                    1        6.496 K
audiodg.exe                    452 Services                  0        17.552 K
SearchProtocolHost.exe        4624 Services                  0        9.132 K
SearchFilterHost.exe          3016 Services                  0        6.592 K
WmiPrvSE.exe                  652 Services                  0        11.608 K
MpCmdRun.exe                  2216 Services                  0        5.248 K
notepad.exe                  1252 Console                    1        6.420 K
notepad.exe                  1404 Console                    1        6.316 K
cmd.exe                      4616 Console                    1        3.576 K
conhost.exe                  4880 Console                    1        5.492 K
tasklist.exe                  2236 Console                    1        5.288 K

 
***** Ende des Scans 30.11.2010 um 20:59:55,52 ***
Zu 5.:
Code:
3D-Fahrschule                15.10.2010               
7-Zip 4.65 (x64 edition)        Igor Pavlov        12.10.2010        3,99MB        4.65.00.0
Adobe AIR        Adobe Systems Inc.        03.11.2010                1.5.3.9120
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        12.10.2010        6,00MB        10.1.85.3
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        19.10.2010        6,00MB        10.1.85.3
Adobe Photoshop CS5        Adobe Systems Incorporated        03.11.2010        2.592MB        12.0
Adobe Reader X - Deutsch        Adobe Systems Incorporated        17.11.2010        115,2MB        10.0.0
Apple Application Support        Apple Inc.        18.11.2010        52,7MB        1.4.1
Apple Mobile Device Support        Apple Inc.        18.11.2010        22,3MB        3.3.0.69
Apple Software Update        Apple Inc.        12.10.2010        2,26MB        2.1.2.120
Avira AntiVir Personal - Free Antivirus        Avira GmbH        21.11.2010        61,8MB        10.0.0.596
BlueJ 3.0.1        La Trobe University        27.10.2010               
Bonjour        Apple Inc.        12.10.2010        1,78MB        2.0.3.0
CCleaner        Piriform        29.11.2010                3.01
CDBurnerXP        CDBurnerXP        15.11.2010        11,9MB        4.3.7.2423
Counter-Strike: Source        Valve        25.10.2010               
Die*Sims™*3        Electronic Arts        04.11.2010                1.0.615
DisplayFusion 3.2.0        Binary Fortress Software        12.10.2010        3,43MB       
DivX-Setup        DivX, Inc.        14.10.2010                2.1.2.2
EPSON Stylus S20 Series Printer Uninstall        SEIKO EPSON Corporation        20.10.2010               
ffdshow v1.1.3562 [2010-09-07]                03.11.2010        16,8MB        1.1.3562.0
FileZilla Client 3.3.4.1                12.10.2010                3.3.4.1
Freemake Video Downloader version 1.1.12        Ellora Assets Corporation        12.10.2010        29,0MB       
GIMP 2.6.11        The GIMP Team        12.10.2010        106,8MB        2.6.11
Haali Media Splitter                03.11.2010               
Harry Potter und der Feuerkelch™                03.11.2010               
ICQ7.2        ICQ        15.11.2010                7.2
Intel(R) Programm für Prozessor-IDs        Intel Corporation        12.10.2010        3,97MB        4.22.0000
iTunes        Apple Inc.        18.11.2010        145,7MB        10.1.0.56
Java(TM) 6 Update 21 (64-bit)        Oracle        12.10.2010        90,5MB        6.0.210
Java(TM) 6 Update 22        Oracle        19.11.2010        95,0MB        6.0.220
Java(TM) SE Development Kit 6 Update 21 (64-bit)        Oracle        12.10.2010        144,0MB        1.6.0.210
JDownloader        AppWork UG (haftungsbeschränkt)        12.10.2010               
Logitech SetPoint 6.15        Logitech        12.10.2010        39,1MB        6.15.25
LPS 2009v 3.0 USB        VVR        17.11.2010                LPS 2009v 3.0 USB
Malwarebytes' Anti-Malware        Malwarebytes Corporation        29.11.2010        8,51MB       
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        14.10.2010        38,8MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        14.10.2010        2,94MB        4.0.30319
Microsoft Office 2003 Resource Kit        Microsoft Corporation        17.11.2010        23,1MB        11.0.5614.0
Microsoft Office Access 2003 Runtime        Microsoft Corporation        09.11.2010        214MB        11.0.8173.0
Microsoft Office Converter Pack        Microsoft Corporation - Office Resource Kit Group        20.11.2010        0,99MB        11.0.0.0
Microsoft Office Professional Plus 2010        Microsoft Corporation        31.10.2010                14.0.4763.1000
Microsoft Silverlight        Microsoft Corporation        14.10.2010        40,4MB        4.0.50917.0
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        26.10.2010        1,70MB        3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        06.11.2010        0,24MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        04.11.2010        0,42MB        8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148        Microsoft Corporation        14.10.2010        0,21MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        12.10.2010        0,77MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        12.10.2010        0,57MB        9.0.30729.4148
Microsoft WSE 3.0 Runtime        Microsoft Corp.        04.11.2010        0,92MB        3.0.5305.0
Mozilla Firefox 4.0b7 (x86 de)        Mozilla        28.11.2010        26,3MB        4.0b7
Mozilla Thunderbird (3.1.6)        Mozilla        28.10.2010                3.1.6 (de)
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        07.11.2010        1,28MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        07.11.2010        1,33MB        4.20.9876.0
MSXML 4.0 SP2 Parser and SDK        Microsoft Corporation        05.11.2010        1,23MB        4.20.9818.0
NetSpeedMonitor 2.5.4.0 x64        Florian Gilles        12.10.2010        1,25MB        2.5.4.0
NVIDIA Drivers        NVIDIA Corporation        30.10.2010                1.10
NVIDIA Grafiktreiber 260.99        NVIDIA Corporation        30.10.2010                260.99
NVIDIA HD-Audiotreiber 1.1.9.0        NVIDIA Corporation        30.10.2010                1.1.9.0
NVIDIA Performance        NVIDIA Corporation        30.10.2010        22,1MB        6.5
NVIDIA PhysX-Systemsoftware 9.10.0514        NVIDIA Corporation        30.10.2010                9.10.0514
NVIDIA System Monitor        NVIDIA Corporation        30.10.2010        21,1MB        6.5
NVIDIA System Update        NVIDIA Corporation        30.10.2010        4,98MB        3.00
Picasa 3        Google, Inc.        12.10.2010                3.6
PureSync 2.7.4        Jumping Bytes        26.11.2010                2.7.4
QuickTime        Apple Inc.        12.10.2010        73,7MB        7.68.75.0
Rainmeter (remove only)                19.11.2010               
Realtek Ethernet Controller Driver For Windows Vista and Later        Realtek        12.10.2010                1.00.0009
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        12.10.2010                6.0.1.5998
ROCCAT Kone Mouse Driver                12.10.2010               
Skype™ 5.0        Skype Technologies S.A.        14.10.2010        21,4MB        5.0.152
Spybot - Search & Destroy        Safer Networking Limited        15.10.2010                1.6.2
Steam        Valve Corporation        12.10.2010        1,49MB        1.0.0.0
SUPER © Version 2010.bld.41 (Oct 31, 2010)        eRightSoft        05.11.2010                Version 2010.bld.41 (Oct 31, 2010)
Sweet Home 3D version 2.5        eTeks        05.11.2010               
TmNationsForever        Nadeo        23.11.2010               
Visual Studio 2008 x64 Redistributables        AVG Technologies        12.10.2010        42,00KB        10.0.0.2
VLC media player 1.1.4        VideoLAN        12.10.2010                1.1.4
Windows Live Essentials        Microsoft Corporation        27.10.2010                15.4.3502.0922
Windows Live Mesh ActiveX control for remote connections        Microsoft Corporation        26.10.2010        5,58MB        15.4.5722.2
WinSnap        NTWind Software        12.10.2010                3.5.1
Xfire (remove only)                23.10.2010               
µTorrent                12.10.2010                2.0.3

kira 30.11.2010 22:16
1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählenHäckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:
O3 - Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - (no file)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
2.
den Java-Cache leeren - wie unter Punkt 7. u. 8. beschrieben *klick
über Systemsteuerung -> Java...

3.
Zitat:
**Vor dem Löschen temporärer Dateien sollte man unbedingt alle Anwendungen beenden!
**lösche nur den Inhalt der Ordner, nicht die Ordner selbst!
**Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind,nicht löschbar.
Temp Ordner leeren:
C:\Users\xxxxx\AppData\Local\Temp--> lösche nur den Inhalt der Ordner, nicht die Ordner selbst
oder klicke auf Start-> Suche-> %temp% reinschreiben...

4.
Öffne CCleaner
  • "Cleaner"-->"Analysieren"-->Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"--> "Fehler beheben"-->"Alle beheben"
  • Starte dein System neu auf

5.
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum
Führe dann einen Komplett-Systemcheck mit Nod32 durch
- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"
- "Link:-> ESET Online Scanner
Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben

6.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

► Hast du jetzt noch irgendwelche Probleme?

Koelli91 01.12.2010 14:04
Zu 5.:
Code:
D:\CD_DVD_Images\Crysis.iso        möglicherweise Variante von Win32/Spy.Agent.FEABBFZ Trojaner        gelöscht - in Quarantäne kopiert
D:\CD_DVD_Images\Harry Potter und der Halbblutprinz [PC-Game].iso        möglicherweise Variante von Win32/Hupigon.NPYNBMO Trojaner        gelöscht - in Quarantäne kopiert
D:\CD_DVD_Images\Rollercoaster Tycoon 3.iso        möglicherweise Variante von Win32/Agent.MTMHKLH Trojaner        gelöscht - in Quarantäne kopiert
D:\Downloads\Games\Counter-Strike_1.6.zip        Variante von Win32/Induc.A Virus        gelöscht - in Quarantäne kopiert
D:\Games\CS1.6\cstrike\config.exe        Variante von Win32/Induc.A Virus        gelöscht - in Quarantäne kopiert
M:\D_Downloads\Games\Counter-Strike_1.6.zip        Variante von Win32/Induc.A Virus        gelöscht - in Quarantäne kopiert
Zu 6.:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:03:08, on 01.12.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
D:\Downloads\Sicherheit & Wartung\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Kone] "C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PureSync] "C:\Program Files (x86)\PureSync\PureSyncTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8304 bytes

kira 01.12.2010 22:27
Hast du jetzt noch irgendwelche Probleme?


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:07 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131