Zurück   Trojaner-Board > Archiv - Kein Posten möglich > Mülltonne
(2x) Frühjahrsputz: Logs auswerten

(2x) Frühjahrsputz: Logs auswerten


Mülltonne: (2x) Frühjahrsputz: Logs auswerten

Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne...

 
Alt 08.04.2012, 12:46   #1
AdamaBG
 
(2x) Frühjahrsputz: Logs auswerten - Standard

(2x) Frühjahrsputz: Logs auswerten


Hallo,

ich bitte darum nachstehende Logs auszuwerten, möchte meinen PC clean bekommen. Danke!


Das hier ergab Malware:

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.08.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
MS :: MS-81B1A4635884 [Administrator]

Schutz: Deaktiviert

08.04.2012 08:36:46
mbam-log-2012-04-08 (08-36-46).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 266022
Laufzeit: 51 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Und dies hier TDSSKiller:

10:26:28.0656 3980 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
10:26:28.0718 3980 ============================================================
10:26:28.0718 3980 Current date / time: 2012/04/08 10:26:28.0718
10:26:28.0718 3980 SystemInfo:
10:26:28.0718 3980
10:26:28.0718 3980 OS Version: 5.1.2600 ServicePack: 3.0
10:26:28.0718 3980 Product type: Workstation
10:26:28.0718 3980 ComputerName: MS-81B1A4635884
10:26:28.0718 3980 UserName: MS
10:26:28.0718 3980 Windows directory: C:\WINDOWS
10:26:28.0718 3980 System windows directory: C:\WINDOWS
10:26:28.0718 3980 Processor architecture: Intel x86
10:26:28.0718 3980 Number of processors: 4
10:26:28.0718 3980 Page size: 0x1000
10:26:28.0718 3980 Boot type: Normal boot
10:26:28.0718 3980 ============================================================
10:26:31.0687 3980 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:26:31.0687 3980 \Device\Harddisk0\DR0:
10:26:31.0687 3980 MBR used
10:26:31.0687 3980 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
10:26:31.0734 3980 Initialize success
10:26:31.0734 3980 ============================================================
10:27:51.0031 2920 ============================================================
10:27:51.0031 2920 Scan started
10:27:51.0031 2920 Mode: Manual; SigCheck; TDLFS;
10:27:51.0031 2920 ============================================================
10:27:51.0406 2920 Abiosdsk - ok
10:27:51.0421 2920 abp480n5 - ok
10:27:51.0484 2920 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:27:51.0671 2920 ACPI - ok
10:27:51.0687 2920 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:27:51.0781 2920 ACPIEC - ok
10:27:51.0828 2920 ACPIVPC (e1c674ef05a0833b54fa31dc0ccff4c7) C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys
10:27:51.0875 2920 ACPIVPC - ok
10:27:51.0875 2920 adpu160m - ok
10:27:51.0937 2920 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:27:52.0015 2920 aec - ok
10:27:52.0062 2920 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:27:52.0156 2920 AFD - ok
10:27:52.0156 2920 Aha154x - ok
10:27:52.0171 2920 aic78u2 - ok
10:27:52.0171 2920 aic78xx - ok
10:27:52.0218 2920 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
10:27:52.0312 2920 Alerter - ok
10:27:52.0328 2920 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
10:27:52.0390 2920 ALG - ok
10:27:52.0406 2920 AliIde - ok
10:27:52.0406 2920 amsint - ok
10:27:52.0515 2920 Apple Mobile Device (557f35d1ca42aea14a6690e21887a31f) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
10:27:52.0531 2920 Apple Mobile Device - ok
10:27:52.0578 2920 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
10:27:52.0640 2920 AppMgmt - ok
10:27:52.0656 2920 asc - ok
10:27:52.0656 2920 asc3350p - ok
10:27:52.0671 2920 asc3550 - ok
10:27:52.0718 2920 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:27:52.0734 2920 aspnet_state - ok
10:27:52.0765 2920 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:27:52.0875 2920 AsyncMac - ok
10:27:52.0921 2920 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:27:53.0015 2920 atapi - ok
10:27:53.0015 2920 Atdisk - ok
10:27:53.0062 2920 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:27:53.0171 2920 Atmarpc - ok
10:27:53.0218 2920 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
10:27:53.0296 2920 AudioSrv - ok
10:27:53.0359 2920 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:27:53.0437 2920 audstub - ok
10:27:53.0546 2920 BCM43XX (fbc6cc35f139fb4130e55476c2a2460c) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
10:27:53.0750 2920 BCM43XX - ok
10:27:53.0859 2920 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:27:53.0953 2920 Beep - ok
10:27:54.0015 2920 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
10:27:54.0156 2920 BITS - ok
10:27:54.0250 2920 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Programme\Bonjour\mDNSResponder.exe
10:27:54.0265 2920 Bonjour Service - ok
10:27:54.0375 2920 Bridge0 (707c198f7a7877697b48fdfae1ed288c) C:\WINDOWS\system32\drivers\WDBridge.sys
10:27:54.0421 2920 Bridge0 - ok
10:27:54.0468 2920 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
10:27:54.0578 2920 Browser - ok
10:27:54.0593 2920 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:27:54.0687 2920 cbidf2k - ok
10:27:54.0734 2920 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:27:54.0812 2920 CCDECODE - ok
10:27:54.0812 2920 cd20xrnt - ok
10:27:54.0859 2920 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:27:54.0953 2920 Cdaudio - ok
10:27:55.0015 2920 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:27:55.0093 2920 Cdfs - ok
10:27:55.0125 2920 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:27:55.0203 2920 Cdrom - ok
10:27:55.0218 2920 Changer - ok
10:27:55.0250 2920 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
10:27:55.0359 2920 CiSvc - ok
10:27:55.0390 2920 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
10:27:55.0484 2920 ClipSrv - ok
10:27:55.0546 2920 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:27:55.0562 2920 clr_optimization_v2.0.50727_32 - ok
10:27:55.0640 2920 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:27:55.0640 2920 clr_optimization_v4.0.30319_32 - ok
10:27:55.0703 2920 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:27:55.0796 2920 CmBatt - ok
10:27:55.0812 2920 CmdIde - ok
10:27:55.0890 2920 CnxtHdAudService (cd6b20b6bb7cdd413a83fb39c3abf687) C:\WINDOWS\system32\drivers\CHDAU32.sys
10:27:55.0953 2920 CnxtHdAudService - ok
10:27:55.0984 2920 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:27:56.0078 2920 Compbatt - ok
10:27:56.0078 2920 COMSysApp - ok
10:27:56.0078 2920 Cpqarray - ok
10:27:56.0125 2920 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
10:27:56.0218 2920 CryptSvc - ok
10:27:56.0218 2920 dac2w2k - ok
10:27:56.0234 2920 dac960nt - ok
10:27:56.0296 2920 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
10:27:56.0328 2920 DcomLaunch - ok
10:27:56.0375 2920 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
10:27:56.0468 2920 Dhcp - ok
10:27:56.0515 2920 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:27:56.0609 2920 Disk - ok
10:27:56.0609 2920 dmadmin - ok
10:27:56.0671 2920 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
10:27:56.0765 2920 dmboot - ok
10:27:56.0781 2920 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
10:27:56.0890 2920 dmio - ok
10:27:56.0921 2920 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:27:57.0000 2920 dmload - ok
10:27:57.0031 2920 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
10:27:57.0125 2920 dmserver - ok
10:27:57.0187 2920 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:27:57.0265 2920 DMusic - ok
10:27:57.0328 2920 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
10:27:57.0406 2920 Dnscache - ok
10:27:57.0656 2920 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
10:27:57.0765 2920 Dot3svc - ok
10:27:57.0765 2920 dpti2o - ok
10:27:57.0812 2920 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:27:57.0890 2920 drmkaud - ok
10:27:57.0921 2920 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
10:27:58.0015 2920 EapHost - ok
10:27:58.0078 2920 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
10:27:58.0187 2920 ERSvc - ok
10:27:58.0250 2920 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
10:27:58.0281 2920 Eventlog - ok
10:27:58.0328 2920 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
10:27:58.0421 2920 EventSystem - ok
10:27:58.0468 2920 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:27:58.0546 2920 Fastfat - ok
10:27:58.0593 2920 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
10:27:58.0609 2920 FastUserSwitchingCompatibility - ok
10:27:58.0640 2920 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:27:58.0718 2920 Fdc - ok
10:27:58.0734 2920 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
10:27:58.0828 2920 Fips - ok
10:27:58.0859 2920 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:27:58.0968 2920 Flpydisk - ok
10:27:58.0984 2920 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:27:59.0078 2920 FltMgr - ok
10:27:59.0171 2920 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:27:59.0187 2920 FontCache3.0.0.0 - ok
10:27:59.0218 2920 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:27:59.0328 2920 Fs_Rec - ok
10:27:59.0375 2920 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:27:59.0468 2920 Ftdisk - ok
10:27:59.0515 2920 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:27:59.0531 2920 GEARAspiWDM - ok
10:27:59.0562 2920 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:27:59.0671 2920 Gpc - ok
10:27:59.0703 2920 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:27:59.0843 2920 HDAudBus - ok
10:27:59.0890 2920 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys
10:27:59.0937 2920 HECI - ok
10:27:59.0984 2920 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:28:00.0453 2920 helpsvc - ok
10:28:00.0468 2920 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
10:28:00.0578 2920 HidServ - ok
10:28:00.0625 2920 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:28:00.0718 2920 hidusb - ok
10:28:00.0750 2920 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
10:28:00.0828 2920 hkmsvc - ok
10:28:00.0843 2920 hpn - ok
10:28:00.0890 2920 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:28:00.0937 2920 HTTP - ok
10:28:00.0953 2920 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
10:28:01.0046 2920 HTTPFilter - ok
10:28:01.0062 2920 i2omgmt - ok
10:28:01.0062 2920 i2omp - ok
10:28:01.0109 2920 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:28:01.0203 2920 i8042prt - ok
10:28:01.0296 2920 ialm (bb7a533765e5578d22c388f2ec828ed6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:28:01.0484 2920 ialm - ok
10:28:01.0640 2920 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:28:01.0687 2920 idsvc - ok
10:28:01.0812 2920 IGRS (d951d20153e51928f9db2227d6ff5c7a) C:\Programme\Lenovo\ReadyComm\common\IGRS.exe
10:28:01.0828 2920 IGRS - ok
10:28:01.0968 2920 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:28:02.0062 2920 Imapi - ok
10:28:02.0109 2920 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
10:28:02.0187 2920 ImapiService - ok
10:28:02.0234 2920 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\WINDOWS\system32\DRIVERS\Impcd.sys
10:28:02.0281 2920 Impcd - ok
10:28:02.0296 2920 ini910u - ok
10:28:02.0343 2920 IntcDAud (a58a567b601866bee62d8dda78e6e101) C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
10:28:02.0406 2920 IntcDAud - ok
10:28:02.0406 2920 IntelIde - ok
10:28:02.0437 2920 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:28:02.0531 2920 intelppm - ok
10:28:02.0546 2920 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:28:02.0640 2920 Ip6Fw - ok
10:28:02.0671 2920 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:28:02.0765 2920 IpFilterDriver - ok
10:28:02.0796 2920 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:28:02.0906 2920 IpInIp - ok
10:28:02.0937 2920 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:28:03.0015 2920 IpNat - ok
10:28:03.0125 2920 iPod Service (e8e568ea584973dfd99aac7d00a16287) C:\Programme\iPod\bin\iPodService.exe
10:28:03.0140 2920 iPod Service - ok
10:28:03.0218 2920 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:28:03.0312 2920 IPSec - ok
10:28:03.0343 2920 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:28:03.0390 2920 IRENUM - ok
10:28:03.0453 2920 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:28:03.0531 2920 isapnp - ok
10:28:03.0656 2920 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
10:28:03.0671 2920 JavaQuickStarterService - ok
10:28:03.0781 2920 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:28:03.0875 2920 Kbdclass - ok
10:28:03.0921 2920 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:28:04.0015 2920 kbdhid - ok
10:28:04.0078 2920 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:28:04.0187 2920 kmixer - ok
10:28:04.0234 2920 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:28:04.0328 2920 KSecDD - ok
10:28:04.0375 2920 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
10:28:04.0421 2920 lanmanserver - ok
10:28:04.0500 2920 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
10:28:04.0578 2920 lanmanworkstation - ok
10:28:04.0578 2920 lbrtfdc - ok
10:28:04.0781 2920 Lenovo ReadyComm AppSvc (7fcb3ec66361f157bcd5b5c33ce2ac16) C:\Programme\Lenovo\ReadyComm\AppSvc.exe
10:28:04.0796 2920 Lenovo ReadyComm AppSvc - ok
10:28:04.0859 2920 Lenovo ReadyComm ConnSvc (5287074e79e4ba82510886f684dc5f72) C:\Programme\Lenovo\ReadyComm\ConnSvc.exe
10:28:04.0875 2920 Lenovo ReadyComm ConnSvc - ok
10:28:04.0953 2920 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
10:28:05.0031 2920 LmHosts - ok
10:28:05.0156 2920 LMS (1e2f802846eb944e0333efee7c9532a8) C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:28:05.0171 2920 LMS - ok
10:28:05.0281 2920 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
10:28:05.0281 2920 MBAMProtector - ok
10:28:05.0359 2920 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
10:28:05.0390 2920 MBAMService - ok
10:28:05.0500 2920 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
10:28:05.0531 2920 MDM ( UnsignedFile.Multi.Generic ) - warning
10:28:05.0531 2920 MDM - detected UnsignedFile.Multi.Generic (1)
10:28:05.0640 2920 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
10:28:05.0750 2920 Messenger - ok
10:28:05.0906 2920 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
10:28:05.0921 2920 Microsoft Office Groove Audit Service - ok
10:28:06.0046 2920 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:28:06.0187 2920 mnmdd - ok
10:28:06.0218 2920 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
10:28:06.0328 2920 mnmsrvc - ok
10:28:06.0375 2920 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
10:28:06.0453 2920 Modem - ok
10:28:06.0500 2920 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:28:06.0609 2920 Mouclass - ok
10:28:06.0640 2920 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:28:06.0734 2920 mouhid - ok
10:28:06.0765 2920 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:28:06.0859 2920 MountMgr - ok
10:28:06.0890 2920 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
10:28:06.0906 2920 MpFilter - ok
10:28:06.0921 2920 mraid35x - ok
10:28:06.0953 2920 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:28:07.0031 2920 MRxDAV - ok
10:28:07.0062 2920 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:28:07.0156 2920 MRxSmb - ok
10:28:07.0218 2920 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
10:28:07.0312 2920 MSDTC - ok
10:28:07.0343 2920 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:28:07.0468 2920 Msfs - ok
10:28:07.0468 2920 MSIServer - ok
10:28:07.0500 2920 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:28:07.0609 2920 MSKSSRV - ok
10:28:07.0734 2920 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
10:28:07.0750 2920 MsMpSvc - ok
10:28:07.0781 2920 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:28:07.0859 2920 MSPCLOCK - ok
10:28:07.0890 2920 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:28:07.0984 2920 MSPQM - ok
10:28:08.0031 2920 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:28:08.0109 2920 mssmbios - ok
10:28:08.0140 2920 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:28:08.0234 2920 MSTEE - ok
10:28:08.0296 2920 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:28:08.0375 2920 Mup - ok
10:28:08.0421 2920 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:28:08.0515 2920 NABTSFEC - ok
10:28:08.0562 2920 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
10:28:08.0671 2920 napagent - ok
10:28:08.0687 2920 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:28:08.0796 2920 NDIS - ok
10:28:08.0828 2920 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:28:08.0921 2920 NdisIP - ok
10:28:08.0968 2920 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:28:09.0062 2920 NdisTapi - ok
10:28:09.0125 2920 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:28:09.0203 2920 Ndisuio - ok
10:28:09.0218 2920 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:28:09.0296 2920 NdisWan - ok
10:28:09.0359 2920 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:28:09.0390 2920 NDProxy - ok
10:28:09.0562 2920 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
10:28:09.0625 2920 Nero BackItUp Scheduler 4.0 - ok
10:28:09.0734 2920 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:28:09.0812 2920 NetBIOS - ok
10:28:09.0859 2920 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:28:09.0953 2920 NetBT - ok
10:28:10.0000 2920 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
10:28:10.0093 2920 NetDDE - ok
10:28:10.0093 2920 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
10:28:10.0171 2920 NetDDEdsdm - ok
10:28:10.0234 2920 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:28:10.0328 2920 Netlogon - ok
10:28:10.0375 2920 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
10:28:10.0468 2920 Netman - ok
10:28:10.0515 2920 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:28:10.0515 2920 NetTcpPortSharing - ok
10:28:10.0562 2920 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
10:28:10.0593 2920 Nla - ok
10:28:10.0656 2920 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:28:10.0734 2920 Npfs - ok
10:28:10.0781 2920 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:28:10.0890 2920 Ntfs - ok
10:28:10.0921 2920 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:28:11.0000 2920 NtLmSsp - ok
10:28:11.0046 2920 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
10:28:11.0156 2920 NtmsSvc - ok
10:28:11.0203 2920 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:28:11.0281 2920 Null - ok
10:28:11.0312 2920 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:28:11.0406 2920 NwlnkFlt - ok
10:28:11.0421 2920 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:28:11.0500 2920 NwlnkFwd - ok
10:28:11.0640 2920 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
10:28:11.0656 2920 odserv - ok
10:28:11.0703 2920 ose (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
10:28:11.0718 2920 ose - ok
10:28:11.0828 2920 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
10:28:11.0906 2920 Parport - ok
10:28:11.0953 2920 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:28:12.0046 2920 PartMgr - ok
10:28:12.0093 2920 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
10:28:12.0171 2920 ParVdm - ok
10:28:12.0218 2920 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
10:28:12.0312 2920 PCI - ok
10:28:12.0328 2920 PCIDump - ok
10:28:12.0328 2920 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:28:12.0421 2920 PCIIde - ok
10:28:12.0437 2920 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:28:12.0531 2920 Pcmcia - ok
10:28:12.0531 2920 PDCOMP - ok
10:28:12.0546 2920 PDFRAME - ok
10:28:12.0546 2920 PDRELI - ok
10:28:12.0546 2920 PDRFRAME - ok
10:28:12.0562 2920 perc2 - ok
10:28:12.0562 2920 perc2hib - ok
10:28:12.0609 2920 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
10:28:12.0625 2920 PlugPlay - ok
10:28:12.0656 2920 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:28:12.0734 2920 PolicyAgent - ok
10:28:12.0781 2920 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:28:12.0890 2920 PptpMiniport - ok
10:28:12.0890 2920 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:28:12.0968 2920 ProtectedStorage - ok
10:28:12.0968 2920 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:28:13.0078 2920 PSched - ok
10:28:13.0109 2920 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:28:13.0218 2920 Ptilink - ok
10:28:13.0218 2920 ql1080 - ok
10:28:13.0234 2920 Ql10wnt - ok
10:28:13.0234 2920 ql12160 - ok
10:28:13.0250 2920 ql1240 - ok
10:28:13.0250 2920 ql1280 - ok
10:28:13.0281 2920 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:28:13.0375 2920 RasAcd - ok
10:28:13.0406 2920 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
10:28:13.0515 2920 RasAuto - ok
10:28:13.0546 2920 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:28:13.0625 2920 Rasl2tp - ok
10:28:13.0671 2920 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
10:28:13.0750 2920 RasMan - ok
10:28:13.0765 2920 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:28:13.0859 2920 RasPppoe - ok
10:28:13.0875 2920 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:28:13.0968 2920 Raspti - ok
10:28:14.0000 2920 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:28:14.0109 2920 Rdbss - ok
10:28:14.0156 2920 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:28:14.0250 2920 RDPCDD - ok
10:28:14.0312 2920 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:28:14.0406 2920 rdpdr - ok
10:28:14.0437 2920 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
10:28:14.0484 2920 RDPWD - ok
10:28:14.0593 2920 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
10:28:15.0187 2920 RDSessMgr - ok
10:28:15.0265 2920 ReadyComm.DirectRouter - ok
10:28:15.0328 2920 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:28:15.0437 2920 redbook - ok
10:28:15.0515 2920 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
10:28:15.0625 2920 RemoteAccess - ok
10:28:16.0000 2920 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
10:28:16.0093 2920 RemoteRegistry - ok
10:28:16.0203 2920 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
10:28:16.0296 2920 RpcLocator - ok
10:28:16.0359 2920 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
10:28:16.0375 2920 RpcSs - ok
10:28:16.0453 2920 RSUSBSTOR (9f66b1355a53ff3ff9d0e7dfdd2f3dc9) C:\WINDOWS\system32\Drivers\RtsUStor.sys
10:28:16.0468 2920 RSUSBSTOR - ok
10:28:16.0531 2920 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
10:28:16.0609 2920 RSVP - ok
10:28:16.0718 2920 RTLE8023xp (a1ad65718870dbf2bcb81e3c1406469e) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
10:28:16.0718 2920 RTLE8023xp - ok
10:28:16.0781 2920 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:28:16.0859 2920 SamSs - ok
10:28:16.0890 2920 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
10:28:17.0000 2920 SCardSvr - ok
10:28:17.0031 2920 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
10:28:17.0125 2920 Schedule - ok
10:28:17.0218 2920 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:28:17.0250 2920 Secdrv - ok
10:28:17.0312 2920 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
10:28:17.0406 2920 seclogon - ok
10:28:17.0406 2920 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
10:28:17.0500 2920 SENS - ok
10:28:17.0531 2920 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
10:28:17.0609 2920 Serial - ok
10:28:17.0625 2920 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:28:17.0718 2920 Sfloppy - ok
10:28:17.0796 2920 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
10:28:17.0906 2920 SharedAccess - ok
10:28:17.0953 2920 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
10:28:17.0968 2920 ShellHWDetection - ok
10:28:17.0984 2920 Simbad - ok
10:28:18.0031 2920 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:28:18.0125 2920 SLIP - ok
10:28:18.0140 2920 Sparrow - ok
10:28:18.0187 2920 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:28:18.0281 2920 splitter - ok
10:28:18.0343 2920 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:28:18.0421 2920 Spooler - ok
10:28:18.0484 2920 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
10:28:18.0531 2920 sr - ok
10:28:18.0593 2920 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
10:28:18.0640 2920 srservice - ok
10:28:18.0687 2920 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:28:18.0750 2920 Srv - ok
10:28:18.0796 2920 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
10:28:18.0796 2920 sscdbus - ok
10:28:18.0843 2920 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
10:28:18.0843 2920 sscdmdfl - ok
10:28:18.0875 2920 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
10:28:18.0890 2920 sscdmdm - ok
10:28:18.0937 2920 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
10:28:19.0000 2920 SSDPSRV - ok
10:28:19.0062 2920 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
10:28:19.0093 2920 StarOpen ( UnsignedFile.Multi.Generic ) - warning
10:28:19.0093 2920 StarOpen - detected UnsignedFile.Multi.Generic (1)
10:28:19.0140 2920 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
10:28:19.0234 2920 stisvc - ok
10:28:19.0281 2920 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:28:19.0359 2920 streamip - ok
10:28:19.0390 2920 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:28:19.0484 2920 swenum - ok
10:28:19.0531 2920 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:28:19.0625 2920 swmidi - ok
10:28:19.0640 2920 SwPrv - ok
10:28:19.0640 2920 symc810 - ok
10:28:19.0656 2920 symc8xx - ok
10:28:19.0656 2920 sym_hi - ok
10:28:19.0671 2920 sym_u3 - ok
10:28:19.0718 2920 SynTP (b373188b56ae0c516a70708552bb4d9f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:28:19.0734 2920 SynTP - ok
10:28:19.0796 2920 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:28:19.0875 2920 sysaudio - ok
10:28:19.0921 2920 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
10:28:20.0015 2920 SysmonLog - ok
10:28:20.0078 2920 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
10:28:20.0171 2920 TapiSrv - ok
10:28:20.0265 2920 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:28:20.0296 2920 Tcpip - ok
10:28:20.0343 2920 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:28:20.0437 2920 TDPIPE - ok
10:28:20.0453 2920 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:28:20.0546 2920 TDTCP - ok
10:28:20.0578 2920 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:28:20.0656 2920 TermDD - ok
10:28:20.0828 2920 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
10:28:21.0609 2920 TermService - ok
10:28:21.0671 2920 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
10:28:21.0687 2920 Themes - ok
10:28:21.0734 2920 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
10:28:21.0796 2920 TlntSvr - ok
10:28:21.0828 2920 TosIde - ok
10:28:21.0875 2920 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
10:28:21.0953 2920 TrkWks - ok
10:28:22.0093 2920 TuneUp.Defrag (c1a64414db4e49d41d9df9359ed9369b) C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
10:28:22.0125 2920 TuneUp.Defrag - ok
10:28:22.0187 2920 TuneUp.UtilitiesSvc (dc653cf2d70827c4ebc2b157da25cf57) C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
10:28:22.0250 2920 TuneUp.UtilitiesSvc - ok
10:28:22.0312 2920 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
10:28:22.0328 2920 TuneUpUtilitiesDrv - ok
10:28:22.0453 2920 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:28:22.0546 2920 Udfs - ok
10:28:22.0562 2920 ultra - ok
10:28:22.0718 2920 UNS (af905f4966cfc8b973623ab150cd4b2b) C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:28:22.0859 2920 UNS - ok
10:28:22.0984 2920 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:28:23.0078 2920 Update - ok
10:28:23.0140 2920 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
10:28:23.0218 2920 upnphost - ok
10:28:23.0250 2920 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
10:28:23.0359 2920 UPS - ok
10:28:23.0406 2920 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:28:23.0468 2920 USBAAPL - ok
10:28:23.0515 2920 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
10:28:23.0609 2920 usbaudio - ok
10:28:23.0640 2920 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:28:23.0734 2920 usbccgp - ok
10:28:23.0781 2920 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:28:23.0875 2920 usbehci - ok
10:28:23.0906 2920 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:28:23.0984 2920 usbhub - ok
10:28:24.0046 2920 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:28:24.0125 2920 usbprint - ok
10:28:24.0171 2920 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:28:24.0265 2920 usbscan - ok
10:28:24.0312 2920 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:28:24.0406 2920 usbstor - ok
10:28:24.0468 2920 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
10:28:24.0562 2920 usbvideo - ok
10:28:24.0625 2920 UxTuneUp (dc2172accb384c6a3d59342050422102) C:\WINDOWS\System32\uxtuneup.dll
10:28:24.0625 2920 UxTuneUp - ok
10:28:24.0687 2920 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:28:24.0781 2920 VgaSave - ok
10:28:24.0781 2920 ViaIde - ok
10:28:24.0843 2920 vm331avs (e37e2dc65ae295cc0c27f31d566045c6) C:\WINDOWS\system32\Drivers\vm331avs.sys
10:28:24.0890 2920 vm331avs - ok
10:28:24.0937 2920 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
10:28:25.0015 2920 VolSnap - ok
10:28:25.0078 2920 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
10:28:25.0140 2920 VSS - ok
10:28:25.0187 2920 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
10:28:25.0265 2920 W32Time - ok
10:28:25.0281 2920 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:28:25.0359 2920 Wanarp - ok
10:28:25.0421 2920 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
10:28:25.0437 2920 Wdf01000 - ok
10:28:25.0453 2920 WDICA - ok
10:28:25.0515 2920 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:28:25.0609 2920 wdmaud - ok
10:28:25.0656 2920 wdmirror (ea4e9dd00e69b35f9bd3d39acb113e3f) C:\WINDOWS\system32\DRIVERS\WDMirror.sys
10:28:25.0656 2920 wdmirror - ok
10:28:25.0703 2920 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
10:28:25.0781 2920 WebClient - ok
10:28:25.0828 2920 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINDOWS\system32\DRIVERS\wimfltr.sys
10:28:25.0828 2920 WimFltr - ok
10:28:25.0921 2920 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:28:26.0015 2920 winmgmt - ok
10:28:26.0062 2920 WinRM (f10075c2ec96d2eb118012e78ece2fc2) C:\WINDOWS\system32\WsmSvc.dll
10:28:26.0171 2920 WinRM - ok
10:28:26.0281 2920 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
10:28:26.0328 2920 WmdmPmSN - ok
10:28:26.0406 2920 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
10:28:26.0421 2920 Wmi - ok
10:28:26.0562 2920 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:28:26.0625 2920 WmiAcpi - ok
10:28:26.0718 2920 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:28:26.0812 2920 WmiApSrv - ok
10:28:26.0968 2920 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
10:28:27.0000 2920 WMPNetworkSvc - ok
10:28:27.0140 2920 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:28:27.0187 2920 WPFFontCache_v0400 - ok
10:28:27.0281 2920 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:28:27.0375 2920 WS2IFSL - ok
10:28:27.0453 2920 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
10:28:27.0562 2920 wscsvc - ok
10:28:27.0562 2920 WSearch - ok
10:28:27.0609 2920 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:28:27.0687 2920 WSTCODEC - ok
10:28:27.0718 2920 wsvd (baedc491374defd5e76336901d6d397d) C:\WINDOWS\system32\DRIVERS\wsvd.sys
10:28:27.0718 2920 wsvd - ok
10:28:27.0750 2920 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
10:28:27.0859 2920 wuauserv - ok
10:28:27.0890 2920 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:28:27.0953 2920 WudfPf - ok
10:28:27.0968 2920 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:28:27.0984 2920 WudfRd - ok
10:28:28.0000 2920 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
10:28:28.0031 2920 WudfSvc - ok
10:28:28.0093 2920 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
10:28:28.0218 2920 WZCSVC - ok
10:28:28.0281 2920 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
10:28:28.0375 2920 xmlprov - ok
10:28:28.0390 2920 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
10:28:28.0656 2920 \Device\Harddisk0\DR0 - ok
10:28:28.0656 2920 Boot (0x1200) (d0057a7bcc558316512c2725d0349aeb) \Device\Harddisk0\DR0\Partition0
10:28:28.0656 2920 \Device\Harddisk0\DR0\Partition0 - ok
10:28:28.0656 2920 ============================================================
10:28:28.0656 2920 Scan finished
10:28:28.0656 2920 ============================================================
10:28:28.0765 2868 Detected object count: 2
10:28:28.0765 2868 Actual detected object count: 2
10:29:12.0437 2868 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
10:29:12.0437 2868 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:29:12.0437 2868 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
10:29:12.0437 2868 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:29:15.0968 0564 Deinitialize success

Und dies aswMBR:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-08 10:31:00
-----------------------------
10:31:00.312 OS Version: Windows 5.1.2600 Service Pack 3
10:31:00.312 Number of processors: 4 586 0x2502
10:31:00.312 ComputerName: MS-81B1A4635884 UserName: MS
10:31:01.406 Initialize success
10:33:31.625 AVAST engine defs: 12040800
10:35:47.000 The log file has been saved successfully to "C:\Dokumente und Einstellungen\MS\Desktop\aswMBR.txt"

Hier folgt nun noch SuperAntiSpyware:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/08/2012 at 12:10 PM

Application Version : 5.0.1146

Core Rules Database Version : 8424
Trace Rules Database Version: 6236

Scan type : Complete Scan
Total Scan Time : 01:31:02

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 535
Memory threats detected : 0
Registry items scanned : 35058
Registry threats detected : 0
File items scanned : 72447
File threats detected : 2

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\MS\Cookies\2YFKNYMI.txt [ /doubleclick.net ]
C:\Dokumente und Einstellungen\MS\Cookies\LDE5TAWX.txt [ /revsci.net ]

Der Eset Scan ergab folgendes:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a119b9ee029d404bb8231d9b2b7719eb
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-08 12:56:42
# local_time=2012-04-08 02:56:42 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776533 42 87 7107 30759785 0 0
# compatibility_mode=8192 67108863 100 0 161417 161417 0 0
# scanned=76596
# found=4
# cleaned=0
# scan_time=4488
C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\0\6b33dec0-108d8eb8 a variant of Java/Exploit.Blacole.AN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\32\3542c0e0-618faf7e Java/Exploit.Blacole.AN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\55\1932c537-413d9936 Java/Exploit.Blacole.AN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\63\87e90bf-1940ace9 a variant of Java/Agent.DU trojan (unable to clean) 00000000000000000000000000000000 I

Der GMER-Log lautet wie folgt:


GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-08 16:28:18
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5000BEVT-24A0RT0 rev.01.01A02
Running: kzcf3x9h.exe; Driver: C:\DOKUME~1\MS\LOKALE~1\Temp\pfpdqfow.sys
 
 
---- System - GMER 1.0.15 ----
 
SSDT            \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)  ZwTerminateProcess [0xA60A5640]
 
---- Kernel code sections - GMER 1.0.15 ----
 
?               C:\DOKUME~1\MS\LOKALE~1\Temp\aswMBR.sys                                                                    Das System kann die angegebene Datei nicht finden. !
 
---- Devices - GMER 1.0.15 ----
 
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                    wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                    wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
 
---- EOF - GMER 1.0.15 ----
--- --- ---

Hier das OSAM-Log:

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:37:18 on 08.04.2012
 
OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702
 
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
 
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
 
 
[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"MP Scheduled Scan.job" - "Microsoft Corporation" - c:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe
 
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aswMBR" (aswMBR) - ? - C:\DOKUME~1\MS\LOKALE~1\Temp\aswMBR.sys  (Hidden registry entry, rootkit activity | File not found)
"Bridge0" (Bridge0) - "Lenovo" - C:\WINDOWS\System32\drivers\WDBridge.sys
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"pfpdqfow" (pfpdqfow) - ? - C:\DOKUME~1\MS\LOKALE~1\Temp\pfpdqfow.sys  (Hidden registry entry, rootkit activity | File not found)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\wimfltr.sys
 
[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL
{56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~1\MI239C~1\shellext.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor" - ? -   (File not found | COM-object registry key not found)
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll
{1CA6BBC9-E9FA-4021-822B-075DF1837B63} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll
{4FBFFA8D-F390-471a-AE46-FEB93623AD63} "NeroDigitalInfoHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll
{846083A4-BFC6-4447-985C-6578B466A7D7} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll
{EDCC595A-F0EE-4d81-B554-D5D01C7AFB87} "NeroDigitalThumbnailHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
{2d3dd4c0-3bd7-11d2-821e-444553540000} "WdmidleDeviceShellExtension" - ? - c:\programme\lenovo\energy management\powcpl.dll  (File found, but it contains no detailed information)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 
[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{EEE6C35D-6118-11DC-9C72-001320C79847} "SweetIM ToolbarURLSearchHook Class" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash32_11_2_202_228.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{EEE6C35C-6118-11DC-9C72-001320C79847} "SweetIM Toolbar Helper" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 
[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\MS\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"GrooveMonitor" - "Microsoft Corporation" - "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"MSC" - "Microsoft Corporation" - "c:\Programme\Microsoft Security Client\msseces.exe" -hide -runkey
"OnekeyStudio" - "Lenovo" - C:\Programme\Lenovo\Onekey Theater\OnekeyStudio.exe
"SmartAudio" - "Conexant Systems, Inc." - C:\Programme\CONEXANT\SMARTAUDIO\SMAUDIO.EXE /c
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"SweetIM" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Messenger\SweetIM.exe
 
[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"eDocPortMonitor" - "May Software" - C:\WINDOWS\system32\eDocPort.dll
"EPSON V6 2KMonitor" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\EBPMON24.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll
 
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"IGRS" (IGRS) - "Lenovo Group Limited" - C:\Programme\Lenovo\ReadyComm\common\IGRS.exe
"Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Lenovo ReadyComm AppSvc" (Lenovo ReadyComm AppSvc) - "Lenovo Group Limited" - C:\Programme\Lenovo\ReadyComm\AppSvc.exe
"Lenovo ReadyComm ConnSvc" (Lenovo ReadyComm ConnSvc) - "Lenovo Group Limited" - C:\Programme\Lenovo\ReadyComm\ConnSvc.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
"Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASCORE.EXE
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
"TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
 
[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
 
[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
 
===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Und schließlich als Letztes den MBR-Log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E6000 \WINDOWS\system32\hal.dll
0xB9DA8000 \WINDOWS\system32\KDCOM.DLL
0xB9CB8000 \WINDOWS\system32\BOOTVID.dll
0xB9778000 ACPI.sys
0xB9DAA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9767000 pci.sys
0xB98A8000 isapnp.sys
0xB9CBC000 compbatt.sys
0xB9CC0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xB9E70000 pciide.sys
0xB9B28000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB98B8000 MountMgr.sys
0xB9748000 ftdisk.sys
0xB9DAC000 dmload.sys
0xB9722000 dmio.sys
0xB9CC4000 ACPIEC.sys
0xB9E71000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xB9B30000 PartMgr.sys
0xB98C8000 VolSnap.sys
0xB970A000 atapi.sys
0xB98D8000 disk.sys
0xB98E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB96EA000 fltmgr.sys
0xB96D8000 sr.sys
0xB96C1000 KSecDD.sys
0xB9634000 Ntfs.sys
0xB9607000 NDIS.sys
0xB95ED000 Mup.sys
0xB9D98000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB8CA4000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB8C90000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8ECA000 \SystemRoot\system32\DRIVERS\HECI.sys
0xB9C28000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8C6C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8C44000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB89E5000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xB8EBA000 \SystemRoot\system32\DRIVERS\AcpiVpc.sys
0xB9D9C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB8EAA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB8977000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xB9DC6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB8E9A000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB8906000 \SystemRoot\System32\Drivers\wdf01000.sys
0xB9C30000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB9C38000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8E8A000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB9928000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB9938000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB88E3000 \SystemRoot\system32\DRIVERS\ks.sys
0xB9948000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB88C2000 \SystemRoot\system32\DRIVERS\Impcd.sys
0xB9958000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9ECE000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB9968000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB95C9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB88AB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB9978000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB9988000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB9C40000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB889A000 \SystemRoot\system32\DRIVERS\psched.sys
0xB9998000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB9C48000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB9C50000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB886A000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB99A8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB9C58000 \SystemRoot\system32\DRIVERS\WDMirror.sys
0xB9DC8000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB87E4000 \SystemRoot\system32\DRIVERS\update.sys
0xB95B1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB99B8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB99D8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xA81B4000 \SystemRoot\system32\drivers\CHDAU32.sys
0xA8190000 \SystemRoot\system32\drivers\portcls.sys
0xB99E8000 \SystemRoot\system32\drivers\drmk.sys
0xA8156000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0xA8107000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xB9DE4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB9ED9000 \SystemRoot\System32\Drivers\Null.SYS
0xB9DE6000 \SystemRoot\System32\Drivers\Beep.SYS
0xB9C98000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB9CA0000 \SystemRoot\System32\drivers\vga.sys
0xB9DE8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB9DEA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB9CA8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB9CB0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8856000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA80D4000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA807B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA802B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA8005000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB9A78000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB8795000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA7FE3000 \SystemRoot\System32\drivers\afd.sys
0xB9A88000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB9B50000 \SystemRoot\System32\Drivers\StarOpen.SYS
0xA7F18000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA7EA8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB9A98000 \SystemRoot\System32\Drivers\Fips.SYS
0xB9AD8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB9B88000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA8152000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB9AE8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA7E54000 \SystemRoot\System32\Drivers\vm331avs.sys
0xB9AF8000 \SystemRoot\System32\Drivers\STREAM.SYS
0xA814E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA7E3C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB9DF8000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA8136000 \SystemRoot\System32\drivers\Dxapi.sys
0xB9B90000 \SystemRoot\System32\watchdog.sys
0xBE800000 \SystemRoot\System32\drivers\dxg.sys
0xB9FBB000 \SystemRoot\System32\drivers\dxgthk.sys
0xBE824000 \SystemRoot\System32\igxpgd32.dll
0xBE812000 \SystemRoot\System32\igxprd32.dll
0xBE856000 \SystemRoot\System32\igxpdv32.DLL
0xBEBA7000 \SystemRoot\System32\igxpdx32.DLL
0xBEFA0000 \SystemRoot\System32\ATMFD.DLL
0xA7D20000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7894000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7767000 \SystemRoot\system32\drivers\wdmaud.sys
0xA7974000 \SystemRoot\system32\drivers\sysaudio.sys
0xB9ED2000 \??\C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
0xA71D5000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xA6FF0000 \SystemRoot\System32\Drivers\HTTP.sys
0xA6E80000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xA63BD000 \??\C:\DOKUME~1\MS\LOKALE~1\Temp\aswMBR.sys
0xA609B000 \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
0xB9C10000 \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
0xA55D7000 \??\C:\DOKUME~1\MS\LOKALE~1\Temp\pfpdqfow.sys
0xA55AC000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 50):
0 System Idle Process
4 System
964 C:\WINDOWS\system32\smss.exe
1472 csrss.exe
1560 C:\WINDOWS\system32\winlogon.exe
1620 C:\WINDOWS\system32\services.exe
1632 C:\WINDOWS\system32\lsass.exe
1820 C:\WINDOWS\system32\svchost.exe
1900 svchost.exe
1940 C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
1976 C:\WINDOWS\system32\svchost.exe
176 svchost.exe
264 svchost.exe
668 C:\WINDOWS\system32\spoolsv.exe
468 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
516 C:\Programme\Bonjour\mDNSResponder.exe
576 C:\Programme\Lenovo\ReadyComm\common\IGRS.exe
808 C:\Programme\Java\jre6\bin\jqs.exe
1148 C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1272 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
284 C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
700 C:\WINDOWS\system32\IgrsSvcs.exe
876 C:\WINDOWS\system32\svchost.exe
1108 C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
972 C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
1536 C:\WINDOWS\explorer.exe
2572 C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
2592 C:\WINDOWS\system32\wbem\wmiapsrv.exe
2636 wmiprvse.exe
3260 alg.exe
3468 C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
2372 C:\Programme\CONEXANT\SmartAudio\SmAudio.exe
2856 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
2904 C:\Programme\USB Camera\VM331_STI.EXE
2912 C:\WINDOWS\system32\igfxtray.exe
2936 C:\WINDOWS\system32\hkcmd.exe
2976 C:\WINDOWS\system32\igfxpers.exe
3076 C:\Programme\Lenovo\Onekey Theater\OnekeyStudio.exe
3136 C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
3236 C:\Programme\Microsoft Security Client\msseces.exe
3348 C:\Programme\SweetIM\Messenger\SweetIM.exe
3768 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
2272 C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
3840 C:\WINDOWS\system32\ctfmon.exe
1388 C:\Programme\SUPERAntiSpyware\SASCore.exe
1240 C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
3616 C:\Programme\Internet Explorer\iexplore.exe
2296 C:\Programme\Internet Explorer\iexplore.exe
384 C:\Programme\Internet Explorer\iexplore.exe
932 C:\Dokumente und Einstellungen\MS\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000BEVT-24A0RT0, Rev: 01.01A02

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

Alt 16.04.2012, 08:25   #2
Psychotic
/// Malwareteam
 
(2x) Frühjahrsputz: Logs auswerten - Standard

(2x) Frühjahrsputz: Logs auswerten


Edit: Doppelpost des Users
__________________

__________________
Alt 18.04.2012, 13:02   #3
Psychotic
/// Malwareteam
 
(2x) Frühjahrsputz: Logs auswerten - Standard

(2x) Frühjahrsputz: Logs auswerten


Support beendet
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.


Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
__________________
Alt 18.04.2012, 21:40   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
(2x) Frühjahrsputz: Logs auswerten - Standard

(2x) Frühjahrsputz: Logs auswerten


http://www.trojaner-board.de/112982-smart-hdd.html
__________________
Logfiles bitte immer in CODE-Tags posten

 

Themen zu (2x) Frühjahrsputz: Logs auswerten
adobe, aswmbr, auswerten, avast, bho, bonjour, converter, dateisystem, desktop.ini, diagnostics, document, einstellungen, error, excel, firefox, flash player, flashplayercplapp.cpl, fontcache, format, heuristiks/extra, heuristiks/shuriken, homepage, java/agent.du, java/exploit.blacole.an, kaspersky, lanmanworkstation, lenovo, logfile, microsoft security, mp3, notification, object, plug-in, policyagent, realtek, registry, registry key, rundll, scan, security, sigcheck, software, staropen, superantispyware, sweetim, unsignedfile.multi.generic, usb, wsearch


« der Bär hat einen dicken Pelz | S.m.a.r.t. Hdd [doppelt] »


Ähnliche Themen: (2x) Frühjahrsputz: Logs auswerten


  1. Tipps für den Frühjahrsputz :)
    Antiviren-, Firewall- und andere Schutzprogramme - 29.08.2014 (2)
  2. Bitte kurz meine Logs auswerten :)
    Log-Analyse und Auswertung - 12.08.2013 (25)
  3. Frühjahrsputz: MSDN mit neuer Startseite
    Nachrichten - 12.04.2013 (0)
  4. Frühjahrsputz-Patchday: Microsoft dichtet Windows-Defender ab
    Nachrichten - 05.04.2013 (0)
  5. Frühjahrsputz: Oracle gibt 73 Sicherheitspatches heraus
    Nachrichten - 21.04.2011 (0)
  6. Logs auswerten / pmropn.exe
    Log-Analyse und Auswertung - 06.09.2010 (9)
  7. worm.win32.netsky - könnt ihr die logs auswerten? ;)
    Log-Analyse und Auswertung - 10.01.2010 (3)
  8. Verdacht auf Befall - Logs auswerten
    Mülltonne - 23.09.2008 (0)
  9. Bitte um Hilfe beim auswerten des HJT Logs!!
    Mülltonne - 06.08.2008 (0)
  10. HiJackThis Logs auswerten brauche bitte Hilfe
    Log-Analyse und Auswertung - 17.06.2008 (7)
  11. 2 logs zum auswerten
    Mülltonne - 05.10.2006 (2)
  12. Popups / Logs auswerten
    Mülltonne - 24.09.2006 (2)
  13. Bitte um Hilfe bei Auswerten des Logs
    Log-Analyse und Auswertung - 30.01.2005 (4)
  14. Brauche Hilfe beim Auswerten der Logs
    Log-Analyse und Auswertung - 04.01.2005 (9)
  15. Problem beim Auswerten des Logs
    Log-Analyse und Auswertung - 04.07.2004 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema (2x) Frühjahrsputz: Logs auswerten - Hallo, ich bitte darum nachstehende Logs auszuwerten, möchte meinen PC clean bekommen. Danke! Das hier ergab Malware: Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.04.08.01 Windows XP Service Pack 3 - (2x) Frühjahrsputz: Logs auswerten...
Archiv
Du betrachtest: (2x) Frühjahrsputz: Logs auswerten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129