Trojaner-Board - 2 Trojaner gefunden

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - 2 Trojaner gefunden (https://www.trojaner-board.de/80016-2-trojaner-gefunden.html)

2 Trojaner gefunden

Hallo,

habe ein Problem mit folgendem Trojaner:
TR/Crypt.ZPACK.Gen!

Antivir findet ihn und ich hab ihn schon viermal gelöscht, aber er ist immer wieder da.
Hab hier im Forum gelesen, dass andere user das selbe Problem hatten und ihnen geholfen werden konnte.
Aber jedes System ist ja verschieden und ich will nicht einfach rumprobieren, dafür kenn ich mich auch zuwenig mit Systemdateien und -wiederherstellungen aus.
Zudem habe ich vorhin auch noch einen weiteren Trojaner gefunden:
TR/Dropper.Gen

Ich habe sowohl CCCleaner, als auch Malwarebytes-Anti-Malware durchgeführt(dort hat er 9 Infizierungen gefunden). Hierbei bin ich genau nach Anleitung hier im Board vorgegangen.

Hier die Log von Malwarebytes-Anti-Malware

Zitat:

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3288
Windows 5.1.2600 Service Pack 3

03.12.2009 22:22:16
mbam-log-2009-12-03 (22-22-16).txt

Scan-Methode: Vollständiger Scan (C:\|F:\|G:\|H:\|I:\|J:\|)
Durchsuchte Objekte: 261124
Laufzeit: 51 minute(s), 7 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\domi\Startmenü\WinPC Defender.LNK (Rogue.WinPCDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACakdvgpjy.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

Rsit hab ich auch ausgeführt, hier die 2 logs:

1. log

Zitat:

Logfile of random's system information tool 1.06 (written by random/random)
Run by domi at 2009-12-03 22:27:24
Microsoft Windows XP Professional Service Pack 3
System drive C: has 30 GB (58%) free of 51 GB
Total RAM: 3326 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:27:31, on 03.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Nokia\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programme\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe
C:\Programme\Canon\MyPrinter\BJMyPrt.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\Programme\ICQ6.5\ICQ.exe
C:\Programme\NETGEAR\WG111v2\WG111v2.exe
C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
G:\SERIEN\RSIT.exe
C:\Programme\trend micro\domi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Programme\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Programme\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - Unknown owner - G:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Programme\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe

--
End of file - 9384 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Programme\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-02-16 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-16 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Programme\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Easy-PrintToolBox"=C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"FinePrint Dispatcher v5"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe [2006-06-19 499712]
"WinampAgent"=C:\Programme\Winamp\winampa.exe [2008-08-04 36352]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-02-16 148888]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"NokiaMServer"=C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer /watchfiles []
"Nokia FastStart"=C:\Programme\Nokia\Nokia Music\NokiaMusic.exe [2009-02-26 2376992]
"AppleSyncNotifier"=C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"CanonSolutionMenu"=C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
"CanonMyPrinter"=C:\Programme\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 1848648]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2009-09-21 305440]
"GrooveMonitor"=C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Power2GoExpress"= []
"DAEMON Tools Lite"=C:\Programme\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"ICQ"=C:\Programme\ICQ6.5\ICQ.exe [2009-03-01 172792]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
NETGEAR WG111v2 Smart Wizard.lnk - C:\Programme\NETGEAR\WG111v2\WG111v2.exe
VPN Client.lnk - C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico

C:\Dokumente und Einstellungen\domi\Startmenü\Programme\Autostart
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-06-03 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\CyberLink\PowerDirector\PDR.exe"="C:\Programme\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Winamp Remote\bin\Orb.exe"="C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Programme\Winamp Remote\bin\OrbTray.exe"="C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"G:\Sacred 2\system\s2gs.exe"="G:\Sacred 2\system\s2gs.exe:*:Enabled:Sacred 2 Game Server"
"G:\Sacred 2\system\sacred2.exe"="G:\Sacred 2\system\sacred2.exe:*:Enabled:Sacred 2"
"G:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="G:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"G:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="G:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"G:\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="G:\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"G:\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="G:\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"G:\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="G:\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"G:\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="G:\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Programme\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe"="C:\Programme\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:*:Enabled:TwonkyMedia"
"C:\Programme\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe"="C:\Programme\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE"="C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"G:\Dragon Age\bin_ship\daorigins.exe"="G:\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins -Spiel"
"G:\Dragon Age\DAOriginsLauncher.exe"="G:\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins -Launcher"
"G:\Dragon Age\bin_ship\daupdatersvc.service.exe"="G:\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins -Inhaltsupdater"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a3d4220-e243-11dd-a702-001b2f3a6c63}]
shell\AutoRun\command - K:\BS4Launcher.exe

======List of files/folders created in the last 1 months======

2009-12-03 22:27:24 ----D---- C:\rsit
2009-12-03 22:27:24 ----D---- C:\Programme\trend micro
2009-12-03 21:26:11 ----D---- C:\Dokumente und Einstellungen\domi\Anwendungsdaten\Malwarebytes
2009-12-03 21:26:06 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-12-03 21:26:06 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-12-03 21:16:54 ----D---- C:\Programme\CCleaner
2009-11-28 13:26:35 ----D---- C:\Programme\Gemeinsame Dateien\DirectX
2009-11-28 13:25:03 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-11-28 13:25:03 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-11-28 13:25:02 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-11-28 13:25:02 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-11-28 13:25:02 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-11-28 13:25:01 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2009-11-28 13:25:01 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-11-28 13:20:23 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-11-28 13:20:23 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-11-28 13:20:23 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-11-28 13:20:22 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-11-28 13:20:22 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-11-28 13:20:22 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-11-28 13:20:22 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-11-28 13:20:22 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-11-28 13:20:22 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-11-28 13:20:21 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-11-28 13:20:21 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-11-28 13:20:21 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-11-28 13:20:21 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-11-28 13:20:21 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-11-28 13:18:00 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Divinity 2
2009-11-27 11:48:01 ----D---- C:\Programme\Gemeinsame Dateien\BioWare
2009-11-26 12:42:25 ----A---- C:\WINDOWS\system32\mgxoschk.dll
2009-11-26 12:42:12 ----D---- C:\Programme\ALDI Foto Service
2009-11-18 07:23:36 ----D---- C:\Programme\Gemeinsame Dateien\Skype
2009-11-07 18:18:44 ----A---- C:\WINDOWS\jestertb.dll
2009-11-04 13:42:02 ----HD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan

======List of files/folders modified in the last 1 months======

2009-12-03 22:27:31 ----D---- C:\WINDOWS\Prefetch
2009-12-03 22:27:24 ----RD---- C:\Programme
2009-12-03 22:22:16 ----D---- C:\WINDOWS\system32\drivers
2009-12-03 22:22:16 ----D---- C:\WINDOWS\system32
2009-12-03 21:51:20 ----D---- C:\Programme\Mozilla Firefox
2009-12-03 21:18:32 ----D---- C:\WINDOWS\Debug
2009-12-03 21:18:32 ----AD---- C:\WINDOWS
2009-12-03 21:18:31 ----D---- C:\WINDOWS\Temp
2009-12-03 18:00:41 ----A---- C:\WINDOWS\RTacDbg.txt
2009-12-03 10:58:59 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-03 07:23:59 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-11-28 13:26:35 ----D---- C:\Programme\Gemeinsame Dateien
2009-11-28 13:25:04 ----D---- C:\WINDOWS\system32\DirectX
2009-11-28 13:25:03 ----HD---- C:\WINDOWS\inf
2009-11-28 13:20:03 ----RSD---- C:\WINDOWS\assembly
2009-11-28 13:19:30 ----SHD---- C:\WINDOWS\Installer
2009-11-28 13:19:29 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2009-11-28 13:18:46 ----D---- C:\Programme\AGEIA Technologies
2009-11-28 13:00:06 ----HD---- C:\Programme\InstallShield Installation Information
2009-11-28 12:16:37 ----D---- C:\WINDOWS\system32\appmgmt
2009-11-27 19:25:14 ----D---- C:\WINDOWS\system32\config
2009-11-27 12:12:39 ----D---- C:\WINDOWS\WinSxS
2009-11-27 11:04:43 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-18 07:23:48 ----RD---- C:\Programme\Skype
2009-11-18 07:23:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2009-11-16 18:58:45 ----SD---- C:\Dokumente und Einstellungen\domi\Anwendungsdaten\Microsoft
2009-11-08 01:12:03 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DVD Shrink

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-01-13 21035]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-02-19 278728]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-06 55656]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-02-19 25416]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-08-08 104512]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-06-03 3100160]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 167808]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 afnrgccy;afnrgccy; C:\WINDOWS\system32\drivers\afnrgccy.sys []
S3 avmeject;AVM Eject; C:\WINDOWS\system32\drivers\avmeject.sys [2007-01-26 4352]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2007-01-26 265088]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-03-29 47360]
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-06 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-06-03 552960]
R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2007-10-26 1524512]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-02-16 152984]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Programme\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024]
R2 StarWindService;StarWind iSCSI Service; C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-09-21 545568]
R3 ServiceLayer;ServiceLayer; C:\Programme\Nokia\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-06-02 593920]
S2 TwonkyMedia;TwonkyMedia; C:\Programme\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe [2008-10-20 102400]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater; G:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe []
S3 gusvc;Google Updater Service; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

INFO

Zitat:

info.txt logfile of random's system information tool 1.06 2009-12-03 22:27:33

======Uninstall list======

-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Adobe AIR-->C:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->MsiExec.exe /X{9455959E-D588-EFAE-329C-F66CC797F32A}
Adobe Reader 9.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
ALDI Nord Online Druck Service 4.6-->C:\Programme\ALDI Foto Service\ALDI_ODS\Deinstallieren.exe
Alive YouTube Video Converter (version 1.6.2.2)-->"C:\Programme\AliveMedia\YouTube Video Converter\unins000.exe"
AnyDVD-->"C:\Programme\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Programme\SlySoft\AnyDVD"
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->"C:\Programme\AskBarDis\unins000.exe"
Assassin's Creed-->C:\Programme\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0007 -removeonly
ATI - Dienstprogramm zur Deinstallation der Software-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
Baphomets Fluch - Der Engel des Todes-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F41C11EC-7C13-47A7-A07C-251D96EC3879}\setup.exe" -l0x7 -removeonly
Birth of the Federation-->C:\WINDOWS\IsUn0407.exe -fg:\BoF\Uninst.isu
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon iP4200-->C:\WINDOWS\system32\CNMCP78.exe "-PRINTERNAMECanon iP4200" "-HELPERDLLC:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0407.dll"
Canon MP Navigator EX 2.0-->"C:\Programme\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Programme\Canon\MP Navigator EX 2.0\uninst.ini
Canon MP540 series Benutzerregistrierung-->C:\Programme\Canon\IJEREG\MP540 series\UNINST.EXE
Canon MP540 series MP Drivers-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series /L0x0007
Canon PhotoRecord-->MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon Setup Utility 2.0-->"C:\Programme\Canon\Canon Setup Utility 2.0\Maint.exe" /Uninstall C:\Programme\Canon\Canon Setup Utility 2.0\uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Programme\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Programme\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE
Canon Utilities My Printer-->C:\Programme\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Programme\Canon\SolutionMenu\uninst.exe uninst.ini
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
CD-LabelPrint-->"C:\Programme\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Championship Manager 2010 (September Data Patch)-->"C:\Programme\InstallShield Installation Information\{14592A8E-4DA6-4338-A9D5-E16449647EC3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Championship Manager 2010 Data Editor-->"C:\Programme\InstallShield Installation Information\{4FA69A6D-C245-4D80-B0A6-623D8B7C3C51}\setup.exe" -runfromtemp -l0x0009 -removeonly
Championship Manager 2010-->"C:\Programme\InstallShield Installation Information\{5CA7899B-FFEC-4254-A05B-448420831F37}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Cisco Systems VPN Client 5.0.02.0090-->MsiExec.exe /X{871DF2BE-41D2-4334-AC33-839AF16FC8FE}
CloneDVD2-->"C:\Programme\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Programme\Elaborate Bytes\CloneDVD2"
CutePDF Writer 2.7-->C:\Programme\Acro Software\CutePDF Writer\uninscpw.exe
Die Sims™ 3 Reiseabenteuer-->"C:\Programme\InstallShield Installation Information\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}\Sims3EP01Setup.exe" -runfromtemp -l0x0007 -removeonly
Die Sims™ 3-->"C:\Programme\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0007 -removeonly
Divinity II - Ego Draconis-->"G:\Divinity II - Ego Draconis\unins000.exe"
Dragon Age: Origins-->C:\Programme\Gemeinsame Dateien\BioWare\Uninstall Dragon Age.exe
DVD Decrypter (Remove Only)-->"C:\Programme\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Programme\DVD Shrink\unins000.exe"
DVD Suite-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
DVDFab 6.0.5.0 Beta (29/08/2009)-->"C:\Programme\DVDFab 6\unins000.exe"
ElsterFormular 2007/2008-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}\setup.exe" -l0x7 -removeonly
FinePrint-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpinst5.exe /uninstall
Free Video to iPod Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free Video to iPod Converter\unins000.exe"
Free YouTube Downloader Converter-->C:\PROGRA~1\FREEYO~1\UNWISE.EXE C:\PROGRA~1\FREEYO~1\INSTALL.LOG
Free YouTube to Mp3 Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
GIMP 2.6.7-->"C:\Programme\GIMP-2.0\setup\unins000.exe"
Grand Theft Auto IV-->"C:\Programme\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0007 -removeonly
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iClone v2.1 SE-->C:\Programme\InstallShield Installation Information\{580EC579-E476-469F-9EBF-F82D696FC67A}\setup.exe -runfromtemp -l0x0007 -removeonly /remove
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
LIDL Fotoservice-->"C:\Programme\LIDL Fotoservice\unins000.exe"
LucasArts' Star Wars Rebellion-->C:\WINDOWS\unin0407.exe -f"g:\LucasArts\Star Wars Rebellion\DeIsL1.isu"
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 German Language Pack-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 German Language Pack\setup.exe
Microsoft .NET Framework 3.0 German Language Pack-->MsiExec.exe /X{F2A7F421-1679-48D5-B918-96999014ED53}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Mozilla Firefox (3.0.15)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Premium-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
NETGEAR WG111v2 wireless USB 2.0 adapter-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{E0F252A6-DE85-4E93-A93B-DFC3537B3965}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{82427977-8776-4087-90CA-9F65174D3C4D}
Nokia Flashing Cable Driver-->MsiExec.exe /X{A4E0CA0F-1903-440A-9B98-FEA6CB049999}
Nokia Home Media Server-->MsiExec.exe /X{F5A3D2C9-22CF-489B-8B01-F7159D1A7412}
Nokia Map Loader-->MsiExec.exe /I{03528A01-7E5E-4C5F-94DF-1D8012E969EF}
Nokia Music-->MsiExec.exe /I{BEC99D86-1D70-4AB8-8D15-E116392F9B7D}
Nokia Ovi Application Installer 6.85.3011-->msiexec /qn /x {42B74521-4706-412A-9A27-AED12B83E886}
Nokia Ovi Application Installer-->MsiExec.exe /I{42B74521-4706-412A-9A27-AED12B83E886}
Nokia Ovi Content Copier 6.85.3011-->msiexec /qn /x {6442DEDF-AC2F-4CBA-85DE-42E459C5006C}
Nokia Ovi Content Copier-->MsiExec.exe /X{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}
Nokia Ovi One Touch Access 6.85.3011-->msiexec /qn /x {4AE48A64-6C6A-4E5A-95FA-55F5131DECF9}
Nokia Ovi One Touch Access-->MsiExec.exe /I{4AE48A64-6C6A-4E5A-95FA-55F5131DECF9}
Nokia Ovi Suite-->MsiExec.exe /I{B5264B25-8908-49BB-A708-5A70DFBF8094}
Nokia Ovi System Utilities 6.85.3016-->msiexec /qn /x {FF34EA62-92C1-41E6-BA64-B2B7ECB53737}
Nokia Ovi System Utilities-->MsiExec.exe /X{FF34EA62-92C1-41E6-BA64-B2B7ECB53737}
Nokia Photos-->MsiExec.exe /I{D3656CE3-0F62-447F-AEF3-9BF29B6197D9}
Nokia Software Updater-->MsiExec.exe /X{7169FA93-66C2-43BD-86E0-CD332A686B29}
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
PC Connectivity Solution-->MsiExec.exe /I{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}
PhotoNow!-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
Picasa 3-->"C:\Programme\Google\Picasa3\Uninstall.exe"
Power2Go 5.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerBackup-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{ADD5DB49-72CF-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerDirector-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PrintParade Studio-->C:\PROGRA~1\PRINTP~1\UNWISE.EXE C:\PROGRA~1\PRINTP~1\INSTALL.LOG
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Programme\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly
Rockstar Games Social Club-->"C:\Programme\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0007 -removeonly
Sacred 2-->MsiExec.exe /I{1023383E-D9F6-478C-A965-23A4657B3C9A}
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Total Video Converter 3.21 090220-->"C:\Programme\Total Video Converter\unins000.exe"
TwonkyMedia-->C:\Programme\Nokia\Nokia Home Media Server\\Media Server\UninstallTwonkyMedia.exe
Ulead Video ToolBox Basic-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}\setup.exe" -l0x7
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Winamp Remote-->"C:\Programme\Winamp Remote\uninstall.exe"
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation Language Pack (DEU)-->MsiExec.exe /X{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
YouTube Video Converter-->MsiExec.exe /I{52E1698D-8B87-4B79-B609-77C763C3E6D9}

======Security center information======

AV: AntiVir Desktop (disabled) (outdated)

======System event log======

Computer Name: FU7UR3LESS
Event Code: 7036
Message: Dienst "Ati HotKey Poller" befindet sich jetzt im Status "Beendet".

Record Number: 52190
Source Name: Service Control Manager
Time Written: 20091127000534.000000+060
Event Type: Informationen
User:

Computer Name: FU7UR3LESS
Event Code: 7036
Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Beendet".

Record Number: 52189
Source Name: Service Control Manager
Time Written: 20091126235516.000000+060
Event Type: Informationen
User:

Computer Name: FU7UR3LESS
Event Code: 7036
Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Ausgeführt".

Record Number: 52188
Source Name: Service Control Manager
Time Written: 20091126235509.000000+060
Event Type: Informationen
User:

Computer Name: FU7UR3LESS
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "IMAPI-CD-Brenn-COM-Dienste" gesendet.

Record Number: 52187
Source Name: Service Control Manager
Time Written: 20091126235509.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: FU7UR3LESS
Event Code: 4201
Message: Netzwerkadapter "\DEVICE\TCPIP_{74850009-CD88-4D80-B451-7DDF348E8105}" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 52186
Source Name: Tcpip
Time Written: 20091126203119.000000+060
Event Type: Informationen
User:

=====Application event log=====

Computer Name: FU7UR3LESS
Event Code: 1
Message: Nokia M Platform 2.4.124 (NLib 0.8.346)

Nokia M Data Store opened at location "C:\Dokumente und Einstellungen\fu7ur3\Lokale Einstellungen\Anwendungsdaten\Nokia\Nokia Data Store\DataBase\MDataStore.db3"

Record Number: 11411
Source Name: Nokia M Platform
Time Written: 20091113102142.000000+060
Event Type: Informationen
User:

Computer Name: FU7UR3LESS
Event Code: 1
Message: Nokia M Platform 2.4.124 (NLib 0.8.346)

Nokia M Data Store opened at location "c:\dokume~1\fu7ur3\lokale~1\anwend~1\nokia\nokiad~1\DataBase\MDataStore.db3"

Record Number: 11410
Source Name: Nokia M Platform
Time Written: 20091113102142.000000+060
Event Type: Informationen
User:

Computer Name: FU7UR3LESS
Event Code: 1
Message: Nokia M Platform 2.4.124 (NLib 0.8.346)

Nokia M Data Store opened at location "C:\Dokumente und Einstellungen\fu7ur3\Lokale Einstellungen\Anwendungsdaten\Nokia\Nokia Data Store\DataBase\MDataStore.db3"

Record Number: 11409
Source Name: Nokia M Platform
Time Written: 20091113102142.000000+060
Event Type: Informationen
User:

Computer Name: FU7UR3LESS
Event Code: 1
Message: Nokia M Platform 2.4.124 (NLib 0.8.346)

Nokia M Data Store opened at location "C:\Dokumente und Einstellungen\fu7ur3\Lokale Einstellungen\Anwendungsdaten\Nokia\Nokia Data Store\DataBase\MDataStore.db3"

Record Number: 11408
Source Name: Nokia M Platform
Time Written: 20091113102140.000000+060
Event Type: Informationen
User:

Computer Name: FU7UR3LESS
Event Code: 1
Message: Nokia M Platform 2.4.124 (NLib 0.8.346)

NokiaMServer: Started

Record Number: 11407
Source Name: Nokia M Platform
Time Written: 20091113102131.000000+060
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programme\Nokia\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI.ACE\Core-Static;C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG;C:\Programme\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RGSCLauncher"=G:\\Rockstar Games\Rockstar Games Social Club
"RGSC"=G:\\Rockstar Games\Rockstar Games Social Club\1_0_0_0
"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Ich hoffe jemand kann mir helfen, da ich fast am verzweifeln bin, weil der einfach nicht weg geht :(

Hallo und Herzlich Willkommen! :)

dein System vermutlich von einem Rootkit befallen:o
Warnung!:

Zitat:

Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Sicherheitskonzept v. SETI@home/Punkt 1.

Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

- Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe:

1.
ich brauche mehr `Übersicht` bzw Daten über einen längeren Zeitraum - dazu bitte Versteckte - und Systemdateien sichtbar machen::
→ Klicke unter Start auf Arbeitsplatz.
→ Klicke im Menü Extras auf Ordneroptionen.
→ Dateien und Ordner/Erweiterungen bei bekannten Dateitypen ausblenden → Haken entfernen
→ Geschützte und Systemdateien ausblenden → Haken entfernen
→ Versteckte Dateien und Ordner/Alle Dateien und Ordner anzeigen → Haken setzen.
→ Bei "Geschützte Systemdateien ausblenden" darf kein Häkchen sein und "Alle Dateien und Ordner anzeigen" muss aktiviert sein.

2.
Für XP und Win2000 (ansonsten auslassen)
→ lade Dir das filelist.zip auf deinen Desktop herunter
→ entpacke die Zip-Datei auf deinen Desktop
→ starte nun mit einem Doppelklick auf die Datei "filelist.bat" - Dein Editor (Textverarbeitungsprogramm) wird sich öffnen
→ kopiere aus die erzeugten Logfile alle 7 Verzeichnisse ("C\...") usw - aber nur die Einträge der letzten 6 Monate - hier in deinem Thread
** vor jedem Eintrag steht ein Datum, also Einträge, die älter als 6 Monate sind bitte herauslöschen!

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool ccleaner herunter
installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

4.
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

- also lade Dir Gmer herunter und entpacke es auf deinen Desktop
- starte gmer.exe
- [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
- bitte nichts am Pc machen während der Scan läuft!
- "Show all" soll nicht angehakt sein! dann klicke auf "Scan", um das Tool zu starten
- wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
- mit "Ok" wird Gmer beendet.
- das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
** kannst Du das Log bei File-Upload.net/kostenlos hochladen und den Link mir hier posten.

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du:[code]
hier kommt dein Logfile rein
→ dahinter:[/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
Coverflow

Code:

----- Root ----------------------------- 

 Datentr„ger in Laufwerk C: ist Windows

 Volumeseriennummer: F473-F22F
 

 Verzeichnis von C:\
 

05.12.2009  15:36                43 filelist.txt

05.12.2009  13:41     2.145.386.496 pagefile.sys

13.01.2009  11:59           251.712 ntldr

12.01.2009  21:56                 0 CONFIG.SYS

12.01.2009  21:56                 0 MSDOS.SYS

12.01.2009  21:56                 0 IO.SYS

12.01.2009  21:56                 0 AUTOEXEC.BAT

12.01.2009  21:51               211 boot.ini

04.08.2004  13:00            47.564 NTDETECT.COM

04.08.2004  13:00             4.952 bootfont.bin

              10 Datei(en)  2.145.690.978 Bytes

               0 Verzeichnis(se), 31.278.895.104 Bytes frei

----- Windows -------------------------- 

 Datentr„ger in Laufwerk C: ist Windows

 Volumeseriennummer: F473-F22F
 

 Verzeichnis von C:\WINDOWS
 

05.12.2009  15:27             2.564 RTacDbg.txt

05.12.2009  15:27         1.868.054 WindowsUpdate.log

05.12.2009  13:49             2.125 setupapi.log

05.12.2009  13:43                 0 0.log

05.12.2009  13:42               159 wiadebug.log

05.12.2009  13:42                50 wiaservc.log

05.12.2009  13:42             2.048 bootstat.dat

05.12.2009  00:16            32.644 SchedLgU.Txt

27.11.2009  11:04               116 NeroDigital.ini

07.11.2009  18:18            21.504 jestertb.dll

25.10.2009  12:10               552 win.ini
 

---- System 32 (Achtung: Zeitfenster beachten!) --- 

 Datentr„ger in Laufwerk C: ist Windows

 Volumeseriennummer: F473-F22F
 

 Verzeichnis von C:\WINDOWS\system32
 

05.12.2009  13:42             2.206 wpa.dbl

26.10.2009  06:52           292.480 FNTCACHE.DAT

16.09.2009  19:55               216 spupdsvc.inf

16.09.2009  19:53           440.656 perfh009.dat

16.09.2009  19:53           456.964 perfh007.dat

16.09.2009  19:53            70.742 perfc009.dat

16.09.2009  19:53            83.402 perfc007.dat

16.09.2009  19:53         1.020.606 PerfStringBackup.INI

15.09.2009  22:55            25.088 mlfcache.dat

05.09.2009  00:54            69.632 QuickTime.qts

05.09.2009  00:54            94.208 QuickTimeVR.qtx

04.09.2009  17:44           515.416 XAudio2_5.dll

04.09.2009  17:44           238.936 xactengine3_5.dll

04.09.2009  17:44            69.464 XAPOFX1_3.dll

04.09.2009  17:29           453.456 d3dx10_42.dll

04.09.2009  17:29           235.344 d3dx11_42.dll

04.09.2009  17:29         5.501.792 d3dcsx_42.dll

04.09.2009  17:29         1.974.616 D3DCompiler_42.dll

04.09.2009  17:29         1.892.184 D3DX9_42.dll

06.08.2009  18:24           327.896 wucltui.dll

06.08.2009  18:24           209.632 wuweb.dll

06.08.2009  18:24            18.144 wuaueng.dll.mui

06.08.2009  18:24            44.768 wups2.dll

06.08.2009  18:24           217.816 wuaucpl.cpl

06.08.2009  18:24            35.552 wups.dll

06.08.2009  18:24            15.584 wuapi.dll.mui

06.08.2009  18:24            53.472 wuauclt.exe

06.08.2009  18:24            96.480 cdm.dll

06.08.2009  18:24            15.584 wuaucpl.cpl.mui

06.08.2009  18:24            23.264 wucltui.dll.mui

06.08.2009  18:23           575.704 wuapi.dll

06.08.2009  18:23         1.929.952 wuaueng.dll

09.07.2009  11:16         2.060.288 usbaaplrc.dll

23.06.2009  19:03                56 ezsidmv.dat

25.05.2009  13:01            89.256 ElbyCDIO.dll
 

----- Prefetch ------------------------- 

 Datentr„ger in Laufwerk C: ist Windows

 Volumeseriennummer: F473-F22F
 

 Verzeichnis von C:\WINDOWS\Prefetch
 

05.12.2009  15:36            11.092 FIND.EXE-0EC32F1E.pf

05.12.2009  15:36            11.010 CMD.EXE-087B4001.pf

05.12.2009  15:36            36.648 WINRAR.EXE-3588DFE8.pf

05.12.2009  15:36            48.078 AVSCAN.EXE-25724B6E.pf

05.12.2009  15:35            14.488 VERCLSID.EXE-3667BD89.pf

05.12.2009  15:34            85.106 SKYPENAMES.EXE-00E36E08.pf

05.12.2009  15:33            29.056 RUNDLL32.EXE-2E1142B3.pf

05.12.2009  15:27           105.202 FIREFOX.EXE-1D57670A.pf

05.12.2009  15:27            14.540 WINAMPA.EXE-2BDF6A16.pf

05.12.2009  15:27            25.238 FPDISP5A.EXE-109D6FA9.pf

05.12.2009  15:27            46.466 RTHDCPL.EXE-06918CFA.pf

05.12.2009  15:27             6.966 NCLRSSRV.EXE-04B12690.pf

05.12.2009  15:27             9.176 NCLUSBSRV.EXE-0C8FE645.pf

05.12.2009  15:27            77.130 ATI2EVXX.EXE-19D16EB9.pf

05.12.2009  15:27            95.958 EXPLORER.EXE-082F38A9.pf

05.12.2009  15:27           123.222 USERINIT.EXE-30B18140.pf

05.12.2009  15:27             5.438 CLISTART.EXE-025897C5.pf

05.12.2009  15:27            11.560 ALCMTR.EXE-235F9538.pf

05.12.2009  15:17             7.342 JQSNOTIFY.EXE-1E60A522.pf

05.12.2009  13:49            95.038 SERVICELAYER.EXE-1F92E785.pf

05.12.2009  13:49            15.108 NCLINSTALLER.EXE-2F4C1B98.pf

05.12.2009  13:49           109.770 SKYPEPM.EXE-03F1BFBD.pf

05.12.2009  13:49           131.650 WMIPRVSE.EXE-28F301A9.pf

05.12.2009  13:49           149.522 PRESENTATIONFONTCACHE.EXE-1706C4D2.pf

05.12.2009  13:49            36.772 CSC.EXE-01730C27.pf

05.12.2009  13:49            11.100 CVTRES.EXE-2329DCD5.pf

05.12.2009  13:49            45.098 IPODSERVICE.EXE-233792DA.pf

05.12.2009  13:49            54.006 WG111V2.EXE-1BBF507C.pf

05.12.2009  13:48            19.430 VPNGUI.EXE-10986A0F.pf

05.12.2009  13:48            16.118 WMIADAP.EXE-2DF425B2.pf

05.12.2009  13:48            40.420 APPLESYNCNOTIFIER.EXE-0DCBD908.pf

05.12.2009  13:48            57.930 DAEMON.EXE-0281E4E0.pf

05.12.2009  13:48            95.796 ICQ.EXE-15A4C655.pf

05.12.2009  13:48           123.590 RGSC.EXE-09553FF5.pf

05.12.2009  13:48            52.292 MBAM.EXE-11D8BBD8.pf

05.12.2009  13:48            77.782 SKYPE.EXE-21F19BC8.pf

05.12.2009  13:48            27.296 ORBTRAY.EXE-025DD7E9.pf

05.12.2009  13:48            14.474 CTFMON.EXE-0E17969B.pf

05.12.2009  13:48            20.538 GROOVEMONITOR.EXE-27AC1EA0.pf

05.12.2009  13:48            12.584 ITUNESHELPER.EXE-08906EB7.pf

05.12.2009  13:48            70.802 CCC.EXE-1B087988.pf

05.12.2009  13:48            10.024 BJMYPRT.EXE-2D435E4B.pf

05.12.2009  13:48            84.408 RGSCLAUNCHER.EXE-096408F8.pf

05.12.2009  13:48            94.044 MOM.EXE-36B2EDCA.pf

05.12.2009  13:48             9.196 ALCFDRTM.EXE-1A22C94E.pf

05.12.2009  13:48            51.416 AVGNT.EXE-39CD89BF.pf

05.12.2009  13:48            10.420 READER_SL.EXE-2FAFE67A.pf

05.12.2009  13:48            10.262 JUSCHED.EXE-336229D9.pf

05.12.2009  13:48             8.402 QTTASK.EXE-2D7EEF34.pf

05.12.2009  13:48            17.172 WUAUCLT.EXE-399A8E72.pf

05.12.2009  13:48             9.592 CNSLMAIN.EXE-32AB703B.pf

05.12.2009  13:48            65.126 NOKIAMUSIC.EXE-396823AB.pf

05.12.2009  13:48            86.564 IMAPI.EXE-0BF740A4.pf

05.12.2009  13:48             9.286 BJPSMAIN.EXE-13BB334D.pf

05.12.2009  13:48             6.510 NEROCHECK.EXE-092C6DFA.pf

04.12.2009  23:59            42.166 ONENOTEM.EXE-1B134824.pf

04.12.2009  23:23             7.552 LOGON.SCR-151EFAEA.pf

04.12.2009  21:04            57.168 SOFTWAREUPDATE.EXE-1E90DF1F.pf

04.12.2009  21:04            18.524 DLLHOST.EXE-205D880D.pf

04.12.2009  19:32           553.974 Layout.ini

04.12.2009  19:31           120.358 HELPSVC.EXE-2878DDA2.pf

04.12.2009  18:56            70.042 AVNOTIFY.EXE-31D7686A.pf

04.12.2009  18:56            55.838 UPDATE.EXE-3398FCD6.pf

04.12.2009  13:23            16.148 DEFRAG.EXE-273F131E.pf

04.12.2009  13:23            89.118 DFRGNTFS.EXE-269967DF.pf

04.12.2009  11:25            73.962 TS3EP01.EXE-1AA16962.pf

04.12.2009  11:25            93.042 SIMS3LAUNCHER.EXE-046D69CD.pf

04.12.2009  11:25            95.396 SIMS3LAUNCHER.EXE-049333F9.pf

04.12.2009  11:25            27.166 S3LAUNCHER.EXE-3B76C4AA.pf

04.12.2009  10:32            17.756 NOKIAMSERVER.EXE-1060D689.pf

03.12.2009  22:57            66.262 DAORIGINS.EXE-067A39C3.pf

03.12.2009  22:57            72.172 DAORIGINSLAUNCHER.EXE-0DB69642.pf

03.12.2009  22:49             7.856 MBAMGUI.EXE-1E06AB95.pf

03.12.2009  22:27            69.090 NOTEPAD.EXE-336351A9.pf

03.12.2009  22:27            52.702 DOMI.EXE-3ABD1DBA.pf

03.12.2009  22:27            19.290 RSIT.EXE-19BAF3B5.pf

03.12.2009  22:22            11.676 REGEDIT.EXE-1B606482.pf

03.12.2009  22:19            16.266 GUARDGUI.EXE-147E0160.pf

03.12.2009  21:26            16.638 REGSVR32.EXE-25EEFE2F.pf

03.12.2009  21:26            21.612 MBAM-SETUP.TMP-0C2454EA.pf

03.12.2009  21:26            13.948 MBAM-SETUP.EXE-0F9B0906.pf

03.12.2009  21:17            19.040 CCLEANER.EXE-065E2F3F.pf

03.12.2009  21:16            27.246 CCSETUP226.EXE-0DDDD504.pf

03.12.2009  19:57            83.816 IEXPLORE.EXE-2CA9778D.pf

03.12.2009  19:57            27.558 RUNDLL32.EXE-34EC2FFC.pf

03.12.2009  19:45            32.488 RUNDLL32.EXE-39223380.pf

03.12.2009  18:18            73.132 RUNDLL32.EXE-37F9EC55.pf

03.12.2009  18:18             7.114 CNMSE9E.EXE-1AB094D7.pf

03.12.2009  18:18            11.800 RUNDLL32.EXE-451FC2C0.pf

03.12.2009  18:00             3.702 KILLTRAY.EXE-1CB9F0E1.pf

03.12.2009  16:14            29.042 RUNDLL32.EXE-22570581.pf

03.12.2009  16:14             9.570 DW20.EXE-005BA42F.pf

03.12.2009  11:04            21.856 JAVAWS.EXE-1714DD62.pf

03.12.2009  11:04            81.658 JAVAW.EXE-0159D575.pf

02.12.2009  19:23            19.288 RUNDLL32.EXE-12E27DD0.pf

02.12.2009  07:32            56.912 ADOBE_UPDATER.EXE-059F58EC.pf

01.12.2009  20:09            65.360 WINWORD.EXE-0B995611.pf

01.12.2009  19:58            27.314 RUNDLL32.EXE-1C30D140.pf

01.12.2009  19:40            29.262 RUNDLL32.EXE-47B0F4B7.pf

01.12.2009  18:59            12.334 CALC.EXE-02CD573A.pf

01.12.2009  18:10            61.956 JAVA.EXE-2167859B.pf

30.11.2009  19:07            30.072 DRWTSN32.EXE-2B4B52AC.pf

30.11.2009  19:07            37.856 DWWIN.EXE-30875ADC.pf

30.11.2009  16:57            27.492 RUNDLL32.EXE-338046A1.pf

29.11.2009  22:48            27.314 RUNDLL32.EXE-3552D6F1.pf

29.11.2009  22:41            30.902 RUNDLL32.EXE-466CC8F9.pf

29.11.2009  20:01            57.542 DIVINITY2.EXE-17297791.pf

29.07.2009  09:22                 0 RUNDLL32.EXE-14206DDC.pf

29.07.2009  09:22                 0 CONTROL.EXE-013DBFB5.pf

29.07.2009  09:21                 0 CLEANMGR.EXE-1F86EA8E.pf

20.07.2009  11:14            30.228 AVWSC.EXE-3AC95876.pf

112 Datei(en)      6.468.744 Bytes

               0 Verzeichnis(se), 31.278.759.936 Bytes frei
 

----- Tasks ---------------------------- 

 Datentr„ger in Laufwerk C: ist Windows

 Volumeseriennummer: F473-F22F
 

 Verzeichnis von C:\WINDOWS\tasks
 

05.12.2009  13:42                 6 SA.DAT

04.12.2009  21:04               276 AppleSoftwareUpdate.job
 

             3 Datei(en)            347 Bytes

               0 Verzeichnis(se), 31.278.759.936 Bytes frei
 

----- Windows/Temp ----------------------- 

 Datentr„ger in Laufwerk C: ist Windows

 Volumeseriennummer: F473-F22F
 

 Verzeichnis von C:\WINDOWS\Temp
 

05.12.2009  13:42            16.384 Perflib_Perfdata_10c.dat

08.09.2009  18:48           118.315 dneinst.log

27.06.2009  18:04            16.320 wudf_update.log

05.05.2009  15:16             1.536 NEventMessages.dll

05.05.2009  15:08               678 MSIa87d6.LOG
 
 
 

              19 Datei(en)      4.880.281 Bytes

               0 Verzeichnis(se), 31.278.755.840 Bytes frei
 
 

---- Temp ----------------------------- 

 Datentr„ger in Laufwerk C: ist Windows

 Volumeseriennummer: F473-F22F
 

 Verzeichnis von C:\DOKUME~1\domi\LOKALE~1\Temp
 

05.12.2009  15:35                 0 etilqs_WmXDpXQmKDFeXzATSuvR

05.12.2009  15:32           946.021 jusched.log

05.12.2009  15:27                 0 JET8663.tmp

29.11.2009  19:49            34.374 java_install_reg.log

24.11.2009  20:40               906 jar_cache5127163183663177319.tmp

24.11.2009  20:39                58 jar_cache3200178458103189064.tmp

24.11.2009  20:39               639 jar_cache171078256269368885.tmp

24.11.2009  20:39               217 jar_cache7315432807220914633.tmp

24.11.2009  20:39               907 jar_cache469225876291781426.tmp

24.11.2009  20:39             2.090 jar_cache7454447625791542448.tmp

24.11.2009  20:39             2.072 jar_cache3987063536171395487.tmp

24.11.2009  20:39             1.007 jar_cache5738944478721000693.tmp

19.11.2009  21:28               931 jinstall.cfg

16.11.2009  18:58                62 OneNote_MigrationLog.txt

16.11.2009  18:58            12.112 {7F0572C6-49E2-49CF-8F18-B7660EF8C01E}

15.11.2009  15:20            12.818 control.xml

05.11.2009  06:56            16.384 ~DFE1D3.tmp

04.11.2009  07:13            16.384 ~DFE493.tmp

03.11.2009  18:11            16.384 ~DF2DC5.tmp

02.11.2009  07:04            16.384 ~DFD763.tmp

01.11.2009  11:34            16.384 ~DF717D.tmp

30.10.2009  07:09            16.384 ~DF3D75.tmp

29.10.2009  18:46            16.384 ~DF9894.tmp

29.10.2009  07:11            16.384 ~DF9A02.tmp

27.10.2009  18:40            16.384 ~DFA6C7.tmp

27.10.2009  16:56            16.384 ~DF68D9.tmp

27.10.2009  07:10            16.384 ~DFCA78.tmp

26.10.2009  16:16            16.384 ~DFAF68.tmp

25.10.2009  12:20           129.562 SetupExe(20091025120118CE0).log

25.10.2009  11:34            16.384 ~DFA057.tmp

25.10.2009  10:29           383.804 WT16.tmp

25.10.2009  10:29           367.112 WT15.tmp

25.10.2009  00:18            16.384 ~DF6F19.tmp

23.10.2009  06:09            16.384 ~DFCAED.tmp

22.10.2009  20:55            16.384 ~DF5B5E.tmp

22.10.2009  15:44            16.384 ~DFA9DF.tmp

22.10.2009  14:07            16.384 ~DFC64E.tmp

21.10.2009  15:56            16.384 ~DF30CD.tmp

21.10.2009  05:03            16.384 ~DFFF7B.tmp

20.10.2009  06:08            16.384 ~DF55C4.tmp

19.10.2009  06:09            16.384 ~DFB228.tmp

17.10.2009  12:02                58 jar_cache1275175899325810578.tmp

17.10.2009  12:02               217 jar_cache3298976233374009330.tmp

17.10.2009  12:02               906 jar_cache4413306113105081085.tmp

17.10.2009  12:02               639 jar_cache2294502355142730792.tmp

17.10.2009  12:02             1.007 jar_cache5194103968802860725.tmp

17.10.2009  12:02             2.090 jar_cache5924811299361547421.tmp

17.10.2009  12:02             2.072 jar_cache8282463158630008212.tmp

16.10.2009  06:13            16.384 ~DFB103.tmp

14.10.2009  15:40            16.384 ~DF4E14.tmp

14.10.2009  15:22             8.989 au-descriptor-1.6.0_15-b71.xml

09.10.2009  20:31            16.384 ~DF5D2F.tmp

09.10.2009  06:11            16.384 ~DF3940.tmp

08.10.2009  06:14            16.384 ~DF6D4B.tmp

07.10.2009  14:51            16.384 ~DF36E9.tmp

07.10.2009  06:10            16.384 ~DFE634.tmp

07.10.2009  06:03            32.768 RMS9.tmp

07.10.2009  06:03            32.768 RMS8.tmp

06.10.2009  20:21            16.384 ~DF2D79.tmp

06.10.2009  15:33            16.384 ~DF4B70.tmp

06.10.2009  06:13            16.384 ~DF4FEE.tmp

05.10.2009  19:55            16.384 ~DFC906.tmp

05.10.2009  15:53            16.384 ~DFECB7.tmp

04.10.2009  21:45            16.384 ~DFD6EC.tmp

04.10.2009  19:19            16.384 ~DF8597.tmp

04.10.2009  12:19            16.384 ~DFF80B.tmp

04.10.2009  11:42            16.384 ~DF6633.tmp

04.10.2009  11:32            16.384 ~DF8350.tmp

04.10.2009  09:38            16.384 ~DF83F3.tmp

03.10.2009  22:30            16.384 ~DFF45A.tmp

01.10.2009  06:16            16.384 ~DF3ED8.tmp

30.09.2009  06:15            16.384 ~DF1C3D.tmp

29.09.2009  18:35           798.234 IMTD4.xml

29.09.2009  18:35               426 IMTD3.xml

29.09.2009  18:35             2.036 IMTD2.xml

29.09.2009  18:00            16.384 ~DF45EB.tmp

29.09.2009  06:15            16.384 ~DFB14C.tmp

26.09.2009  21:51            16.384 ~DF1916.tmp

25.09.2009  06:16            16.384 ~DF8264.tmp

24.09.2009  17:39            16.384 ~DFCA39.tmp

24.09.2009  06:09            16.384 ~DF945.tmp

23.09.2009  06:16            16.384 ~DF1D56.tmp

22.09.2009  18:36            32.768 RMS75.tmp

22.09.2009  18:36            32.768 RMS74.tmp

22.09.2009  06:15            16.384 ~DF911E.tmp

21.09.2009  06:10            16.384 ~DF6F3D.tmp

17.09.2009  17:21            16.384 ~DF7559.tmp

17.09.2009  06:24            65.536 drm_dialogs.dll

17.09.2009  06:24           204.800 drm_dyndata_7400009.dll

16.09.2009  20:18           204.800 drm_dyndata_7400006.dll

16.09.2009  19:59           347.758 dd_dotnetfx35install.txt

16.09.2009  19:59            88.918 uxeventlog.txt

16.09.2009  19:59           237.700 dd_depcheck_NETFX_EXP_35.txt

16.09.2009  19:59           204.002 dd_dotnetfx35install_lp.txt

16.09.2009  19:59            21.556 dd_XPS_LP.txt

16.09.2009  19:59           471.590 dd_NET_Framework35_LangPack_MSI527D.txt

16.09.2009  19:58         1.230.354 dd_NET_Framework_30LP_Agile_Setup520E.txt

16.09.2009  19:58         2.076.832 dd_NET_Framework_20LP_Agile_Setup5168.txt

16.09.2009  19:57                 2 dd_dotnetfx35error_lp.txt

16.09.2009  19:57         1.438.312 dd_NET_Framework35_MSI50E2.txt

16.09.2009  19:56         3.962.350 dd_NET_Framework30_Setup4FE0.txt

16.09.2009  19:56             4.841 dd_wcf_retCA754F.txt

16.09.2009  19:55            26.272 dd_XPS.txt

16.09.2009  19:54        22.651.152 dd_NET_Framework20_Setup4CC3.txt

16.09.2009  19:53             5.158 ASPNETSetup_00002.log

16.09.2009  19:51             8.740 dd_clwireg.txt

16.09.2009  19:49                 2 dd_dotnetfx35error.txt

11.09.2009  06:27            16.384 ~DF233A.tmp

06.09.2009  11:00            32.768 RMS6.tmp

06.09.2009  11:00            32.768 RMS7.tmp

05.09.2009  20:51            16.384 ~DF49AE.tmp

03.09.2009  00:25           383.804 WT96.tmp

03.09.2009  00:25           367.112 WT95.tmp

31.08.2009  15:36            16.384 ~DFFF0.tmp

28.08.2009  22:32            16.384 ~DFDC22.tmp

26.08.2009  19:36           721.408 2009-08 - Gus-Movies.xls

26.08.2009  15:45            16.384 ~DF9E75.tmp

24.08.2009  20:49            16.384 ~DF82E2.tmp

14.08.2009  19:03           737.280 ~DFD6B4.tmp

09.08.2009  13:29           737.280 ~DFDF80.tmp

04.08.2009  08:58            16.384 ~DF6313.tmp

01.08.2009  11:02            16.384 ~DF9E0.tmp

29.07.2009  09:22               124 dw.log

29.07.2009  08:27            16.384 ~DFCBE6.tmp

21.07.2009  07:35            16.384 ~DF4679.tmp

20.07.2009  08:43             9.665 1.6.0_13-b82.xml

15.07.2009  20:29           208.896 drm_dyndata_7370012.dll

15.07.2009  11:14            16.384 ~DF456B.tmp

13.07.2009  22:45            16.384 ~DFED18.tmp

10.07.2009  11:03            16.384 ~DF3281.tmp

05.07.2009  21:12            16.384 ~DF129D.tmp

05.07.2009  12:01            16.384 ~DF46D1.tmp

04.07.2009  09:02            16.384 ~DFD881.tmp

03.07.2009  06:33            16.384 ~DF79C2.tmp

02.07.2009  04:18            16.384 ~DFE630.tmp

30.06.2009  12:30            16.384 ~DF3639.tmp

29.06.2009  19:44            16.384 ~DF5E6A.tmp

27.06.2009  17:02         2.303.814 V_ LAUE_ Broken Windows und das New Yorker Modell, in_ Rossner et al._ Dusseldorfer Gutachten, 2002, S. 355-379..pdf

27.06.2009  16:59           127.921 O_ WILSON_ KELLING_ Broken Windows, in_ The Atlantic Quarterly 1982.pdf

27.06.2009  16:42           153.793 Prasentation.pdf

27.06.2009  14:25            16.384 ~DF862A.tmp

25.06.2009  19:39            16.384 ~DFDB09.tmp

23.06.2009  10:07            15.717 jar_cache4126800538517288013.tmp

23.06.2009  10:07            83.267 jar_cache8538519378549481362.tmp

23.06.2009  10:07            58.805 jar_cache1734695384796025247.tmp

15.06.2009  09:10             9.635 jupdate_d6597326

02.06.2009  10:04             9.635 1.6.0_13-b93.xml

26.05.2009  20:23             5.728 jar_cache8817680780477975142.tmp

15.05.2009  11:09           204.800 drm_dyndata_7380014.dll

08.05.2009  14:47            65.536 ~DFD73.tmp

08.05.2009  14:42            65.536 ~DF63BB.tmp

06.05.2009  15:55            65.536 ~DF293E.tmp

06.05.2009  15:04            65.536 ~DF2FF2.tmp

05.05.2009  15:08             1.615 NclRegPermissions(3).log

05.05.2009  15:01             7.978 NclRegPermissions(2).log

05.05.2009  15:01             2.331 NclRegPermissions(1).log

05.05.2009  14:59             1.536 NEventMessages.dll

05.05.2009  13:43           204.800 drm_dyndata_7390004.dll

01.05.2009  19:01            15.717 jar_cache2799270709570302139.tmp

01.05.2009  19:01            83.267 jar_cache4069761119175905930.tmp

01.05.2009  19:01            58.805 jar_cache8307672077535013458.tmp
 

382 Datei(en)     61.508.914 Bytes

               0 Verzeichnis(se), 31.278.718.976 Bytes frei

CCleaner:

Code:

                                            1.9.5.3105

Adobe AIR        Adobe Systems Inc.        1.5.1.8210

Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        10.0.12.36

Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        10.0.32.18

Adobe Media Player        Adobe Systems Incorporated        1.6

Adobe Reader 9.1.2 - Deutsch        Adobe Systems Incorporated        9.1.2

ALDI Nord Online Druck Service 4.6        ORWO Net        4.6

Alive YouTube Video Converter (version 1.6.2.2)        AliveMedia, Inc.        

AnyDVD        SlySoft        

Apple Application Support        Apple Inc.        1.0

Apple Mobile Device Support        Apple Inc.        2.6.0.32

Apple Software Update        Apple Inc.        2.1.1.116

Ask Toolbar        Ask.com        4.1.0.2

Assassin's Creed        Ubisoft        1.02

ATI - Dienstprogramm zur Deinstallation der Software                6.14.10.1022

ATI AVIVO Codecs        ATI Technologies Inc.        9.15.0.20713

ATI Catalyst Control Center                2.008.0602.2242

ATI Display Driver                8.501-080602a-064785C-ATI

Avira AntiVir Personal - Free Antivirus        Avira GmbH        

Baphomets Fluch - Der Engel des Todes        THQ        1.00.0000

Birth of the Federation                

Bonjour        Apple Inc.        1.0.106

Canon iP4200                

Canon MP Navigator EX 2.0                

Canon MP540 series Benutzerregistrierung                

Canon MP540 series MP Drivers                

Canon PhotoRecord        Cisra        02.02.03002

Canon Setup Utility 2.0                

Canon Utilities Easy-PhotoPrint                

Canon Utilities Easy-PhotoPrint EX                

Canon Utilities Easy-PrintToolBox                

Canon Utilities My Printer                

Canon Utilities Solution Menu                

CCleaner        Piriform        

CD-LabelPrint                

Championship Manager 2010        Eidos        10.0.1

Championship Manager 2010 (September Data Patch)        Eidos        10.0.0000

Championship Manager 2010 Data Editor        Eidos        1.00.0000

Cisco Systems VPN Client 5.0.02.0090        Cisco Systems, Inc.        5.0.2

CloneDVD2        Elaborate Bytes        

CutePDF Writer 2.7                

Die Sims™ 3        Electronic Arts        1.7.9

Die Sims™ 3 Reiseabenteuer        Electronic Arts        2.0.86

Divinity II - Ego Draconis        dtp        

Dragon Age: Origins        Electronic Arts, Inc.        1.01

DVD Decrypter (Remove Only)                

DVD Shrink 3.2        DVD Shrink        

DVD Suite        CyberLink Corporation        5.0.2103

DVDFab 6.0.5.0 Beta (29/08/2009)        Fengtao Software Inc.        

ElsterFormular 2007/2008        Steuerverwaltung des Bundes und der Länder        9.5.1.0

FinePrint                

Free Video to iPod Converter version 3.1        DVDVideoSoft Limited.        

Free YouTube Downloader Converter                

Free YouTube to Mp3 Converter version 3.1        DVDVideoSoft Limited.        

GIMP 2.6.7                

Grand Theft Auto IV        Rockstar Games        1.00.0000

High Definition Audio Driver Package - KB888111        Microsoft Corporation        20040219.000000

HijackThis 2.0.2        TrendMicro        2.0.2

iClone v2.1 SE        Reallusion Inc.        2.1

ICQ6.5        ICQ        6.5

Image Resizer Powertoy for Windows XP        Microsoft Corporation        1.00.0001

IrfanView (remove only)                

iTunes        Apple Inc.        9.0.1.8

Java(TM) 6 Update 12        Sun Microsystems, Inc.        6.0.120

LIDL Fotoservice                

LucasArts' Star Wars Rebellion                

Malwarebytes' Anti-Malware        Malwarebytes Corporation        

Microsoft .NET Framework 2.0 Service Pack 2        Microsoft Corporation        2.2.30729

Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU        Microsoft Corporation        2.2.30729

Microsoft .NET Framework 3.0 German Language Pack        Microsoft Corporation        

Microsoft .NET Framework 3.0 Service Pack 2        Microsoft Corporation        3.2.30729

Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU        Microsoft Corporation        3.2.30729

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        

Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        

Microsoft Games for Windows - LIVE         Microsoft Corporation        2.0.675.0

Microsoft Games for Windows - LIVE Redistributable        Microsoft Corporation        2.0.673.0

Microsoft Office Enterprise 2007        Microsoft Corporation        12.0.6425.1000

Microsoft User-Mode Driver Framework Feature Pack 1.5        Microsoft Corporation        

Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        8.0.59193

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        9.0.30729

Microsoft WSE 3.0 Runtime        Microsoft Corp.        3.0.5305.0

MobileMe Control Panel        Apple Inc.        2.6.0.29

Mozilla Firefox (3.0.15)        Mozilla        3.0.15 (de)

MSXML 6.0 Parser (KB933579)        Microsoft Corporation        6.10.1200.0

Nero 7 Premium        Nero AG        7.00.0087

NETGEAR WG111v2 wireless USB 2.0 adapter        Ihr Firmenname        1.00.2012

Nokia Connectivity Cable Driver        Nokia        7.1.16.0

Nokia Flashing Cable Driver        Nokia        8.6.0.2

Nokia Home Media Server        Nokia        1.0.38

Nokia Map Loader        Nokia        1.3.12

Nokia Music        Nokia Music        1.2.20226

Nokia Ovi Application Installer 6.85.3011        Nokia        

Nokia Ovi Content Copier 6.85.3011        Nokia        

Nokia Ovi One Touch Access 6.85.3011        Nokia        

Nokia Ovi Suite        Nokia        3.1.311

Nokia Ovi System Utilities 6.85.3016        Nokia        

Nokia Photos        Nokia        1.6.145

Nokia Software Updater        Nokia Corporation        01.06.011.38351

NVIDIA PhysX        NVIDIA Corporation        9.09.0428

PC Connectivity Solution        Nokia        9.13.1.0

PhotoNow!        CyberLink Corp.        1.0.4310

Picasa 3        Google, Inc.        3.1

Power2Go 5.0                

PowerBackup        CyberLink Corporation        2.5.3327

PowerDirector        CyberLink Corp.        5.0.2730b

PowerProducer        CyberLink Corp.        072109

PrintParade Studio                

QuickTime        Apple Inc.        7.64.17.73

REALTEK GbE & FE Ethernet PCI NIC Driver        Realtek        1.08.0000

Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        5.10.0.5397

Rockstar Games Social Club        Rockstar Games        1.00.0000

Sacred 2        Ascaron Entertainment        2.0.2.0

Safari        Apple Inc.        4.31.9.1

Skype web features        Skype Technologies S.A.        1.0.3971

Skype™ 4.1        Skype Technologies S.A.        4.1.179

Spelling Dictionaries Support For Adobe Reader 9        Adobe Systems Incorporated        9.0.0

Total Video Converter 3.21 090220        EffectMatrix Inc.        

TwonkyMedia        Twonkyvison        0.4.24.0

Ulead Video ToolBox Basic        Ulead System        2.0

Uninstall 1.0.0.1                

Winamp        Nullsoft, Inc        5.541 

Winamp Remote        Orb Networks        2.2008.0508.1530

Windows Media Format 11 runtime                

Windows Media Player Firefox Plugin        Microsoft Corp        1.0.0.8

Windows XP Service Pack 3        Microsoft Corporation        20080414.031514

Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)        Nokia        08/22/2008 7.0.0.0

WinRAR Archivierer                

YouTube Video Converter        Magic        2.20.0000

Gmer lässt sich bei mir nicht starten.

Wenn ich die exe starte, dann bricht er immer ab und es kommt das typische "Problimbericht" senden, was Windows immer macht.

Also:

gmer.exe hat ein Problem festgestellt und muss beendet werden.

hi

1.
Deinstalliere unter `Start→ Systemsteuereung→ Ändern/Entfernen...`

Code:

Ask Toolbar

2.
Bitte unbedingt alle vorhandenen externen Laufwerke inkl. evtl. vorhandener USB-Sticks an den Rechner anschließen, aber dabei die Shift-Taste gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird.
Den kompletten Rechner (also das ganze System) zu überprüfen (Systemprüfung ohne Säuberung) mit Kaspersky Online Scanner - wähle hier "My computer" aus und das Logergebnis speichern "Save as" dann posten
Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben

Hab Kaspersky durchgeführt, hier die log:

Code:

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

 Sunday, December 6, 2009

 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

 Kaspersky Online Scanner version: 7.0.26.13

 Last database update: Sunday, December 06, 2009 09:41:36

 Records in database: 3335647

--------------------------------------------------------------------------------
 

Scan settings:

        scan using the following database: extended

        Scan archives: yes

        Scan e-mail databases: yes
 

Scan area - My Computer:

        A:\

        C:\

        D:\

        E:\

        F:\

        G:\

        H:\

        I:\

        J:\

        K:\

        M:\
 

Scan statistics:

        Objects scanned: 132897

        Threats found: 2

        Infected objects found: 3

        Suspicious objects found: 0

        Scan duration: 02:32:36
 
 

File name / Threat / Threats count

H:\Stefanie\pantsoff.exe        Infected: not-a-virus:PSWTool.Win32.Finder.d        1

I:\FIFA 09\1_bundesliga_flaggen_patch.exe        Infected: not-a-virus:RiskTool.Win32.HideWindows        1

I:\FIFA 09\1_bundesliga_flaggen_patch.rar        Infected: not-a-virus:RiskTool.Win32.HideWindows        1
 

Selected area has been scanned.

Da hat er nun nicht wirklich was gefunden, komisch oder?

gmer funktioniert immer noch nicht, auch merkwürdig.

Übrigens danke für deine Hilfe bisher, das hab ich ja noch nicht gesagt:)

Zitat:

Zitat von domi0815 (Beitrag 485351)

Da hat er nun nicht wirklich was gefunden, komisch oder?

die sind programme, die generell in sich eine gewisse Risiko tragen - aufgrund der Art der Daten und Programme: Skript zur Ausführung bösartigen Aktivitäten,die anfälligkeit gegen Angriffe, Sicherheitslücke etc = *Potentiell gefährliche Programme (Riskware)* -also sind nicht direkt böse
Potentiell gefährliche Anwendungen (Riskware): Solche Programme verfügen nicht über schädliche Funktionen, können aber unter bestimmten Umständen von Angreifern als Hilfskomponenten eines schädlichen Programms verwendet werden, weil sie Schwachstellen und Fehler enthalten. Unter bestimmten Umständen entsteht durch das Vorhandensein solcher Programme auf dem Computer ein Sicherheitsrisiko für Ihre Daten. Zu dieser Kategorie zählen beispielsweise bestimmte Dienstprogramme zur entfernten Administration, Programme zum automatischen Umschalten der Tastaturbelegung, IRC-Clients, FTP-Server, unterschiedliche Dienstprogramme zum Erstellen oder zum Verstecken von Prozessen.

*
Lade und installiere das Tool RootRepeal herunter

- setze einen Hacken bei: "Drivers", "Stealth Objects" und "Hidden Services" dann klick auf "OK"
- nach der Scan, klick auf "Save Report"
- speichere das Logfile als RootRepeal.txt auf dem Desktop und Kopiere den Inhalt hier in den Thread

Hab die drei Sachen gescant.

Hier ist die log:

Code:

ROOTREPEAL (c) AD, 2007-2009

==================================================

Scan Start Time:                2009/12/07 19:44

Program Version:                Version 1.3.5.0

Windows Version:                Windows XP SP3

==================================================
 

Drivers

-------------------

Name:          

Image Path:          

Address: 0xB9DCB000        Size: 98304        File Visible: No        Signed: -

Status: -
 

Name:          

Image Path:          

Address: 0x00000000        Size: 0        File Visible: No        Signed: -

Status: -
 

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xACD2E000        Size: 98304        File Visible: No        Signed: -

Status: -
 

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xBA622000        Size: 8192        File Visible: No        Signed: -

Status: -
 

Name: PCI_PNP4990

Image Path: \Driver\PCI_PNP4990

Address: 0x00000000        Size: 0        File Visible: No        Signed: -

Status: -
 

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xA95B7000        Size: 49152        File Visible: No        Signed: -

Status: -
 

Name: spiy.sys

Image Path: spiy.sys

Address: 0xB9EA7000        Size: 1048576        File Visible: No        Signed: -

Status: -
 

Name: sptd

Image Path: \Driver\sptd

Address: 0x00000000        Size: 0        File Visible: No        Signed: -

Status: -
 

Stealth Objects

-------------------

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]

Process: System        Address: 0x8a6961f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]

Process: System        Address: 0x8a6961f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]

Process: System        Address: 0x8a6961f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]

Process: System        Address: 0x8a6961f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]

Process: System        Address: 0x8a6961f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]

Process: System        Address: 0x8a6961f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]

Process: System        Address: 0x8a6961f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]

Process: System        Address: 0x8a6961f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]

Process: System        Address: 0x8a6961f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System        Address: 0x8a6961f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System        Address: 0x8a6961f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]

Process: System        Address: 0x8a6961f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System        Address: 0x8a6961f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x8a6961f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]

Process: System        Address: 0x8a6961f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]

Process: System        Address: 0x8a6961f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]

Process: System        Address: 0x8a6961f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]

Process: System        Address: 0x8a6961f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]

Process: System        Address: 0x8a6961f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]

Process: System        Address: 0x8a6961f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]

Process: System        Address: 0x8a6961f8        Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]

Process: System        Address: 0x8a6961f8        Size: 121
 

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_CREATE]

Process: System        Address: 0x8974f1f8        Size: 121
 

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_CLOSE]

Process: System        Address: 0x8974f1f8        Size: 121
 

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_READ]

Process: System        Address: 0x8a2bd638        Size: 11
 

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_WRITE]

Process: System        Address: 0x8974f1f8        Size: 121
 

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_QUERY_INFORMATION]

Process: System        Address: 0x8974f1f8        Size: 121
 

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_SET_INFORMATION]

Process: System        Address: 0x8974f1f8        Size: 121
 

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System        Address: 0x8974f1f8        Size: 121
 

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_DIRECTORY_CONTROL]

Process: System        Address: 0x8974f1f8        Size: 121
 

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System        Address: 0x8974f1f8        Size: 121
 

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x8974f1f8        Size: 121
 

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_LOCK_CONTROL]

Process: System        Address: 0x8974f1f8        Size: 121
 

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_CLEANUP]

Process: System        Address: 0x8974f1f8        Size: 121
 

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_PNP]

Process: System        Address: 0x8974f1f8        Size: 121
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]

Process: System        Address: 0x8a49c8e8        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_READ]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]

Process: System        Address: 0x8a2e4820        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_CREATE]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_CREATE_NAMED_PIPE]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_CLOSE]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_READ]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_WRITE]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_QUERY_INFORMATION]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_SET_INFORMATION]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_QUERY_EA]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_SET_EA]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_FLUSH_BUFFERS]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_DIRECTORY_CONTROL]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_SHUTDOWN]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_LOCK_CONTROL]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_CLEANUP]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_CREATE_MAILSLOT]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_QUERY_SECURITY]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_SET_SECURITY]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_POWER]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_DEVICE_CHANGE]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_QUERY_QUOTA]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_SET_QUOTA]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_PNP]

Process: System        Address: 0x89c5cf00        Size: 99
 

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]

Process: System        Address: 0x8a6981f8        Size: 121
 

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]

Process: System        Address: 0x8a6981f8        Size: 121
 

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]

Process: System        Address: 0x8a6981f8        Size: 121
 

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]

Process: System        Address: 0x8a6981f8        Size: 121
 

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]

Process: System        Address: 0x8a6981f8        Size: 121
 

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x8a6981f8        Size: 121
 

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x8a6981f8        Size: 121
 

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]

Process: System        Address: 0x8a6981f8        Size: 121
 

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]

Process: System        Address: 0x8a6981f8        Size: 121
 

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x8a6981f8        Size: 121
 

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]

Process: System        Address: 0x8a6981f8        Size: 121
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]

Process: System        Address: 0x8a4581f8        Size: 121
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]

Process: System        Address: 0x8a4581f8        Size: 121
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x8a4581f8        Size: 121
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x8a4581f8        Size: 121
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]

Process: System        Address: 0x8a4581f8        Size: 121
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x8a4581f8        Size: 121
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]

Process: System        Address: 0x8a4581f8        Size: 121
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]

Process: System        Address: 0x8a70a1f8        Size: 121
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]

Process: System        Address: 0x8a70a1f8        Size: 121
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]

Process: System        Address: 0x8a70a1f8        Size: 121
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]

Process: System        Address: 0x8a70a1f8        Size: 121
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x8a70a1f8        Size: 121
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x8a70a1f8        Size: 121
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]

Process: System        Address: 0x8a70a1f8        Size: 121
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]

Process: System        Address: 0x8a70a1f8        Size: 121
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]

Process: System        Address: 0x8a70a1f8        Size: 121
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x8a70a1f8        Size: 121
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]

Process: System        Address: 0x8a70a1f8        Size: 121
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE_NAMED_PIPE]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_CLOSE]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_READ]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_WRITE]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_INFORMATION]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_INFORMATION]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_EA]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_EA]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_FLUSH_BUFFERS]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_DIRECTORY_CONTROL]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_SHUTDOWN]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_LOCK_CONTROL]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_CLEANUP]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE_MAILSLOT]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_SECURITY]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_SECURITY]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_POWER]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_DEVICE_CHANGE]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_QUOTA]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_QUOTA]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: vax347s, IRP_MJ_PNP]

Process: System        Address: 0x8a1e2a80        Size: 99
 

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]

Process: System        Address: 0x899d01f8        Size: 121
 

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]

Process: System        Address: 0x899d01f8        Size: 121
 

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x899d01f8        Size: 121
 

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x899d01f8        Size: 121
 

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]

Process: System        Address: 0x899d01f8        Size: 121
 

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]

Process: System        Address: 0x899d01f8        Size: 121
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]

Process: System        Address: 0x8a3e71f8        Size: 121
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]

Process: System        Address: 0x8a3e71f8        Size: 121
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x8a3e71f8        Size: 121
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x8a3e71f8        Size: 121
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]

Process: System        Address: 0x8a3e71f8        Size: 121
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x8a3e71f8        Size: 121
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]

Process: System        Address: 0x8a3e71f8        Size: 121
 

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]

Process: System        Address: 0x8a4acfb0        Size: 11
 

Object: Hidden Code [Driver: Srv, IRP_MJ_READ]

Process: System        Address: 0x8a5ea468        Size: 11
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]

Process: System        Address: 0x8a5b5ac0        Size: 11
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]

Process: System        Address: 0x899651f8        Size: 121
 

Object: Hidden Code [Driver: NpfsЅఉ敓, IRP_MJ_READ]

Process: System        Address: 0x8a662660        Size: 11
 

Object: Hidden Code [Driver: Msfsȅ扏煓Ш�Ȃఊ祓ジ, IRP_MJ_READ]

Process: System        Address: 0x8a49a178        Size: 11
 

Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]

Process: System        Address: 0x8a48eba0        Size: 11
 

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_CREATE]

Process: System        Address: 0x897501f8        Size: 121
 

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_CLOSE]

Process: System        Address: 0x897501f8        Size: 121
 

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_READ]

Process: System        Address: 0x8a464178        Size: 11
 

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_QUERY_INFORMATION]

Process: System        Address: 0x897501f8        Size: 121
 

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_SET_INFORMATION]

Process: System        Address: 0x897501f8        Size: 121
 

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System        Address: 0x897501f8        Size: 121
 

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_DIRECTORY_CONTROL]

Process: System        Address: 0x897501f8        Size: 121
 

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System        Address: 0x897501f8        Size: 121
 

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x897501f8        Size: 121
 

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_SHUTDOWN]

Process: System        Address: 0x897501f8        Size: 121
 

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_LOCK_CONTROL]

Process: System        Address: 0x897501f8        Size: 121
 

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_CLEANUP]

Process: System        Address: 0x897501f8        Size: 121
 

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_PNP]

Process: System        Address: 0x897501f8        Size: 121
 

==EOF==

hi

1.
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
**Lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind,nicht löschbar.

`Start → ausführen` "cleanmgr" reinschreiben (ohne "") → "ok" - die Temporary Files, Temporary Internet Files, und der Papierkorb (Recycle Bin) müssen geleert werden→ "Ok"
`Start → ausführen` → %temp% reinschreiben (ohne "")→ "Ok" - - Ordnerinhalt überall markieren und löschen
für jedes Benutzerkonto bitte durchführen
anschließend den Papierkorb leeren

2.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

4.
Wie lange dauert die Startvorgang?
- Beim Hochfahren von Windows werden einige Programme mit gestartet, die sich (mit oder ohne Zustimmung des Users) im Autostart eingetragen haben
- Je mehr Programme hier aufgeführt sind, umso langsamer startet Windows. Deshalb kann es sinnvoll sein, Software die man nicht unbedingt immer benötigt, aus dem Autostart zu entfernen.
"Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK"
it-academy.cc
pqtuning.de
Laden von Programmen beim Start von Windows Vista verhindern
- Bei allem Häkchen weg was nicht starten soll, aber immer nur einen deaktivieren (Haken weg), also Schrittweise -> Neustart...
- Wird noch nach dem nächsten Neustart ein Hinweisfenster erscheinen, da ist ein Haken setzen : `Meldung nicht mehr anzeigen und dieses Programm beim Windows-Star nicht mehr starten`
(Du kannst es jederzeit Rückgängig machen wenn du den Haken wieder reinmachst.)
- Falls Du mal brauchst, kannst manuell auch starten
- Autostart-Einträge die Du nicht findest, kannst mit HJT fixen - Unter 04_Sektion - (*HijackThis Tutorial in German*):
Alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code:

Du solltest nicht deaktivieren :

Grafiktreibers

Firewall

Antivirenprogramm

Sound

Da es ist immer Benutzerspezifisch, ein allgemein gültiges Rezept gibt es nicht, finde über Google die Grundfunktionen der einzelnen Programme heraus!
Gleich ein paar Vorschläge:

Code:

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp 5a.exe" /source=HKLM

O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer /watchfiles

O4 - HKLM\..\Run: [Nokia FastStart] "C:\Programme\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent

5.
mit HJT fixen: alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
[code]

Code:

08-09-18 Einträge - alle

6.
- Überflüssige Dienste belasten nur den Prozessor und Arbeitsspeicher, daher solltest Du abschalten:

Code:

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - Unknown owner - G:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programme\Nokia\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

- unter `Systemsteuerung - Verwaltung - Dienste oder "Ausführen"-> gibst Du in das Dialogfenster den Befehl services.msc -> Ok
mit der rechten Maustaste auf den Dienstnamen klicken→ wähle `Eigenschaften`→ `Starttyp`→ Manuell, damit wird der Dienst ruhiggestellt. Den Dienst erst dann nur starten, wenn ein Programm ihn benötigt.

** Wie läuft es denn jetzt?