Hey Leute,
KIS 2010 hat gestern o.g. Trojaner entdeckt und anschließend gelöscht. Der Virus kam wohl mit einer Mail via The BAT Mailprogramm herein. Bin mit aber sicher, dass ich weder die Mail noch irgendwelche Anhänge geöffnet habe. Laut KIS ist die Mail wohl auch schon am 21.07. hereingekommen; Virus gestern erst entdeckt.
Hier die Loggiles. Ich konnte leider kein GMER-Scan posten, da mir das Programm beim scannen schon 2x abgestürzt ist.
KIS-Logfile:
HJT-ScanlistCode:10.08.2010 22:06:01 Gefunden: HEUR:Trojan.Win32.Generic Kaspersky Internet Security C:\Documents and Settings\Andre\Anwendungsdaten\The Bat!\green_peace_maker\Trash\MESSAGES.TBB/[From <israel-komplett@hm2810>][Date 21 Jul 2010 17:35:41][Subj Re: Re: Re: Re: Dokument Kredit]/Statistik49.zip/Statistik49.xls__________________________________________________________________________________________.exe 10.08.2010 23:00:38 Gelöscht: HEUR:Trojan.Win32.Generic Kaspersky Internet Security C:\Documents and Settings\Andre\Anwendungsdaten\The Bat!\green_peace_maker\Trash\MESSAGES.TBB 10.08.2010 20:55:50 Spam THEBAT.EXE [From:"Pearl welz" <defectedc5@rci-together.com>][Subject:Anfrage][Time:2010/08/10 15:14:05] Heuristische Analyse
RSITCode:$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ º º hjtscanlist v2.0 º º $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Microsoft Windows [Version 6.0.6002] ECHO ist ausgeschaltet (OFF). \hiberfil.sys --------- \pagefile.sys --------- 11.08.2010 13:18 \Windows --------- 24576 11.08.2010 13:00 \rsit --------- 0 11.08.2010 12:59 \Program Files --------- 24576 08.08.2010 17:43 \System Volume Information --------- 20480 02.08.2010 19:08 \Config.Msi --------- 0 01.08.2010 12:46 \$Recycle.Bin --------- 4096 01.08.2010 12:45 \Users --------- 4096 10.06.2010 22:49 \ProgramData --------- 8192 11.04.2010 02:04 \Programs --------- 0 24.01.2010 01:10 \IO.SYS --------- 0 24.01.2010 01:10 \MSDOS.SYS --------- 0 17.01.2010 22:42 \IDE --------- 0 17.01.2010 22:40 \MSOCache --------- 0 17.01.2010 21:53 \Boot --------- 4096 17.01.2010 04:17 \BOOTSECT.BAK --------- 8192 16.01.2010 22:29 \ATI --------- 0 16.01.2010 19:27 \Programme --------- 0 16.01.2010 19:27 \Dokumente und Einstellungen --------- 0 11.04.2009 08:36 \bootmgr --------- 333257 21.01.2008 04:33 \PerfLogs --------- 0 02.11.2006 15:02 \Documents and Settings --------- 0 18.09.2006 23:43 \config.sys --------- 10 18.09.2006 23:43 \autoexec.bat --------- 24 ---------------------------------------- C:\Windows 11.08.2010 13:29 C:\Windows\bootstat.dat --------- 67584 11.08.2010 13:18 C:\Windows\MEMORY.DMP --------- 282401237 04.08.2010 20:37 C:\Windows\setuperr.log --------- 0 04.08.2010 20:37 C:\Windows\setupact.log --------- 0 02.08.2010 19:08 C:\Windows\PFRO.log --------- 620 26.07.2010 22:47 C:\Windows\WindowsUpdate.log --------- 207428 25.07.2010 17:39 C:\Windows\BRWMARK.INI --------- 432 26.06.2010 23:45 C:\Windows\SIERRA.INI --------- 580 24.06.2010 17:39 C:\Windows\VPNInstall.MIF --------- 1594 17.01.2010 22:41 C:\Windows\win.ini --------- 219 17.01.2010 22:24 C:\Windows\winamp.ini --------- 95 16.01.2010 22:36 C:\Windows\ativpsrm.bin --------- 0 16.04.2009 17:19 C:\Windows\atiogl.xml --------- 15577 11.04.2009 08:27 C:\Windows\explorer.exe --------- 2926592 21.01.2008 04:43 C:\Windows\WindowsShell.Manifest --------- 749 21.01.2008 04:25 C:\Windows\regedit.exe --------- 134656 21.01.2008 04:25 C:\Windows\bfsvc.exe --------- 58880 21.01.2008 04:24 C:\Windows\fveupdate.exe --------- 13312 21.01.2008 04:24 C:\Windows\HelpPane.exe --------- 498176 21.01.2008 04:24 C:\Windows\notepad.exe --------- 151040 02.11.2006 14:36 C:\Windows\WMSysPr9.prx --------- 316640 02.11.2006 14:35 C:\Windows\twunk_32.exe --------- 31232 02.11.2006 14:35 C:\Windows\twunk_16.exe --------- 49680 02.11.2006 14:35 C:\Windows\twain_32.dll --------- 50688 02.11.2006 14:35 C:\Windows\twain.dll --------- 94784 02.11.2006 11:45 C:\Windows\winhlp32.exe --------- 9216 02.11.2006 11:45 C:\Windows\hh.exe --------- 14848 02.11.2006 09:46 C:\Windows\mib.bin --------- 43131 19.09.2006 13:41 C:\Windows\Business.xml --------- 4261 18.09.2006 23:46 C:\Windows\system.ini --------- 219 18.09.2006 23:43 C:\Windows\_default.pif --------- 707 18.09.2006 23:43 C:\Windows\winhelp.exe --------- 256192 18.09.2006 23:30 C:\Windows\msdfmap.ini --------- 1405 10.12.2004 17:35 C:\Windows\brunin03.dll --------- 147456 15.11.2001 02:00 C:\Windows\CVRPAGE.bmp --------- 6224 ---------------------------------------- C:\Windows\System 02.11.2006 14:35 C:\Windows\System\mciseq.drv --------- 25264 02.11.2006 14:35 C:\Windows\System\mciwave.drv --------- 28160 02.11.2006 14:35 C:\Windows\System\avifile.dll --------- 109456 02.11.2006 14:35 C:\Windows\System\mciavi.drv --------- 73376 02.11.2006 14:35 C:\Windows\System\avicap.dll --------- 69584 02.11.2006 14:35 C:\Windows\System\msvideo.dll --------- 126912 02.11.2006 09:10 C:\Windows\System\OLESVR.DLL --------- 24064 02.11.2006 09:10 C:\Windows\System\WFWNET.DRV --------- 12704 02.11.2006 09:10 C:\Windows\System\COMMDLG.DLL --------- 32816 02.11.2006 09:10 C:\Windows\System\TIMER.DRV --------- 4048 02.11.2006 09:10 C:\Windows\System\MMSYSTEM.DLL --------- 68992 02.11.2006 09:10 C:\Windows\System\mmtask.tsk --------- 1152 02.11.2006 09:10 C:\Windows\System\mouse.drv --------- 2032 02.11.2006 09:10 C:\Windows\System\vga.drv --------- 2176 02.11.2006 09:10 C:\Windows\System\sound.drv --------- 1744 02.11.2006 09:10 C:\Windows\System\keyboard.drv --------- 2000 02.11.2006 09:10 C:\Windows\System\SHELL.DLL --------- 5120 02.11.2006 09:10 C:\Windows\System\system.drv --------- 3360 18.09.2006 23:43 C:\Windows\System\ver.dll --------- 9008 18.09.2006 23:43 C:\Windows\System\olecli.dll --------- 82944 18.09.2006 23:43 C:\Windows\System\lzexpand.dll --------- 9936 18.09.2006 23:35 C:\Windows\System\stdole.tlb --------- 5532 ---------------------------------------- C:\Windows\System32 11.08.2010 13:35 C:\Windows\system32\hjtscanlist.txt --------- 5730 11.08.2010 13:29 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 5344 11.08.2010 13:29 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 5344 02.08.2010 19:07 C:\Windows\system32\catroot --------- 32768 02.08.2010 18:58 C:\Windows\system32\drivers --------- 65536 26.07.2010 21:53 C:\Windows\system32\catroot2 --------- 8192 15.07.2010 20:33 C:\Windows\system32\perfh009.dat --------- 595748 15.07.2010 20:33 C:\Windows\system32\perfc009.dat --------- 105078 15.07.2010 20:33 C:\Windows\system32\perfh007.dat --------- 628672 15.07.2010 20:33 C:\Windows\system32\perfc007.dat --------- 127400 15.07.2010 20:33 C:\Windows\system32\PerfStringBackup.INI --------- 1447804 02.07.2010 21:39 C:\Windows\system32\mrt.exe --------- 34045896 10.06.2010 22:27 C:\Windows\system32\FNTCACHE.DAT --------- 402000 10.06.2010 22:25 C:\Windows\system32\de-DE --------- 196608 10.06.2010 22:25 C:\Windows\system32\migration --------- 0 10.06.2010 22:25 C:\Windows\system32\wbem --------- 65536 10.06.2010 21:50 C:\Windows\system32\jupdate-1.6.0_20-b02.log --------- 4640 26.05.2010 19:06 C:\Windows\system32\atmlib.dll --------- 34304 26.05.2010 16:47 C:\Windows\system32\atmfd.dll --------- 289792 21.05.2010 14:14 C:\Windows\system32\MpSigStub.exe --------- 221568 18.05.2010 16:35 C:\Windows\system32\dns-sd.exe --------- 107808 18.05.2010 16:35 C:\Windows\system32\dnssd.dll --------- 91424 05.05.2010 19:29 C:\Windows\system32\xlive --------- 0 04.05.2010 07:59 C:\Windows\system32\wininet.dll --------- 916480 04.05.2010 07:59 C:\Windows\system32\urlmon.dll --------- 1209344 04.05.2010 07:58 C:\Windows\system32\occache.dll --------- 206848 04.05.2010 07:56 C:\Windows\system32\mstime.dll --------- 611840 04.05.2010 07:56 C:\Windows\system32\mshtml.dll --------- 5950976 04.05.2010 07:56 C:\Windows\system32\msfeedsbs.dll --------- 55296 04.05.2010 07:56 C:\Windows\system32\msfeeds.dll --------- 599040 04.05.2010 07:55 C:\Windows\system32\jsproxy.dll --------- 25600 04.05.2010 07:55 C:\Windows\system32\inetcpl.cpl --------- 1469440 04.05.2010 07:55 C:\Windows\system32\ieui.dll --------- 164352 04.05.2010 07:55 C:\Windows\system32\iesysprep.dll --------- 109056 04.05.2010 07:55 C:\Windows\system32\iesetup.dll --------- 71680 04.05.2010 07:55 C:\Windows\system32\iertutil.dll --------- 1985536 04.05.2010 07:55 C:\Windows\system32\iernonce.dll --------- 55808 04.05.2010 07:55 C:\Windows\system32\iepeers.dll --------- 184320 04.05.2010 07:55 C:\Windows\system32\ieframe.dll --------- 11076096 04.05.2010 07:55 C:\Windows\system32\iedkcs32.dll --------- 387584 04.05.2010 06:31 C:\Windows\system32\ieUnatt.exe --------- 133632 04.05.2010 06:30 C:\Windows\system32\ie4uinit.exe --------- 173056 04.05.2010 06:30 C:\Windows\system32\msfeedssync.exe --------- 13312 04.05.2010 06:30 C:\Windows\system32\mshtml.tlb --------- 1638912 01.05.2010 16:13 C:\Windows\system32\win32k.sys --------- 2037248 27.04.2010 00:04 C:\Windows\system32\DivXControlPanelApplet.cpl --------- 353592 23.04.2010 16:13 C:\Windows\system32\tzres.dll --------- 2048 19.04.2010 20:47 C:\Windows\system32\usbaaplrc.dll --------- 3062048 16.04.2010 18:43 C:\Windows\system32\Apphlpdm.dll --------- 28672 16.04.2010 16:39 C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384 12.04.2010 17:29 C:\Windows\system32\javaws.exe --------- 153376 12.04.2010 17:29 C:\Windows\system32\javaw.exe --------- 145184 12.04.2010 17:29 C:\Windows\system32\java.exe --------- 145184 12.04.2010 17:29 C:\Windows\system32\deployJava1.dll --------- 411368 05.04.2010 19:01 C:\Windows\system32\asycfilt.dll --------- 67072 17.03.2010 21:53 C:\Windows\system32\QuickTime.qts --------- 69632 17.03.2010 21:53 C:\Windows\system32\QuickTimeVR.qtx --------- 94208 10.03.2010 21:29 C:\Windows\system32\dpl100.dll --------- 94208 05.03.2010 16:01 C:\Windows\system32\vbscript.dll --------- 420352 22.02.2010 01:01 C:\Windows\system32\DRVSTORE --------- 0 21.02.2010 01:06 C:\Windows\system32\nshhttp.dll --------- 24064 21.02.2010 01:05 C:\Windows\system32\httpapi.dll --------- 30720 19.02.2010 21:27 C:\Windows\system32\DivX.dll --------- 720384 19.02.2010 21:27 C:\Windows\system32\divx_xx16.dll --------- 843776 19.02.2010 21:27 C:\Windows\system32\divx_xx0c.dll --------- 856064 19.02.2010 21:27 C:\Windows\system32\divx_xx0a.dll --------- 847872 19.02.2010 21:27 C:\Windows\system32\divx_xx07.dll --------- 856064 19.02.2010 21:27 C:\Windows\system32\divx_xx11.dll --------- 839680 18.02.2010 16:07 C:\Windows\system32\ntkrnlpa.exe --------- 3600776 18.02.2010 16:07 C:\Windows\system32\ntoskrnl.exe --------- 3548040 18.02.2010 15:30 C:\Windows\system32\iphlpsvc.dll --------- 200704 12.02.2010 12:32 C:\Windows\system32\browserchoice.exe --------- 293376 09.02.2010 12:38 C:\Windows\system32\WDI --------- 4096 08.02.2010 11:31 C:\Windows\system32\Macromed --------- 0 08.02.2010 11:28 C:\Windows\system32\URTTEMP --------- 0 04.02.2010 18:10 C:\Windows\system32\Tasks --------- 0 04.02.2010 18:06 C:\Windows\system32\pt-BR --------- 0 04.02.2010 18:06 C:\Windows\system32\bg-BG --------- 0 04.02.2010 18:06 C:\Windows\system32\it-IT --------- 0 04.02.2010 18:06 C:\Windows\system32\pt-PT --------- 0 04.02.2010 18:06 C:\Windows\system32\he-IL --------- 0 04.02.2010 18:06 C:\Windows\system32\uk-UA --------- 0 04.02.2010 18:06 C:\Windows\system32\pl-PL --------- 0 04.02.2010 18:06 C:\Windows\system32\ko-KR --------- 0 04.02.2010 18:06 C:\Windows\system32\hr-HR --------- 0 04.02.2010 18:06 C:\Windows\system32\hu-HU --------- 0 04.02.2010 18:06 C:\Windows\system32\sl-SI --------- 0 04.02.2010 18:06 C:\Windows\system32\zh-HK --------- 0 04.02.2010 18:06 C:\Windows\system32\el-GR --------- 0 04.02.2010 18:06 C:\Windows\system32\nl-NL --------- 0 04.02.2010 18:06 C:\Windows\system32\fr-FR --------- 0 04.02.2010 18:06 C:\Windows\system32\fi-FI --------- 0 04.02.2010 18:06 C:\Windows\system32\tr-TR --------- 0 04.02.2010 18:06 C:\Windows\system32\sr-Latn-CS --------- 0 04.02.2010 18:06 C:\Windows\system32\th-TH --------- 0 04.02.2010 18:06 C:\Windows\system32\sv-SE --------- 0 04.02.2010 18:06 C:\Windows\system32\lv-LV --------- 0 04.02.2010 18:06 C:\Windows\system32\es-ES --------- 0 04.02.2010 18:06 C:\Windows\system32\zh-TW --------- 0 04.02.2010 18:06 C:\Windows\system32\lt-LT --------- 0 ---------------------------------------- C:\Windows\Prefetch 11.08.2010 13:35 C:\Windows\Prefetch\CMD.EXE-89305D47.pf --------- 5588 11.08.2010 13:35 C:\Windows\Prefetch\CONIME.EXE-B273009A.pf --------- 14872 11.08.2010 13:34 C:\Windows\Prefetch\DLLHOST.EXE-893DDF55.pf --------- 21632 11.08.2010 13:34 C:\Windows\Prefetch\CONSENT.EXE-65F6206D.pf --------- 103056 11.08.2010 13:34 C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf --------- 18246 11.08.2010 13:34 C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf --------- 35922 11.08.2010 13:34 C:\Windows\Prefetch\WINRAR.EXE-6F42D4E7.pf --------- 22914 11.08.2010 13:34 C:\Windows\Prefetch\DLLHOST.EXE-71214090.pf --------- 18790 11.08.2010 13:33 C:\Windows\Prefetch\VERCLSID.EXE-4D95F5A7.pf --------- 17192 11.08.2010 13:33 C:\Windows\Prefetch\WMIADAP.EXE-369DF1CD.pf --------- 18558 11.08.2010 13:32 C:\Windows\Prefetch\WMPNSCFG.EXE-DF1DD51A.pf --------- 20178 11.08.2010 13:32 C:\Windows\Prefetch\MOBSYNC.EXE-D8BC6ED2.pf --------- 24212 11.08.2010 13:32 C:\Windows\Prefetch\OPERA.EXE-E1830577.pf --------- 215480 11.08.2010 13:31 C:\Windows\Prefetch\CCC.EXE-ECD4BD27.pf --------- 199096 11.08.2010 13:31 C:\Windows\Prefetch\AVP.EXE-74A3E9D1.pf --------- 136628 11.08.2010 13:31 C:\Windows\Prefetch\IPODSERVICE.EXE-FE1A6FF7.pf --------- 34382 11.08.2010 13:30 C:\Windows\Prefetch\ReadyBoot --------- 4096 11.08.2010 13:30 C:\Windows\Prefetch\SIDEBAR.EXE-3A7B3FCC.pf --------- 47480 11.08.2010 13:30 C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 3670248 11.08.2010 13:28 C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 1252148 11.08.2010 13:28 C:\Windows\Prefetch\AgGlFaultHistory.db --------- 642486 11.08.2010 13:28 C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 2448934 11.08.2010 13:28 C:\Windows\Prefetch\AgRobust.db --------- 198376 11.08.2010 13:28 C:\Windows\Prefetch\PfSvPerfStats.bin --------- 508 11.08.2010 13:27 C:\Windows\Prefetch\WERFAULT.EXE-B7E27BE5.pf --------- 134210 11.08.2010 13:22 C:\Windows\Prefetch\3IYVQJPF.EXE-81319148.pf --------- 27696 11.08.2010 13:13 C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf --------- 17746 11.08.2010 12:59 C:\Windows\Prefetch\ADMIN.EXE-E8A88571.pf --------- 30056 11.08.2010 12:59 C:\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf --------- 34536 11.08.2010 12:59 C:\Windows\Prefetch\RUNDLL32.EXE-E447C111.pf --------- 23918 11.08.2010 12:59 C:\Windows\Prefetch\RSIT.EXE-BBB7F4D6.pf --------- 25874 11.08.2010 12:52 C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-892696261-3362122375-2653541687-1000.db --------- 1171044 11.08.2010 12:52 C:\Windows\Prefetch\AgGlUAD_S-1-5-21-892696261-3362122375-2653541687-1000.db --------- 1723156 11.08.2010 12:51 C:\Windows\Prefetch\THEBAT.EXE-7949BC96.pf --------- 124536 11.08.2010 12:48 C:\Windows\Prefetch\DFRGNTFS.EXE-4F838A89.pf --------- 79710 11.08.2010 12:48 C:\Windows\Prefetch\DEFRAG.EXE-738093E8.pf --------- 16186 11.08.2010 12:47 C:\Windows\Prefetch\Layout.ini --------- 1396300 11.08.2010 12:45 C:\Windows\Prefetch\TASKENG.EXE-5BAF290C.pf --------- 18404 11.08.2010 12:41 C:\Windows\Prefetch\LOGON.SCR-7C80CA1C.pf --------- 41602 11.08.2010 12:24 C:\Windows\Prefetch\DLLHOST.EXE-6202E8F2.pf --------- 320000 11.08.2010 11:43 C:\Windows\Prefetch\KALOMA.EXE-70C81D8B.pf --------- 55692 11.08.2010 11:43 C:\Windows\Prefetch\WERMGR.EXE-2A1BCBC7.pf --------- 22832 11.08.2010 11:34 C:\Windows\Prefetch\RUNDLL32.EXE-874995C4.pf --------- 36064 11.08.2010 11:31 C:\Windows\Prefetch\RUNDLL32.EXE-EBC3D922.pf --------- 822 11.08.2010 01:25 C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf --------- 36294 11.08.2010 01:25 C:\Windows\Prefetch\RUNDLL32.EXE-5D2B47F1.pf --------- 40730 10.08.2010 23:04 C:\Windows\Prefetch\TASKMGR.EXE-72398DC0.pf --------- 29552 10.08.2010 21:25 C:\Windows\Prefetch\QIP.EXE-528976F5.pf --------- 133478 10.08.2010 21:05 C:\Windows\Prefetch\ADOBEARM.EXE-ACA00A4A.pf --------- 26846 10.08.2010 20:45 C:\Windows\Prefetch\LPREMOVE.EXE-F992050D.pf --------- 562 10.08.2010 20:43 C:\Windows\Prefetch\WERCON.EXE-FE5CD389.pf --------- 34124 10.08.2010 20:32 C:\Windows\Prefetch\LPKSETUP.EXE-62381863.pf --------- 3564 10.08.2010 20:31 C:\Windows\Prefetch\CLISTART.EXE-06755DC0.pf --------- 1532 08.08.2010 17:24 C:\Windows\Prefetch\SVCHOST.EXE-8FD92526.pf --------- 18476 08.08.2010 17:24 C:\Windows\Prefetch\VSSVC.EXE-04D079CC.pf --------- 30254 08.08.2010 15:21 C:\Windows\Prefetch\AgCx_SC1.db --------- 752285 08.08.2010 15:20 C:\Windows\Prefetch\AgCx_SC1.db.trx --------- 296540 08.08.2010 13:55 C:\Windows\Prefetch\RUNDLL32.EXE-3017BA39.pf --------- 35572 08.08.2010 13:47 C:\Windows\Prefetch\WINAMP.EXE-97ED5809.pf --------- 44334 08.08.2010 13:44 C:\Windows\Prefetch\DPUPDCHK.EXE-3AA316EA.pf --------- 15982 07.08.2010 19:42 C:\Windows\Prefetch\RUNDLL32.EXE-F452D79D.pf --------- 752 07.08.2010 19:08 C:\Windows\Prefetch\KLWTBLFS.EXE-E14A434B.pf --------- 14464 07.08.2010 19:08 C:\Windows\Prefetch\FIREFOX.EXE-E60C0AA7.pf --------- 174940 07.08.2010 18:21 C:\Windows\Prefetch\RUNDLL32.EXE-C7089F37.pf --------- 40760 07.08.2010 18:16 C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf --------- 257832 07.08.2010 18:16 C:\Windows\Prefetch\DWM.EXE-AEABE78B.pf --------- 29604 07.08.2010 18:16 C:\Windows\Prefetch\USERINIT.EXE-F39AB672.pf --------- 24706 07.08.2010 18:16 C:\Windows\Prefetch\ATBROKER.EXE-FF58B71D.pf --------- 10178 07.08.2010 12:51 C:\Windows\Prefetch\VLC.EXE-CE8E9BE1.pf --------- 250222 07.08.2010 12:51 C:\Windows\Prefetch\RUNDLL32.EXE-8AC8E5AA.pf --------- 35186 06.08.2010 18:22 C:\Windows\Prefetch\RUNDLL32.EXE-E99EA9C8.pf --------- 35694 06.08.2010 18:16 C:\Windows\Prefetch\VPNGUI.EXE-00816EC6.pf --------- 29874 05.08.2010 22:29 C:\Windows\Prefetch\DLLHOST.EXE-7D2183B8.pf --------- 21074 05.08.2010 17:02 C:\Windows\Prefetch\RUNDLL32.EXE-CED0762A.pf --------- 31182 05.08.2010 16:59 C:\Windows\Prefetch\JAVAW.EXE-C4EA16F0.pf --------- 157452 05.08.2010 16:59 C:\Windows\Prefetch\JAVAWS.EXE-25FD1E0F.pf --------- 16402 05.08.2010 16:59 C:\Windows\Prefetch\JAUCHECK.EXE-04AFF24E.pf --------- 42226 04.08.2010 18:06 C:\Windows\Prefetch\CALC.EXE-AC08706A.pf --------- 15518 04.08.2010 17:54 C:\Windows\Prefetch\RUNDLL32.EXE-5D542159.pf --------- 37298 04.08.2010 10:22 C:\Windows\Prefetch\ATI2EVXX.EXE-D46B0472.pf --------- 25786 04.08.2010 10:22 C:\Windows\Prefetch\WINLOGON.EXE-8163EECC.pf --------- 29156 04.08.2010 10:22 C:\Windows\Prefetch\CSRSS.EXE-8C04D631.pf --------- 31682 04.08.2010 10:22 C:\Windows\Prefetch\SMSS.EXE-1DCD0EB1.pf --------- 2080 04.08.2010 10:19 C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-892696261-3362122375-2653541687-1005.db --------- 655824 04.08.2010 10:19 C:\Windows\Prefetch\AgGlUAD_S-1-5-21-892696261-3362122375-2653541687-1005.db --------- 236248 04.08.2010 10:18 C:\Windows\Prefetch\IEXPLORE.EXE-1B894AFB.pf --------- 136178 04.08.2010 10:16 C:\Windows\Prefetch\FLASHUTIL10D.EXE-715532E6.pf --------- 21084 04.08.2010 08:48 C:\Windows\Prefetch\IE4UINIT.EXE-0BC11EF2.pf --------- 22350 04.08.2010 08:29 C:\Windows\Prefetch\EULA.EXE-86C19FC4.pf --------- 41080 04.08.2010 08:12 C:\Windows\Prefetch\JAVA.EXE-066C5985.pf --------- 94432 04.08.2010 08:08 C:\Windows\Prefetch\RUNDLL32.EXE-DC79A13D.pf --------- 13514 02.08.2010 19:39 C:\Windows\Prefetch\APPLEMOBILEBACKUP.EXE-AB38C858.pf --------- 71406 02.08.2010 19:39 C:\Windows\Prefetch\SYNCSERVER.EXE-6194D6AC.pf --------- 101984 02.08.2010 19:39 C:\Windows\Prefetch\MDCRASHREPORTTOOL.EXE-AC69EFBC.pf --------- 139912 02.08.2010 19:30 C:\Windows\Prefetch\DRVINST.EXE-5F8E77CD.pf --------- 179954 02.08.2010 19:30 C:\Windows\Prefetch\RUNDLL32.EXE-3E6C7B7C.pf --------- 19200 02.08.2010 19:30 C:\Windows\Prefetch\RUNDLL32.EXE-D7B3C500.pf --------- 31238 02.08.2010 19:13 C:\Windows\Prefetch\DISTNOTED.EXE-6676BA54.pf --------- 20878 02.08.2010 19:13 C:\Windows\Prefetch\APPLEMOBILEDEVICEHELPER.EXE-B651274A.pf --------- 52452 02.08.2010 19:12 C:\Windows\Prefetch\ITUNES.EXE-049DB451.pf --------- 99912 02.08.2010 19:11 C:\Windows\Prefetch\BRCCMCTL.EXE-CE9221B6.pf --------- 4396 02.08.2010 19:06 C:\Windows\Prefetch\ITUNESHELPER.EXE-302622F9.pf --------- 27486 02.08.2010 19:06 C:\Windows\Prefetch\ITUNESPHOTOPROCESSOR.EXE-0D78BCAB.pf --------- 10316 02.08.2010 19:05 C:\Windows\Prefetch\MSIEXEC.EXE-B5AFA339.pf --------- 34800 02.08.2010 19:05 C:\Windows\Prefetch\DIFXINSTALL32.EXE-ED9609C9.pf --------- 32008 02.08.2010 19:00 C:\Windows\Prefetch\APPLEMOBILEDEVICESERVICE.EXE-34F31DA7.pf --------- 33366 02.08.2010 18:59 C:\Windows\Prefetch\SETUPADMIN.EXE-B06C2D88.pf --------- 11716 02.08.2010 18:58 C:\Windows\Prefetch\WMPLAYER.EXE-9DE758AE.pf --------- 59830 02.08.2010 18:58 C:\Windows\Prefetch\WUDFHOST.EXE-81420B07.pf --------- 19596 02.08.2010 18:58 C:\Windows\Prefetch\RUNDLL32.EXE-AFD98684.pf --------- 17508 02.08.2010 18:57 C:\Windows\Prefetch\WSQMCONS.EXE-E2CE6542.pf --------- 542 02.08.2010 18:56 C:\Windows\Prefetch\MDNSRESPONDER.EXE-D5109358.pf --------- 13226 02.08.2010 18:52 C:\Windows\Prefetch\DLLHOST.EXE-91B07125.pf --------- 21470 02.08.2010 18:52 C:\Windows\Prefetch\SOFTWAREUPDATE.EXE-2B0C49F7.pf --------- 75250 02.08.2010 18:31 C:\Windows\Prefetch\RUNDLL32.EXE-AEEC249F.pf --------- 32174 01.08.2010 19:11 C:\Windows\Prefetch\RUNDLL32.EXE-8009859D.pf --------- 36694 22.04.2010 16:57 C:\Windows\Prefetch\AgCx_SC3_4C04F609.db --------- 530902 22.04.2010 16:56 C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-892696261-3362122375-2653541687-1001.db --------- 519186 22.04.2010 16:56 C:\Windows\Prefetch\AgGlUAD_S-1-5-21-892696261-3362122375-2653541687-1001.db --------- 166199 22.04.2010 16:16 C:\Windows\Prefetch\AgCx_S2_S-1-5-21-892696261-3362122375-2653541687-1000.snp.db --------- 2202354 19.03.2010 17:20 C:\Windows\Prefetch\AgCx_S1_S-1-5-21-892696261-3362122375-2653541687-1000.snp.db --------- 2574076 16.01.2010 19:20 C:\Windows\Prefetch\AgAppLaunch.db --------- 332116 ---------------------------------------- C:\Windows\Tasks 11.08.2010 13:29 C:\Windows\Tasks\SA.DAT --------- 6 11.08.2010 13:28 C:\Windows\Tasks\SCHEDLGU.TXT --------- 32534 ---------------------------------------- C:\Windows\Temp 11.08.2010 13:30 C:\Windows\Temp\lpksetup-20100811-133054-0.log --------- 624 11.08.2010 13:30 C:\Windows\Temp\lpksetup-20100811-132941-0.log --------- 24442 11.08.2010 13:19 C:\Windows\Temp\lpksetup-20100811-131957-0.log --------- 624 11.08.2010 13:19 C:\Windows\Temp\lpksetup-20100811-131844-0.log --------- 24442 11.08.2010 13:17 C:\Windows\Temp\3iy967.tmp --------- 293376 11.08.2010 11:31 C:\Windows\Temp\lpksetup-20100811-113103-0.log --------- 624 11.08.2010 11:31 C:\Windows\Temp\lpksetup-20100811-112952-0.log --------- 24442 10.08.2010 20:32 C:\Windows\Temp\lpksetup-20100810-203224-0.log --------- 624 10.08.2010 20:32 C:\Windows\Temp\lpksetup-20100810-203004-0.log --------- 24442 08.08.2010 13:46 C:\Windows\Temp\lpksetup-20100808-134631-0.log --------- 624 08.08.2010 13:46 C:\Windows\Temp\lpksetup-20100808-134320-0.log --------- 24442 07.08.2010 18:18 C:\Windows\Temp\lpksetup-20100807-181854-0.log --------- 624 07.08.2010 18:18 C:\Windows\Temp\lpksetup-20100807-181506-0.log --------- 24442 07.08.2010 12:09 C:\Windows\Temp\lpksetup-20100807-120938-0.log --------- 624 07.08.2010 12:09 C:\Windows\Temp\lpksetup-20100807-120849-0.log --------- 24442 07.08.2010 03:52 C:\Windows\Temp\dneinst.log --------- 63033 06.08.2010 18:16 C:\Windows\Temp\lpksetup-20100806-181619-0.log --------- 624 06.08.2010 18:16 C:\Windows\Temp\lpksetup-20100806-181526-0.log --------- 24442 05.08.2010 16:50 C:\Windows\Temp\lpksetup-20100805-165045-0.log --------- 624 05.08.2010 16:50 C:\Windows\Temp\lpksetup-20100805-165003-0.log --------- 24442 04.08.2010 08:06 C:\Windows\Temp\lpksetup-20100804-080645-0.log --------- 624 04.08.2010 08:06 C:\Windows\Temp\lpksetup-20100804-080553-0.log --------- 24442 02.08.2010 19:09 C:\Windows\Temp\lpksetup-20100802-190923-0.log --------- 624 02.08.2010 19:09 C:\Windows\Temp\lpksetup-20100802-190826-0.log --------- 24442 02.08.2010 18:48 C:\Windows\Temp\lpksetup-20100802-184836-0.log --------- 624 02.08.2010 18:48 C:\Windows\Temp\lpksetup-20100802-184748-0.log --------- 24442 02.08.2010 18:21 C:\Windows\Temp\lpksetup-20100802-182120-0.log --------- 624 02.08.2010 18:21 C:\Windows\Temp\lpksetup-20100802-182007-0.log --------- 24442 01.08.2010 12:42 C:\Windows\Temp\lpksetup-20100801-124208-0.log --------- 624 01.08.2010 12:42 C:\Windows\Temp\lpksetup-20100801-124041-0.log --------- 24442 31.07.2010 21:43 C:\Windows\Temp\lpksetup-20100731-214322-0.log --------- 624 31.07.2010 21:43 C:\Windows\Temp\lpksetup-20100731-214233-0.log --------- 24442 28.07.2010 10:40 C:\Windows\Temp\lpksetup-20100728-104046-0.log --------- 624 28.07.2010 10:40 C:\Windows\Temp\lpksetup-20100728-103954-0.log --------- 24442 27.07.2010 13:38 C:\Windows\Temp\History --------- 0 27.07.2010 13:38 C:\Windows\Temp\Cookies --------- 0 27.07.2010 13:38 C:\Windows\Temp\Temporary Internet Files --------- 0 27.07.2010 13:37 C:\Windows\Temp\lpksetup-20100727-133754-0.log --------- 624 27.07.2010 13:37 C:\Windows\Temp\lpksetup-20100727-133634-0.log --------- 24442 27.07.2010 09:32 C:\Windows\Temp\lpksetup-20100727-093200-0.log --------- 624 27.07.2010 09:32 C:\Windows\Temp\lpksetup-20100727-093107-0.log --------- 24442 26.07.2010 21:57 C:\Windows\Temp\lpksetup-20100726-215651-0.log --------- 624 26.07.2010 21:56 C:\Windows\Temp\lpksetup-20100726-215320-0.log --------- 24442 26.07.2010 21:42 C:\Windows\Temp\MpSigStub.log --------- 3388 26.07.2010 10:23 C:\Windows\Temp\lpksetup-20100726-102344-0.log --------- 624 26.07.2010 10:23 C:\Windows\Temp\lpksetup-20100726-102217-0.log --------- 23992 ---------------------------------------- C:\Users\Admin\AppData\Local\Temp 02.08.2010 19:01 C:\Users\Admin\AppData\Local\Temp\QTInstallCode.log --------- 1494 02.08.2010 18:59 C:\Users\Admin\AppData\Local\Temp\SetupAdmin116C.log --------- 84 02.08.2010 18:42 C:\Users\Admin\AppData\Local\Temp\MSI4d494.LOG --------- 10736 02.08.2010 18:37 C:\Users\Admin\AppData\Local\Temp\SetupAdmin13A4.log --------- 84 01.08.2010 12:44 C:\Users\Admin\AppData\Local\Temp\Gast.bmp --------- 49208 01.08.2010 12:44 C:\Users\Admin\AppData\Local\Temp\Isamaus.bmp --------- 31832 01.08.2010 12:44 C:\Users\Admin\AppData\Local\Temp\ASPNET.bmp --------- 32848 01.08.2010 12:44 C:\Users\Admin\AppData\Local\Temp\Andre.bmp --------- 31832 01.08.2010 12:44 C:\Users\Admin\AppData\Local\Temp\Admin.bmp --------- 31832 01.08.2010 12:42 C:\Users\Admin\AppData\Local\Temp\div678E.tmp --------- 0 01.08.2010 12:41 C:\Users\Admin\AppData\Local\Temp\AdobeARM.log --------- 2475 01.08.2010 12:41 C:\Users\Admin\AppData\Local\Temp\WPDNSE --------- 0 26.07.2010 22:01 C:\Users\Admin\AppData\Local\Temp\AUCHECK_CORE.txt --------- 302 26.07.2010 22:01 C:\Users\Admin\AppData\Local\Temp\AUCHECK_PARSER.txt --------- 74 26.07.2010 22:01 C:\Users\Admin\AppData\Local\Temp\jusched.log --------- 1521 26.07.2010 21:57 C:\Users\Admin\AppData\Local\Temp\divDEEC.tmp --------- 0 26.07.2010 21:30 C:\Users\Admin\AppData\Local\Temp\divCDF2.tmp --------- 0 26.07.2010 21:27 C:\Users\Admin\AppData\Local\Temp\div3403.tmp --------- 0 26.07.2010 21:26 C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0 17.01.2010 22:06 C:\Users\Admin\AppData\Local\Temp\Low --------- 0 ---------------------------------------- C:\Program Files 11.08.2010 13:00 C:\Program Files\trend micro --------- 4096 11.08.2010 12:58 C:\Program Files\KaloMa --------- 4096 02.08.2010 19:05 C:\Program Files\iTunes --------- 4096 02.08.2010 19:04 C:\Program Files\iPod --------- 0 02.08.2010 18:55 C:\Program Files\Bonjour --------- 4096 02.08.2010 18:38 C:\Program Files\Safari --------- 4096 26.07.2010 21:51 C:\Program Files\Windows Mail --------- 4096 26.07.2010 21:31 C:\Program Files\DivX --------- 8192 18.07.2010 17:48 C:\Program Files\Steam --------- 8192 11.07.2010 22:41 C:\Program Files\Opera --------- 4096 09.07.2010 22:33 C:\Program Files\directx --------- 0 24.06.2010 17:36 C:\Program Files\Common Files --------- 4096 24.06.2010 17:36 C:\Program Files\Cisco Systems --------- 0 10.06.2010 22:52 C:\Program Files\Spybot - Search & Destroy --------- 8192 10.06.2010 22:25 C:\Program Files\Internet Explorer --------- 4096 10.06.2010 22:05 C:\Program Files\Mozilla Thunderbird --------- 12288 10.06.2010 21:53 C:\Program Files\CCleaner --------- 0 10.06.2010 21:50 C:\Program Files\Java --------- 0 10.06.2010 21:47 C:\Program Files\Mozilla Firefox --------- 28672 07.06.2010 12:45 C:\Program Files\CDBurnerXP --------- 8192 07.06.2010 12:36 C:\Program Files\BurnAware Free --------- 0 24.05.2010 21:25 C:\Program Files\Return to Mysterious Island --------- 4096 06.05.2010 16:26 C:\Program Files\Microsoft Games for Windows - LIVE --------- 0 05.05.2010 19:33 C:\Program Files\InstallShield Installation Information --------- 4096 05.05.2010 19:33 C:\Program Files\Bethesda Softworks --------- 0 22.04.2010 15:50 C:\Program Files\Movie Maker --------- 4096 22.04.2010 15:37 C:\Program Files\MSXML 4.0 --------- 0 11.04.2010 19:36 C:\Program Files\XMind --------- 4096 11.04.2010 14:10 C:\Program Files\QuickTime --------- 4096 10.04.2010 15:40 C:\Program Files\Metal Gear Solid --------- 4096 22.03.2010 14:20 C:\Program Files\Electronic Arts --------- 4096 01.03.2010 01:26 C:\Program Files\Rockstar Games --------- 0 22.02.2010 00:58 C:\Program Files\Apple Software Update --------- 4096 09.02.2010 16:31 C:\Program Files\Audacity 1.3 Beta (Unicode) --------- 4096 08.02.2010 11:31 C:\Program Files\Microsoft Encarta --------- 0 04.02.2010 18:06 C:\Program Files\Windows Portable Devices --------- 0 01.02.2010 17:29 C:\Program Files\QIP --------- 4096 31.01.2010 19:30 C:\Program Files\Deep Silver --------- 0 24.01.2010 20:49 C:\Program Files\dtp --------- 0 19.01.2010 18:27 C:\Program Files\WinRAR --------- 4096 18.01.2010 14:17 C:\Program Files\Adobe --------- 0 18.01.2010 00:03 C:\Program Files\The Bat --------- 4096 17.01.2010 23:28 C:\Program Files\Microsoft IntelliType Pro --------- 8192 17.01.2010 22:57 C:\Program Files\Brother --------- 0 17.01.2010 22:45 C:\Program Files\Microsoft Works --------- 0 17.01.2010 22:45 C:\Program Files\MSBuild --------- 0 17.01.2010 22:45 C:\Program Files\Microsoft Office --------- 4096 17.01.2010 22:45 C:\Program Files\Microsoft Visual Studio --------- 0 17.01.2010 22:44 C:\Program Files\Microsoft.NET --------- 0 17.01.2010 22:42 C:\Program Files\Microsoft Visual Studio 8 --------- 4096 17.01.2010 22:29 C:\Program Files\DAEMON Tools Lite --------- 4096 17.01.2010 22:23 C:\Program Files\Winamp --------- 4096 17.01.2010 22:20 C:\Program Files\VideoLAN --------- 0 17.01.2010 22:12 C:\Program Files\xp-AntiSpy --------- 4096 17.01.2010 22:08 C:\Program Files\jeak.de --------- 0 17.01.2010 21:47 C:\Program Files\Windows Calendar --------- 0 17.01.2010 21:47 C:\Program Files\Windows Sidebar --------- 4096 17.01.2010 21:47 C:\Program Files\Windows Media Player --------- 4096 17.01.2010 21:47 C:\Program Files\Windows Collaboration --------- 4096 17.01.2010 21:47 C:\Program Files\Windows Journal --------- 4096 17.01.2010 21:47 C:\Program Files\Windows Photo Gallery --------- 4096 17.01.2010 21:47 C:\Program Files\Windows Defender --------- 4096 16.01.2010 22:33 C:\Program Files\ATI Technologies --------- 0 16.01.2010 22:31 C:\Program Files\ATI --------- 0 16.01.2010 21:37 C:\Program Files\Kaspersky Lab --------- 0 16.01.2010 19:27 C:\Program Files\Gemeinsame Dateien --------- 0 16.01.2010 19:27 C:\Program Files\Windows NT --------- 4096 21.01.2008 04:43 C:\Program Files\desktop.ini --------- 174 02.11.2006 15:01 C:\Program Files\Uninstall Information --------- 0 02.11.2006 14:37 C:\Program Files\Reference Assemblies --------- 0 ---------------------------------------- C:\ProgramData\.. Admin Isamaus Andre Default desktop.ini All Users Default User Public ---------------------------------------- C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 www.123fporn.info 127.0.0.1 123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com 127.0.0.1 123simsen.com 127.0.0.1 www.123simsen.com 127.0.0.1 123topsearch.com 127.0.0.1 www.123topsearch.com 127.0.0.1 125sms.co.uk 127.0.0.1 www.125sms.co.uk 127.0.0.1 125sms.com 127.0.0.1 www.125sms.com 127.0.0.1 132.com 127.0.0.1 www.132.com 127.0.0.1 1337crew.info 127.0.0.1 www.1337crew.info 127.0.0.1 www.1337-crew.to 127.0.0.1 1337-crew.to 127.0.0.1 136136.net 127.0.0.1 www.136136.net 127.0.0.1 www.150freesms.de 127.0.0.1 150freesms.de 127.0.0.1 www.163ns.com 127.0.0.1 163ns.com 127.0.0.1 171203.com 127.0.0.1 17concepts.info 127.0.0.1 www.17concepts.info 127.0.0.1 17-plus.com 127.0.0.1 1800searchonline.com 127.0.0.1 www.1800searchonline.com 127.0.0.1 180searchassistant.com 127.0.0.1 www.180searchassistant.com 127.0.0.1 180solutions.com 127.0.0.1 www.180solutions.com 127.0.0.1 181.365soft.info 127.0.0.1 www.181.365soft.info 127.0.0.1 1987324.com 127.0.0.1 www.1987324.com 127.0.0.1 1-domains-registrations.com 127.0.0.1 www.1-domains-registrations.com 127.0.0.1 www.1ghporn.info 127.0.0.1 1ghporn.info 127.0.0.1 www.1sexparty.com 127.0.0.1 1sexparty.com 127.0.0.1 www.1sms.de 127.0.0.1 1sms.de 127.0.0.1 www.1spybot.com 127.0.0.1 1spybot.com 127.0.0.1 www.1stantivirus.com 127.0.0.1 1stantivirus.com 127.0.0.1 www.1stpagehere.com 127.0.0.1 1stpagehere.com 127.0.0.1 www.1stsearchportal.com 127.0.0.1 1stsearchportal.com ---------------------------------------- Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung ========================= ======== ================ =========== =============== System Idle Process 0 Services 0 24 K System 4 Services 0 1.624 K smss.exe 480 Services 0 604 K csrss.exe 548 Services 0 4.676 K wininit.exe 612 Services 0 3.376 K csrss.exe 620 Console 1 8.612 K services.exe 664 Services 0 5.864 K lsass.exe 676 Services 0 2.888 K lsm.exe 684 Services 0 3.380 K svchost.exe 852 Services 0 5.240 K winlogon.exe 932 Console 1 4.548 K svchost.exe 964 Services 0 5.404 K svchost.exe 1012 Services 0 24.604 K Ati2evxx.exe 1072 Services 0 3.348 K svchost.exe 1100 Services 0 8.412 K svchost.exe 1136 Services 0 48.804 K svchost.exe 1156 Services 0 16.180 K audiodg.exe 1352 Services 0 9.584 K svchost.exe 1384 Services 0 3.692 K SLsvc.exe 1408 Services 0 3.924 K svchost.exe 1476 Services 0 10.268 K svchost.exe 1656 Services 0 15.556 K taskeng.exe 1804 Services 0 5.544 K spoolsv.exe 1812 Services 0 7.228 K svchost.exe 1860 Services 0 10.228 K Ati2evxx.exe 1928 Console 1 5.356 K AppleMobileDeviceService. 492 Services 0 3.156 K avp.exe 524 Services 0 33.200 K mDNSResponder.exe 472 Services 0 4.276 K cvpnd.exe 1032 Services 0 5.596 K mdm.exe 1684 Services 0 3.836 K svchost.exe 604 Services 0 5.060 K svchost.exe 2076 Services 0 5.620 K SearchIndexer.exe 2144 Services 0 17.240 K taskeng.exe 2784 Console 1 8.660 K dwm.exe 2836 Console 1 40.008 K explorer.exe 2924 Console 1 34.412 K TrustedInstaller.exe 3384 Services 0 4.940 K MSASCui.exe 3432 Console 1 4.832 K avp.exe 3540 Console 1 3.144 K GrooveMonitor.exe 3824 Console 1 6.308 K MOM.exe 3888 Console 1 3.936 K itype.exe 3936 Console 1 10.648 K BrccMCtl.exe 4020 Console 1 9.688 K jusched.exe 4068 Console 1 3.472 K DivXUpdate.exe 836 Console 1 7.612 K iTunesHelper.exe 2016 Console 1 7.636 K sidebar.exe 2140 Console 1 28.608 K EDICT.EXE 632 Console 1 7.564 K sidebar.exe 556 Console 1 16.096 K iPodService.exe 3140 Services 0 5.392 K CCC.exe 3248 Console 1 11.908 K opera.exe 4048 Console 1 164.608 K wmpnscfg.exe 3048 Console 1 5.264 K cmd.exe 2604 Console 1 4.252 K conime.exe 1256 Console 1 3.848 K tasklist.exe 3040 Console 1 5.012 K WmiPrvSE.exe 3076 Services 0 6.008 K ***** Ende des Scans 11.08.2010 um 13:35:44,57 ***
RSIT-LogCode:info.txt logfile of random's system information tool 1.08 2010-08-11 13:00:31 ======Uninstall list====== -->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin Adobe Reader 9.3.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001} Apple Application Support-->MsiExec.exe /I{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF} Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Audacity 1.3.11 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe" Black Mirror 1.2-->"C:\Program Files\dtp\Black Mirror\unins000.exe" Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8} Brother MFL-Pro Suite-->"C:\Program Files\InstallShield Installation Information\{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}\Setup.exe" -runfromtemp -l0x0007 Brunin03.dll -removeonly Catalyst Control Center - Branding-->MsiExec.exe /I{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5} CCleaner-->"C:\Program Files\CCleaner\uninst.exe" CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe" Cisco Systems VPN Client 5.0.04.0300-->MsiExec.exe /X{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD} Command & Conquer 3-->MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275} Command & Conquer™ 3: Kanes Rache-->MsiExec.exe /I{CC2422C9-F7B5-4175-B295-5EC2283AA674} Command & Conquer™ 4 Tiberian Twilight-->MsiExec.exe /X{82696435-8572-4D8B-A230-D1AA567D0F0F} Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10 Deathmatch Classic-->"C:\Program Files\Steam\steam.exe" steam://uninstall/40 Deus Ex-->F:\Spiele\Installierte Spiele\Deux Ex\System\Setup.exe uninstall "Deus Ex" Die Rückkehr zur geheimnisvollen Insel-->C:\Program Files\Return to Mysterious Island\uninst.exe DivX Converter-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER DivX Plus DirectShow Filters-->C:\ProgramData\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe /DSFILTERS DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com Fallout 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x7 -removeonly Geheimakte 2 - Puritas Cordis-->C:\Program Files\InstallShield Installation Information\{BE7347AD-2D93-4A74-8DBF-C1B073DAE509}\setup.exe -runfromtemp -l0x0007 -removeonly Geheimakte Tunguska-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B416FDA-CB3E-4514-9616-763E5B0D1140}\setup.exe" -l0x7 -removeonly Half-Life: Blue Shift-->"C:\Program Files\Steam\steam.exe" steam://uninstall/130 Half-Life: Opposing Force-->"C:\Program Files\Steam\steam.exe" steam://uninstall/50 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" iTunes-->MsiExec.exe /I{91F7F3F3-CE80-48C3-8327-7D24A0A5716A} Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF} KaloMa 4.81-->"C:\Program Files\KaloMa\unins000.exe" Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA} Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA} L&H TTS3000 Deutsch-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\LHTTSGED.inf, Uninstall Leisure Suit Larry 7-->MsiExec.exe /I{A7547D1A-40F9-4251-8D41-818FACDEAF0C} Macromedia Shockwave Player-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log Max Payne 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}\setup.exe" -l0x7 Metal Gear Solid-->"C:\Program Files\Metal Gear Solid\UNINSTAL.EXE" /runtemp /addremove Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4} Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Encarta 2006 Enzyklopädie DVD-->MsiExec.exe /I{06100081-3E21-46D6-9A91-D927BA08F41D} Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1} Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE} Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE} Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE} Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE} Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} MobileMe Control Panel-->MsiExec.exe /I{51F96AEC-D902-4434-A0DC-B9692A21AE7C} Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (3.0.3)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Opera 10.60-->MsiExec.exe /X{1D2C96C3-A3F3-49E7-B839-95279DED837F} PartyPoker-->"C:\Programs\PartyGaming\PartyPoker\Uninstall.exe" "C:\Programs\PartyGaming\PartyPoker\install.log" QIP 2005 8095 Jeak-Edition-->C:\Program Files\jeak.de\QIP 2005\uninstall.exe QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} Safari-->MsiExec.exe /I{EAFEF30E-3789-49C7-A6D9-77C12E005BAC} Skat 8.3.1-->MsiExec.exe /X{D0581D67-80F7-4E00-8F3E-5472A28B5ACA} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Team Fortress Classic-->"C:\Program Files\Steam\steam.exe" steam://uninstall/20 The Bat! Professional v4.0.14-->MsiExec.exe /I{BFA24721-AC23-4E05-88A4-126BF9DF0B1C} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421} VLC media player 1.0.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe Winamp (nur entfernen)-->"C:\Program Files\Winamp\deinstwa.exe" WinRAR-->C:\Program Files\WinRAR\uninstall.exe XMind-->C:\Program Files\XMind\uninstall.exe xp-AntiSpy 3.97-8-->C:\Program Files\xp-AntiSpy\Uninstall.exe ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AS: Spybot - Search and Destroy (disabled) AS: Windows Defender ======System event log====== Computer Name: MS-Home Event Code: 4371 Message: Windows-Wartung hat begonnen, den Status des Pakets KB972036(Update) von Installiert(Installed) in Installiert(Installed) zu ändern. Record Number: 22428 Source Name: Microsoft-Windows-Servicing Time Written: 20100117193552.000000-000 Event Type: Informationen User: MS-Home\Admin Computer Name: MS-Home Event Code: 4371 Message: Windows-Wartung hat begonnen, den Status des Pakets KB972036(Update) von Installiert(Installed) in Installiert(Installed) zu ändern. Record Number: 22427 Source Name: Microsoft-Windows-Servicing Time Written: 20100117193552.000000-000 Event Type: Informationen User: MS-Home\Admin Computer Name: MS-Home Event Code: 4371 Message: Windows-Wartung hat begonnen, den Status des Pakets KB972036(Update) von Installiert(Installed) in Installiert(Installed) zu ändern. Record Number: 22426 Source Name: Microsoft-Windows-Servicing Time Written: 20100117193552.000000-000 Event Type: Informationen User: MS-Home\Admin Computer Name: MS-Home Event Code: 4371 Message: Windows-Wartung hat begonnen, den Status des Pakets KB972036(Update) von Installiert(Installed) in Installiert(Installed) zu ändern. Record Number: 22425 Source Name: Microsoft-Windows-Servicing Time Written: 20100117193552.000000-000 Event Type: Informationen User: MS-Home\Admin Computer Name: MS-Home Event Code: 4371 Message: Windows-Wartung hat begonnen, den Status des Pakets KB972036(Update) von Installiert(Installed) in Installiert(Installed) zu ändern. Record Number: 22424 Source Name: Microsoft-Windows-Servicing Time Written: 20100117193552.000000-000 Event Type: Informationen User: MS-Home\Admin =====Application event log===== Computer Name: 26L2233C2-11 Event Code: 5615 Message: Der Windows-Verwaltungsinstrumentationsdienst wurde erfolgreich gestartet. Record Number: 5 Source Name: Microsoft-Windows-WMI Time Written: 20100116172014.000000-000 Event Type: Informationen User: Computer Name: WIN-Q1JAMUFC58I Event Code: 4625 Message: Das EventSystem-Subsystem unterdrückt duplizierte Ereignisprotokolleinträge für eine Dauer von 86400 Sekunden. Dieses Zeitlimit kann durch den REG_DWORD-Wert SuppressDuplicateDuration unter folgendem Registrierungsschlüssel gesteuert werden: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 4 Source Name: Microsoft-Windows-EventSystem Time Written: 20100116172012.000000-000 Event Type: Informationen User: Computer Name: WIN-Q1JAMUFC58I Event Code: 900 Message: Der Softwarelizenzierungsdienst wird gestartet. Record Number: 3 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20100116172012.000000-000 Event Type: Informationen User: Computer Name: WIN-Q1JAMUFC58I Event Code: 1531 Message: Der Benutzerprofildienst wurde erfolgreich gestartet. Record Number: 2 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20100116172011.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: 26L2233C2-11 Event Code: 2 Message: Der Zertifikatdiensteclient wurde angehalten. Record Number: 1 Source Name: Microsoft-Windows-CertificateServicesClient Time Written: 20080121025823.474800-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM =====Security event log===== Computer Name: 26L2233C2-11 Event Code: 4648 Message: Anmeldeversuch mit expliziten Anmeldeinformationen. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: 26L2233C2-11$ Kontodomäne: WORKGROUP Anmelde-ID: 0x3e7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Konto, dessen Anmeldeinformationen verwendet wurden: Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Zielserver: Zielservername: localhost Weitere Informationen: localhost Prozessinformationen: Prozess-ID: 0x22c Prozessname: C:\Windows\System32\services.exe Netzwerkinformationen: Netzwerkadresse: - Port: - Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird. Record Number: 5 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100116171945.343750-000 Event Type: Überwachung erfolgreich User: Computer Name: 26L2233C2-11 Event Code: 4902 Message: Eine Benutzerrichtlinien-Überwachungstabelle wurde erstellt. Anzahl von Elementen: 0 Richtlinienkennung: 0x6d15a Record Number: 4 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100116171942.625000-000 Event Type: Überwachung erfolgreich User: Computer Name: 26L2233C2-11 Event Code: 4624 Message: Ein Konto wurde erfolgreich angemeldet. Antragsteller: Sicherheits-ID: S-1-0-0 Kontoname: - Kontodomäne: - Anmelde-ID: 0x0 Anmeldetyp: 0 Neue Anmeldung: Sicherheits-ID: S-1-5-18 Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Prozessinformationen: Prozess-ID: 0x4 Prozessname: Netzwerkinformationen: Arbeitsstationsname: - Quellnetzwerkadresse: - Quellport: - Detaillierte Authentifizierungsinformationen: Anmeldeprozess: - Authentifizierungspaket: - Übertragene Dienste: - Paketname (nur NTLM): - Schlüssellänge: 0 Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde. Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe". Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk). Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto. Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben. Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung. - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren. - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren. - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an. - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0. Record Number: 3 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100116171941.593750-000 Event Type: Überwachung erfolgreich User: Computer Name: 26L2233C2-11 Event Code: 4608 Message: Windows wird gestartet. Dieses Ereignis wird protokolliert, wenn LSASS.EXE gestartet und das Überwachungssubsystem initialisiert wird. Record Number: 2 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100116171941.578125-000 Event Type: Überwachung erfolgreich User: Computer Name: 26L2233C2-11 Event Code: 4634 Message: Ein Konto wurde abgemeldet. Antragsteller: Sicherheits-ID: S-1-5-7 Kontoname: ANONYMOUS LOGON Kontodomäne: NT AUTHORITY Anmelde-ID: 0x1affa Anmeldetyp: 3 Dieses Ereignis wird generiert, wenn eine Anmeldesitzung zerstört wird. Es kann anhand des Wertes der Anmelde-ID positiv mit einem Anmeldeereignis korreliert werden. Anmelde-IDs sind nur zwischen Neustarts auf demselben Computer eindeutig. Record Number: 1 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20080121025823.552800-000 Event Type: Überwachung erfolgreich User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=0f06 "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "asl.log"=Destination=file;OnFirstLog=command,environment "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip -----------------EOF-----------------
Vielen Dank schonmal im Voraus.Code:Logfile of random's system information tool 1.08 (written by random/random) Run by Admin at 2010-08-11 12:59:00 Microsoft® Windows Vista™ Business Service Pack 2 System drive C: has 185 GB (61%) free of 305 GB Total RAM: 2047 MB (59% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:00:27, on 11.08.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Microsoft Encarta\Encarta 2006 Enzyklopaedie DVD\EDICT.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\Andre\Desktop\RSIT.exe C:\Program Files\trend micro\Admin.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-892696261-3362122375-2653541687-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Andre') O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\BurnAware Free\NMSAccess32.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 7720 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-10-20 68112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-27 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}] FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-20 268816] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-21 61440] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016] "BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-12-18 622592] "ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2006-07-19 65536] "itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-11-11 1505144] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-03-16 47392] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040] "DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter [] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup VPN Client.lnk - C:\Windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\Windows\system32\klogon.dll [2009-10-20 219664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=255 "NoDriveAutoRun"=67108863 "HonorAutorunSetting"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 "NoDriveAutoRun"=67108863 "HonorAutorunSetting"=1 "NoDriveTypeAutoRun"=255 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-08-11 12:59:04 ----D---- C:\Program Files\trend micro 2010-08-11 12:59:00 ----D---- C:\rsit 2010-08-02 19:04:23 ----D---- C:\Program Files\iPod 2010-08-02 18:55:48 ----D---- C:\Program Files\Bonjour 2010-08-02 18:37:05 ----SHD---- C:\Config.Msi 2010-07-26 21:39:17 ----A---- C:\Windows\system32\PresentationHostProxy.dll 2010-07-26 21:39:17 ----A---- C:\Windows\system32\PresentationHost.exe 2010-07-26 21:39:17 ----A---- C:\Windows\system32\netfxperf.dll 2010-07-26 21:39:17 ----A---- C:\Windows\system32\mscoree.dll 2010-07-26 21:39:17 ----A---- C:\Windows\system32\dfshim.dll 2010-07-26 21:37:48 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2010-07-26 21:37:48 ----A---- C:\Windows\system32\Apphlpdm.dll 2010-07-25 11:47:07 ----D---- C:\Program Files\KaloMa ======List of files/folders modified in the last 1 months====== 2010-08-11 12:59:26 ----D---- C:\Windows\Prefetch 2010-08-11 12:59:16 ----D---- C:\Windows\Temp 2010-08-11 12:59:04 ----RD---- C:\Program Files 2010-08-11 11:30:51 ----D---- C:\ProgramData\Kaspersky Lab 2010-08-08 17:43:33 ----SHD---- C:\System Volume Information 2010-08-04 20:37:05 ----D---- C:\Windows 2010-08-02 19:07:08 ----D---- C:\Windows\system32\catroot 2010-08-02 19:06:30 ----SHD---- C:\Windows\Installer 2010-08-02 19:05:17 ----D---- C:\Program Files\iTunes 2010-08-02 19:04:21 ----D---- C:\Program Files\Common Files\Apple 2010-08-02 18:59:29 ----D---- C:\Windows\inf 2010-08-02 18:58:15 ----D---- C:\Windows\System32 2010-08-02 18:58:14 ----D---- C:\Windows\system32\drivers 2010-08-02 18:38:32 ----D---- C:\Program Files\Safari 2010-08-01 12:46:30 ----SHD---- C:\$Recycle.Bin 2010-08-01 12:45:37 ----RD---- C:\Users 2010-07-26 22:45:53 ----D---- C:\ProgramData\Spybot - Search & Destroy 2010-07-26 22:45:52 ----D---- C:\Windows\Debug 2010-07-26 22:15:21 ----D---- C:\Windows\Microsoft.NET 2010-07-26 22:15:17 ----RSD---- C:\Windows\assembly 2010-07-26 22:14:15 ----D---- C:\Windows\winsxs 2010-07-26 22:01:51 ----D---- C:\Windows\system32\drivers\etc 2010-07-26 21:53:53 ----D---- C:\Windows\system32\catroot2 2010-07-26 21:51:25 ----D---- C:\Windows\AppPatch 2010-07-26 21:51:25 ----D---- C:\Program Files\Windows Mail 2010-07-26 21:31:35 ----D---- C:\ProgramData\DivX 2010-07-26 21:31:34 ----D---- C:\Program Files\DivX 2010-07-26 21:30:35 ----D---- C:\Program Files\Common Files\PX Storage Engine 2010-07-26 21:27:26 ----D---- C:\Users\Admin\AppData\Roaming\DivX 2010-07-25 17:39:33 ----A---- C:\Windows\BRWMARK.INI 2010-07-18 17:48:36 ----D---- C:\Program Files\Steam 2010-07-18 17:45:17 ----D---- C:\Program Files\Common Files\Steam 2010-07-15 20:33:18 ----A---- C:\Windows\system32\PerfStringBackup.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 klbg;Kaspersky Lab Boot Guard Driver; C:\Windows\system32\drivers\klbg.sys [2009-10-14 36880] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-01-17 691696] R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-09-01 128016] R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2010-01-16 311312] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2009-11-03 21520] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-01-31 278984] R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2008-08-29 306299] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-01-25 25416] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-21 4450816] R3 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne2000.sys [2008-03-29 125328] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544] R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472] R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736] R3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] R3 yukonwlh;NDIS6.0 Miniporttreiber für Marvell Yukon-Ethernet-Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048] S3 ao8oh5uh;ao8oh5uh; C:\Windows\system32\drivers\ao8oh5uh.sys [] S3 CVirtA;Cisco Systems VPN Adapter; C:\Windows\system32\DRIVERS\CVirtA.sys [2007-01-18 5275] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 7168] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-07-21 733184] R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456] R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376] R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2008-08-29 1528608] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968] S2 NMSAccess;NMSAccess; C:\Program Files\BurnAware Free\NMSAccess32.exe [] S2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-06-26 395048] -----------------EOF-----------------
