| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google verlinkt auf englische Werbeseiten (Firefox, Opera)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.06.2012, 20:56
| #1 |
 |  Google verlinkt auf englische Werbeseiten (Firefox, Opera) Hallo seit 1-2 Wochen werde ich immer auf englische Seiten verlinkt, es sind immer irgendwelche Werbeseiten. Wer kann mir helfen ? |
|
13.06.2012, 15:20
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Google verlinkt auf englische Werbeseiten (Firefox, Opera) Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
14.06.2012, 11:04
| #3 |
| | Google verlinkt auf englische Werbeseiten (Firefox, Opera) So also hier schonmal Malwarebytes
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.11.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 User :: PC [Administrator] 14.06.2012 00:14:10 mbam-log-2012-06-14 (00-14-10).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 424146 Laufzeit: 3 Stunde(n), 2 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=da33923d165039479aaac809878257d9
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-14 12:01:00
# local_time=2012-06-14 02:01:00 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 111954277 111954277 0 0
# compatibility_mode=768 16777215 100 0 111881303 111881303 0 0
# compatibility_mode=1792 16777191 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 146 146 0 0
# scanned=120003
# found=10
# cleaned=0
# scan_time=6747
C:\Dokumente und Einstellungen\All Users\Dokumente\Server\hlp.dat Win32/Bamital.EK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Detlef\Eigene Dateien\Downloads\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Detlef\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KPEDWN8V\index-functions[1].js Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temp\jar_cache4901620794375253278.tmp Java/Exploit.CVE-2012-0507.D trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temp\SweetIMReinstall\SweetImSetup.exe a variant of Win32/SweetIM.B application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\eswdpqxo.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\xbJSYJlm.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\xbJSYJlm.ini2.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
D:\Exe dateien\free-wma-mp3-converter.exe probably a variant of Win32/PSW.Agent.BUPXGWL trojan (unable to clean) 00000000000000000000000000000000 I
D:\Musik\NichtVerwendeteDateien\MsgPlusLive-423.exe a variant of Win32/MessengerPlus application (unable to clean) 00000000000000000000000000000000 I
|
|
14.06.2012, 13:23
| #4 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt auf englische Werbeseiten (Firefox, Opera)Zitat:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen. Zerstörst Du die Registry, zerstörst Du Windows. Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.06.2012, 23:10
| #5 |
| | Google verlinkt auf englische Werbeseiten (Firefox, Opera) So hier nochmal nach der aktualisierung Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.14.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 User :: PC [Administrator] 14.06.2012 21:03:11 mbam-log-2012-06-14 (21-03-11).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 422819 Laufzeit: 3 Stunde(n), 4 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
15.06.2012, 14:51
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt auf englische Werbeseiten (Firefox, Opera) Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ --> Google verlinkt auf englische Werbeseiten (Firefox, Opera) |
|
15.06.2012, 20:28
| #7 |
| | Google verlinkt auf englische Werbeseiten (Firefox, Opera) also: der normale Modus geht, der ging vorher aber auch. Die Suchergebnisse werden aber immernoch falsch angezeigt/weitergeleitet. Außerdem ist im Browser rechts unten ein Pop Up Fenster. Und auf dem Desktop sind einige Icon`s nicht richtig angezeigt. Sollte ich die Suchergebnisse von ESET löschen ? Habe dies nicht getan. Und ich habe noch einige Einträge in der Quarantäne von Malwarebytes gesehen. |
|
15.06.2012, 20:41
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt auf englische Werbeseiten (Firefox, Opera) Überleg doch mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran. Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.06.2012, 21:06
| #9 |
| | Google verlinkt auf englische Werbeseiten (Firefox, Opera) was mir grade noch einfällt, vor einem Monat ca. hat mein E-Mail Account Spammails versendet, hatte sich aber auch nach 1-2 Tagen gelegt. Hier der die Lod Datei OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.06.2012 21:55:34 - Run 3 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Dokumente und Einstellungen\User\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 76,01% Memory free 4,85 Gb Paging File | 4,33 Gb Available in Paging File | 89,12% Paging File free Paging file location(s): D:\pagefile.sys 3072 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 78,13 Gb Total Space | 1,65 Gb Free Space | 2,11% Space Free | Partition Type: NTFS Drive D: | 154,75 Gb Total Space | 15,63 Gb Free Space | 10,10% Space Free | Partition Type: NTFS Computer Name: PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\User\Desktop\OTL.exe (OldTimer Tools) PRC - D:\Spiele\steam\steam.exe (Valve Corporation) PRC - D:\Exe dateien\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - D:\Exe dateien\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - D:\Exe dateien\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - D:\Exe dateien\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Google\Update\1.3.21.111\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Motorola\MotoConnectService\MotoConnect.exe (Motorola) PRC - C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe () PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Telefonauskunft und Rückwärtssuche\Telefonauskunft + Rückwärtssuche auf CD-ROM\KSTART32.EXE (klickTel AG) PRC - C:\WINDOWS\vsnpstd.exe () ========== Modules (No Company Name) ========== MOD - D:\Spiele\steam\bin\libcef.dll () MOD - D:\Spiele\steam\bin\avcodec-53.dll () MOD - D:\Spiele\steam\bin\chromehtml.dll () MOD - D:\Spiele\steam\bin\avformat-53.dll () MOD - D:\Spiele\steam\bin\avutil-51.dll () MOD - D:\Exe dateien\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe () MOD - C:\Programme\NVIDIA Corporation\nView\nvShell.dll () MOD - C:\Programme\Unlocker\UnlockerCOM.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\WINDOWS\vsnpstd.exe () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- D:\Exe dateien\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- D:\Exe dateien\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MotoConnect Service) -- C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe () SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (EagleXNt) -- C:\WINDOWS\system32\drivers\EagleXNt.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOKUME~1\Detlef\LOKALE~1\Temp\catchme.sys File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Motousbnet) -- C:\WINDOWS\system32\drivers\Motousbnet.sys (Motorola) DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola) DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola) DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola) DRV - (BTCFilterService) -- C:\WINDOWS\system32\drivers\motfilt.sys (Motorola Inc) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (MotoSwitchService) -- C:\WINDOWS\system32\drivers\motswch.sys (Motorola) DRV - (VtcDrv) -- C:\WINDOWS\system32\drivers\vtcdrv.sys (Windows (R) Codename Longhorn DDK provider) DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (snpstd) -- C:\WINDOWS\system32\drivers\snpstd.sys () DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476 IE - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) IE - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 IE - HKU\S-1-5-21-220523388-1383384898-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT2736476.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB8&ctid=CT2736476&SearchSource=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\User\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.709: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709: c:\programme\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\User\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.05 19:42:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.12.12 23:59:52 | 000,000,000 | ---D | M] [2008.11.29 20:30:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions [2012.05.09 18:30:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\extensions [2011.08.18 11:50:25 | 000,000,000 | ---D | M] (Personas) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\extensions\personas@christopher.beard [2012.05.09 18:00:03 | 000,000,945 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\conduit.xml [2012.06.11 20:58:05 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-1.xml [2009.08.07 11:42:57 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-2.xml [2010.06.24 13:04:58 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-3.xml [2010.07.05 18:36:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-4.xml [2010.07.25 18:12:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-5.xml [2010.05.12 18:40:48 | 000,001,042 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin.xml [2012.06.05 19:42:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.29 18:44:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012.06.05 19:42:39 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.04.29 18:44:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2010.10.17 16:49:28 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Programme\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll [2012.01.02 19:03:32 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.02 19:03:32 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.01.02 19:03:32 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.01.02 19:03:31 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.02 19:03:31 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.02 19:03:31 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.12 14:42:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\Toolbar\ShellBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] D:\Exe dateien\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-220523388-1383384898-725345543-1004..\Run: [Steam] D:\Spiele\steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-220523388-1383384898-725345543-1004..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10v_Plugin.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart\Telefonauskunft und Rückwärtssuche auf CD-ROM - Schnellstarter.lnk = C:\Programme\Telefonauskunft und Rückwärtssuche\Telefonauskunft + Rückwärtssuche auf CD-ROM\KSTART32.EXE (klickTel AG) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui (Microsoft Corporation) O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177158109359 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE5CBC49-51DB-4824-868C-3520A69F7C1B}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.04.21 12:49:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "wscsvc" MsConfig - Services: "CiSvc" MsConfig - Services: "ImapiService" MsConfig - Services: "NVSvc" MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk - - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk - - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^NkbMonitor.exe.lnk - C:\Programme\Nikon\PictureProject\NkbMonitor.exe - (Nikon Corporation) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Winexit.lnk - C:\Programme\Winexit\Winexit.exe - (mysoft hxxp://www.mysoft.de) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^User^Startmenü^Programme^Autostart^OpenOffice.org 2.1.lnk - C:\Programme\OpenOffice.org 2.1\program\quickstart.exe - () MsConfig - StartUpReg: AdobeUpdater - hkey= - key= - File not found MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - File not found MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found MsConfig - StartUpReg: nwiz - hkey= - key= - File not found MsConfig - StartUpReg: OpwareSE4 - hkey= - key= - C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.) MsConfig - StartUpReg: Power2GoExpress - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.) MsConfig - StartUpReg: PowerBar - hkey= - key= - C:\Programme\CyberLink\PowerStarter\PowerBar.exe (Cyberlink, Corp.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.) MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: SkyTel - hkey= - key= - C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - C:\Programme\Unlocker\UnlockerAssistant.exe () MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig - StartUpReg: {1290A33C-85F5-4164-A1BE-7DD299D4986A} - hkey= - key= - C:\Programme\CyberLink\PowerBackup\PBKScheduler.exe (CyberLink Corp.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {03A0C05D-8066-738D-D09E-F6845197E729} - Vektorgrafik-Rendering (VML) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Sicherheitsupdate für Windows XP (KB913433) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {B3682745-2B88-45BB-44DB-5213F390E066} - Microsoft Windows Media Player ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: Microsoft Base Smart Card Crypto Provider Package - Drivers32: msacm.clmp3enc - C:\Programme\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.xvid - C:\WINDOWS\System32\xvid.dll () Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.15 21:54:06 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe [2012.06.14 12:06:08 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.06.14 12:05:29 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\User\Desktop\esetsmartinstaller_enu.exe [2012.06.11 21:41:03 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\User\Recent [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.15 21:54:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe [2012.06.15 21:32:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.06.15 21:32:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.06.15 21:16:36 | 000,248,739 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2012.06.15 21:16:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.15 21:16:07 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1383384898-725345543-1004.job [2012.06.15 21:16:03 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1383384898-725345543-1006.job [2012.06.15 21:15:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.15 00:50:03 | 000,196,406 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\DSCN4250.JPG [2012.06.14 12:05:31 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\User\Desktop\esetsmartinstaller_enu.exe [2012.06.14 11:30:34 | 000,759,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.06.14 03:28:16 | 000,459,254 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.06.14 03:28:16 | 000,441,444 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.06.14 03:28:16 | 000,085,112 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.06.14 03:28:16 | 000,071,762 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.06.14 03:26:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.06.12 01:39:32 | 000,216,576 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.12 00:06:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1383384898-725345543-1006.job [2012.06.11 02:03:37 | 000,154,136 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\thumbs_EMOK-Picdump-244_045.jpg [2012.06.08 16:34:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1383384898-725345543-1004.job [2012.06.01 15:13:24 | 000,000,704 | ---- | M] () -- D:\Eigene Dateien\PDVD_MediaDisc.PlayList [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.15 00:50:03 | 000,196,406 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\DSCN4250.JPG [2012.06.14 03:19:12 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012.06.11 02:03:36 | 000,154,136 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\thumbs_EMOK-Picdump-244_045.jpg [2012.02.16 18:28:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.21 00:15:59 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2011.09.13 23:04:41 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2010.12.06 17:08:49 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2010.12.06 17:08:48 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2010.12.02 12:13:50 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2010.10.21 13:51:13 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2010.10.21 13:51:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.09.26 17:47:18 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat ========== LOP Check ========== [2008.11.30 20:09:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Spyware Terminator [2007.04.26 13:55:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2010.10.10 17:31:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations [2007.04.30 11:47:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp [2011.03.19 20:17:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2007.11.02 17:51:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus! [2010.03.08 23:40:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\motorola [2007.05.02 20:48:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\muvee Technologies [2007.04.30 11:41:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon [2007.04.26 14:09:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2012.05.09 18:25:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2008.11.26 17:12:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2009.11.07 22:11:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2007.04.30 11:47:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15 [2009.11.01 16:41:55 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.10.12 16:49:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Detlef\Anwendungsdaten\ICQ [2008.10.31 17:05:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Detlef\Anwendungsdaten\Meine Die Schlacht um Mittelerde™ II-Dateien [2010.10.21 14:27:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Detlef\Anwendungsdaten\Opera [2007.07.27 18:54:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Detlef\Anwendungsdaten\PC Suite [2010.10.20 22:17:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Detlef\Anwendungsdaten\Uniblue [2009.11.01 17:00:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software [2010.10.17 19:26:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\.purple [2009.11.24 22:24:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\.Tribler [2007.09.17 16:15:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Artweaver [2007.07.12 04:29:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\BonkEnc [2009.10.14 14:37:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Canon [2007.07.27 18:16:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Datalayer [2010.10.17 17:29:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\enchant [2010.10.17 16:49:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Foxit [2007.10.01 14:30:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Glory of the Roman Empire [2012.04.16 18:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\gtk-2.0 [2010.06.16 18:31:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\iatsky [2012.05.30 00:52:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ICQ [2007.04.25 21:41:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ICQLite [2008.05.30 16:01:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\klickTel [2007.09.18 20:05:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\LimeWire [2007.05.21 16:56:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Lingo4u [2010.10.14 22:14:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\LolClient [2010.10.17 17:19:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Miranda [2010.03.08 23:40:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\motorola [2011.12.06 03:47:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mount&Blade [2010.04.12 21:31:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mp3tag [2007.05.10 17:35:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\MusicIP [2007.09.13 00:44:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\NCH Swift Sound [2007.05.05 22:54:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Nikon [2007.07.27 18:16:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Nokia [2007.10.17 22:37:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Nokia Multimedia Player [2010.10.17 17:48:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Opera [2007.07.27 18:13:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\PC Suite [2010.11.10 00:23:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\QIP [2010.10.10 17:30:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Samsung [2012.05.09 18:25:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sony [2009.11.01 16:42:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\TuneUp Software [2011.10.18 02:38:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\wargaming.net [2007.10.21 20:25:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Winff [2007.07.12 01:36:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\XnView ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.10.17 19:26:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\.purple [2009.11.24 22:24:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\.Tribler [2010.07.05 14:33:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Adobe [2009.11.24 22:24:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Ahead [2009.11.24 22:24:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Apple Computer [2010.11.24 22:02:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ArcSoft [2007.09.17 16:15:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Artweaver [2011.12.13 22:49:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Avira [2010.01.11 00:30:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\AVS4YOU [2007.07.12 04:29:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\BonkEnc [2009.10.14 14:37:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Canon [2007.04.21 14:04:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\CyberLink [2007.07.27 18:16:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Datalayer [2010.11.26 01:46:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\DivX [2012.03.16 15:11:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\dvdcss [2010.10.17 17:29:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\enchant [2010.10.17 16:49:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Foxit [2007.10.01 14:30:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Glory of the Roman Empire [2007.04.21 14:05:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Google [2012.04.16 18:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\gtk-2.0 [2007.07.12 02:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Help [2010.06.16 18:31:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\iatsky [2012.05.30 00:52:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ICQ [2007.04.25 21:41:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ICQLite [2007.04.21 12:54:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Identities [2008.02.10 21:05:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\InstallShield [2008.05.30 16:01:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\klickTel [2007.09.18 20:05:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\LimeWire [2007.05.21 16:56:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Lingo4u [2010.10.14 22:14:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\LolClient [2007.04.21 14:20:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Macromedia [2008.09.02 20:59:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes [2010.07.05 20:45:37 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Microsoft [2010.10.17 17:19:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Miranda [2010.03.08 23:40:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\motorola [2011.12.06 03:47:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mount&Blade [2010.06.21 20:09:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Move Networks [2012.04.04 13:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla [2010.04.12 21:31:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mp3tag [2007.05.10 17:35:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\MusicIP [2007.09.13 00:44:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\NCH Swift Sound [2007.05.05 22:54:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Nikon [2007.07.27 18:16:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Nokia [2007.10.17 22:37:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Nokia Multimedia Player [2012.06.13 13:45:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\OpenOffice.org2 [2010.10.17 17:48:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Opera [2007.07.27 18:13:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\PC Suite [2010.11.10 00:23:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\QIP [2010.03.09 21:28:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Real [2010.10.10 17:30:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Samsung [2010.05.31 18:15:02 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\SecuROM [2012.02.03 19:42:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Skype [2012.02.03 18:22:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\skypePM [2012.05.09 18:25:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sony [2007.05.14 00:00:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sun [2008.11.27 16:24:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sunbelt Software [2009.11.01 16:42:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\TuneUp Software [2007.07.21 04:57:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\vlc [2011.10.18 02:38:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\wargaming.net [2012.04.29 18:47:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Winamp [2007.10.21 20:25:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Winff [2008.06.29 16:58:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\WinRAR [2007.07.12 01:36:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\XnView [2008.10.29 23:09:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Yahoo! < %APPDATA%\*.exe /s > [2007.09.10 00:43:53 | 003,378,248 | ---- | M] (Lime Wire LLC) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\LimeWire\.NetworkShare\LimeWireWin4.14.8.exe [2012.05.09 18:00:47 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Microsoft\Installer\{861C203D-5163-4BE3-BB5A-2561C61888DB}\NewShortcut1_861C203D51634BE3BB5A2561C61888DB_1.exe [2012.05.09 18:00:47 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Microsoft\Installer\{861C203D-5163-4BE3-BB5A-2561C61888DB}\NewShortcut2_861C203D51634BE3BB5A2561C61888DB_1.exe [2010.06.16 18:31:21 | 000,015,086 | R--- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Microsoft\Installer\{DD133F7D-E484-45B7-BBB9-828FCA45BBDB}\_6FEFF9B68218417F98F549.exe [2010.06.16 18:31:21 | 000,015,086 | R--- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Microsoft\Installer\{DD133F7D-E484-45B7-BBB9-828FCA45BBDB}\_71EB04B578FEBCBEC875C5.exe [2010.06.16 18:31:21 | 000,015,086 | R--- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Microsoft\Installer\{DD133F7D-E484-45B7-BBB9-828FCA45BBDB}\_AEDF77519664FA20889601.exe [2010.06.21 20:09:52 | 001,811,472 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Move Networks\MoveMediaPlayerWin_071802000001.exe [2010.06.21 20:09:55 | 000,144,053 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Move Networks\uninstall.exe [2010.02.11 21:31:38 | 000,097,216 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Move Networks\ie_bin\MovePlayerUpgrade.exe [2011.01.25 18:19:56 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Real\Update\setup3.13\setup.exe [2012.06.14 21:03:05 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\9.10\rnupgagent.exe < %SYSTEMDRIVE%\*.exe > [2004.07.09 05:08:36 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\dxsetup.exe < MD5 for: AGP440.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.11.29 18:44:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.11.29 18:44:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.11.29 18:44:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.11.29 18:44:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2007.04.21 14:38:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2007.04.21 14:38:15 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2007.04.21 14:38:15 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > |
|
15.06.2012, 22:47
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt auf englische Werbeseiten (Firefox, Opera) Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2736476
IE - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
FF - prefs.js..CT2736476.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?SSPV=FFSB8&ctid=CT2736476&SearchSource=2&q="
[2012.05.09 18:00:03 | 000,000,945 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\conduit.xml
[2012.06.11 20:58:05 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-1.xml
[2009.08.07 11:42:57 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-2.xml
[2010.06.24 13:04:58 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-3.xml
[2010.07.05 18:36:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-4.xml
[2010.07.25 18:12:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-5.xml
[2010.05.12 18:40:48 | 000,001,042 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin.xml
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\Toolbar\ShellBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk - - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk - - File not found
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.06.2012, 23:09
| #11 |
| | Google verlinkt auf englische Werbeseiten (Firefox, Opera) So hier: Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-220523388-1383384898-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-220523388-1383384898-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ deleted successfully.
C:\Programme\Freeware.de\prxtbFree.dll moved successfully.
HKEY_USERS\S-1-5-21-220523388-1383384898-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-220523388-1383384898-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: true removed from CT2736476.browser.search.defaultthis.engineName
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB8&ctid=CT2736476&SearchSource=2&q=" removed from keyword.URL
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\conduit.xml moved successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ozz5rs05.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
C:\Programme\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
File C:\Programme\Freeware.de\prxtbFree.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
File C:\Programme\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{327C2873-E90D-4c37-AA9D-10AC9BABA46C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{327C2873-E90D-4c37-AA9D-10AC9BABA46C}\ deleted successfully.
File WebPrint\Toolband.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
File C:\Programme\Freeware.de\prxtbFree.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Programme\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Programme\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-220523388-1383384898-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Programme\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-220523388-1383384898-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Programme\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-21-220523388-1383384898-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-220523388-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk\ deleted successfully.
C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Detlef
->Temp folder emptied: 1173292 bytes
->Temporary Internet Files folder emptied: 790537 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 41308346 bytes
->Opera cache emptied: 19039784 bytes
->Flash cache emptied: 2897 bytes
User: Lea
User: LocalService
->Temp folder emptied: 70788 bytes
->Temporary Internet Files folder emptied: 73949 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: User
->Temp folder emptied: 1992480693 bytes
->Temporary Internet Files folder emptied: 679102 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 332812142 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 14230 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2953299 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2.281,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: Detlef
->Flash cache emptied: 0 bytes
User: Lea
User: LocalService
User: NetworkService
User: User
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.48.0 log created on 06162012_000018
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
15.06.2012, 23:18
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt auf englische Werbeseiten (Firefox, Opera) Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.06.2012, 23:27
| #13 |
| | Google verlinkt auf englische Werbeseiten (Firefox, Opera) also ich hab nur gescannt und noch nichts gelöscht hab die Funde mit "Skip" behandelt Code:
ATTFilter 00:24:25.0015 1152 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
00:24:25.0093 1152 ============================================================
00:24:25.0093 1152 Current date / time: 2012/06/16 00:24:25.0093
00:24:25.0093 1152 SystemInfo:
00:24:25.0093 1152
00:24:25.0093 1152 OS Version: 5.1.2600 ServicePack: 3.0
00:24:25.0093 1152 Product type: Workstation
00:24:25.0093 1152 ComputerName: PC
00:24:25.0093 1152 UserName: User
00:24:25.0093 1152 Windows directory: C:\WINDOWS
00:24:25.0093 1152 System windows directory: C:\WINDOWS
00:24:25.0093 1152 Processor architecture: Intel x86
00:24:25.0093 1152 Number of processors: 2
00:24:25.0093 1152 Page size: 0x1000
00:24:25.0093 1152 Boot type: Normal boot
00:24:25.0093 1152 ============================================================
00:24:25.0968 1152 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:24:25.0984 1152 ============================================================
00:24:25.0984 1152 \Device\Harddisk0\DR0:
00:24:25.0984 1152 MBR partitions:
00:24:25.0984 1152 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
00:24:25.0984 1152 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C41B56, BlocksNum 0x1357EB6A
00:24:25.0984 1152 ============================================================
00:24:26.0062 1152 C: <-> \Device\Harddisk0\DR0\Partition0
00:24:26.0093 1152 D: <-> \Device\Harddisk0\DR0\Partition1
00:24:26.0093 1152 ============================================================
00:24:26.0093 1152 Initialize success
00:24:26.0093 1152 ============================================================
00:24:34.0281 3348 ============================================================
00:24:34.0281 3348 Scan started
00:24:34.0281 3348 Mode: Manual; SigCheck; TDLFS;
00:24:34.0281 3348 ============================================================
00:24:34.0500 3348 Abiosdsk - ok
00:24:34.0515 3348 abp480n5 - ok
00:24:34.0546 3348 ACPI (deac07203d92bf9385573fa5d790ff3c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:24:34.0546 3348 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: deac07203d92bf9385573fa5d790ff3c, Fake md5: ac407f1a62c3a300b4f2b5a9f1d55b2c
00:24:34.0546 3348 ACPI ( Virus.Win32.Rloader.a ) - infected
00:24:34.0546 3348 ACPI - detected Virus.Win32.Rloader.a (0)
00:24:34.0562 3348 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:24:35.0406 3348 ACPIEC - ok
00:24:35.0453 3348 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
00:24:35.0484 3348 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
00:24:35.0484 3348 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
00:24:35.0484 3348 adpu160m - ok
00:24:35.0515 3348 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:24:35.0609 3348 aec - ok
00:24:35.0640 3348 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:24:35.0687 3348 AFD - ok
00:24:35.0687 3348 Aha154x - ok
00:24:35.0687 3348 aic78u2 - ok
00:24:35.0703 3348 aic78xx - ok
00:24:35.0718 3348 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
00:24:35.0828 3348 Alerter - ok
00:24:35.0843 3348 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
00:24:35.0921 3348 ALG - ok
00:24:35.0937 3348 AliIde - ok
00:24:35.0937 3348 amsint - ok
00:24:36.0125 3348 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) D:\Exe dateien\Avira\AntiVir Desktop\sched.exe
00:24:36.0140 3348 AntiVirSchedulerService - ok
00:24:36.0171 3348 AntiVirService (a489be6bb0aa1ff406b488b60542314b) D:\Exe dateien\Avira\AntiVir Desktop\avguard.exe
00:24:36.0187 3348 AntiVirService - ok
00:24:36.0281 3348 Apple Mobile Device (f293992f9ceef6ea00ce52c3094e59e9) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
00:24:36.0281 3348 Apple Mobile Device - ok
00:24:36.0296 3348 AppMgmt - ok
00:24:36.0328 3348 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:24:36.0421 3348 Arp1394 - ok
00:24:36.0421 3348 asc - ok
00:24:36.0421 3348 asc3350p - ok
00:24:36.0437 3348 asc3550 - ok
00:24:36.0500 3348 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:24:36.0546 3348 aspnet_state - ok
00:24:36.0562 3348 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:24:36.0640 3348 AsyncMac - ok
00:24:36.0656 3348 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:24:36.0750 3348 atapi - ok
00:24:36.0765 3348 Atdisk - ok
00:24:36.0796 3348 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
00:24:36.0843 3348 atksgt - ok
00:24:36.0875 3348 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:24:36.0953 3348 Atmarpc - ok
00:24:36.0984 3348 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
00:24:37.0078 3348 AudioSrv - ok
00:24:37.0109 3348 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:24:37.0234 3348 audstub - ok
00:24:37.0250 3348 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
00:24:37.0265 3348 avgntflt - ok
00:24:37.0296 3348 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
00:24:37.0312 3348 avipbb - ok
00:24:37.0343 3348 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
00:24:37.0343 3348 avkmgr - ok
00:24:37.0375 3348 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:24:37.0468 3348 Beep - ok
00:24:37.0515 3348 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
00:24:37.0734 3348 BITS - ok
00:24:37.0765 3348 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
00:24:37.0859 3348 Browser - ok
00:24:37.0890 3348 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
00:24:38.0062 3348 BTCFilterService - ok
00:24:38.0140 3348 catchme - ok
00:24:38.0171 3348 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:24:38.0250 3348 cbidf2k - ok
00:24:38.0281 3348 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:24:38.0375 3348 CCDECODE - ok
00:24:38.0375 3348 cd20xrnt - ok
00:24:38.0406 3348 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:24:38.0500 3348 Cdaudio - ok
00:24:38.0515 3348 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:24:38.0593 3348 Cdfs - ok
00:24:38.0625 3348 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:24:38.0718 3348 Cdrom - ok
00:24:38.0718 3348 Changer - ok
00:24:38.0750 3348 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
00:24:38.0828 3348 CiSvc - ok
00:24:38.0843 3348 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
00:24:38.0921 3348 ClipSrv - ok
00:24:39.0000 3348 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:24:39.0078 3348 clr_optimization_v2.0.50727_32 - ok
00:24:39.0078 3348 CmdIde - ok
00:24:39.0078 3348 COMSysApp - ok
00:24:39.0093 3348 Cpqarray - ok
00:24:39.0125 3348 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
00:24:39.0203 3348 CryptSvc - ok
00:24:39.0218 3348 dac2w2k - ok
00:24:39.0218 3348 dac960nt - ok
00:24:39.0265 3348 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
00:24:39.0328 3348 DcomLaunch - ok
00:24:39.0359 3348 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
00:24:39.0453 3348 Dhcp - ok
00:24:39.0484 3348 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:24:39.0578 3348 Disk - ok
00:24:39.0578 3348 dmadmin - ok
00:24:39.0625 3348 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
00:24:39.0734 3348 dmboot - ok
00:24:39.0765 3348 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
00:24:39.0875 3348 dmio - ok
00:24:39.0906 3348 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:24:39.0984 3348 dmload - ok
00:24:40.0000 3348 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
00:24:40.0093 3348 dmserver - ok
00:24:40.0125 3348 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:24:40.0218 3348 DMusic - ok
00:24:40.0250 3348 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
00:24:40.0343 3348 Dnscache - ok
00:24:40.0375 3348 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
00:24:40.0468 3348 Dot3svc - ok
00:24:40.0468 3348 dpti2o - ok
00:24:40.0484 3348 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:24:40.0562 3348 drmkaud - ok
00:24:40.0578 3348 EagleXNt - ok
00:24:40.0609 3348 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
00:24:40.0687 3348 EapHost - ok
00:24:40.0718 3348 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
00:24:40.0734 3348 ENTECH ( UnsignedFile.Multi.Generic ) - warning
00:24:40.0734 3348 ENTECH - detected UnsignedFile.Multi.Generic (1)
00:24:40.0750 3348 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
00:24:40.0828 3348 ERSvc - ok
00:24:40.0859 3348 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
00:24:40.0890 3348 Eventlog - ok
00:24:40.0921 3348 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
00:24:40.0968 3348 EventSystem - ok
00:24:41.0015 3348 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:24:41.0109 3348 Fastfat - ok
00:24:41.0140 3348 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
00:24:41.0171 3348 FastUserSwitchingCompatibility - ok
00:24:41.0187 3348 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
00:24:41.0265 3348 Fdc - ok
00:24:41.0281 3348 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
00:24:41.0375 3348 Fips - ok
00:24:41.0390 3348 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
00:24:41.0484 3348 Flpydisk - ok
00:24:41.0515 3348 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:24:41.0609 3348 FltMgr - ok
00:24:41.0687 3348 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:24:41.0687 3348 FontCache3.0.0.0 - ok
00:24:41.0718 3348 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
00:24:41.0734 3348 fssfltr - ok
00:24:41.0859 3348 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Programme\Windows Live\Family Safety\fsssvc.exe
00:24:41.0890 3348 fsssvc - ok
00:24:41.0937 3348 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:24:42.0031 3348 Fs_Rec - ok
00:24:42.0046 3348 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:24:42.0140 3348 Ftdisk - ok
00:24:42.0156 3348 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
00:24:42.0250 3348 gameenum - ok
00:24:42.0281 3348 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:24:42.0281 3348 GEARAspiWDM - ok
00:24:42.0312 3348 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:24:42.0406 3348 Gpc - ok
00:24:42.0468 3348 gupdate1c9b3abc89374fa (626a24ed1228580b9518c01930936df9) C:\Programme\Google\Update\GoogleUpdate.exe
00:24:42.0484 3348 gupdate1c9b3abc89374fa - ok
00:24:42.0484 3348 gupdatem (626a24ed1228580b9518c01930936df9) C:\Programme\Google\Update\GoogleUpdate.exe
00:24:42.0484 3348 gupdatem - ok
00:24:42.0531 3348 gusvc (408ddd80eede47175f6844817b90213e) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
00:24:42.0562 3348 gusvc - ok
00:24:42.0593 3348 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:24:42.0671 3348 HDAudBus - ok
00:24:42.0734 3348 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:24:42.0828 3348 helpsvc - ok
00:24:42.0828 3348 HidServ - ok
00:24:42.0859 3348 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:24:42.0953 3348 HidUsb - ok
00:24:42.0968 3348 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
00:24:43.0046 3348 hkmsvc - ok
00:24:43.0046 3348 hpn - ok
00:24:43.0078 3348 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:24:43.0125 3348 HTTP - ok
00:24:43.0156 3348 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
00:24:43.0265 3348 HTTPFilter - ok
00:24:43.0281 3348 i2omgmt - ok
00:24:43.0281 3348 i2omp - ok
00:24:43.0312 3348 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:24:43.0390 3348 i8042prt - ok
00:24:43.0468 3348 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
00:24:43.0484 3348 IDriverT ( UnsignedFile.Multi.Generic ) - warning
00:24:43.0484 3348 IDriverT - detected UnsignedFile.Multi.Generic (1)
00:24:43.0625 3348 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:24:43.0671 3348 idsvc - ok
00:24:43.0703 3348 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:24:43.0796 3348 Imapi - ok
00:24:43.0812 3348 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
00:24:43.0906 3348 ImapiService - ok
00:24:43.0906 3348 ini910u - ok
00:24:44.0109 3348 IntcAzAudAddService (909d03b3b7fb7c830b74f74f4d0ea7ce) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:24:44.0250 3348 IntcAzAudAddService - ok
00:24:44.0328 3348 IntelIde - ok
00:24:44.0359 3348 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:24:44.0453 3348 intelppm - ok
00:24:44.0484 3348 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:24:44.0578 3348 Ip6Fw - ok
00:24:44.0609 3348 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:24:44.0687 3348 IpFilterDriver - ok
00:24:44.0703 3348 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:24:44.0796 3348 IpInIp - ok
00:24:44.0828 3348 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:24:44.0921 3348 IpNat - ok
00:24:44.0953 3348 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:24:45.0031 3348 IPSec - ok
00:24:45.0062 3348 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
00:24:45.0156 3348 irda - ok
00:24:45.0187 3348 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:24:45.0250 3348 IRENUM - ok
00:24:45.0281 3348 Irmon (2efe1db1ec58a26b0c14bfda122e246f) C:\WINDOWS\System32\irmon.dll
00:24:45.0375 3348 Irmon - ok
00:24:45.0390 3348 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
00:24:45.0437 3348 irsir - ok
00:24:45.0468 3348 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:24:45.0546 3348 isapnp - ok
00:24:45.0640 3348 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
00:24:45.0656 3348 JavaQuickStarterService - ok
00:24:45.0656 3348 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:24:45.0734 3348 Kbdclass - ok
00:24:45.0765 3348 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:24:45.0859 3348 kmixer - ok
00:24:45.0890 3348 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:24:45.0968 3348 KSecDD - ok
00:24:46.0000 3348 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
00:24:46.0015 3348 lanmanserver - ok
00:24:46.0046 3348 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
00:24:46.0093 3348 lanmanworkstation - ok
00:24:46.0093 3348 lbrtfdc - ok
00:24:46.0125 3348 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
00:24:46.0140 3348 lirsgt - ok
00:24:46.0156 3348 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
00:24:46.0250 3348 LmHosts - ok
00:24:46.0265 3348 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
00:24:46.0359 3348 Messenger - ok
00:24:46.0390 3348 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:24:46.0468 3348 mnmdd - ok
00:24:46.0500 3348 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
00:24:46.0578 3348 mnmsrvc - ok
00:24:46.0578 3348 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
00:24:46.0671 3348 Modem - ok
00:24:46.0703 3348 motccgp (c741717b0a18813dd7d12085937cee72) C:\WINDOWS\system32\DRIVERS\motccgp.sys
00:24:46.0750 3348 motccgp - ok
00:24:46.0765 3348 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
00:24:46.0812 3348 motccgpfl - ok
00:24:46.0828 3348 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\WINDOWS\system32\DRIVERS\motmodem.sys
00:24:46.0875 3348 motmodem - ok
00:24:46.0937 3348 MotoConnect Service (bb9de58ac6513da62c005d92e2db4981) C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe
00:24:46.0937 3348 MotoConnect Service - ok
00:24:46.0953 3348 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
00:24:46.0968 3348 MotoSwitchService - ok
00:24:46.0984 3348 Motousbnet (c3661b817e51b16153b332da1312b74d) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
00:24:47.0031 3348 Motousbnet - ok
00:24:47.0046 3348 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:24:47.0125 3348 Mouclass - ok
00:24:47.0140 3348 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:24:47.0234 3348 MountMgr - ok
00:24:47.0265 3348 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
00:24:47.0281 3348 MozillaMaintenance - ok
00:24:47.0281 3348 mraid35x - ok
00:24:47.0328 3348 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:24:47.0421 3348 MRxDAV - ok
00:24:47.0468 3348 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:24:47.0546 3348 MRxSmb - ok
00:24:47.0578 3348 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
00:24:47.0656 3348 MSDTC - ok
00:24:47.0687 3348 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:24:47.0781 3348 Msfs - ok
00:24:47.0781 3348 MSIServer - ok
00:24:47.0796 3348 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:24:47.0875 3348 MSKSSRV - ok
00:24:47.0890 3348 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:24:47.0984 3348 MSPCLOCK - ok
00:24:47.0984 3348 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:24:48.0078 3348 MSPQM - ok
00:24:48.0093 3348 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:24:48.0171 3348 mssmbios - ok
00:24:48.0187 3348 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:24:48.0265 3348 MSTEE - ok
00:24:48.0281 3348 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
00:24:48.0375 3348 ms_mpu401 - ok
00:24:48.0406 3348 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:24:48.0437 3348 Mup - ok
00:24:48.0468 3348 MxlW2k (31509f505fea9b37f9e59a10adcfe8f5) C:\WINDOWS\system32\drivers\MxlW2k.sys
00:24:48.0484 3348 MxlW2k ( UnsignedFile.Multi.Generic ) - warning
00:24:48.0484 3348 MxlW2k - detected UnsignedFile.Multi.Generic (1)
00:24:48.0515 3348 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:24:48.0593 3348 NABTSFEC - ok
00:24:48.0640 3348 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
00:24:48.0750 3348 napagent - ok
00:24:48.0765 3348 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:24:48.0875 3348 NDIS - ok
00:24:48.0906 3348 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:24:48.0984 3348 NdisIP - ok
00:24:49.0015 3348 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:24:49.0078 3348 NdisTapi - ok
00:24:49.0093 3348 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:24:49.0187 3348 Ndisuio - ok
00:24:49.0187 3348 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:24:49.0281 3348 NdisWan - ok
00:24:49.0312 3348 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:24:49.0359 3348 NDProxy - ok
00:24:49.0375 3348 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:24:49.0437 3348 NetBIOS - ok
00:24:49.0468 3348 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:24:49.0562 3348 NetBT - ok
00:24:49.0578 3348 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
00:24:49.0656 3348 NetDDE - ok
00:24:49.0656 3348 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
00:24:49.0734 3348 NetDDEdsdm - ok
00:24:49.0765 3348 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
00:24:49.0828 3348 Netlogon - ok
00:24:49.0859 3348 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
00:24:49.0937 3348 Netman - ok
00:24:50.0031 3348 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:24:50.0046 3348 NetTcpPortSharing - ok
00:24:50.0062 3348 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:24:50.0156 3348 NIC1394 - ok
00:24:50.0187 3348 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
00:24:50.0203 3348 Nla - ok
00:24:50.0234 3348 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:24:50.0296 3348 Npfs - ok
00:24:50.0359 3348 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:24:50.0468 3348 Ntfs - ok
00:24:50.0500 3348 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
00:24:50.0562 3348 NtLmSsp - ok
00:24:50.0609 3348 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
00:24:50.0718 3348 NtmsSvc - ok
00:24:50.0750 3348 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:24:50.0828 3348 Null - ok
00:24:51.0156 3348 nv (cf49346faeffbd046b4dcaf29673e02a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:24:51.0484 3348 nv - ok
00:24:51.0593 3348 NVHDA (2e661d73b21619818787fd5059294751) C:\WINDOWS\system32\drivers\nvhda32.sys
00:24:51.0609 3348 NVHDA - ok
00:24:51.0640 3348 nvsvc (896b929603fe45993853df9a3e5e19b1) C:\WINDOWS\system32\nvsvc32.exe
00:24:51.0656 3348 nvsvc ( UnsignedFile.Multi.Generic ) - warning
00:24:51.0656 3348 nvsvc - detected UnsignedFile.Multi.Generic (1)
00:24:51.0687 3348 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:24:51.0765 3348 NwlnkFlt - ok
00:24:51.0796 3348 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:24:51.0890 3348 NwlnkFwd - ok
00:24:51.0921 3348 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:24:52.0000 3348 ohci1394 - ok
00:24:52.0078 3348 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
00:24:52.0093 3348 ose - ok
00:24:52.0109 3348 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
00:24:52.0203 3348 Parport - ok
00:24:52.0234 3348 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:24:52.0312 3348 PartMgr - ok
00:24:52.0328 3348 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
00:24:52.0421 3348 ParVdm - ok
00:24:52.0437 3348 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
00:24:52.0531 3348 PCI - ok
00:24:52.0531 3348 PCIDump - ok
00:24:52.0562 3348 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:24:52.0656 3348 PCIIde - ok
00:24:52.0671 3348 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:24:52.0750 3348 Pcmcia - ok
00:24:52.0765 3348 PDCOMP - ok
00:24:52.0765 3348 PDFRAME - ok
00:24:52.0765 3348 PDRELI - ok
00:24:52.0781 3348 PDRFRAME - ok
00:24:52.0781 3348 perc2 - ok
00:24:52.0796 3348 perc2hib - ok
00:24:52.0843 3348 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
00:24:52.0843 3348 PlugPlay - ok
00:24:52.0875 3348 PnkBstrA (831883b107684301f48ace752c963984) C:\WINDOWS\system32\PnkBstrA.exe
00:24:52.0890 3348 PnkBstrA - ok
00:24:52.0921 3348 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
00:24:52.0984 3348 PolicyAgent - ok
00:24:53.0000 3348 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:24:53.0093 3348 PptpMiniport - ok
00:24:53.0093 3348 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
00:24:53.0171 3348 ProtectedStorage - ok
00:24:53.0187 3348 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:24:53.0281 3348 PSched - ok
00:24:53.0312 3348 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:24:53.0390 3348 Ptilink - ok
00:24:53.0421 3348 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:24:53.0421 3348 PxHelp20 - ok
00:24:53.0421 3348 ql1080 - ok
00:24:53.0437 3348 Ql10wnt - ok
00:24:53.0437 3348 ql12160 - ok
00:24:53.0437 3348 ql1240 - ok
00:24:53.0453 3348 ql1280 - ok
00:24:53.0453 3348 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:24:53.0546 3348 RasAcd - ok
00:24:53.0562 3348 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
00:24:53.0656 3348 RasAuto - ok
00:24:53.0671 3348 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
00:24:53.0703 3348 Rasirda - ok
00:24:53.0734 3348 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:24:53.0812 3348 Rasl2tp - ok
00:24:53.0843 3348 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
00:24:53.0921 3348 RasMan - ok
00:24:53.0953 3348 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:24:54.0031 3348 RasPppoe - ok
00:24:54.0062 3348 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:24:54.0156 3348 Raspti - ok
00:24:54.0187 3348 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:24:54.0265 3348 Rdbss - ok
00:24:54.0296 3348 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:24:54.0375 3348 RDPCDD - ok
00:24:54.0421 3348 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
00:24:54.0468 3348 RDPWD - ok
00:24:54.0500 3348 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
00:24:54.0593 3348 RDSessMgr - ok
00:24:54.0625 3348 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:24:54.0718 3348 redbook - ok
00:24:54.0734 3348 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
00:24:54.0828 3348 RemoteAccess - ok
00:24:54.0859 3348 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
00:24:54.0953 3348 ROOTMODEM - ok
00:24:55.0000 3348 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
00:24:55.0078 3348 RpcLocator - ok
00:24:55.0125 3348 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
00:24:55.0140 3348 RpcSs - ok
00:24:55.0156 3348 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
00:24:55.0234 3348 RSVP - ok
00:24:55.0265 3348 RTL8023xp (d6e1b1bd04fad422af17fc4b810cb9af) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
00:24:55.0312 3348 RTL8023xp - ok
00:24:55.0343 3348 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
00:24:55.0421 3348 SamSs - ok
00:24:55.0421 3348 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
00:24:55.0531 3348 SCardSvr - ok
00:24:55.0562 3348 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
00:24:55.0656 3348 Schedule - ok
00:24:55.0750 3348 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
00:24:55.0765 3348 SeaPort - ok
00:24:55.0796 3348 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:24:55.0859 3348 Secdrv - ok
00:24:55.0890 3348 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
00:24:55.0968 3348 seclogon - ok
00:24:55.0984 3348 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
00:24:56.0078 3348 SENS - ok
00:24:56.0109 3348 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:24:56.0171 3348 serenum - ok
00:24:56.0187 3348 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
00:24:56.0265 3348 Serial - ok
00:24:56.0281 3348 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:24:56.0359 3348 Sfloppy - ok
00:24:56.0406 3348 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
00:24:56.0500 3348 SharedAccess - ok
00:24:56.0531 3348 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
00:24:56.0546 3348 ShellHWDetection - ok
00:24:56.0546 3348 Simbad - ok
00:24:56.0593 3348 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:24:56.0671 3348 SLIP - ok
00:24:56.0718 3348 snpstd (eaee05416ae891d3a9f61c923033cea9) C:\WINDOWS\system32\DRIVERS\snpstd.sys
00:24:56.0812 3348 snpstd - ok
00:24:56.0812 3348 Sparrow - ok
00:24:56.0843 3348 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:24:56.0937 3348 splitter - ok
00:24:56.0953 3348 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
00:24:57.0000 3348 Spooler - ok
00:24:57.0015 3348 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
00:24:57.0093 3348 sr - ok
00:24:57.0140 3348 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
00:24:57.0218 3348 srservice - ok
00:24:57.0265 3348 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:24:57.0312 3348 Srv - ok
00:24:57.0343 3348 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
00:24:57.0390 3348 sscdbus - ok
00:24:57.0421 3348 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
00:24:57.0468 3348 sscdmdfl - ok
00:24:57.0500 3348 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
00:24:57.0515 3348 sscdmdm - ok
00:24:57.0546 3348 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
00:24:57.0640 3348 SSDPSRV - ok
00:24:57.0671 3348 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
00:24:57.0671 3348 ssmdrv - ok
00:24:57.0703 3348 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
00:24:57.0703 3348 StarOpen ( UnsignedFile.Multi.Generic ) - warning
00:24:57.0703 3348 StarOpen - detected UnsignedFile.Multi.Generic (1)
00:24:57.0750 3348 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
00:24:57.0828 3348 stisvc - ok
00:24:57.0859 3348 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:24:57.0937 3348 streamip - ok
00:24:57.0968 3348 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:24:58.0046 3348 swenum - ok
00:24:58.0078 3348 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:24:58.0156 3348 swmidi - ok
00:24:58.0156 3348 SwPrv - ok
00:24:58.0171 3348 symc810 - ok
00:24:58.0171 3348 symc8xx - ok
00:24:58.0187 3348 sym_hi - ok
00:24:58.0187 3348 sym_u3 - ok
00:24:58.0203 3348 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:24:58.0296 3348 sysaudio - ok
00:24:58.0328 3348 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
00:24:58.0421 3348 SysmonLog - ok
00:24:58.0437 3348 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
00:24:58.0531 3348 TapiSrv - ok
00:24:58.0593 3348 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:24:58.0625 3348 Tcpip - ok
00:24:58.0640 3348 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:24:58.0734 3348 TDPIPE - ok
00:24:58.0765 3348 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:24:58.0843 3348 TDTCP - ok
00:24:58.0875 3348 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:24:58.0953 3348 TermDD - ok
00:24:59.0000 3348 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
00:24:59.0093 3348 TermService - ok
00:24:59.0125 3348 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
00:24:59.0140 3348 Themes - ok
00:24:59.0140 3348 TosIde - ok
00:24:59.0171 3348 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
00:24:59.0250 3348 TrkWks - ok
00:24:59.0265 3348 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:24:59.0359 3348 Udfs - ok
00:24:59.0359 3348 ultra - ok
00:24:59.0406 3348 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:24:59.0515 3348 Update - ok
00:24:59.0546 3348 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
00:24:59.0625 3348 upnphost - ok
00:24:59.0687 3348 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
00:24:59.0765 3348 UPS - ok
00:24:59.0781 3348 USBAAPL (df38374e12e73c25b37b6f8a9b8622ef) C:\WINDOWS\system32\Drivers\usbaapl.sys
00:24:59.0796 3348 USBAAPL - ok
00:24:59.0828 3348 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
00:24:59.0906 3348 usbaudio - ok
00:24:59.0937 3348 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:25:00.0015 3348 usbccgp - ok
00:25:00.0046 3348 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:25:00.0125 3348 usbehci - ok
00:25:00.0125 3348 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:25:00.0203 3348 usbhub - ok
00:25:00.0218 3348 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:25:00.0296 3348 usbprint - ok
00:25:00.0312 3348 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:25:00.0406 3348 usbscan - ok
00:25:00.0421 3348 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:25:00.0500 3348 USBSTOR - ok
00:25:00.0531 3348 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:25:00.0609 3348 usbuhci - ok
00:25:00.0625 3348 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:25:00.0703 3348 VgaSave - ok
00:25:00.0703 3348 ViaIde - ok
00:25:00.0750 3348 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
00:25:00.0843 3348 VolSnap - ok
00:25:00.0875 3348 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
00:25:00.0968 3348 VSS - ok
00:25:00.0984 3348 VtcDrv (0c91d65b29edd38f5e14a4dfe9cdf846) C:\WINDOWS\system32\Drivers\vtcdrv.sys
00:25:01.0000 3348 VtcDrv ( UnsignedFile.Multi.Generic ) - warning
00:25:01.0000 3348 VtcDrv - detected UnsignedFile.Multi.Generic (1)
00:25:01.0031 3348 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
00:25:01.0109 3348 W32Time - ok
00:25:01.0140 3348 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:25:01.0234 3348 Wanarp - ok
00:25:01.0250 3348 wceusbsh (2e8ba025d65dd49d15ea66973e2a15df) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
00:25:01.0312 3348 wceusbsh - ok
00:25:01.0375 3348 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
00:25:01.0406 3348 Wdf01000 - ok
00:25:01.0406 3348 WDICA - ok
00:25:01.0421 3348 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:25:01.0515 3348 wdmaud - ok
00:25:01.0546 3348 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
00:25:01.0640 3348 WebClient - ok
00:25:01.0687 3348 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
00:25:01.0781 3348 winmgmt - ok
00:25:01.0812 3348 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
00:25:01.0875 3348 WmdmPmSN - ok
00:25:01.0921 3348 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:25:02.0000 3348 WmiApSrv - ok
00:25:02.0093 3348 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
00:25:02.0156 3348 WMPNetworkSvc - ok
00:25:02.0187 3348 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
00:25:02.0203 3348 WpdUsb - ok
00:25:02.0234 3348 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
00:25:02.0312 3348 wscsvc - ok
00:25:02.0343 3348 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:25:02.0421 3348 WSTCODEC - ok
00:25:02.0453 3348 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
00:25:02.0578 3348 wuauserv - ok
00:25:02.0593 3348 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:25:02.0609 3348 WudfPf - ok
00:25:02.0640 3348 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:25:02.0656 3348 WudfRd - ok
00:25:02.0671 3348 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
00:25:02.0671 3348 WudfSvc - ok
00:25:02.0718 3348 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
00:25:02.0812 3348 WZCSVC - ok
00:25:02.0843 3348 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
00:25:03.0015 3348 xmlprov - ok
00:25:03.0031 3348 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
00:25:03.0359 3348 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
00:25:03.0359 3348 \Device\Harddisk0\DR0 - detected TDSS File System (1)
00:25:03.0359 3348 Boot (0x1200) (961152f0820c2cf0c5582902cb6815af) \Device\Harddisk0\DR0\Partition0
00:25:03.0359 3348 \Device\Harddisk0\DR0\Partition0 - ok
00:25:03.0375 3348 Boot (0x1200) (9215fbd57ea098c46f3654e5036f4a68) \Device\Harddisk0\DR0\Partition1
00:25:03.0390 3348 \Device\Harddisk0\DR0\Partition1 - ok
00:25:03.0390 3348 ============================================================
00:25:03.0390 3348 Scan finished
00:25:03.0390 3348 ============================================================
00:25:03.0515 3332 Detected object count: 9
00:25:03.0515 3332 Actual detected object count: 9
00:25:22.0609 3332 ACPI ( Virus.Win32.Rloader.a ) - skipped by user
00:25:22.0609 3332 ACPI ( Virus.Win32.Rloader.a ) - User select action: Skip
00:25:22.0609 3332 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:25:22.0609 3332 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:25:22.0609 3332 ENTECH ( UnsignedFile.Multi.Generic ) - skipped by user
00:25:22.0609 3332 ENTECH ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:25:22.0609 3332 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
00:25:22.0609 3332 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:25:22.0609 3332 MxlW2k ( UnsignedFile.Multi.Generic ) - skipped by user
00:25:22.0609 3332 MxlW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:25:22.0625 3332 nvsvc ( UnsignedFile.Multi.Generic ) - skipped by user
00:25:22.0625 3332 nvsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:25:22.0625 3332 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
00:25:22.0625 3332 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:25:22.0625 3332 VtcDrv ( UnsignedFile.Multi.Generic ) - skipped by user
00:25:22.0625 3332 VtcDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:25:22.0625 3332 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
00:25:22.0625 3332 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
00:27:23.0906 1576 Deinitialize success
|
|
17.06.2012, 19:59
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt auf englische Werbeseiten (Firefox, Opera)Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.06.2012, 20:14
| #15 |
| | Google verlinkt auf englische Werbeseiten (Firefox, Opera) So hier der Log nach dem Entfernen der TDSS Dateil Code:
ATTFilter 21:10:37.0984 1900 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
21:10:38.0125 1900 ============================================================
21:10:38.0125 1900 Current date / time: 2012/06/18 21:10:38.0125
21:10:38.0125 1900 SystemInfo:
21:10:38.0125 1900
21:10:38.0125 1900 OS Version: 5.1.2600 ServicePack: 3.0
21:10:38.0125 1900 Product type: Workstation
21:10:38.0125 1900 ComputerName: PC
21:10:38.0125 1900 UserName: User
21:10:38.0125 1900 Windows directory: C:\WINDOWS
21:10:38.0125 1900 System windows directory: C:\WINDOWS
21:10:38.0125 1900 Processor architecture: Intel x86
21:10:38.0125 1900 Number of processors: 2
21:10:38.0125 1900 Page size: 0x1000
21:10:38.0125 1900 Boot type: Normal boot
21:10:38.0125 1900 ============================================================
21:10:42.0265 1900 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:10:42.0296 1900 ============================================================
21:10:42.0296 1900 \Device\Harddisk0\DR0:
21:10:42.0296 1900 MBR partitions:
21:10:42.0296 1900 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
21:10:42.0312 1900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C41B56, BlocksNum 0x1357EB6A
21:10:42.0312 1900 ============================================================
21:10:42.0921 1900 C: <-> \Device\Harddisk0\DR0\Partition0
21:10:43.0421 1900 D: <-> \Device\Harddisk0\DR0\Partition1
21:10:43.0421 1900 ============================================================
21:10:43.0421 1900 Initialize success
21:10:43.0421 1900 ============================================================
21:10:51.0640 2924 ============================================================
21:10:51.0640 2924 Scan started
21:10:51.0640 2924 Mode: Manual; SigCheck; TDLFS;
21:10:51.0640 2924 ============================================================
21:10:51.0843 2924 Abiosdsk - ok
21:10:51.0843 2924 abp480n5 - ok
21:10:51.0875 2924 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:10:52.0750 2924 ACPI - ok
21:10:52.0750 2924 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:10:52.0843 2924 ACPIEC - ok
21:10:52.0921 2924 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
21:10:52.0937 2924 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
21:10:52.0937 2924 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
21:10:52.0937 2924 adpu160m - ok
21:10:52.0953 2924 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:10:53.0046 2924 aec - ok
21:10:53.0078 2924 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:10:53.0125 2924 AFD - ok
21:10:53.0125 2924 Aha154x - ok
21:10:53.0140 2924 aic78u2 - ok
21:10:53.0140 2924 aic78xx - ok
21:10:53.0187 2924 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
21:10:53.0281 2924 Alerter - ok
21:10:53.0296 2924 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
21:10:53.0390 2924 ALG - ok
21:10:53.0390 2924 AliIde - ok
21:10:53.0390 2924 amsint - ok
21:10:53.0609 2924 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) D:\Exe dateien\Avira\AntiVir Desktop\sched.exe
21:10:53.0625 2924 AntiVirSchedulerService - ok
21:10:53.0671 2924 AntiVirService (a489be6bb0aa1ff406b488b60542314b) D:\Exe dateien\Avira\AntiVir Desktop\avguard.exe
21:10:53.0671 2924 AntiVirService - ok
21:10:53.0765 2924 Apple Mobile Device (f293992f9ceef6ea00ce52c3094e59e9) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
21:10:53.0765 2924 Apple Mobile Device - ok
21:10:53.0765 2924 AppMgmt - ok
21:10:53.0812 2924 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:10:53.0890 2924 Arp1394 - ok
21:10:53.0890 2924 asc - ok
21:10:53.0906 2924 asc3350p - ok
21:10:53.0906 2924 asc3550 - ok
21:10:53.0984 2924 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:10:54.0015 2924 aspnet_state - ok
21:10:54.0031 2924 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:10:54.0109 2924 AsyncMac - ok
21:10:54.0156 2924 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:10:54.0250 2924 atapi - ok
21:10:54.0250 2924 Atdisk - ok
21:10:54.0281 2924 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
21:10:54.0343 2924 atksgt - ok
21:10:54.0359 2924 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:10:54.0453 2924 Atmarpc - ok
21:10:54.0468 2924 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
21:10:54.0562 2924 AudioSrv - ok
21:10:54.0593 2924 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:10:54.0671 2924 audstub - ok
21:10:54.0703 2924 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
21:10:54.0718 2924 avgntflt - ok
21:10:54.0750 2924 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
21:10:54.0765 2924 avipbb - ok
21:10:54.0781 2924 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
21:10:54.0796 2924 avkmgr - ok
21:10:54.0828 2924 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:10:54.0921 2924 Beep - ok
21:10:54.0953 2924 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
21:10:55.0187 2924 BITS - ok
21:10:55.0203 2924 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
21:10:55.0296 2924 Browser - ok
21:10:55.0328 2924 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
21:10:55.0500 2924 BTCFilterService - ok
21:10:55.0578 2924 catchme - ok
21:10:55.0609 2924 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:10:55.0703 2924 cbidf2k - ok
21:10:55.0734 2924 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:10:55.0812 2924 CCDECODE - ok
21:10:55.0812 2924 cd20xrnt - ok
21:10:55.0843 2924 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:10:55.0937 2924 Cdaudio - ok
21:10:55.0953 2924 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:10:56.0031 2924 Cdfs - ok
21:10:56.0046 2924 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:10:56.0125 2924 Cdrom - ok
21:10:56.0125 2924 Changer - ok
21:10:56.0140 2924 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
21:10:56.0234 2924 CiSvc - ok
21:10:56.0250 2924 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
21:10:56.0328 2924 ClipSrv - ok
21:10:56.0390 2924 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:10:56.0468 2924 clr_optimization_v2.0.50727_32 - ok
21:10:56.0468 2924 CmdIde - ok
21:10:56.0468 2924 COMSysApp - ok
21:10:56.0484 2924 Cpqarray - ok
21:10:56.0515 2924 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
21:10:56.0593 2924 CryptSvc - ok
21:10:56.0609 2924 dac2w2k - ok
21:10:56.0609 2924 dac960nt - ok
21:10:56.0656 2924 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
21:10:56.0718 2924 DcomLaunch - ok
21:10:56.0750 2924 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
21:10:56.0843 2924 Dhcp - ok
21:10:56.0859 2924 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:10:56.0953 2924 Disk - ok
21:10:56.0953 2924 dmadmin - ok
21:10:57.0000 2924 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
21:10:57.0109 2924 dmboot - ok
21:10:57.0140 2924 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
21:10:57.0234 2924 dmio - ok
21:10:57.0265 2924 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:10:57.0328 2924 dmload - ok
21:10:57.0359 2924 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
21:10:57.0437 2924 dmserver - ok
21:10:57.0468 2924 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:10:57.0546 2924 DMusic - ok
21:10:57.0578 2924 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
21:10:57.0656 2924 Dnscache - ok
21:10:57.0687 2924 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
21:10:57.0765 2924 Dot3svc - ok
21:10:57.0765 2924 dpti2o - ok
21:10:57.0796 2924 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:10:57.0875 2924 drmkaud - ok
21:10:57.0875 2924 EagleXNt - ok
21:10:57.0921 2924 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
21:10:58.0015 2924 EapHost - ok
21:10:58.0046 2924 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
21:10:58.0062 2924 ENTECH ( UnsignedFile.Multi.Generic ) - warning
21:10:58.0062 2924 ENTECH - detected UnsignedFile.Multi.Generic (1)
21:10:58.0093 2924 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
21:10:58.0171 2924 ERSvc - ok
21:10:58.0203 2924 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
21:10:58.0218 2924 Eventlog - ok
21:10:58.0265 2924 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
21:10:58.0312 2924 EventSystem - ok
21:10:58.0343 2924 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:10:58.0437 2924 Fastfat - ok
21:10:58.0468 2924 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
21:10:58.0500 2924 FastUserSwitchingCompatibility - ok
21:10:58.0531 2924 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:10:58.0609 2924 Fdc - ok
21:10:58.0625 2924 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
21:10:58.0703 2924 Fips - ok
21:10:58.0734 2924 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:10:58.0812 2924 Flpydisk - ok
21:10:58.0843 2924 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:10:58.0937 2924 FltMgr - ok
21:10:59.0000 2924 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:10:59.0015 2924 FontCache3.0.0.0 - ok
21:10:59.0046 2924 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
21:10:59.0046 2924 fssfltr - ok
21:10:59.0171 2924 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Programme\Windows Live\Family Safety\fsssvc.exe
21:10:59.0218 2924 fsssvc - ok
21:10:59.0265 2924 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:10:59.0343 2924 Fs_Rec - ok
21:10:59.0375 2924 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:10:59.0468 2924 Ftdisk - ok
21:10:59.0484 2924 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:10:59.0578 2924 gameenum - ok
21:10:59.0625 2924 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:10:59.0625 2924 GEARAspiWDM - ok
21:10:59.0656 2924 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:10:59.0734 2924 Gpc - ok
21:10:59.0875 2924 gupdate1c9b3abc89374fa (626a24ed1228580b9518c01930936df9) C:\Programme\Google\Update\GoogleUpdate.exe
21:10:59.0875 2924 gupdate1c9b3abc89374fa - ok
21:10:59.0890 2924 gupdatem (626a24ed1228580b9518c01930936df9) C:\Programme\Google\Update\GoogleUpdate.exe
21:10:59.0890 2924 gupdatem - ok
21:10:59.0937 2924 gusvc (408ddd80eede47175f6844817b90213e) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
21:10:59.0968 2924 gusvc - ok
21:11:00.0000 2924 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:11:00.0078 2924 HDAudBus - ok
21:11:00.0156 2924 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:11:00.0234 2924 helpsvc - ok
21:11:00.0234 2924 HidServ - ok
21:11:00.0281 2924 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:11:00.0359 2924 HidUsb - ok
21:11:00.0390 2924 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
21:11:00.0468 2924 hkmsvc - ok
21:11:00.0468 2924 hpn - ok
21:11:00.0500 2924 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:11:00.0531 2924 HTTP - ok
21:11:00.0562 2924 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
21:11:00.0671 2924 HTTPFilter - ok
21:11:00.0671 2924 i2omgmt - ok
21:11:00.0687 2924 i2omp - ok
21:11:00.0718 2924 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:11:00.0812 2924 i8042prt - ok
21:11:00.0890 2924 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:11:00.0906 2924 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:11:00.0906 2924 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:11:01.0031 2924 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:11:01.0078 2924 idsvc - ok
21:11:01.0109 2924 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:11:01.0187 2924 Imapi - ok
21:11:01.0203 2924 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
21:11:01.0296 2924 ImapiService - ok
21:11:01.0296 2924 ini910u - ok
21:11:01.0500 2924 IntcAzAudAddService (909d03b3b7fb7c830b74f74f4d0ea7ce) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:11:01.0640 2924 IntcAzAudAddService - ok
21:11:01.0718 2924 IntelIde - ok
21:11:01.0734 2924 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:11:01.0828 2924 intelppm - ok
21:11:01.0843 2924 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:11:01.0937 2924 Ip6Fw - ok
21:11:01.0953 2924 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:11:02.0046 2924 IpFilterDriver - ok
21:11:02.0078 2924 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:11:02.0171 2924 IpInIp - ok
21:11:02.0203 2924 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:11:02.0281 2924 IpNat - ok
21:11:02.0312 2924 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:11:02.0406 2924 IPSec - ok
21:11:02.0421 2924 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
21:11:02.0515 2924 irda - ok
21:11:02.0531 2924 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:11:02.0609 2924 IRENUM - ok
21:11:02.0640 2924 Irmon (2efe1db1ec58a26b0c14bfda122e246f) C:\WINDOWS\System32\irmon.dll
21:11:02.0734 2924 Irmon - ok
21:11:02.0734 2924 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
21:11:02.0781 2924 irsir - ok
21:11:02.0812 2924 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:11:02.0890 2924 isapnp - ok
21:11:03.0015 2924 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
21:11:03.0015 2924 JavaQuickStarterService - ok
21:11:03.0031 2924 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:11:03.0109 2924 Kbdclass - ok
21:11:03.0125 2924 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:11:03.0218 2924 kmixer - ok
21:11:03.0250 2924 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:11:03.0328 2924 KSecDD - ok
21:11:03.0359 2924 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
21:11:03.0390 2924 lanmanserver - ok
21:11:03.0421 2924 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
21:11:03.0453 2924 lanmanworkstation - ok
21:11:03.0453 2924 lbrtfdc - ok
21:11:03.0484 2924 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
21:11:03.0500 2924 lirsgt - ok
21:11:03.0531 2924 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
21:11:03.0609 2924 LmHosts - ok
21:11:03.0625 2924 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
21:11:03.0718 2924 Messenger - ok
21:11:03.0734 2924 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:11:03.0828 2924 mnmdd - ok
21:11:03.0859 2924 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
21:11:03.0921 2924 mnmsrvc - ok
21:11:03.0937 2924 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
21:11:04.0031 2924 Modem - ok
21:11:04.0046 2924 motccgp (c741717b0a18813dd7d12085937cee72) C:\WINDOWS\system32\DRIVERS\motccgp.sys
21:11:04.0078 2924 motccgp - ok
21:11:04.0109 2924 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
21:11:04.0140 2924 motccgpfl - ok
21:11:04.0156 2924 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\WINDOWS\system32\DRIVERS\motmodem.sys
21:11:04.0203 2924 motmodem - ok
21:11:04.0265 2924 MotoConnect Service (bb9de58ac6513da62c005d92e2db4981) C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe
21:11:04.0281 2924 MotoConnect Service - ok
21:11:04.0281 2924 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
21:11:04.0312 2924 MotoSwitchService - ok
21:11:04.0328 2924 Motousbnet (c3661b817e51b16153b332da1312b74d) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
21:11:04.0359 2924 Motousbnet - ok
21:11:04.0390 2924 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:11:04.0453 2924 Mouclass - ok
21:11:04.0468 2924 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:11:04.0562 2924 MountMgr - ok
21:11:04.0593 2924 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
21:11:04.0625 2924 MozillaMaintenance - ok
21:11:04.0625 2924 mraid35x - ok
21:11:04.0671 2924 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:11:04.0765 2924 MRxDAV - ok
21:11:04.0812 2924 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:11:04.0890 2924 MRxSmb - ok
21:11:04.0921 2924 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
21:11:05.0000 2924 MSDTC - ok
21:11:05.0031 2924 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:11:05.0109 2924 Msfs - ok
21:11:05.0109 2924 MSIServer - ok
21:11:05.0125 2924 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:11:05.0203 2924 MSKSSRV - ok
21:11:05.0218 2924 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:11:05.0296 2924 MSPCLOCK - ok
21:11:05.0312 2924 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:11:05.0390 2924 MSPQM - ok
21:11:05.0421 2924 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:11:05.0500 2924 mssmbios - ok
21:11:05.0515 2924 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:11:05.0593 2924 MSTEE - ok
21:11:05.0609 2924 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
21:11:05.0703 2924 ms_mpu401 - ok
21:11:05.0734 2924 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:11:05.0781 2924 Mup - ok
21:11:05.0812 2924 MxlW2k (31509f505fea9b37f9e59a10adcfe8f5) C:\WINDOWS\system32\drivers\MxlW2k.sys
21:11:05.0812 2924 MxlW2k ( UnsignedFile.Multi.Generic ) - warning
21:11:05.0812 2924 MxlW2k - detected UnsignedFile.Multi.Generic (1)
21:11:05.0843 2924 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:11:05.0937 2924 NABTSFEC - ok
21:11:05.0968 2924 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
21:11:06.0078 2924 napagent - ok
21:11:06.0109 2924 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:11:06.0218 2924 NDIS - ok
21:11:06.0234 2924 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:11:06.0328 2924 NdisIP - ok
21:11:06.0359 2924 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:11:06.0406 2924 NdisTapi - ok
21:11:06.0437 2924 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:11:06.0515 2924 Ndisuio - ok
21:11:06.0531 2924 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:11:06.0625 2924 NdisWan - ok
21:11:06.0640 2924 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:11:06.0703 2924 NDProxy - ok
21:11:06.0718 2924 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:11:06.0796 2924 NetBIOS - ok
21:11:06.0828 2924 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:11:06.0906 2924 NetBT - ok
21:11:06.0921 2924 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
21:11:07.0015 2924 NetDDE - ok
21:11:07.0015 2924 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
21:11:07.0093 2924 NetDDEdsdm - ok
21:11:07.0109 2924 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:11:07.0187 2924 Netlogon - ok
21:11:07.0218 2924 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
21:11:07.0296 2924 Netman - ok
21:11:07.0390 2924 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:11:07.0406 2924 NetTcpPortSharing - ok
21:11:07.0421 2924 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:11:07.0515 2924 NIC1394 - ok
21:11:07.0546 2924 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
21:11:07.0562 2924 Nla - ok
21:11:07.0578 2924 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:11:07.0656 2924 Npfs - ok
21:11:07.0718 2924 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:11:07.0828 2924 Ntfs - ok
21:11:07.0843 2924 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:11:07.0921 2924 NtLmSsp - ok
21:11:07.0968 2924 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
21:11:08.0062 2924 NtmsSvc - ok
21:11:08.0093 2924 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:11:08.0171 2924 Null - ok
21:11:08.0484 2924 nv (cf49346faeffbd046b4dcaf29673e02a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:11:08.0828 2924 nv - ok
21:11:08.0953 2924 NVHDA (2e661d73b21619818787fd5059294751) C:\WINDOWS\system32\drivers\nvhda32.sys
21:11:08.0953 2924 NVHDA - ok
21:11:09.0000 2924 nvsvc (896b929603fe45993853df9a3e5e19b1) C:\WINDOWS\system32\nvsvc32.exe
21:11:09.0000 2924 nvsvc ( UnsignedFile.Multi.Generic ) - warning
21:11:09.0000 2924 nvsvc - detected UnsignedFile.Multi.Generic (1)
21:11:09.0046 2924 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:11:09.0125 2924 NwlnkFlt - ok
21:11:09.0140 2924 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:11:09.0234 2924 NwlnkFwd - ok
21:11:09.0265 2924 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:11:09.0343 2924 ohci1394 - ok
21:11:09.0406 2924 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
21:11:09.0421 2924 ose - ok
21:11:09.0453 2924 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
21:11:09.0546 2924 Parport - ok
21:11:09.0578 2924 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:11:09.0656 2924 PartMgr - ok
21:11:09.0687 2924 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
21:11:09.0781 2924 ParVdm - ok
21:11:09.0796 2924 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
21:11:09.0875 2924 PCI - ok
21:11:09.0875 2924 PCIDump - ok
21:11:09.0906 2924 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:11:10.0000 2924 PCIIde - ok
21:11:10.0015 2924 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:11:10.0093 2924 Pcmcia - ok
21:11:10.0093 2924 PDCOMP - ok
21:11:10.0109 2924 PDFRAME - ok
21:11:10.0109 2924 PDRELI - ok
21:11:10.0109 2924 PDRFRAME - ok
21:11:10.0125 2924 perc2 - ok
21:11:10.0125 2924 perc2hib - ok
21:11:10.0187 2924 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
21:11:10.0203 2924 PlugPlay - ok
21:11:10.0234 2924 PnkBstrA (831883b107684301f48ace752c963984) C:\WINDOWS\system32\PnkBstrA.exe
21:11:10.0234 2924 PnkBstrA - ok
21:11:10.0265 2924 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:11:10.0343 2924 PolicyAgent - ok
21:11:10.0359 2924 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:11:10.0437 2924 PptpMiniport - ok
21:11:10.0437 2924 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:11:10.0515 2924 ProtectedStorage - ok
21:11:10.0546 2924 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:11:10.0625 2924 PSched - ok
21:11:10.0656 2924 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:11:10.0734 2924 Ptilink - ok
21:11:10.0765 2924 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:11:10.0781 2924 PxHelp20 - ok
21:11:10.0781 2924 ql1080 - ok
21:11:10.0781 2924 Ql10wnt - ok
21:11:10.0781 2924 ql12160 - ok
21:11:10.0796 2924 ql1240 - ok
21:11:10.0796 2924 ql1280 - ok
21:11:10.0812 2924 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:11:10.0890 2924 RasAcd - ok
21:11:10.0906 2924 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
21:11:11.0000 2924 RasAuto - ok
21:11:11.0015 2924 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
21:11:11.0046 2924 Rasirda - ok
21:11:11.0062 2924 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:11:11.0140 2924 Rasl2tp - ok
21:11:11.0187 2924 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
21:11:11.0265 2924 RasMan - ok
21:11:11.0296 2924 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:11:11.0375 2924 RasPppoe - ok
21:11:11.0375 2924 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:11:11.0468 2924 Raspti - ok
21:11:11.0500 2924 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:11:11.0578 2924 Rdbss - ok
21:11:11.0625 2924 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:11:11.0703 2924 RDPCDD - ok
21:11:11.0750 2924 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
21:11:11.0796 2924 RDPWD - ok
21:11:11.0828 2924 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
21:11:11.0921 2924 RDSessMgr - ok
21:11:11.0953 2924 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:11:12.0031 2924 redbook - ok
21:11:12.0062 2924 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
21:11:12.0140 2924 RemoteAccess - ok
21:11:12.0171 2924 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
21:11:12.0265 2924 ROOTMODEM - ok
21:11:12.0296 2924 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
21:11:12.0390 2924 RpcLocator - ok
21:11:12.0437 2924 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
21:11:12.0453 2924 RpcSs - ok
21:11:12.0468 2924 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
21:11:12.0546 2924 RSVP - ok
21:11:12.0593 2924 RTL8023xp (d6e1b1bd04fad422af17fc4b810cb9af) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:11:12.0625 2924 RTL8023xp - ok
21:11:12.0656 2924 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:11:12.0734 2924 SamSs - ok
21:11:12.0750 2924 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
21:11:12.0843 2924 SCardSvr - ok
21:11:12.0890 2924 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
21:11:12.0984 2924 Schedule - ok
21:11:13.0062 2924 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:11:13.0078 2924 SeaPort - ok
21:11:13.0093 2924 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:11:13.0171 2924 Secdrv - ok
21:11:13.0187 2924 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
21:11:13.0281 2924 seclogon - ok
21:11:13.0296 2924 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
21:11:13.0390 2924 SENS - ok
21:11:13.0421 2924 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:11:13.0500 2924 serenum - ok
21:11:13.0515 2924 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
21:11:13.0593 2924 Serial - ok
21:11:13.0625 2924 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:11:13.0703 2924 Sfloppy - ok
21:11:13.0734 2924 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
21:11:13.0828 2924 SharedAccess - ok
21:11:13.0859 2924 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
21:11:13.0875 2924 ShellHWDetection - ok
21:11:13.0875 2924 Simbad - ok
21:11:13.0906 2924 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:11:14.0000 2924 SLIP - ok
21:11:14.0031 2924 snpstd (eaee05416ae891d3a9f61c923033cea9) C:\WINDOWS\system32\DRIVERS\snpstd.sys
21:11:14.0125 2924 snpstd - ok
21:11:14.0125 2924 Sparrow - ok
21:11:14.0156 2924 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:11:14.0250 2924 splitter - ok
21:11:14.0265 2924 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:11:14.0296 2924 Spooler - ok
21:11:14.0312 2924 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
21:11:14.0406 2924 sr - ok
21:11:14.0437 2924 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
21:11:14.0515 2924 srservice - ok
21:11:14.0562 2924 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:11:14.0625 2924 Srv - ok
21:11:14.0656 2924 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
21:11:14.0703 2924 sscdbus - ok
21:11:14.0734 2924 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
21:11:14.0765 2924 sscdmdfl - ok
21:11:14.0812 2924 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
21:11:14.0828 2924 sscdmdm - ok
21:11:14.0843 2924 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
21:11:14.0937 2924 SSDPSRV - ok
21:11:14.0968 2924 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
21:11:14.0984 2924 ssmdrv - ok
21:11:15.0015 2924 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
21:11:15.0015 2924 StarOpen ( UnsignedFile.Multi.Generic ) - warning
21:11:15.0015 2924 StarOpen - detected UnsignedFile.Multi.Generic (1)
21:11:15.0062 2924 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
21:11:15.0140 2924 stisvc - ok
21:11:15.0171 2924 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:11:15.0250 2924 streamip - ok
21:11:15.0265 2924 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:11:15.0359 2924 swenum - ok
21:11:15.0375 2924 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:11:15.0468 2924 swmidi - ok
21:11:15.0468 2924 SwPrv - ok
21:11:15.0484 2924 symc810 - ok
21:11:15.0484 2924 symc8xx - ok
21:11:15.0484 2924 sym_hi - ok
21:11:15.0500 2924 sym_u3 - ok
21:11:15.0531 2924 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:11:15.0609 2924 sysaudio - ok
21:11:15.0640 2924 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
21:11:15.0734 2924 SysmonLog - ok
21:11:15.0750 2924 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
21:11:15.0843 2924 TapiSrv - ok
21:11:15.0890 2924 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:11:15.0937 2924 Tcpip - ok
21:11:15.0953 2924 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:11:16.0046 2924 TDPIPE - ok
21:11:16.0062 2924 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:11:16.0156 2924 TDTCP - ok
21:11:16.0187 2924 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:11:16.0265 2924 TermDD - ok
21:11:16.0296 2924 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
21:11:16.0390 2924 TermService - ok
21:11:16.0437 2924 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
21:11:16.0437 2924 Themes - ok
21:11:16.0437 2924 TosIde - ok
21:11:16.0468 2924 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
21:11:16.0562 2924 TrkWks - ok
21:11:16.0578 2924 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:11:16.0656 2924 Udfs - ok
21:11:16.0656 2924 ultra - ok
21:11:16.0718 2924 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:11:16.0812 2924 Update - ok
21:11:16.0843 2924 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
21:11:16.0937 2924 upnphost - ok
21:11:16.0953 2924 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
21:11:17.0031 2924 UPS - ok
21:11:17.0046 2924 USBAAPL (df38374e12e73c25b37b6f8a9b8622ef) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:11:17.0078 2924 USBAAPL - ok
21:11:17.0093 2924 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:11:17.0187 2924 usbaudio - ok
21:11:17.0218 2924 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:11:17.0296 2924 usbccgp - ok
21:11:17.0328 2924 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:11:17.0406 2924 usbehci - ok
21:11:17.0406 2924 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:11:17.0484 2924 usbhub - ok
21:11:17.0500 2924 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:11:17.0578 2924 usbprint - ok
21:11:17.0609 2924 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:11:17.0687 2924 usbscan - ok
21:11:17.0703 2924 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:11:17.0765 2924 USBSTOR - ok
21:11:17.0796 2924 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:11:17.0875 2924 usbuhci - ok
21:11:17.0906 2924 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:11:17.0984 2924 VgaSave - ok
21:11:17.0984 2924 ViaIde - ok
21:11:18.0015 2924 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
21:11:18.0093 2924 VolSnap - ok
21:11:18.0125 2924 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
21:11:18.0218 2924 VSS - ok
21:11:18.0234 2924 VtcDrv (0c91d65b29edd38f5e14a4dfe9cdf846) C:\WINDOWS\system32\Drivers\vtcdrv.sys
21:11:18.0250 2924 VtcDrv ( UnsignedFile.Multi.Generic ) - warning
21:11:18.0250 2924 VtcDrv - detected UnsignedFile.Multi.Generic (1)
21:11:18.0281 2924 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
21:11:18.0359 2924 W32Time - ok
21:11:18.0390 2924 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:11:18.0468 2924 Wanarp - ok
21:11:18.0484 2924 wceusbsh (2e8ba025d65dd49d15ea66973e2a15df) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
21:11:18.0578 2924 wceusbsh - ok
21:11:18.0640 2924 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:11:18.0671 2924 Wdf01000 - ok
21:11:18.0687 2924 WDICA - ok
21:11:18.0703 2924 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:11:18.0796 2924 wdmaud - ok
21:11:18.0812 2924 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
21:11:18.0890 2924 WebClient - ok
21:11:18.0968 2924 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:11:19.0046 2924 winmgmt - ok
21:11:19.0062 2924 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:11:19.0109 2924 WmdmPmSN - ok
21:11:19.0156 2924 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:11:19.0234 2924 WmiApSrv - ok
21:11:19.0343 2924 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
21:11:19.0390 2924 WMPNetworkSvc - ok
21:11:19.0437 2924 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:11:19.0437 2924 WpdUsb - ok
21:11:19.0468 2924 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
21:11:19.0562 2924 wscsvc - ok
21:11:19.0593 2924 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:11:19.0671 2924 WSTCODEC - ok
21:11:19.0703 2924 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
21:11:19.0828 2924 wuauserv - ok
21:11:19.0843 2924 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:11:19.0859 2924 WudfPf - ok
21:11:19.0890 2924 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:11:19.0906 2924 WudfRd - ok
21:11:19.0921 2924 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:11:19.0937 2924 WudfSvc - ok
21:11:19.0968 2924 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
21:11:20.0062 2924 WZCSVC - ok
21:11:20.0093 2924 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
21:11:20.0265 2924 xmlprov - ok
21:11:20.0281 2924 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
21:11:20.0671 2924 \Device\Harddisk0\DR0 - ok
21:11:20.0671 2924 Boot (0x1200) (961152f0820c2cf0c5582902cb6815af) \Device\Harddisk0\DR0\Partition0
21:11:20.0687 2924 \Device\Harddisk0\DR0\Partition0 - ok
21:11:20.0703 2924 Boot (0x1200) (9215fbd57ea098c46f3654e5036f4a68) \Device\Harddisk0\DR0\Partition1
21:11:20.0703 2924 \Device\Harddisk0\DR0\Partition1 - ok
21:11:20.0703 2924 ============================================================
21:11:20.0703 2924 Scan finished
21:11:20.0703 2924 ============================================================
21:11:20.0828 2900 Detected object count: 7
21:11:20.0828 2900 Actual detected object count: 7
21:11:29.0734 2900 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:29.0734 2900 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:29.0734 2900 ENTECH ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:29.0734 2900 ENTECH ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:29.0734 2900 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:29.0734 2900 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:29.0734 2900 MxlW2k ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:29.0734 2900 MxlW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:29.0750 2900 nvsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:29.0750 2900 nvsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:29.0750 2900 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:29.0750 2900 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:29.0750 2900 VtcDrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:29.0750 2900 VtcDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:37.0656 3452 Deinitialize success
|
|
| Themen zu Google verlinkt auf englische Werbeseiten (Firefox, Opera) |
| englische, firefox, google, opera, seite, seiten, verlinkt, verlinkt mich google, werbeseite, werbeseiten, woche, wochen |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
