Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 25.06.2012, 19:20   #1
pittip
 
Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig - Standard

Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig



Hallo zusammen,

ich bin neu hier und habe leider nicht so die Ahnung von Computern.

Bin seit ein paar Wochen voll verzweifelt. Habe Windows XP drauf.


Bitte helft mir.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:11:59, on 25.06.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\ltmoh\Ltmoh.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Notebook Hardware Control\nhc.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\Application Updater\ApplicationUpdater.exe
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\OpenOffice.org 3\program\soffice.exe
C:\Programme\OpenOffice.org 3\program\soffice.bin
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\DOKUME~1\Peter\LOKALE~1\Temp\DAT42B.tmp.exe
C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Programme\Motorola\MotoHelper\MotoHelperService.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
D:\Download\HiJackThis204(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.freenet.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer bereitgestellt von freenet
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Programme\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Programme\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: hmbpnofrfalw - Unknown owner - C:\DOKUME~1\Peter\LOKALE~1\Temp\DAT42B.tmp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Programme\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Programme\Sony\Sony PC Companion\PCCService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7674 bytes

Alt 28.06.2012, 19:29   #2
pittip
 
Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig - Standard

Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig



Gibt es einen Grund, warum sich keiner meldet ?
__________________


Alt 29.06.2012, 20:11   #3
markusg
/// Malware-holic
 
Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig - Standard

Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig



hi
ja, weil viel zu viele leute, auf viel zu wenig helfer kommen.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
__________________

Alt 01.07.2012, 11:47   #4
pittip
 
Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig - Standard

Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig



OTL TextOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.07.2012 12:20:10 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = D:\Download
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,17 Mb Total Physical Memory | 636,30 Mb Available Physical Memory | 62,25% Memory free
2,40 Gb Paging File | 2,01 Gb Available in Paging File | 83,56% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 27,03 Gb Total Space | 11,58 Gb Free Space | 42,86% Space Free | Partition Type: NTFS
Drive D: | 58,89 Gb Total Space | 23,37 Gb Free Space | 39,69% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG-23578E4 | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.01 12:18:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- D:\Download\OTL(2).exe
PRC - [2012.06.13 17:37:04 | 001,088,904 | ---- | M] (Spigot, Inc.) -- C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2012.05.18 08:20:09 | 000,061,952 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Temp\DAT42B.tmp.exe
PRC - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012.01.17 11:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.12.09 19:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.21 07:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.01.27 23:13:50 | 000,226,624 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011.01.27 23:13:40 | 000,673,088 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2007.05.04 02:33:22 | 002,629,632 | ---- | M] (hxxp://www.pbus-167.com) -- C:\Programme\Notebook Hardware Control\nhc.exe
PRC - [2005.02.02 12:12:22 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004.08.17 10:37:00 | 000,184,320 | ---- | M] (Agere Systems) -- C:\Programme\ltmoh\ltmoh.exe
PRC - [2004.08.04 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.07.27 13:48:04 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.18 08:20:09 | 000,061,952 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Temp\DAT42B.tmp.exe
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2012.01.25 22:53:09 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.12.11 11:12:01 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
MOD - [2011.12.11 11:11:54 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
MOD - [2011.12.11 11:11:53 | 004,878,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\nhc\4ae925e9edebb46b2b03fc6d34d600f2\nhc.ni.exe
MOD - [2011.12.10 16:27:05 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
MOD - [2011.12.10 16:26:56 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
MOD - [2011.12.10 16:26:40 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
MOD - [2011.12.10 12:41:35 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
MOD - [2011.12.10 12:41:13 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
MOD - [2011.11.19 00:27:37 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011.07.21 15:12:30 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011.01.27 23:13:50 | 000,226,624 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe
MOD - [2011.01.27 23:13:40 | 000,673,088 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2001.10.28 18:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.18 07:43:35 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.05.18 08:20:09 | 000,061,952 | ---- | M] () [Auto | Stopped] -- C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Temp\DAT42B.tmp.exe -- (hmbpnofrfalw)
SRV - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.01.27 23:13:50 | 000,226,624 | ---- | M] () [Auto | Running] -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.07.01 11:39:56 | 000,022,528 | ---- | M] (pBUS-167 Software - hxxp://www.pbus-167.com) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nhcDriver.sys -- (nhcDriverDevice)
DRV - [2011.07.21 12:11:12 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.21 12:11:11 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.12.03 14:03:08 | 000,020,352 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2010.09.29 17:13:46 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2010.04.01 13:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010.01.25 18:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.29 16:05:15 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.07.13 16:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2009.01.29 16:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009.01.29 16:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2007.11.02 14:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2005.06.28 07:01:58 | 001,241,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.06.08 16:58:10 | 000,017,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WOWFilter.sys -- (wowfilter)
DRV - [2005.04.30 16:01:56 | 003,281,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005.04.18 22:21:08 | 000,027,136 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2005.03.04 12:02:20 | 001,066,278 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004.12.06 15:51:10 | 000,051,328 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2004.12.05 21:57:14 | 000,307,456 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2004.05.26 15:18:18 | 000,044,928 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {2059CF48-25F3-40d7-9D37-24A3142FD20B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{2059CF48-25F3-40d7-9D37-24A3142FD20B}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=3379&q={searchTerms}&rp=&s_it=tb50-ie-opencandyDE-chromesbox-de-de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.freenet.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2059CF48-25F3-40d7-9D37-24A3142FD20B}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=3379&q={searchTerms}&rp=&s_it=tb50-ie-opencandyDE-chromesbox-de-de
IE - HKCU\..\SearchScopes\{523D04D8-F1DE-49D2-8F08-7731753F2B33}: "URL" = hxxp://freenetsuche.de/?Keywords={searchTerms}&partnerTag=freenet_xml_de_searchbox_freenet2&charEncoding=utf8
IE - HKCU\..\SearchScopes\{F1AAE232-BD1E-47BB-BC5B-DBA2FE5C5984}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{F5FA5367-86DF-43F3-B2E4-71CCCD776C44}: "URL" = hxxp://active.freenet.de:8081/IE8Activity/ActivityServlet?w=s&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "WiseConvert Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "WiseConvert Customized Web Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.18 07:43:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.06.03 19:59:13 | 000,000,000 | ---D | M]
 
[2011.12.09 17:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Extensions
[2012.06.18 17:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\9u540rcs.default\extensions
[2011.12.03 11:09:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\9u540rcs.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.17 20:32:52 | 000,000,000 | ---D | M] (WiseConvert Community Toolbar) -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\9u540rcs.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}
[2012.05.30 08:45:36 | 000,000,925 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\9u540rcs.default\searchplugins\conduit.xml
[2012.02.05 23:29:20 | 000,001,496 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\9u540rcs.default\searchplugins\searchya.xml
[2011.12.07 05:45:34 | 000,002,519 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\9u540rcs.default\searchplugins\Search_Results.xml
[2012.02.12 12:57:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.18 07:43:37 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.01.25 22:34:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.07 05:45:34 | 000,002,519 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search_Results.xml
[2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.05.18 08:21:03 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LtMoh] C:\Programme\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NotebookHardwareControl] C:\Programme\Notebook Hardware Control\nhc.exe (hxxp://www.pbus-167.com)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Peter\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7327A33B-53D3-47EE-98AA-251712DAABD1}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.09.23 09:44:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0f3fb9c0-ada1-11e1-bbe9-0000f07b3243}\Shell - "" = AutoRun
O33 - MountPoints2\{0f3fb9c0-ada1-11e1-bbe9-0000f07b3243}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0f3fb9c0-ada1-11e1-bbe9-0000f07b3243}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{752928cc-bcb9-11e1-bc23-0000f07b3243}\Shell - "" = AutoRun
O33 - MountPoints2\{752928cc-bcb9-11e1-bc23-0000f07b3243}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{752928cc-bcb9-11e1-bc23-0000f07b3243}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {CF1BD0A7-61B4-4614-98D1-12106B1050FC} - freenetSoftware
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{D04766A7-5110-444F-A9D4-F43C9EC1DEE4} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.23 01:24:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony Ericsson
[2012.06.23 01:24:10 | 000,000,000 | ---D | C] -- C:\Programme\Sony Ericsson
[2012.06.23 01:03:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sony
[2012.06.23 01:03:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2012.06.23 01:03:19 | 000,000,000 | ---D | C] -- C:\Programme\Sony
[2012.06.23 00:51:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2012.06.23 00:51:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2012.06.20 00:41:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter\Startmenü\Programme\MP3Gain
[2012.06.20 00:41:02 | 000,000,000 | ---D | C] -- C:\Programme\MP3Gain
[2012.06.20 00:38:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter\Desktop\Karaoke - songs 2012 Juni
[2012.06.18 17:01:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Search Settings
[2012.06.18 17:01:29 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater
[2012.06.18 17:01:28 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot
[2012.06.18 17:01:28 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar
[2012.06.18 17:00:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.05 07:50:18 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0
[2012.06.03 19:26:28 | 000,023,424 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\Motousbnet.sys
[2012.06.03 19:26:28 | 000,009,472 | ---- | C] (Motorola Inc) -- C:\WINDOWS\System32\drivers\motusbdevice.sys
[2012.06.03 19:26:28 | 000,006,016 | ---- | C] (Motorola Inc) -- C:\WINDOWS\System32\drivers\motfilt.sys
[2012.06.03 19:26:26 | 000,024,064 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motmodem.sys
[2012.06.03 19:26:25 | 000,020,352 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motccgp.sys
[2012.06.03 19:26:25 | 000,008,320 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motccgpfl.sys
[2012.06.03 19:26:25 | 000,006,400 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motswch.sys
[2012.06.03 19:25:56 | 000,000,000 | ---D | C] -- C:\Program Files
[2012.06.03 19:25:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Motorola Shared
[2012.06.03 19:25:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Motorola
[2012.06.03 19:25:50 | 000,000,000 | ---D | C] -- C:\Programme\Motorola
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.01 11:39:56 | 000,022,528 | ---- | M] (pBUS-167 Software - hxxp://www.pbus-167.com) -- C:\WINDOWS\System32\drivers\nhcDriver.sys
[2012.07.01 11:39:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.01 04:30:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.24 20:17:01 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\defogger_reenable
[2012.06.23 01:17:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012.06.23 01:17:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.06.23 01:17:31 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012.06.23 01:03:49 | 000,001,703 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sony PC Companion 2.1.lnk
[2012.06.23 00:58:59 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012.06.23 00:53:34 | 004,503,093 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Akcent - I'm sorry Lyrics.mp3
[2012.06.23 00:51:26 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012.06.23 00:46:07 | 004,005,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Arash Feat. Helena - Broken Angel (Dj Aligator & Weekend Wonderz)(hd1080_H.264-AAC).mp4.mp3
[2012.06.23 00:42:17 | 003,678,161 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\[ REMIX ] Arash ft Helena - broken angel.mp3
[2012.06.23 00:40:58 | 007,147,521 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Arash ft. Helena- Broken Angel ~Austral Esper  REMIX.mp3
[2012.06.23 00:29:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.06.22 10:41:05 | 000,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.22 10:27:42 | 026,634,866 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\live 3 .mp3
[2012.06.21 00:05:47 | 004,264,001 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Gustavo Lima - Balada - Letra By Nick.mp3
[2012.06.21 00:04:05 | 003,757,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Gustavo Lima - Balada Boa Lyrics HD (Tché Tchérere Tché).mp3
[2012.06.20 23:37:48 | 010,045,440 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\live 1 .mp3
[2012.06.20 23:28:09 | 023,008,026 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\live.mp3
[2012.06.20 00:51:54 | 003,745,999 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Smokie_Needles_and_Pins_(Instrumentalversion)_97402.mp3
[2012.06.16 13:38:05 | 000,077,442 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\ipodtouch.jpg
[2012.06.16 13:34:34 | 000,012,576 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\apple-ipod-touch-4g-review-from-techradar-uk-s-expert-reviews-of-ipod-and-mp3-players_1.jpg
[2012.06.16 13:32:03 | 000,002,409 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Paint Shop Pro 7.lnk
[2012.06.15 19:22:12 | 000,039,424 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.04 08:04:21 | 004,515,569 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Vamos A La Playa (Karaoke-Playback) Cover on Yamaha PSR9000.mp3
[2012.06.04 08:00:49 | 004,758,002 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\RIGHEIRA (VAMOS A LA PLAYA)(INSTRUMENTAL)(1983).mp3
[2012.06.03 19:27:03 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2012.06.03 19:27:03 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motfilt_01007.Wdf
[2012.06.03 19:26:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2012.06.03 19:26:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2012.06.03 19:26:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2012.06.03 19:26:38 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2012.06.02 13:37:50 | 000,000,189 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\kreditkartenhotline.rtf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.24 20:17:01 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\defogger_reenable
[2012.06.23 09:38:42 | 000,745,984 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\SygicKG.exe
[2012.06.23 01:17:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012.06.23 01:17:31 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012.06.23 01:03:49 | 000,001,703 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sony PC Companion 2.1.lnk
[2012.06.23 00:52:15 | 004,503,093 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Akcent - I'm sorry Lyrics.mp3
[2012.06.23 00:51:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012.06.23 00:44:49 | 004,005,419 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Arash Feat. Helena - Broken Angel (Dj Aligator & Weekend Wonderz)(hd1080_H.264-AAC).mp4.mp3
[2012.06.23 00:41:08 | 003,678,161 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\[ REMIX ] Arash ft Helena - broken angel.mp3
[2012.06.23 00:38:24 | 007,147,521 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Arash ft. Helena- Broken Angel ~Austral Esper  REMIX.mp3
[2012.06.22 10:09:40 | 003,745,999 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Smokie_Needles_and_Pins_(Instrumentalversion)_97402.mp3
[2012.06.22 10:09:12 | 026,634,866 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\live 3 .mp3
[2012.06.21 00:04:48 | 004,264,001 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Gustavo Lima - Balada - Letra By Nick.mp3
[2012.06.21 00:02:47 | 003,757,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Gustavo Lima - Balada Boa Lyrics HD (Tché Tchérere Tché).mp3
[2012.06.20 23:30:49 | 010,045,440 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\live 1 .mp3
[2012.06.20 23:12:11 | 023,008,026 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\live.mp3
[2012.06.16 13:38:05 | 000,077,442 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\ipodtouch.jpg
[2012.06.16 13:31:32 | 000,012,576 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\apple-ipod-touch-4g-review-from-techradar-uk-s-expert-reviews-of-ipod-and-mp3-players_1.jpg
[2012.06.04 08:02:46 | 004,515,569 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Vamos A La Playa (Karaoke-Playback) Cover on Yamaha PSR9000.mp3
[2012.06.04 08:00:12 | 004,758,002 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\RIGHEIRA (VAMOS A LA PLAYA)(INSTRUMENTAL)(1983).mp3
[2012.06.03 19:38:37 | 000,727,177 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\IMAG0134.jpg
[2012.06.03 19:27:03 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2012.06.03 19:27:03 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motfilt_01007.Wdf
[2012.06.03 19:26:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2012.06.03 19:26:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2012.06.03 19:26:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2012.06.03 19:26:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2012.06.02 13:37:49 | 000,000,189 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\kreditkartenhotline.rtf
[2012.05.18 08:20:09 | 000,172,090 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys
[2012.01.28 11:18:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DbgOut.INI
[2012.01.25 22:39:43 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2012.01.16 11:47:32 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2012.01.16 11:46:14 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2011.12.17 15:14:36 | 000,131,736 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.12.17 13:56:40 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011.11.13 15:42:56 | 000,039,424 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.20 22:09:24 | 001,413,259 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Barzewski  Auftragsbestätigung.pdf
[2011.10.07 08:27:48 | 000,011,525 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\DPR HTS 08.10.2011.pdf
[2011.10.05 09:27:40 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011.09.23 10:34:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.09.23 10:34:01 | 000,095,617 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.09.23 10:33:31 | 000,120,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.09.23 09:46:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.09.23 09:41:26 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.01.19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Programme\openofficeorg33.msi
[2011.01.19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Programme\setup.exe
[2011.01.19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Programme\openofficeorg1.cab
[2011.01.19 12:15:26 | 000,000,290 | ---- | C] () -- C:\Programme\setup.ini
 
========== LOP Check ==========
 
[2012.01.16 11:44:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2011.12.07 16:02:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
[2012.06.23 01:03:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2012.01.16 11:44:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Babylon
[2012.02.10 22:46:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\DVDVideoSoft
[2011.12.03 11:09:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.01.16 11:45:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\OpenCandy
[2012.01.25 22:54:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\OpenOffice.org
[2012.05.25 00:44:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Oracle
[2012.01.25 23:23:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\pdfforge
[2012.06.18 17:01:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Search Settings
[2011.12.07 05:51:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\searchquband
[2012.05.27 18:39:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\TeamViewer
[2012.01.27 17:00:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Teleca
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.11.19 00:22:41 | 000,000,000 | ---D | M] -- C:\7fbe444cb2573de321308282dccbd55c
[2012.06.19 00:02:57 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2011.09.23 10:12:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2012.06.03 19:25:56 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.06.23 01:24:10 | 000,000,000 | ---D | M] -- C:\Programme
[2011.09.29 18:27:30 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.09.24 00:08:52 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.06.23 09:19:39 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
[2011.01.19 13:33:04 | 000,475,016 | ---- | M] () -- C:\Programme\setup.exe
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\explorer.exe
[2004.08.04 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\system32\dllcache\user32.dll
[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\system32\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2012.05.18 08:20:10 | 000,172,090 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\str.sys
 
< %systemroot%\System32\config\*.sav >
[2011.09.23 11:32:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011.09.23 11:32:50 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011.09.23 11:32:50 | 000,430,080 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2011.10.20 22:09:24 | 001,413,259 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Barzewski  Auftragsbestätigung.pdf
[2012.06.24 20:17:01 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\defogger_reenable
[2011.10.07 08:27:48 | 000,011,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\DPR HTS 08.10.2011.pdf
[2012.07.01 04:48:41 | 003,145,728 | -H-- | M] () -- C:\Dokumente und Einstellungen\Peter\NTUSER.DAT
[2012.07.01 12:19:43 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Peter\ntuser.dat.LOG
[2012.07.01 04:48:33 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Peter\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2010.05.02 10:24:36 | 001,851,008 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Files - Unicode (All) ==========
[2012.06.23 00:44:09 | 003,306,276 | ---- | M] ()(C:\Dokumente und Einstellungen\Peter\Desktop\? ARASH - _Broken Angel_ Feat. Helena (From the upcoming album).mp3) -- C:\Dokumente und Einstellungen\Peter\Desktop\ღ ARASH - _Broken Angel_ Feat. Helena (From the upcoming album).mp3
[2012.06.23 00:42:58 | 003,306,276 | ---- | C] ()(C:\Dokumente und Einstellungen\Peter\Desktop\? ARASH - _Broken Angel_ Feat. Helena (From the upcoming album).mp3) -- C:\Dokumente und Einstellungen\Peter\Desktop\ღ ARASH - _Broken Angel_ Feat. Helena (From the upcoming album).mp3

< End of report >
         
--- --- ---


Extra TextOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.07.2012 12:20:10 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = D:\Download
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,17 Mb Total Physical Memory | 636,30 Mb Available Physical Memory | 62,25% Memory free
2,40 Gb Paging File | 2,01 Gb Available in Paging File | 83,56% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 27,03 Gb Total Space | 11,58 Gb Free Space | 42,86% Space Free | Partition Type: NTFS
Drive D: | 58,89 Gb Total Space | 23,37 Gb Free Space | 39,69% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG-23578E4 | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\TeamViewer\Version6\TeamViewer.exe" = C:\Programme\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe" = C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37918F52-75C8-47F8-AEFB-389B8E62B5DA}" = pdfforge Toolbar v5.9
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{825E9A84-1E03-4526-9F8E-45015C938A7C}" = WBFS Manager 4.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AAB9478F-DE6B-498B-9420-21E1F1AC700D}" = WOW XT and TSXT Filter Driver
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.065
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FB29B583-945C-4094-BB4B-3A405574C560}" = Motorola Mobile Drivers Installation 5.0.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = SENS LT56ADW Modem
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"AnalogX Vocal Remover" = AnalogX Vocal Remover
"AnalogX Vocal Remover (WinAmp)" = AnalogX Vocal Remover (WinAmp)
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MotoHelper" = MotoHelper 2.0.45 Driver 5.0.0
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06
"ProInst" = Intel(R) PROSet/Wireless Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 1.1.11
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"winusb0200" = Microsoft WinUsb 2.0
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AOL DE Toolbar" = AOL DE Toolbar
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.06.2012 13:46:27 | Computer Name = SAMSUNG-23578E4 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung winamp.exe, Version 5.6.2.3199, fehlgeschlagenes
 Modul msvcr90.dll, Version 9.0.30729.4148, Fehleradresse 0x00056b6a.
 
Error - 09.06.2012 01:44:09 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 09.06.2012 04:44:56 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.0.4535, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 12.06.2012 22:31:30 | Computer Name = SAMSUNG-23578E4 | Source = ESENT | ID = 490
Description = svchost (1348) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 18.06.2012 18:03:59 | Computer Name = SAMSUNG-23578E4 | Source = ESENT | ID = 490
Description = svchost (1360) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 20.06.2012 18:06:02 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 22.06.2012 18:57:26 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Startme.exe, Version 2.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.06.2012 14:39:11 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.53.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 28.06.2012 14:12:37 | Computer Name = SAMSUNG-23578E4 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avguard.exe, Version 10.0.1.59, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00f49b02.
 
Error - 01.07.2012 06:00:33 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL(1).exe, Version 3.2.53.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ Application Events ]
Error - 03.06.2012 13:46:27 | Computer Name = SAMSUNG-23578E4 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung winamp.exe, Version 5.6.2.3199, fehlgeschlagenes
 Modul msvcr90.dll, Version 9.0.30729.4148, Fehleradresse 0x00056b6a.
 
Error - 09.06.2012 01:44:09 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 09.06.2012 04:44:56 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.0.4535, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 12.06.2012 22:31:30 | Computer Name = SAMSUNG-23578E4 | Source = ESENT | ID = 490
Description = svchost (1348) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 18.06.2012 18:03:59 | Computer Name = SAMSUNG-23578E4 | Source = ESENT | ID = 490
Description = svchost (1360) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 20.06.2012 18:06:02 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 22.06.2012 18:57:26 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Startme.exe, Version 2.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.06.2012 14:39:11 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.53.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 28.06.2012 14:12:37 | Computer Name = SAMSUNG-23578E4 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avguard.exe, Version 10.0.1.59, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00f49b02.
 
Error - 01.07.2012 06:00:33 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL(1).exe, Version 3.2.53.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 25.06.2012 22:34:58 | Computer Name = SAMSUNG-23578E4 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst hmbpnofrfalw.
 
Error - 26.06.2012 14:08:45 | Computer Name = SAMSUNG-23578E4 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst hmbpnofrfalw.
 
Error - 27.06.2012 09:53:19 | Computer Name = SAMSUNG-23578E4 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst hmbpnofrfalw.
 
Error - 28.06.2012 14:08:49 | Computer Name = SAMSUNG-23578E4 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst hmbpnofrfalw.
 
Error - 28.06.2012 22:28:07 | Computer Name = SAMSUNG-23578E4 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst hmbpnofrfalw.
 
Error - 29.06.2012 10:14:05 | Computer Name = SAMSUNG-23578E4 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst hmbpnofrfalw.
 
Error - 30.06.2012 22:30:47 | Computer Name = SAMSUNG-23578E4 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst hmbpnofrfalw.
 
Error - 30.06.2012 22:35:37 | Computer Name = SAMSUNG-23578E4 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst hmbpnofrfalw.
 
Error - 01.07.2012 05:39:11 | Computer Name = SAMSUNG-23578E4 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst hmbpnofrfalw.
 
Error - 01.07.2012 06:14:46 | Computer Name = SAMSUNG-23578E4 | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
 
< End of report >
         
--- --- ---

Alt 01.07.2012, 11:49   #5
markusg
/// Malware-holic
 
Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig - Standard

Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.07.2012, 19:56   #6
pittip
 
Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig - Standard

Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-01.03 - Peter 01.07.2012  20:36:49.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.49.1031.18.1022.549 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Peter\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\str.sys
D:\setup.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-01 bis 2012-07-01  ))))))))))))))))))))))))))))))
.
.
2012-06-22 23:24 . 2012-06-22 23:24	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Sony Ericsson
2012-06-22 23:24 . 2012-06-22 23:24	--------	d-----w-	c:\programme\Sony Ericsson
2012-06-22 23:06 . 2011-05-24 09:00	1461992	----a-w-	c:\windows\system32\WdfCoInstaller01009.dll
2012-06-22 23:06 . 2011-05-24 08:59	851176	----a-w-	c:\windows\system32\WinUSBCoInstaller2.dll
2012-06-22 23:03 . 2012-06-22 23:03	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Sony
2012-06-22 23:03 . 2012-06-22 23:03	--------	d-----w-	c:\programme\Sony
2012-06-22 22:51 . 2012-06-22 22:58	--------	d-----w-	c:\windows\system32\drivers\UMDF
2012-06-22 22:51 . 2012-06-22 22:51	--------	d-----w-	c:\windows\system32\LogFiles
2012-06-19 22:41 . 2012-06-19 22:51	--------	d-----w-	c:\programme\MP3Gain
2012-06-18 15:01 . 2012-06-18 15:01	--------	d-----w-	c:\dokumente und einstellungen\Peter\Anwendungsdaten\Search Settings
2012-06-18 15:01 . 2012-06-18 15:01	--------	d-----w-	c:\programme\Application Updater
2012-06-18 15:01 . 2012-06-18 15:01	--------	d-----w-	c:\programme\pdfforge Toolbar
2012-06-18 15:01 . 2012-06-18 15:01	--------	d-----w-	c:\programme\Gemeinsame Dateien\Spigot
2012-06-08 05:48 . 2012-06-08 05:48	770384	----a-w-	c:\programme\Mozilla Firefox\msvcr100.dll
2012-06-08 05:48 . 2012-06-08 05:48	421200	----a-w-	c:\programme\Mozilla Firefox\msvcp100.dll
2012-06-05 05:50 . 2012-06-05 05:50	--------	d-----w-	c:\programme\MSXML 4.0
2012-06-03 17:26 . 2010-04-01 11:31	23424	----a-w-	c:\windows\system32\drivers\Motousbnet.sys
2012-06-03 17:26 . 2010-01-25 16:56	9472	----a-w-	c:\windows\system32\drivers\motusbdevice.sys
2012-06-03 17:26 . 2009-01-29 14:11	6016	----a-w-	c:\windows\system32\drivers\motfilt.sys
2012-06-03 17:26 . 2010-09-29 15:13	24064	----a-w-	c:\windows\system32\drivers\motmodem.sys
2012-06-03 17:26 . 2010-12-03 12:03	20352	----a-w-	c:\windows\system32\drivers\motccgp.sys
2012-06-03 17:26 . 2009-01-29 14:18	8320	----a-w-	c:\windows\system32\drivers\motccgpfl.sys
2012-06-03 17:26 . 2007-11-02 12:51	6400	----a-w-	c:\windows\system32\drivers\motswch.sys
2012-06-03 17:25 . 2012-06-03 17:25	--------	d-----w-	c:\programme\Gemeinsame Dateien\Motorola Shared
2012-06-03 17:25 . 2012-06-03 17:25	--------	d-----w-	C:\Program Files
2012-06-03 17:25 . 2012-06-03 17:25	--------	d-----w-	c:\programme\Motorola
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-01 18:49 . 2011-09-23 21:11	22528	----a-w-	c:\windows\system32\drivers\nhcDriver.sys
2012-04-04 16:47 . 2012-01-25 20:34	143872	----a-w-	c:\windows\system32\javacpl.cpl
2012-04-04 16:47 . 2012-05-24 22:44	772504	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-04-04 16:47 . 2012-01-25 20:34	687504	----a-w-	c:\windows\system32\deployJava1.dll
2011-01-19 11:34 . 2011-01-19 11:34	3003392	----a-w-	c:\programme\openofficeorg33.msi
2011-01-19 11:33 . 2011-01-19 11:33	475016	----a-w-	c:\programme\setup.exe
2012-06-18 05:43 . 2011-10-08 12:33	85472	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
2006-05-03 11:06	163328	--sha-r-	c:\windows\system32\flvDX.dll
2007-02-21 12:47	31232	--sha-r-	c:\windows\system32\msfDX.dll
2008-03-16 14:30	216064	--sha-r-	c:\windows\system32\nbDX.dll
2010-01-06 23:00	107520	--sha-r-	c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"SoundMAXPnP"="c:\programme\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"LtMoh"="c:\programme\ltmoh\Ltmoh.exe" [2004-08-17 184320]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2004-03-16 32768]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"NotebookHardwareControl"="c:\programme\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinampAgent"="c:\programme\Winamp\winampa.exe" [2011-12-09 74752]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-17 252296]
"SearchSettings"="c:\programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe" [2012-06-13 1088904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\dokumente und einstellungen\Peter\Startmenü\Programme\Autostart\
OpenOffice.org 3.3.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Programme\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [23.09.2011 23:00 136360]
R2 Application Updater;Application Updater;c:\programme\Application Updater\ApplicationUpdater.exe [13.06.2012 17:27 792512]
R2 MotoHelper;MotoHelper Service;c:\programme\Motorola\MotoHelper\MotoHelperService.exe [27.01.2011 23:13 226624]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [08.06.2005 16:58 17792]
S2 hmbpnofrfalw;hmbpnofrfalw;"c:\dokume~1\Peter\LOKALE~1\Temp\DAT42B.tmp.exe" --SERVICE --> c:\dokume~1\Peter\LOKALE~1\Temp\DAT42B.tmp.exe [?]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [03.06.2012 19:26 6016]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [03.06.2012 19:26 20352]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [03.06.2012 19:26 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [03.06.2012 19:26 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [03.06.2012 19:26 9472]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [26.04.2012 08:08 113120]
S3 Sony PC Companion;Sony PC Companion;c:\programme\Sony\Sony PC Companion\PCCService.exe [23.06.2012 01:03 155320]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Peter\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\9u540rcs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WiseConvert Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101641
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 60cb9e310000000000000000f07b3243
FF - user.js: extensions.BabylonToolbar_i.hardId - 60cb9e310000000000000000f07b3243
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15355
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:44
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: extensions.searchya_i.hmpg - true
FF - user.js: extensions.searchya_i.hmpgUrl - hxxp://searchya.com/?chnl=fxtb-01&s=0&cr=83384407&cd=2XzutAtN2Y1L1QzutDtDtCyDtDtDtCtCtBzz0CyB0Bzy0EtAtCtN0D0TzutBtDtCtBtDtBtDyD
FF - user.js: extensions.searchya_i.dfltSrch - true
FF - user.js: extensions.searchya_i.srchPrvdr - SearchYa!
FF - user.js: extensions.searchya_i.dnsErr - true
FF - user.js: extensions.searchya_i.newTab - true
FF - user.js: extensions.searchya_i.newTabUrl - hxxp://searchya.com/?chnl=fxtb-01&s=2&cr=83384407&cd=2XzutAtN2Y1L1QzutDtDtCyDtDtDtCtCtBzz0CyB0Bzy0EtAtCtN0D0TzutBtDtCtBtDtBtDyD
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-01 20:49
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3908)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\programme\Analog Devices\SoundMAX\SMAgent.exe
c:\programme\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\wscntfy.exe
c:\programme\OpenOffice.org 3\program\soffice.exe
c:\programme\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-01  20:54:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-01 18:54
.
Vor Suchlauf: 6 Verzeichnis(se), 13.081.239.552 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 13.470.666.752 Bytes frei
.
- - End Of File - - 90F031C98F40E09FED7D4E1B92844864
         
--- --- ---

Alt 01.07.2012, 20:09   #7
markusg
/// Malware-holic
 
Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig - Standard

Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig



download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.07.2012, 20:28   #8
pittip
 
Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig - Standard

Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig



21:24:13.0781 2824 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
21:24:13.0843 2824 ============================================================
21:24:13.0843 2824 Current date / time: 2012/07/01 21:24:13.0843
21:24:13.0843 2824 SystemInfo:
21:24:13.0843 2824
21:24:13.0843 2824 OS Version: 5.1.2600 ServicePack: 2.0
21:24:13.0843 2824 Product type: Workstation
21:24:13.0843 2824 ComputerName: SAMSUNG-23578E4
21:24:13.0843 2824 UserName: Peter
21:24:13.0843 2824 Windows directory: C:\WINDOWS
21:24:13.0843 2824 System windows directory: C:\WINDOWS
21:24:13.0843 2824 Processor architecture: Intel x86
21:24:13.0843 2824 Number of processors: 1
21:24:13.0843 2824 Page size: 0x1000
21:24:13.0843 2824 Boot type: Normal boot
21:24:13.0843 2824 ============================================================
21:24:17.0328 2824 Drive \Device\Harddisk0\DR0 - Size: 0x157AC25C00 (85.92 Gb), SectorSize: 0x200, Cylinders: 0x2BCF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:24:17.0343 2824 Drive \Device\Harddisk1\DR3 - Size: 0xEA108000 (3.66 Gb), SectorSize: 0x200, Cylinders: 0x1DD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:24:17.0343 2824 Drive \Device\Harddisk2\DR4 - Size: 0x1D9000000 (7.39 Gb), SectorSize: 0x200, Cylinders: 0x3C4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:24:17.0343 2824 ============================================================
21:24:17.0343 2824 \Device\Harddisk0\DR0:
21:24:17.0359 2824 MBR partitions:
21:24:17.0359 2824 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x360D389
21:24:17.0375 2824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x360D407, BlocksNum 0x75C5508
21:24:17.0375 2824 \Device\Harddisk1\DR3:
21:24:17.0375 2824 MBR partitions:
21:24:17.0375 2824 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x74E8C0
21:24:17.0375 2824 \Device\Harddisk2\DR4:
21:24:17.0375 2824 MBR partitions:
21:24:17.0375 2824 \Device\Harddisk2\DR4\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xEC6000
21:24:17.0375 2824 ============================================================
21:24:17.0390 2824 C: <-> \Device\Harddisk0\DR0\Partition0
21:24:17.0437 2824 D: <-> \Device\Harddisk0\DR0\Partition1
21:24:17.0437 2824 ============================================================
21:24:17.0437 2824 Initialize success
21:24:17.0437 2824 ============================================================
21:25:13.0531 1716 ============================================================
21:25:13.0531 1716 Scan started
21:25:13.0531 1716 Mode: Manual; SigCheck;
21:25:13.0531 1716 ============================================================
21:25:13.0906 1716 Abiosdsk - ok
21:25:13.0921 1716 abp480n5 - ok
21:25:13.0984 1716 ACPI (1268cce85f900a63942000a83d8c03d2) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:25:14.0015 1716 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: 1268cce85f900a63942000a83d8c03d2, Fake md5: 94b4741d2cf9ed38140b831293d1601a
21:25:14.0015 1716 ACPI ( Virus.Win32.Rloader.a ) - infected
21:25:14.0015 1716 ACPI - detected Virus.Win32.Rloader.a (0)
21:25:14.0046 1716 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:25:15.0296 1716 ACPIEC - ok
21:25:15.0296 1716 adpu160m - ok
21:25:15.0375 1716 aeaudio (cde1f62fe63631b932ace2249fb11da0) C:\WINDOWS\system32\drivers\aeaudio.sys
21:25:15.0484 1716 aeaudio - ok
21:25:15.0515 1716 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
21:25:15.0828 1716 aec - ok
21:25:15.0890 1716 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
21:25:16.0000 1716 AFD - ok
21:25:16.0109 1716 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:25:16.0375 1716 AgereSoftModem - ok
21:25:16.0390 1716 Aha154x - ok
21:25:16.0390 1716 aic78u2 - ok
21:25:16.0406 1716 aic78xx - ok
21:25:16.0453 1716 Alerter (1aab6c5f8376357cb9b16c38c42c4076) C:\WINDOWS\system32\alrsvc.dll
21:25:16.0734 1716 Alerter - ok
21:25:16.0765 1716 ALG (6596dd260ffde1bdc994c1df236307bb) C:\WINDOWS\System32\alg.exe
21:25:16.0937 1716 ALG - ok
21:25:16.0937 1716 AliIde - ok
21:25:16.0953 1716 amsint - ok
21:25:17.0140 1716 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe
21:25:17.0203 1716 AntiVirSchedulerService - ok
21:25:17.0234 1716 AntiVirService (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe
21:25:17.0250 1716 AntiVirService - ok
21:25:17.0359 1716 Application Updater (592f7ae254995274e166eec95c28f551) C:\Programme\Application Updater\ApplicationUpdater.exe
21:25:17.0453 1716 Application Updater - ok
21:25:17.0468 1716 AppMgmt - ok
21:25:17.0515 1716 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:25:17.0781 1716 Arp1394 - ok
21:25:17.0796 1716 asc - ok
21:25:17.0796 1716 asc3350p - ok
21:25:17.0812 1716 asc3550 - ok
21:25:17.0921 1716 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:25:17.0984 1716 aspnet_state - ok
21:25:18.0000 1716 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:25:18.0250 1716 AsyncMac - ok
21:25:18.0359 1716 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:25:18.0625 1716 atapi - ok
21:25:18.0640 1716 Atdisk - ok
21:25:18.0703 1716 Ati HotKey Poller (06b67e6a0b679d037d2d9e27a64ce90c) C:\WINDOWS\system32\Ati2evxx.exe
21:25:18.0812 1716 Ati HotKey Poller - ok
21:25:18.0937 1716 ati2mtag (d5537cc8cc9a86668e3903bd53caa83c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:25:19.0078 1716 ati2mtag - ok
21:25:19.0140 1716 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:25:19.0406 1716 Atmarpc - ok
21:25:19.0453 1716 AudioSrv (e98b8250398f6637b335a76ba8dfb602) C:\WINDOWS\System32\audiosrv.dll
21:25:19.0734 1716 AudioSrv - ok
21:25:19.0765 1716 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:25:20.0062 1716 audstub - ok
21:25:20.0203 1716 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
21:25:20.0218 1716 avgio - ok
21:25:20.0265 1716 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
21:25:20.0375 1716 avgntflt - ok
21:25:20.0406 1716 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
21:25:20.0453 1716 avipbb - ok
21:25:20.0484 1716 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
21:25:20.0562 1716 bcm4sbxp - ok
21:25:20.0609 1716 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:25:20.0859 1716 Beep - ok
21:25:20.0937 1716 BITS (3a5e54a9ab96ef2d273b58136fb58efe) C:\WINDOWS\system32\qmgr.dll
21:25:21.0250 1716 BITS - ok
21:25:21.0359 1716 Browser (d8653dcd80cf2ebb333fc4fcc43a7def) C:\WINDOWS\System32\browser.dll
21:25:21.0656 1716 Browser - ok
21:25:21.0703 1716 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
21:25:22.0031 1716 BTCFilterService - ok
21:25:22.0046 1716 catchme - ok
21:25:22.0093 1716 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:25:22.0406 1716 cbidf2k - ok
21:25:22.0421 1716 cd20xrnt - ok
21:25:22.0453 1716 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:25:22.0703 1716 Cdaudio - ok
21:25:22.0859 1716 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
21:25:23.0125 1716 Cdfs - ok
21:25:23.0171 1716 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:25:23.0453 1716 Cdrom - ok
21:25:23.0468 1716 Changer - ok
21:25:23.0515 1716 CiSvc (234d52c63c67a8cf4af9becce43bfb4a) C:\WINDOWS\system32\cisvc.exe
21:25:23.0796 1716 CiSvc - ok
21:25:23.0859 1716 ClipSrv (0461868578d29dc18fb1c79933c5158a) C:\WINDOWS\system32\clipsrv.exe
21:25:24.0109 1716 ClipSrv - ok
21:25:24.0187 1716 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:25:24.0250 1716 clr_optimization_v2.0.50727_32 - ok
21:25:24.0296 1716 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:25:24.0562 1716 CmBatt - ok
21:25:24.0562 1716 CmdIde - ok
21:25:24.0625 1716 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:25:24.0875 1716 Compbatt - ok
21:25:24.0890 1716 COMSysApp - ok
21:25:24.0906 1716 Cpqarray - ok
21:25:24.0937 1716 CryptSvc (1a5f9db98df7955b4c7cbdbf2c638238) C:\WINDOWS\System32\cryptsvc.dll
21:25:25.0218 1716 CryptSvc - ok
21:25:25.0218 1716 dac2w2k - ok
21:25:25.0234 1716 dac960nt - ok
21:25:25.0375 1716 DcomLaunch (d45bbcddc74a1b0259a0c4b00c190d20) C:\WINDOWS\system32\rpcss.dll
21:25:25.0515 1716 DcomLaunch - ok
21:25:25.0546 1716 Dhcp (69f986b2688ba95a0d9362b0e233d5ff) C:\WINDOWS\System32\dhcpcsvc.dll
21:25:25.0796 1716 Dhcp - ok
21:25:25.0843 1716 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
21:25:26.0093 1716 Disk - ok
21:25:26.0109 1716 dmadmin - ok
21:25:26.0218 1716 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
21:25:26.0546 1716 dmboot - ok
21:25:26.0640 1716 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
21:25:26.0921 1716 dmio - ok
21:25:26.0984 1716 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:25:27.0234 1716 dmload - ok
21:25:27.0343 1716 dmserver (fa2d9d1a9f6b5a88d01e1685ce2378ba) C:\WINDOWS\System32\dmserver.dll
21:25:27.0609 1716 dmserver - ok
21:25:27.0656 1716 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
21:25:27.0968 1716 DMusic - ok
21:25:28.0015 1716 Dnscache (d1f5b71bbaeee07b78980dbd878c0bc7) C:\WINDOWS\System32\dnsrslvr.dll
21:25:28.0296 1716 Dnscache - ok
21:25:28.0296 1716 dpti2o - ok
21:25:28.0328 1716 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
21:25:28.0578 1716 drmkaud - ok
21:25:28.0625 1716 ERSvc (877a4512cc9074d6954776af47021766) C:\WINDOWS\System32\ersvc.dll
21:25:28.0906 1716 ERSvc - ok
21:25:28.0937 1716 Eventlog (65f6b774819bd727358157cedea67b8e) C:\WINDOWS\system32\services.exe
21:25:29.0187 1716 Eventlog - ok
21:25:29.0234 1716 EventSystem (d68ed3908c7a0db446111d34ac40dc18) C:\WINDOWS\system32\es.dll
21:25:29.0312 1716 EventSystem - ok
21:25:29.0343 1716 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
21:25:29.0640 1716 Fastfat - ok
21:25:29.0687 1716 FastUserSwitchingCompatibility (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll
21:25:30.0015 1716 FastUserSwitchingCompatibility - ok
21:25:30.0078 1716 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
21:25:30.0406 1716 Fdc - ok
21:25:30.0453 1716 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
21:25:30.0890 1716 Fips - ok
21:25:31.0593 1716 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:25:31.0859 1716 Flpydisk - ok
21:25:31.0937 1716 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:25:32.0203 1716 FltMgr - ok
21:25:32.0828 1716 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:25:32.0859 1716 FontCache3.0.0.0 - ok
21:25:32.0859 1716 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:25:33.0125 1716 Fs_Rec - ok
21:25:33.0156 1716 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:25:33.0437 1716 Ftdisk - ok
21:25:33.0515 1716 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:25:33.0781 1716 Gpc - ok
21:25:33.0843 1716 helpsvc (ba85bcf1a2bcf927c3600574173403e0) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:25:34.0109 1716 helpsvc - ok
21:25:34.0109 1716 HidServ - ok
21:25:34.0218 1716 hmbpnofrfalw - ok
21:25:34.0234 1716 hpn - ok
21:25:34.0250 1716 HTCAND32 - ok
21:25:34.0296 1716 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
21:25:34.0375 1716 HTTP - ok
21:25:34.0390 1716 HTTPFilter (9ec7e866bbdbf3ecc0e67f4e0a838eb2) C:\WINDOWS\System32\w3ssl.dll
21:25:34.0671 1716 HTTPFilter - ok
21:25:34.0671 1716 i2omgmt - ok
21:25:34.0687 1716 i2omp - ok
21:25:34.0718 1716 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:25:34.0984 1716 i8042prt - ok
21:25:35.0203 1716 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:25:35.0328 1716 idsvc - ok
21:25:35.0359 1716 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:25:35.0625 1716 Imapi - ok
21:25:35.0703 1716 ImapiService (57d7267a9ed91ecaf4336b08c9628fca) C:\WINDOWS\system32\imapi.exe
21:25:36.0281 1716 ImapiService - ok
21:25:36.0281 1716 ini910u - ok
21:25:36.0328 1716 IntelIde (d63c33f65f6ebc732116403d88883b2d) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:25:36.0593 1716 IntelIde - ok
21:25:36.0640 1716 intelppm (ae7511ada0d951d50cef95d7ecbace99) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:25:37.0421 1716 intelppm - ok
21:25:37.0468 1716 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:25:37.0734 1716 Ip6Fw - ok
21:25:37.0812 1716 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:25:38.0093 1716 IpFilterDriver - ok
21:25:38.0093 1716 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:25:38.0359 1716 IpInIp - ok
21:25:38.0390 1716 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:25:38.0718 1716 IpNat - ok
21:25:39.0000 1716 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:25:39.0265 1716 IPSec - ok
21:25:39.0296 1716 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:25:39.0468 1716 IRENUM - ok
21:25:39.0593 1716 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:25:39.0843 1716 isapnp - ok
21:25:40.0171 1716 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
21:25:40.0218 1716 JavaQuickStarterService - ok
21:25:40.0265 1716 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:25:40.0531 1716 Kbdclass - ok
21:25:40.0609 1716 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
21:25:40.0890 1716 kmixer - ok
21:25:41.0078 1716 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
21:25:41.0156 1716 KSecDD - ok
21:25:41.0203 1716 lanmanserver (f8170aa51cd202bc062b8a0983f361b7) C:\WINDOWS\System32\srvsvc.dll
21:25:41.0500 1716 lanmanserver - ok
21:25:41.0593 1716 lanmanworkstation (f716a6f5babb6da60c0532510ab52245) C:\WINDOWS\System32\wkssvc.dll
21:25:41.0640 1716 lanmanworkstation - ok
21:25:41.0640 1716 lbrtfdc - ok
21:25:41.0671 1716 LmHosts (4c25fadd7fe1d5bd779b20d3d0eb8d7c) C:\WINDOWS\System32\lmhsvc.dll
21:25:41.0937 1716 LmHosts - ok
21:25:41.0968 1716 Messenger (e5215ab942c5ac5f7eb0e54871d7a27c) C:\WINDOWS\System32\msgsvc.dll
21:25:42.0250 1716 Messenger - ok
21:25:42.0375 1716 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:25:42.0750 1716 mnmdd - ok
21:25:42.0796 1716 mnmsrvc (bb2470d20405b272ea47ca5e18f1c58e) C:\WINDOWS\system32\mnmsrvc.exe
21:25:43.0125 1716 mnmsrvc - ok
21:25:43.0156 1716 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
21:25:43.0437 1716 Modem - ok
21:25:43.0484 1716 motccgp (1088f75c09ebb0a8b0f13b886fd67c52) C:\WINDOWS\system32\DRIVERS\motccgp.sys
21:25:43.0593 1716 motccgp - ok
21:25:43.0625 1716 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
21:25:43.0718 1716 motccgpfl - ok
21:25:43.0750 1716 motmodem (8f408e9ed2feb8a8b8837c380faf7ad6) C:\WINDOWS\system32\DRIVERS\motmodem.sys
21:25:43.0843 1716 motmodem - ok
21:25:43.0937 1716 MotoHelper (2443b978e80f8a3d1f39855aa25882af) C:\Programme\Motorola\MotoHelper\MotoHelperService.exe
21:25:43.0984 1716 MotoHelper - ok
21:25:44.0000 1716 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
21:25:44.0109 1716 MotoSwitchService - ok
21:25:44.0125 1716 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
21:25:44.0218 1716 Motousbnet - ok
21:25:44.0265 1716 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
21:25:44.0375 1716 motusbdevice - ok
21:25:44.0390 1716 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:25:44.0656 1716 Mouclass - ok
21:25:44.0687 1716 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
21:25:44.0953 1716 MountMgr - ok
21:25:45.0015 1716 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
21:25:45.0062 1716 MozillaMaintenance - ok
21:25:45.0078 1716 mraid35x - ok
21:25:45.0093 1716 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:25:45.0390 1716 MRxDAV - ok
21:25:45.0515 1716 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:25:45.0625 1716 MRxSmb - ok
21:25:45.0671 1716 MSDTC (d059f9c7752ef461476e83180daa5c62) C:\WINDOWS\system32\msdtc.exe
21:25:45.0921 1716 MSDTC - ok
21:25:45.0937 1716 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
21:25:46.0203 1716 Msfs - ok
21:25:46.0203 1716 MSIServer - ok
21:25:46.0250 1716 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:25:46.0500 1716 MSKSSRV - ok
21:25:46.0562 1716 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:25:46.0812 1716 MSPCLOCK - ok
21:25:46.0859 1716 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
21:25:47.0125 1716 MSPQM - ok
21:25:47.0171 1716 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:25:47.0437 1716 mssmbios - ok
21:25:47.0484 1716 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
21:25:47.0750 1716 Mup - ok
21:25:47.0781 1716 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
21:25:48.0046 1716 NDIS - ok
21:25:48.0093 1716 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:25:48.0359 1716 NdisTapi - ok
21:25:48.0406 1716 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:25:48.0640 1716 Ndisuio - ok
21:25:48.0671 1716 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:25:48.0937 1716 NdisWan - ok
21:25:48.0953 1716 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
21:25:49.0234 1716 NDProxy - ok
21:25:49.0234 1716 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:25:49.0500 1716 NetBIOS - ok
21:25:49.0546 1716 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:25:49.0828 1716 NetBT - ok
21:25:49.0875 1716 NetDDE (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe
21:25:50.0140 1716 NetDDE - ok
21:25:50.0156 1716 NetDDEdsdm (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe
21:25:50.0406 1716 NetDDEdsdm - ok
21:25:50.0437 1716 Netlogon (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
21:25:50.0687 1716 Netlogon - ok
21:25:50.0750 1716 Netman (cdf4da6b518105343fe9e8afbbf8fbf4) C:\WINDOWS\System32\netman.dll
21:25:51.0000 1716 Netman - ok
21:25:51.0093 1716 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:25:51.0140 1716 NetTcpPortSharing - ok
21:25:51.0171 1716 nhcDriverDevice (37260a293b6a89373ae76791e6cc5a12) C:\WINDOWS\system32\drivers\nhcDriver.sys
21:25:51.0187 1716 nhcDriverDevice ( UnsignedFile.Multi.Generic ) - warning
21:25:51.0187 1716 nhcDriverDevice - detected UnsignedFile.Multi.Generic (1)
21:25:51.0218 1716 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:25:51.0484 1716 NIC1394 - ok
21:25:51.0578 1716 Nla (774274c487493452df3b0126dbe7ff3b) C:\WINDOWS\System32\mswsock.dll
21:25:51.0718 1716 Nla - ok
21:25:51.0734 1716 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
21:25:51.0984 1716 Npfs - ok
21:25:52.0109 1716 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
21:25:52.0406 1716 Ntfs - ok
21:25:52.0421 1716 NtLmSsp (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
21:25:52.0687 1716 NtLmSsp - ok
21:25:52.0765 1716 NtmsSvc (428aa946a8d9f32dbb4260c8e6e13377) C:\WINDOWS\system32\ntmssvc.dll
21:25:53.0078 1716 NtmsSvc - ok
21:25:53.0140 1716 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:25:53.0421 1716 Null - ok
21:25:53.0484 1716 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:25:53.0750 1716 NwlnkFlt - ok
21:25:53.0765 1716 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:25:54.0015 1716 NwlnkFwd - ok
21:25:54.0031 1716 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:25:54.0312 1716 ohci1394 - ok
21:25:54.0343 1716 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\drivers\Parport.sys
21:25:54.0593 1716 Parport - ok
21:25:54.0609 1716 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
21:25:54.0859 1716 PartMgr - ok
21:25:54.0906 1716 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
21:25:55.0140 1716 ParVdm - ok
21:25:55.0171 1716 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
21:25:55.0437 1716 PCI - ok
21:25:55.0453 1716 PCIDump - ok
21:25:55.0453 1716 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:25:55.0734 1716 PCIIde - ok
21:25:55.0765 1716 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:25:56.0046 1716 Pcmcia - ok
21:25:56.0046 1716 PDCOMP - ok
21:25:56.0062 1716 PDFRAME - ok
21:25:56.0062 1716 PDRELI - ok
21:25:56.0093 1716 PDRFRAME - ok
21:25:56.0109 1716 perc2 - ok
21:25:56.0125 1716 perc2hib - ok
21:25:56.0250 1716 PlugPlay (65f6b774819bd727358157cedea67b8e) C:\WINDOWS\system32\services.exe
21:25:56.0500 1716 PlugPlay - ok
21:25:56.0515 1716 PolicyAgent (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
21:25:56.0953 1716 PolicyAgent - ok
21:25:57.0125 1716 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:25:57.0546 1716 PptpMiniport - ok
21:25:57.0562 1716 ProtectedStorage (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
21:25:57.0812 1716 ProtectedStorage - ok
21:25:57.0828 1716 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
21:25:58.0093 1716 PSched - ok
21:25:58.0125 1716 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:25:58.0390 1716 Ptilink - ok
21:25:58.0453 1716 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:25:58.0484 1716 PxHelp20 - ok
21:25:58.0484 1716 ql1080 - ok
21:25:58.0500 1716 Ql10wnt - ok
21:25:58.0515 1716 ql12160 - ok
21:25:58.0515 1716 ql1240 - ok
21:25:58.0531 1716 ql1280 - ok
21:25:58.0546 1716 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:25:58.0781 1716 RasAcd - ok
21:25:58.0828 1716 RasAuto (e3c6e87c1f84584a773d7c3dd205dbff) C:\WINDOWS\System32\rasauto.dll
21:25:59.0093 1716 RasAuto - ok
21:25:59.0125 1716 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:25:59.0390 1716 Rasl2tp - ok
21:25:59.0437 1716 RasMan (a5d2d745a2aefa327dca6da317b5fd70) C:\WINDOWS\System32\rasmans.dll
21:25:59.0703 1716 RasMan - ok
21:25:59.0703 1716 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:25:59.0968 1716 RasPppoe - ok
21:25:59.0984 1716 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:26:00.0234 1716 Raspti - ok
21:26:00.0296 1716 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:26:01.0031 1716 Rdbss - ok
21:26:01.0031 1716 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:26:01.0375 1716 RDPCDD - ok
21:26:01.0437 1716 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
21:26:01.0718 1716 RDPWD - ok
21:26:01.0968 1716 RDSessMgr (aec159942df64a9890072d7bb1797762) C:\WINDOWS\system32\sessmgr.exe
21:26:02.0250 1716 RDSessMgr - ok
21:26:02.0328 1716 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:26:02.0593 1716 redbook - ok
21:26:02.0656 1716 RemoteAccess (eba80cdf25e02084857957e820004934) C:\WINDOWS\System32\mprdim.dll
21:26:02.0906 1716 RemoteAccess - ok
21:26:02.0953 1716 rimsptsk (5338e12cc00f6ce1b11e252fff25ac1e) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
21:26:03.0000 1716 rimsptsk - ok
21:26:03.0015 1716 risdptsk (c5b1e7188d110aa23961f29abbad8a47) C:\WINDOWS\system32\DRIVERS\risdptsk.sys
21:26:03.0062 1716 risdptsk - ok
21:26:03.0109 1716 rismxdp (3f535dd8d6fb8c22c37ba2a8c4a32c81) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
21:26:03.0156 1716 rismxdp - ok
21:26:03.0203 1716 RpcLocator (da23f9f3f1b1871120f980a6879581ac) C:\WINDOWS\system32\locator.exe
21:26:03.0468 1716 RpcLocator - ok
21:26:03.0531 1716 RpcSs (d45bbcddc74a1b0259a0c4b00c190d20) C:\WINDOWS\System32\rpcss.dll
21:26:03.0671 1716 RpcSs - ok
21:26:03.0734 1716 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
21:26:04.0000 1716 RSVP - ok
21:26:04.0031 1716 SamSs (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
21:26:04.0296 1716 SamSs - ok
21:26:04.0359 1716 SCardSvr (b4cf7b42de6cfa6fde7d6af4daa55f57) C:\WINDOWS\System32\SCardSvr.exe
21:26:04.0656 1716 SCardSvr - ok
21:26:04.0781 1716 Schedule (d5e73842f38e24457c63fef8ceffbe19) C:\WINDOWS\system32\schedsvc.dll
21:26:05.0062 1716 Schedule - ok
21:26:05.0109 1716 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:26:05.0375 1716 sdbus - ok
21:26:05.0406 1716 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:26:05.0562 1716 Secdrv - ok
21:26:05.0593 1716 seclogon (fed544b43903fb801b106f062110358a) C:\WINDOWS\System32\seclogon.dll
21:26:05.0843 1716 seclogon - ok
21:26:05.0906 1716 SENS (ab74d986c1dd0d0c95b6ad37ec1e9f4f) C:\WINDOWS\system32\sens.dll
21:26:06.0171 1716 SENS - ok
21:26:06.0203 1716 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\drivers\Serial.sys
21:26:06.0484 1716 Serial - ok
21:26:06.0593 1716 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:26:06.0859 1716 Sfloppy - ok
21:26:06.0937 1716 SharedAccess (9245420422e409a25c1410acb4244060) C:\WINDOWS\System32\ipnathlp.dll
21:26:07.0296 1716 SharedAccess - ok
21:26:07.0343 1716 ShellHWDetection (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll
21:26:07.0593 1716 ShellHWDetection - ok
21:26:07.0609 1716 Simbad - ok
21:26:07.0671 1716 smwdm (014ab093e6452ea88031bb6e22919bb5) C:\WINDOWS\system32\drivers\smwdm.sys
21:26:07.0734 1716 smwdm - ok
21:26:07.0875 1716 Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Programme\Sony\Sony PC Companion\PCCService.exe
21:26:07.0921 1716 Sony PC Companion - ok
21:26:07.0953 1716 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
21:26:07.0968 1716 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning
21:26:07.0968 1716 SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1)
21:26:07.0984 1716 Sparrow - ok
21:26:08.0000 1716 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
21:26:08.0250 1716 splitter - ok
21:26:08.0562 1716 Spooler (54e7113a4bd696e430919bcaf5c65e06) C:\WINDOWS\system32\spoolsv.exe
21:26:08.0828 1716 Spooler - ok
21:26:08.0921 1716 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
21:26:09.0093 1716 sr - ok
21:26:09.0203 1716 srservice (015f302c4cf961f20c3f98f3a7ca7917) C:\WINDOWS\system32\srsvc.dll
21:26:09.0390 1716 srservice - ok
21:26:09.0453 1716 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
21:26:09.0562 1716 Srv - ok
21:26:09.0609 1716 SSDPSRV (6fa03b462b2fffe2627171b7fe73ee29) C:\WINDOWS\System32\ssdpsrv.dll
21:26:09.0765 1716 SSDPSRV - ok
21:26:09.0906 1716 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
21:26:09.0921 1716 ssmdrv - ok
21:26:09.0968 1716 stisvc (7e751068ada60fc77638622e86a7cd9e) C:\WINDOWS\system32\wiaservc.dll
21:26:10.0281 1716 stisvc - ok
21:26:10.0312 1716 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:26:10.0578 1716 swenum - ok
21:26:10.0609 1716 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
21:26:10.0875 1716 swmidi - ok
21:26:10.0875 1716 SwPrv - ok
21:26:10.0890 1716 symc810 - ok
21:26:10.0890 1716 symc8xx - ok
21:26:10.0906 1716 sym_hi - ok
21:26:10.0906 1716 sym_u3 - ok
21:26:10.0953 1716 SynTP (1dbc86da355b5db35174f862c110fd09) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:26:11.0046 1716 SynTP - ok
21:26:11.0078 1716 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
21:26:11.0343 1716 sysaudio - ok
21:26:11.0390 1716 SysmonLog (6d0c43df9d3a7c5a9b4f94772cbd5ddc) C:\WINDOWS\system32\smlogsvc.exe
21:26:11.0656 1716 SysmonLog - ok
21:26:11.0703 1716 TapiSrv (4584e2a5fe662ab3e7c32936e1449043) C:\WINDOWS\System32\tapisrv.dll
21:26:11.0984 1716 TapiSrv - ok
21:26:12.0046 1716 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:26:12.0203 1716 Tcpip - ok
21:26:12.0234 1716 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:26:12.0500 1716 TDPIPE - ok
21:26:12.0578 1716 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
21:26:12.0828 1716 TDTCP - ok
21:26:12.0875 1716 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:26:13.0125 1716 TermDD - ok
21:26:13.0203 1716 TermService (1850bc10de5dcccede063fc2d0f2ceda) C:\WINDOWS\System32\termsrv.dll
21:26:13.0500 1716 TermService - ok
21:26:13.0593 1716 Themes (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll
21:26:13.0843 1716 Themes - ok
21:26:13.0859 1716 TosIde - ok
21:26:13.0890 1716 TrkWks (a34e894201d66e380e1fa96fe11b587e) C:\WINDOWS\system32\trkwks.dll
21:26:14.0156 1716 TrkWks - ok
21:26:14.0218 1716 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
21:26:14.0484 1716 Udfs - ok
21:26:14.0500 1716 ultra - ok
21:26:14.0515 1716 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
21:26:14.0812 1716 Update - ok
21:26:14.0890 1716 upnphost (09d4a2d7c5a8abec227d118765faaddf) C:\WINDOWS\System32\upnphost.dll
21:26:15.0062 1716 upnphost - ok
21:26:15.0171 1716 UPS (a99f867e76cfdaa28ee305b93f70e84f) C:\WINDOWS\System32\ups.exe
21:26:15.0421 1716 UPS - ok
21:26:15.0468 1716 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:26:15.0734 1716 usbccgp - ok
21:26:15.0781 1716 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:26:16.0046 1716 usbehci - ok
21:26:16.0078 1716 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:26:16.0359 1716 usbhub - ok
21:26:16.0406 1716 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:26:16.0671 1716 usbscan - ok
21:26:16.0703 1716 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:26:16.0968 1716 USBSTOR - ok
21:26:17.0000 1716 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:26:17.0234 1716 usbuhci - ok
21:26:17.0281 1716 usb_rndisx (ee37e5c79d6c788711296075b2bc95f4) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
21:26:17.0546 1716 usb_rndisx - ok
21:26:17.0562 1716 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
21:26:17.0812 1716 VgaSave - ok
21:26:17.0828 1716 ViaIde - ok
21:26:17.0875 1716 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
21:26:18.0125 1716 VolSnap - ok
21:26:18.0203 1716 VSS (6635ecbf0d8090dc3a452d0d072b5d5b) C:\WINDOWS\System32\vssvc.exe
21:26:18.0390 1716 VSS - ok
21:26:18.0671 1716 w29n51 (67caa926ef06e07f2d31056b39f51c54) C:\WINDOWS\system32\DRIVERS\w29n51.sys
21:26:19.0015 1716 w29n51 - ok
21:26:19.0234 1716 W32Time (c6d874cd2a5b83cd11cdebd28a638584) C:\WINDOWS\system32\w32time.dll
21:26:19.0500 1716 W32Time - ok
21:26:19.0531 1716 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:26:19.0796 1716 Wanarp - ok
21:26:19.0906 1716 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:26:19.0968 1716 Wdf01000 - ok
21:26:19.0984 1716 WDICA - ok
21:26:20.0015 1716 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
21:26:20.0281 1716 wdmaud - ok
21:26:20.0359 1716 WebClient (1eb51feea9d3208eae60604f4346c02e) C:\WINDOWS\System32\webclnt.dll
21:26:20.0640 1716 WebClient - ok
21:26:20.0718 1716 winmgmt (da2dadb42916e59c6e4bba593bccda73) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:26:20.0984 1716 winmgmt - ok
21:26:21.0046 1716 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
21:26:21.0093 1716 WinUSB - ok
21:26:21.0125 1716 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:26:21.0187 1716 WmdmPmSN - ok
21:26:21.0218 1716 WmiApSrv (042a78fcd1adfb0fba9865d55c6f5cc1) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:26:21.0500 1716 WmiApSrv - ok
21:26:21.0531 1716 wowfilter (c5ccf7e7893c49b101a29c576ba294d4) C:\WINDOWS\system32\drivers\wowfilter.sys
21:26:21.0546 1716 wowfilter ( UnsignedFile.Multi.Generic ) - warning
21:26:21.0546 1716 wowfilter - detected UnsignedFile.Multi.Generic (1)
21:26:21.0578 1716 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
21:26:21.0609 1716 WpdUsb - ok
21:26:21.0656 1716 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:26:21.0906 1716 WS2IFSL - ok
21:26:21.0968 1716 wscsvc (bd3561aae748150cf51c2ca876449ea7) C:\WINDOWS\system32\wscsvc.dll
21:26:22.0234 1716 wscsvc - ok
21:26:22.0281 1716 wuauserv (1eddd5c0ecf3fa6edfd8a25b2b4e7df6) C:\WINDOWS\system32\wuauserv.dll
21:26:22.0546 1716 wuauserv - ok
21:26:22.0671 1716 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:26:22.0734 1716 WudfPf - ok
21:26:22.0765 1716 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:26:22.0812 1716 WudfRd - ok
21:26:22.0828 1716 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:26:22.0890 1716 WudfSvc - ok
21:26:22.0921 1716 WZCSVC (ae83ada96575dacf533c2bcb1fc163dc) C:\WINDOWS\System32\wzcsvc.dll
21:26:23.0218 1716 WZCSVC - ok
21:26:23.0281 1716 xmlprov (8302de1c64618d72346dd0034dbc5d9b) C:\WINDOWS\System32\xmlprov.dll
21:26:23.0562 1716 xmlprov - ok
21:26:23.0640 1716 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
21:26:24.0453 1716 \Device\Harddisk0\DR0 - ok
21:26:24.0468 1716 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
21:26:24.0468 1716 \Device\Harddisk1\DR3 - ok
21:26:24.0484 1716 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4
21:26:24.0484 1716 \Device\Harddisk2\DR4 - ok
21:26:24.0500 1716 Boot (0x1200) (5acda08618c3ae19d815c0a3b46cf792) \Device\Harddisk0\DR0\Partition0
21:26:24.0500 1716 \Device\Harddisk0\DR0\Partition0 - ok
21:26:24.0515 1716 Boot (0x1200) (227d432414a15eba9d1d2146babe4510) \Device\Harddisk0\DR0\Partition1
21:26:24.0515 1716 \Device\Harddisk0\DR0\Partition1 - ok
21:26:24.0531 1716 Boot (0x1200) (377b69d8f2fd26ab30ba30de4d2230df) \Device\Harddisk1\DR3\Partition0
21:26:24.0531 1716 \Device\Harddisk1\DR3\Partition0 - ok
21:26:24.0531 1716 Boot (0x1200) (717ead5155f0d9b0431c001a638ae20a) \Device\Harddisk2\DR4\Partition0
21:26:24.0546 1716 \Device\Harddisk2\DR4\Partition0 - ok
21:26:24.0546 1716 ============================================================
21:26:24.0546 1716 Scan finished
21:26:24.0546 1716 ============================================================
21:26:24.0703 1308 Detected object count: 4
21:26:24.0703 1308 Actual detected object count: 4
21:26:55.0531 1308 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
21:26:55.0843 1308 Backup copy found, using it..
21:26:55.0937 1308 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
21:26:55.0937 1308 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
21:26:55.0953 1308 nhcDriverDevice ( UnsignedFile.Multi.Generic ) - skipped by user
21:26:55.0953 1308 nhcDriverDevice ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:26:55.0953 1308 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user
21:26:55.0953 1308 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:26:55.0953 1308 wowfilter ( UnsignedFile.Multi.Generic ) - skipped by user
21:26:55.0953 1308 wowfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:24:13.0781 2824 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
21:24:13.0843 2824 ============================================================
21:24:13.0843 2824 Current date / time: 2012/07/01 21:24:13.0843
21:24:13.0843 2824 SystemInfo:
21:24:13.0843 2824
21:24:13.0843 2824 OS Version: 5.1.2600 ServicePack: 2.0
21:24:13.0843 2824 Product type: Workstation
21:24:13.0843 2824 ComputerName: SAMSUNG-23578E4
21:24:13.0843 2824 UserName: Peter
21:24:13.0843 2824 Windows directory: C:\WINDOWS
21:24:13.0843 2824 System windows directory: C:\WINDOWS
21:24:13.0843 2824 Processor architecture: Intel x86
21:24:13.0843 2824 Number of processors: 1
21:24:13.0843 2824 Page size: 0x1000
21:24:13.0843 2824 Boot type: Normal boot
21:24:13.0843 2824 ============================================================
21:24:17.0328 2824 Drive \Device\Harddisk0\DR0 - Size: 0x157AC25C00 (85.92 Gb), SectorSize: 0x200, Cylinders: 0x2BCF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:24:17.0343 2824 Drive \Device\Harddisk1\DR3 - Size: 0xEA108000 (3.66 Gb), SectorSize: 0x200, Cylinders: 0x1DD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:24:17.0343 2824 Drive \Device\Harddisk2\DR4 - Size: 0x1D9000000 (7.39 Gb), SectorSize: 0x200, Cylinders: 0x3C4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:24:17.0343 2824 ============================================================
21:24:17.0343 2824 \Device\Harddisk0\DR0:
21:24:17.0359 2824 MBR partitions:
21:24:17.0359 2824 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x360D389
21:24:17.0375 2824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x360D407, BlocksNum 0x75C5508
21:24:17.0375 2824 \Device\Harddisk1\DR3:
21:24:17.0375 2824 MBR partitions:
21:24:17.0375 2824 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x74E8C0
21:24:17.0375 2824 \Device\Harddisk2\DR4:
21:24:17.0375 2824 MBR partitions:
21:24:17.0375 2824 \Device\Harddisk2\DR4\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xEC6000
21:24:17.0375 2824 ============================================================
21:24:17.0390 2824 C: <-> \Device\Harddisk0\DR0\Partition0
21:24:17.0437 2824 D: <-> \Device\Harddisk0\DR0\Partition1
21:24:17.0437 2824 ============================================================
21:24:17.0437 2824 Initialize success
21:24:17.0437 2824 ============================================================
21:25:13.0531 1716 ============================================================
21:25:13.0531 1716 Scan started
21:25:13.0531 1716 Mode: Manual; SigCheck;
21:25:13.0531 1716 ============================================================
21:25:13.0906 1716 Abiosdsk - ok
21:25:13.0921 1716 abp480n5 - ok
21:25:13.0984 1716 ACPI (1268cce85f900a63942000a83d8c03d2) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:25:14.0015 1716 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: 1268cce85f900a63942000a83d8c03d2, Fake md5: 94b4741d2cf9ed38140b831293d1601a
21:25:14.0015 1716 ACPI ( Virus.Win32.Rloader.a ) - infected
21:25:14.0015 1716 ACPI - detected Virus.Win32.Rloader.a (0)
21:25:14.0046 1716 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:25:15.0296 1716 ACPIEC - ok
21:25:15.0296 1716 adpu160m - ok
21:25:15.0375 1716 aeaudio (cde1f62fe63631b932ace2249fb11da0) C:\WINDOWS\system32\drivers\aeaudio.sys
21:25:15.0484 1716 aeaudio - ok
21:25:15.0515 1716 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
21:25:15.0828 1716 aec - ok
21:25:15.0890 1716 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
21:25:16.0000 1716 AFD - ok
21:25:16.0109 1716 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:25:16.0375 1716 AgereSoftModem - ok
21:25:16.0390 1716 Aha154x - ok
21:25:16.0390 1716 aic78u2 - ok
21:25:16.0406 1716 aic78xx - ok
21:25:16.0453 1716 Alerter (1aab6c5f8376357cb9b16c38c42c4076) C:\WINDOWS\system32\alrsvc.dll
21:25:16.0734 1716 Alerter - ok
21:25:16.0765 1716 ALG (6596dd260ffde1bdc994c1df236307bb) C:\WINDOWS\System32\alg.exe
21:25:16.0937 1716 ALG - ok
21:25:16.0937 1716 AliIde - ok
21:25:16.0953 1716 amsint - ok
21:25:17.0140 1716 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe
21:25:17.0203 1716 AntiVirSchedulerService - ok
21:25:17.0234 1716 AntiVirService (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe
21:25:17.0250 1716 AntiVirService - ok
21:25:17.0359 1716 Application Updater (592f7ae254995274e166eec95c28f551) C:\Programme\Application Updater\ApplicationUpdater.exe
21:25:17.0453 1716 Application Updater - ok
21:25:17.0468 1716 AppMgmt - ok
21:25:17.0515 1716 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:25:17.0781 1716 Arp1394 - ok
21:25:17.0796 1716 asc - ok
21:25:17.0796 1716 asc3350p - ok
21:25:17.0812 1716 asc3550 - ok
21:25:17.0921 1716 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:25:17.0984 1716 aspnet_state - ok
21:25:18.0000 1716 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:25:18.0250 1716 AsyncMac - ok
21:25:18.0359 1716 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:25:18.0625 1716 atapi - ok
21:25:18.0640 1716 Atdisk - ok
21:25:18.0703 1716 Ati HotKey Poller (06b67e6a0b679d037d2d9e27a64ce90c) C:\WINDOWS\system32\Ati2evxx.exe
21:25:18.0812 1716 Ati HotKey Poller - ok
21:25:18.0937 1716 ati2mtag (d5537cc8cc9a86668e3903bd53caa83c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:25:19.0078 1716 ati2mtag - ok
21:25:19.0140 1716 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:25:19.0406 1716 Atmarpc - ok
21:25:19.0453 1716 AudioSrv (e98b8250398f6637b335a76ba8dfb602) C:\WINDOWS\System32\audiosrv.dll
21:25:19.0734 1716 AudioSrv - ok
21:25:19.0765 1716 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:25:20.0062 1716 audstub - ok
21:25:20.0203 1716 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
21:25:20.0218 1716 avgio - ok
21:25:20.0265 1716 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
21:25:20.0375 1716 avgntflt - ok
21:25:20.0406 1716 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
21:25:20.0453 1716 avipbb - ok
21:25:20.0484 1716 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
21:25:20.0562 1716 bcm4sbxp - ok
21:25:20.0609 1716 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:25:20.0859 1716 Beep - ok
21:25:20.0937 1716 BITS (3a5e54a9ab96ef2d273b58136fb58efe) C:\WINDOWS\system32\qmgr.dll
21:25:21.0250 1716 BITS - ok
21:25:21.0359 1716 Browser (d8653dcd80cf2ebb333fc4fcc43a7def) C:\WINDOWS\System32\browser.dll
21:25:21.0656 1716 Browser - ok
21:25:21.0703 1716 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
21:25:22.0031 1716 BTCFilterService - ok
21:25:22.0046 1716 catchme - ok
21:25:22.0093 1716 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:25:22.0406 1716 cbidf2k - ok
21:25:22.0421 1716 cd20xrnt - ok
21:25:22.0453 1716 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:25:22.0703 1716 Cdaudio - ok
21:25:22.0859 1716 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
21:25:23.0125 1716 Cdfs - ok
21:25:23.0171 1716 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:25:23.0453 1716 Cdrom - ok
21:25:23.0468 1716 Changer - ok
21:25:23.0515 1716 CiSvc (234d52c63c67a8cf4af9becce43bfb4a) C:\WINDOWS\system32\cisvc.exe
21:25:23.0796 1716 CiSvc - ok
21:25:23.0859 1716 ClipSrv (0461868578d29dc18fb1c79933c5158a) C:\WINDOWS\system32\clipsrv.exe
21:25:24.0109 1716 ClipSrv - ok
21:25:24.0187 1716 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:25:24.0250 1716 clr_optimization_v2.0.50727_32 - ok
21:25:24.0296 1716 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:25:24.0562 1716 CmBatt - ok
21:25:24.0562 1716 CmdIde - ok
21:25:24.0625 1716 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:25:24.0875 1716 Compbatt - ok
21:25:24.0890 1716 COMSysApp - ok
21:25:24.0906 1716 Cpqarray - ok
21:25:24.0937 1716 CryptSvc (1a5f9db98df7955b4c7cbdbf2c638238) C:\WINDOWS\System32\cryptsvc.dll
21:25:25.0218 1716 CryptSvc - ok
21:25:25.0218 1716 dac2w2k - ok
21:25:25.0234 1716 dac960nt - ok
21:25:25.0375 1716 DcomLaunch (d45bbcddc74a1b0259a0c4b00c190d20) C:\WINDOWS\system32\rpcss.dll
21:25:25.0515 1716 DcomLaunch - ok
21:25:25.0546 1716 Dhcp (69f986b2688ba95a0d9362b0e233d5ff) C:\WINDOWS\System32\dhcpcsvc.dll
21:25:25.0796 1716 Dhcp - ok
21:25:25.0843 1716 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
21:25:26.0093 1716 Disk - ok
21:25:26.0109 1716 dmadmin - ok
21:25:26.0218 1716 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
21:25:26.0546 1716 dmboot - ok
21:25:26.0640 1716 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
21:25:26.0921 1716 dmio - ok
21:25:26.0984 1716 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:25:27.0234 1716 dmload - ok
21:25:27.0343 1716 dmserver (fa2d9d1a9f6b5a88d01e1685ce2378ba) C:\WINDOWS\System32\dmserver.dll
21:25:27.0609 1716 dmserver - ok
21:25:27.0656 1716 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
21:25:27.0968 1716 DMusic - ok
21:25:28.0015 1716 Dnscache (d1f5b71bbaeee07b78980dbd878c0bc7) C:\WINDOWS\System32\dnsrslvr.dll
21:25:28.0296 1716 Dnscache - ok
21:25:28.0296 1716 dpti2o - ok
21:25:28.0328 1716 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
21:25:28.0578 1716 drmkaud - ok
21:25:28.0625 1716 ERSvc (877a4512cc9074d6954776af47021766) C:\WINDOWS\System32\ersvc.dll
21:25:28.0906 1716 ERSvc - ok
21:25:28.0937 1716 Eventlog (65f6b774819bd727358157cedea67b8e) C:\WINDOWS\system32\services.exe
21:25:29.0187 1716 Eventlog - ok
21:25:29.0234 1716 EventSystem (d68ed3908c7a0db446111d34ac40dc18) C:\WINDOWS\system32\es.dll
21:25:29.0312 1716 EventSystem - ok
21:25:29.0343 1716 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
21:25:29.0640 1716 Fastfat - ok
21:25:29.0687 1716 FastUserSwitchingCompatibility (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll
21:25:30.0015 1716 FastUserSwitchingCompatibility - ok
21:25:30.0078 1716 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
21:25:30.0406 1716 Fdc - ok
21:25:30.0453 1716 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
21:25:30.0890 1716 Fips - ok
21:25:31.0593 1716 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:25:31.0859 1716 Flpydisk - ok
21:25:31.0937 1716 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:25:32.0203 1716 FltMgr - ok
21:25:32.0828 1716 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:25:32.0859 1716 FontCache3.0.0.0 - ok
21:25:32.0859 1716 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:25:33.0125 1716 Fs_Rec - ok
21:25:33.0156 1716 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:25:33.0437 1716 Ftdisk - ok
21:25:33.0515 1716 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:25:33.0781 1716 Gpc - ok
21:25:33.0843 1716 helpsvc (ba85bcf1a2bcf927c3600574173403e0) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:25:34.0109 1716 helpsvc - ok
21:25:34.0109 1716 HidServ - ok
21:25:34.0218 1716 hmbpnofrfalw - ok
21:25:34.0234 1716 hpn - ok
21:25:34.0250 1716 HTCAND32 - ok
21:25:34.0296 1716 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
21:25:34.0375 1716 HTTP - ok
21:25:34.0390 1716 HTTPFilter (9ec7e866bbdbf3ecc0e67f4e0a838eb2) C:\WINDOWS\System32\w3ssl.dll
21:25:34.0671 1716 HTTPFilter - ok
21:25:34.0671 1716 i2omgmt - ok
21:25:34.0687 1716 i2omp - ok
21:25:34.0718 1716 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:25:34.0984 1716 i8042prt - ok
21:25:35.0203 1716 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:25:35.0328 1716 idsvc - ok
21:25:35.0359 1716 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:25:35.0625 1716 Imapi - ok
21:25:35.0703 1716 ImapiService (57d7267a9ed91ecaf4336b08c9628fca) C:\WINDOWS\system32\imapi.exe
21:25:36.0281 1716 ImapiService - ok
21:25:36.0281 1716 ini910u - ok
21:25:36.0328 1716 IntelIde (d63c33f65f6ebc732116403d88883b2d) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:25:36.0593 1716 IntelIde - ok
21:25:36.0640 1716 intelppm (ae7511ada0d951d50cef95d7ecbace99) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:25:37.0421 1716 intelppm - ok
21:25:37.0468 1716 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:25:37.0734 1716 Ip6Fw - ok
21:25:37.0812 1716 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:25:38.0093 1716 IpFilterDriver - ok
21:25:38.0093 1716 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:25:38.0359 1716 IpInIp - ok
21:25:38.0390 1716 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:25:38.0718 1716 IpNat - ok
21:25:39.0000 1716 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:25:39.0265 1716 IPSec - ok
21:25:39.0296 1716 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:25:39.0468 1716 IRENUM - ok
21:25:39.0593 1716 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:25:39.0843 1716 isapnp - ok
21:25:40.0171 1716 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
21:25:40.0218 1716 JavaQuickStarterService - ok
21:25:40.0265 1716 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:25:40.0531 1716 Kbdclass - ok
21:25:40.0609 1716 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
21:25:40.0890 1716 kmixer - ok
21:25:41.0078 1716 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
21:25:41.0156 1716 KSecDD - ok
21:25:41.0203 1716 lanmanserver (f8170aa51cd202bc062b8a0983f361b7) C:\WINDOWS\System32\srvsvc.dll
21:25:41.0500 1716 lanmanserver - ok
21:25:41.0593 1716 lanmanworkstation (f716a6f5babb6da60c0532510ab52245) C:\WINDOWS\System32\wkssvc.dll
21:25:41.0640 1716 lanmanworkstation - ok
21:25:41.0640 1716 lbrtfdc - ok
21:25:41.0671 1716 LmHosts (4c25fadd7fe1d5bd779b20d3d0eb8d7c) C:\WINDOWS\System32\lmhsvc.dll
21:25:41.0937 1716 LmHosts - ok
21:25:41.0968 1716 Messenger (e5215ab942c5ac5f7eb0e54871d7a27c) C:\WINDOWS\System32\msgsvc.dll
21:25:42.0250 1716 Messenger - ok
21:25:42.0375 1716 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:25:42.0750 1716 mnmdd - ok
21:25:42.0796 1716 mnmsrvc (bb2470d20405b272ea47ca5e18f1c58e) C:\WINDOWS\system32\mnmsrvc.exe
21:25:43.0125 1716 mnmsrvc - ok
21:25:43.0156 1716 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
21:25:43.0437 1716 Modem - ok
21:25:43.0484 1716 motccgp (1088f75c09ebb0a8b0f13b886fd67c52) C:\WINDOWS\system32\DRIVERS\motccgp.sys
21:25:43.0593 1716 motccgp - ok
21:25:43.0625 1716 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
21:25:43.0718 1716 motccgpfl - ok
21:25:43.0750 1716 motmodem (8f408e9ed2feb8a8b8837c380faf7ad6) C:\WINDOWS\system32\DRIVERS\motmodem.sys
21:25:43.0843 1716 motmodem - ok
21:25:43.0937 1716 MotoHelper (2443b978e80f8a3d1f39855aa25882af) C:\Programme\Motorola\MotoHelper\MotoHelperService.exe
21:25:43.0984 1716 MotoHelper - ok
21:25:44.0000 1716 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
21:25:44.0109 1716 MotoSwitchService - ok
21:25:44.0125 1716 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
21:25:44.0218 1716 Motousbnet - ok
21:25:44.0265 1716 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
21:25:44.0375 1716 motusbdevice - ok
21:25:44.0390 1716 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:25:44.0656 1716 Mouclass - ok
21:25:44.0687 1716 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
21:25:44.0953 1716 MountMgr - ok
21:25:45.0015 1716 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
21:25:45.0062 1716 MozillaMaintenance - ok
21:25:45.0078 1716 mraid35x - ok
21:25:45.0093 1716 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:25:45.0390 1716 MRxDAV - ok
21:25:45.0515 1716 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:25:45.0625 1716 MRxSmb - ok
21:25:45.0671 1716 MSDTC (d059f9c7752ef461476e83180daa5c62) C:\WINDOWS\system32\msdtc.exe
21:25:45.0921 1716 MSDTC - ok
21:25:45.0937 1716 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
21:25:46.0203 1716 Msfs - ok
21:25:46.0203 1716 MSIServer - ok
21:25:46.0250 1716 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:25:46.0500 1716 MSKSSRV - ok
21:25:46.0562 1716 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:25:46.0812 1716 MSPCLOCK - ok
21:25:46.0859 1716 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
21:25:47.0125 1716 MSPQM - ok
21:25:47.0171 1716 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:25:47.0437 1716 mssmbios - ok
21:25:47.0484 1716 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
21:25:47.0750 1716 Mup - ok
21:25:47.0781 1716 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
21:25:48.0046 1716 NDIS - ok
21:25:48.0093 1716 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:25:48.0359 1716 NdisTapi - ok
21:25:48.0406 1716 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:25:48.0640 1716 Ndisuio - ok
21:25:48.0671 1716 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:25:48.0937 1716 NdisWan - ok
21:25:48.0953 1716 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
21:25:49.0234 1716 NDProxy - ok
21:25:49.0234 1716 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:25:49.0500 1716 NetBIOS - ok
21:25:49.0546 1716 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:25:49.0828 1716 NetBT - ok
21:25:49.0875 1716 NetDDE (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe
21:25:50.0140 1716 NetDDE - ok
21:25:50.0156 1716 NetDDEdsdm (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe
21:25:50.0406 1716 NetDDEdsdm - ok
21:25:50.0437 1716 Netlogon (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
21:25:50.0687 1716 Netlogon - ok
21:25:50.0750 1716 Netman (cdf4da6b518105343fe9e8afbbf8fbf4) C:\WINDOWS\System32\netman.dll
21:25:51.0000 1716 Netman - ok
21:25:51.0093 1716 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:25:51.0140 1716 NetTcpPortSharing - ok
21:25:51.0171 1716 nhcDriverDevice (37260a293b6a89373ae76791e6cc5a12) C:\WINDOWS\system32\drivers\nhcDriver.sys
21:25:51.0187 1716 nhcDriverDevice ( UnsignedFile.Multi.Generic ) - warning
21:25:51.0187 1716 nhcDriverDevice - detected UnsignedFile.Multi.Generic (1)
21:25:51.0218 1716 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:25:51.0484 1716 NIC1394 - ok
21:25:51.0578 1716 Nla (774274c487493452df3b0126dbe7ff3b) C:\WINDOWS\System32\mswsock.dll
21:25:51.0718 1716 Nla - ok
21:25:51.0734 1716 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
21:25:51.0984 1716 Npfs - ok
21:25:52.0109 1716 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
21:25:52.0406 1716 Ntfs - ok
21:25:52.0421 1716 NtLmSsp (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
21:25:52.0687 1716 NtLmSsp - ok
21:25:52.0765 1716 NtmsSvc (428aa946a8d9f32dbb4260c8e6e13377) C:\WINDOWS\system32\ntmssvc.dll
21:25:53.0078 1716 NtmsSvc - ok
21:25:53.0140 1716 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:25:53.0421 1716 Null - ok
21:25:53.0484 1716 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:25:53.0750 1716 NwlnkFlt - ok
21:25:53.0765 1716 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:25:54.0015 1716 NwlnkFwd - ok
21:25:54.0031 1716 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:25:54.0312 1716 ohci1394 - ok
21:25:54.0343 1716 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\drivers\Parport.sys
21:25:54.0593 1716 Parport - ok
21:25:54.0609 1716 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
21:25:54.0859 1716 PartMgr - ok
21:25:54.0906 1716 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
21:25:55.0140 1716 ParVdm - ok
21:25:55.0171 1716 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
21:25:55.0437 1716 PCI - ok
21:25:55.0453 1716 PCIDump - ok
21:25:55.0453 1716 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:25:55.0734 1716 PCIIde - ok
21:25:55.0765 1716 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:25:56.0046 1716 Pcmcia - ok
21:25:56.0046 1716 PDCOMP - ok
21:25:56.0062 1716 PDFRAME - ok
21:25:56.0062 1716 PDRELI - ok
21:25:56.0093 1716 PDRFRAME - ok
21:25:56.0109 1716 perc2 - ok
21:25:56.0125 1716 perc2hib - ok
21:25:56.0250 1716 PlugPlay (65f6b774819bd727358157cedea67b8e) C:\WINDOWS\system32\services.exe
21:25:56.0500 1716 PlugPlay - ok
21:25:56.0515 1716 PolicyAgent (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
21:25:56.0953 1716 PolicyAgent - ok
21:25:57.0125 1716 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:25:57.0546 1716 PptpMiniport - ok
21:25:57.0562 1716 ProtectedStorage (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
21:25:57.0812 1716 ProtectedStorage - ok
21:25:57.0828 1716 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
21:25:58.0093 1716 PSched - ok
21:25:58.0125 1716 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:25:58.0390 1716 Ptilink - ok
21:25:58.0453 1716 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:25:58.0484 1716 PxHelp20 - ok
21:25:58.0484 1716 ql1080 - ok
21:25:58.0500 1716 Ql10wnt - ok
21:25:58.0515 1716 ql12160 - ok
21:25:58.0515 1716 ql1240 - ok
21:25:58.0531 1716 ql1280 - ok
21:25:58.0546 1716 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:25:58.0781 1716 RasAcd - ok
21:25:58.0828 1716 RasAuto (e3c6e87c1f84584a773d7c3dd205dbff) C:\WINDOWS\System32\rasauto.dll
21:25:59.0093 1716 RasAuto - ok
21:25:59.0125 1716 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:25:59.0390 1716 Rasl2tp - ok
21:25:59.0437 1716 RasMan (a5d2d745a2aefa327dca6da317b5fd70) C:\WINDOWS\System32\rasmans.dll
21:25:59.0703 1716 RasMan - ok
21:25:59.0703 1716 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:25:59.0968 1716 RasPppoe - ok
21:25:59.0984 1716 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:26:00.0234 1716 Raspti - ok
21:26:00.0296 1716 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:26:01.0031 1716 Rdbss - ok
21:26:01.0031 1716 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:26:01.0375 1716 RDPCDD - ok
21:26:01.0437 1716 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
21:26:01.0718 1716 RDPWD - ok
21:26:01.0968 1716 RDSessMgr (aec159942df64a9890072d7bb1797762) C:\WINDOWS\system32\sessmgr.exe
21:26:02.0250 1716 RDSessMgr - ok
21:26:02.0328 1716 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:26:02.0593 1716 redbook - ok
21:26:02.0656 1716 RemoteAccess (eba80cdf25e02084857957e820004934) C:\WINDOWS\System32\mprdim.dll
21:26:02.0906 1716 RemoteAccess - ok
21:26:02.0953 1716 rimsptsk (5338e12cc00f6ce1b11e252fff25ac1e) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
21:26:03.0000 1716 rimsptsk - ok
21:26:03.0015 1716 risdptsk (c5b1e7188d110aa23961f29abbad8a47) C:\WINDOWS\system32\DRIVERS\risdptsk.sys
21:26:03.0062 1716 risdptsk - ok
21:26:03.0109 1716 rismxdp (3f535dd8d6fb8c22c37ba2a8c4a32c81) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
21:26:03.0156 1716 rismxdp - ok
21:26:03.0203 1716 RpcLocator (da23f9f3f1b1871120f980a6879581ac) C:\WINDOWS\system32\locator.exe
21:26:03.0468 1716 RpcLocator - ok
21:26:03.0531 1716 RpcSs (d45bbcddc74a1b0259a0c4b00c190d20) C:\WINDOWS\System32\rpcss.dll
21:26:03.0671 1716 RpcSs - ok
21:26:03.0734 1716 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
21:26:04.0000 1716 RSVP - ok
21:26:04.0031 1716 SamSs (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
21:26:04.0296 1716 SamSs - ok
21:26:04.0359 1716 SCardSvr (b4cf7b42de6cfa6fde7d6af4daa55f57) C:\WINDOWS\System32\SCardSvr.exe
21:26:04.0656 1716 SCardSvr - ok
21:26:04.0781 1716 Schedule (d5e73842f38e24457c63fef8ceffbe19) C:\WINDOWS\system32\schedsvc.dll
21:26:05.0062 1716 Schedule - ok
21:26:05.0109 1716 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:26:05.0375 1716 sdbus - ok
21:26:05.0406 1716 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:26:05.0562 1716 Secdrv - ok
21:26:05.0593 1716 seclogon (fed544b43903fb801b106f062110358a) C:\WINDOWS\System32\seclogon.dll
21:26:05.0843 1716 seclogon - ok
21:26:05.0906 1716 SENS (ab74d986c1dd0d0c95b6ad37ec1e9f4f) C:\WINDOWS\system32\sens.dll
21:26:06.0171 1716 SENS - ok
21:26:06.0203 1716 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\drivers\Serial.sys
21:26:06.0484 1716 Serial - ok
21:26:06.0593 1716 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:26:06.0859 1716 Sfloppy - ok
21:26:06.0937 1716 SharedAccess (9245420422e409a25c1410acb4244060) C:\WINDOWS\System32\ipnathlp.dll
21:26:07.0296 1716 SharedAccess - ok
21:26:07.0343 1716 ShellHWDetection (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll
21:26:07.0593 1716 ShellHWDetection - ok
21:26:07.0609 1716 Simbad - ok
21:26:07.0671 1716 smwdm (014ab093e6452ea88031bb6e22919bb5) C:\WINDOWS\system32\drivers\smwdm.sys
21:26:07.0734 1716 smwdm - ok
21:26:07.0875 1716 Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Programme\Sony\Sony PC Companion\PCCService.exe
21:26:07.0921 1716 Sony PC Companion - ok
21:26:07.0953 1716 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
21:26:07.0968 1716 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning
21:26:07.0968 1716 SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1)
21:26:07.0984 1716 Sparrow - ok
21:26:08.0000 1716 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
21:26:08.0250 1716 splitter - ok
21:26:08.0562 1716 Spooler (54e7113a4bd696e430919bcaf5c65e06) C:\WINDOWS\system32\spoolsv.exe
21:26:08.0828 1716 Spooler - ok
21:26:08.0921 1716 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
21:26:09.0093 1716 sr - ok
21:26:09.0203 1716 srservice (015f302c4cf961f20c3f98f3a7ca7917) C:\WINDOWS\system32\srsvc.dll
21:26:09.0390 1716 srservice - ok
21:26:09.0453 1716 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
21:26:09.0562 1716 Srv - ok
21:26:09.0609 1716 SSDPSRV (6fa03b462b2fffe2627171b7fe73ee29) C:\WINDOWS\System32\ssdpsrv.dll
21:26:09.0765 1716 SSDPSRV - ok
21:26:09.0906 1716 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
21:26:09.0921 1716 ssmdrv - ok
21:26:09.0968 1716 stisvc (7e751068ada60fc77638622e86a7cd9e) C:\WINDOWS\system32\wiaservc.dll
21:26:10.0281 1716 stisvc - ok
21:26:10.0312 1716 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:26:10.0578 1716 swenum - ok
21:26:10.0609 1716 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
21:26:10.0875 1716 swmidi - ok
21:26:10.0875 1716 SwPrv - ok
21:26:10.0890 1716 symc810 - ok
21:26:10.0890 1716 symc8xx - ok
21:26:10.0906 1716 sym_hi - ok
21:26:10.0906 1716 sym_u3 - ok
21:26:10.0953 1716 SynTP (1dbc86da355b5db35174f862c110fd09) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:26:11.0046 1716 SynTP - ok
21:26:11.0078 1716 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
21:26:11.0343 1716 sysaudio - ok
21:26:11.0390 1716 SysmonLog (6d0c43df9d3a7c5a9b4f94772cbd5ddc) C:\WINDOWS\system32\smlogsvc.exe
21:26:11.0656 1716 SysmonLog - ok
21:26:11.0703 1716 TapiSrv (4584e2a5fe662ab3e7c32936e1449043) C:\WINDOWS\System32\tapisrv.dll
21:26:11.0984 1716 TapiSrv - ok
21:26:12.0046 1716 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:26:12.0203 1716 Tcpip - ok
21:26:12.0234 1716 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:26:12.0500 1716 TDPIPE - ok
21:26:12.0578 1716 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
21:26:12.0828 1716 TDTCP - ok
21:26:12.0875 1716 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:26:13.0125 1716 TermDD - ok
21:26:13.0203 1716 TermService (1850bc10de5dcccede063fc2d0f2ceda) C:\WINDOWS\System32\termsrv.dll
21:26:13.0500 1716 TermService - ok
21:26:13.0593 1716 Themes (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll
21:26:13.0843 1716 Themes - ok
21:26:13.0859 1716 TosIde - ok
21:26:13.0890 1716 TrkWks (a34e894201d66e380e1fa96fe11b587e) C:\WINDOWS\system32\trkwks.dll
21:26:14.0156 1716 TrkWks - ok
21:26:14.0218 1716 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
21:26:14.0484 1716 Udfs - ok
21:26:14.0500 1716 ultra - ok
21:26:14.0515 1716 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
21:26:14.0812 1716 Update - ok
21:26:14.0890 1716 upnphost (09d4a2d7c5a8abec227d118765faaddf) C:\WINDOWS\System32\upnphost.dll
21:26:15.0062 1716 upnphost - ok
21:26:15.0171 1716 UPS (a99f867e76cfdaa28ee305b93f70e84f) C:\WINDOWS\System32\ups.exe
21:26:15.0421 1716 UPS - ok
21:26:15.0468 1716 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:26:15.0734 1716 usbccgp - ok
21:26:15.0781 1716 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:26:16.0046 1716 usbehci - ok
21:26:16.0078 1716 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:26:16.0359 1716 usbhub - ok
21:26:16.0406 1716 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:26:16.0671 1716 usbscan - ok
21:26:16.0703 1716 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:26:16.0968 1716 USBSTOR - ok
21:26:17.0000 1716 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:26:17.0234 1716 usbuhci - ok
21:26:17.0281 1716 usb_rndisx (ee37e5c79d6c788711296075b2bc95f4) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
21:26:17.0546 1716 usb_rndisx - ok
21:26:17.0562 1716 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
21:26:17.0812 1716 VgaSave - ok
21:26:17.0828 1716 ViaIde - ok
21:26:17.0875 1716 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
21:26:18.0125 1716 VolSnap - ok
21:26:18.0203 1716 VSS (6635ecbf0d8090dc3a452d0d072b5d5b) C:\WINDOWS\System32\vssvc.exe
21:26:18.0390 1716 VSS - ok
21:26:18.0671 1716 w29n51 (67caa926ef06e07f2d31056b39f51c54) C:\WINDOWS\system32\DRIVERS\w29n51.sys
21:26:19.0015 1716 w29n51 - ok
21:26:19.0234 1716 W32Time (c6d874cd2a5b83cd11cdebd28a638584) C:\WINDOWS\system32\w32time.dll
21:26:19.0500 1716 W32Time - ok
21:26:19.0531 1716 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:26:19.0796 1716 Wanarp - ok
21:26:19.0906 1716 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:26:19.0968 1716 Wdf01000 - ok
21:26:19.0984 1716 WDICA - ok
21:26:20.0015 1716 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
21:26:20.0281 1716 wdmaud - ok
21:26:20.0359 1716 WebClient (1eb51feea9d3208eae60604f4346c02e) C:\WINDOWS\System32\webclnt.dll
21:26:20.0640 1716 WebClient - ok
21:26:20.0718 1716 winmgmt (da2dadb42916e59c6e4bba593bccda73) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:26:20.0984 1716 winmgmt - ok
21:26:21.0046 1716 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
21:26:21.0093 1716 WinUSB - ok
21:26:21.0125 1716 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:26:21.0187 1716 WmdmPmSN - ok
21:26:21.0218 1716 WmiApSrv (042a78fcd1adfb0fba9865d55c6f5cc1) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:26:21.0500 1716 WmiApSrv - ok
21:26:21.0531 1716 wowfilter (c5ccf7e7893c49b101a29c576ba294d4) C:\WINDOWS\system32\drivers\wowfilter.sys
21:26:21.0546 1716 wowfilter ( UnsignedFile.Multi.Generic ) - warning
21:26:21.0546 1716 wowfilter - detected UnsignedFile.Multi.Generic (1)
21:26:21.0578 1716 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
21:26:21.0609 1716 WpdUsb - ok
21:26:21.0656 1716 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:26:21.0906 1716 WS2IFSL - ok
21:26:21.0968 1716 wscsvc (bd3561aae748150cf51c2ca876449ea7) C:\WINDOWS\system32\wscsvc.dll
21:26:22.0234 1716 wscsvc - ok
21:26:22.0281 1716 wuauserv (1eddd5c0ecf3fa6edfd8a25b2b4e7df6) C:\WINDOWS\system32\wuauserv.dll
21:26:22.0546 1716 wuauserv - ok
21:26:22.0671 1716 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:26:22.0734 1716 WudfPf - ok
21:26:22.0765 1716 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:26:22.0812 1716 WudfRd - ok
21:26:22.0828 1716 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:26:22.0890 1716 WudfSvc - ok
21:26:22.0921 1716 WZCSVC (ae83ada96575dacf533c2bcb1fc163dc) C:\WINDOWS\System32\wzcsvc.dll
21:26:23.0218 1716 WZCSVC - ok
21:26:23.0281 1716 xmlprov (8302de1c64618d72346dd0034dbc5d9b) C:\WINDOWS\System32\xmlprov.dll
21:26:23.0562 1716 xmlprov - ok
21:26:23.0640 1716 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
21:26:24.0453 1716 \Device\Harddisk0\DR0 - ok
21:26:24.0468 1716 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
21:26:24.0468 1716 \Device\Harddisk1\DR3 - ok
21:26:24.0484 1716 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4
21:26:24.0484 1716 \Device\Harddisk2\DR4 - ok
21:26:24.0500 1716 Boot (0x1200) (5acda08618c3ae19d815c0a3b46cf792) \Device\Harddisk0\DR0\Partition0
21:26:24.0500 1716 \Device\Harddisk0\DR0\Partition0 - ok
21:26:24.0515 1716 Boot (0x1200) (227d432414a15eba9d1d2146babe4510) \Device\Harddisk0\DR0\Partition1
21:26:24.0515 1716 \Device\Harddisk0\DR0\Partition1 - ok
21:26:24.0531 1716 Boot (0x1200) (377b69d8f2fd26ab30ba30de4d2230df) \Device\Harddisk1\DR3\Partition0
21:26:24.0531 1716 \Device\Harddisk1\DR3\Partition0 - ok
21:26:24.0531 1716 Boot (0x1200) (717ead5155f0d9b0431c001a638ae20a) \Device\Harddisk2\DR4\Partition0
21:26:24.0546 1716 \Device\Harddisk2\DR4\Partition0 - ok
21:26:24.0546 1716 ============================================================
21:26:24.0546 1716 Scan finished
21:26:24.0546 1716 ============================================================
21:26:24.0703 1308 Detected object count: 4
21:26:24.0703 1308 Actual detected object count: 4
21:26:55.0531 1308 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
21:26:55.0843 1308 Backup copy found, using it..
21:26:55.0937 1308 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
21:26:55.0937 1308 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
21:26:55.0953 1308 nhcDriverDevice ( UnsignedFile.Multi.Generic ) - skipped by user
21:26:55.0953 1308 nhcDriverDevice ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:26:55.0953 1308 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user
21:26:55.0953 1308 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:26:55.0953 1308 wowfilter ( UnsignedFile.Multi.Generic ) - skipped by user
21:26:55.0953 1308 wowfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 02.07.2012, 11:44   #9
markusg
/// Malware-holic
 
Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig - Standard

Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig



hi
nutzt du deinen pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtiges wie berufliches?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.07.2012, 12:15   #10
pittip
 
Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig - Standard

Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig



ja.
wieso ???????

Alt 02.07.2012, 14:25   #11
markusg
/// Malware-holic
 
Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig - Standard

Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig



hi
bank bitte anrufen, onlinebanking aufgrund eines rootkits sperren lassen.
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig
adobe, antivir, antivir guard, avira, bho, computer, converter, desktop, einstellungen, explorer, firefox, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, mozilla, mp3, notebook, pdfforge toolbar, plug-in, programme, seiten, software, system, temp, windows, windows internet, windows xp




Ähnliche Themen: Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig


  1. Win 7: Selbständige Internetseiten und Umleitung auf Werbung
    Log-Analyse und Auswertung - 05.06.2014 (12)
  2. ihavenet / Umleitung falsche Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (15)
  3. Falsche Umleitung bei Google
    Plagegeister aller Art und deren Bekämpfung - 28.03.2012 (11)
  4. Falsche Internetseiten werden aufgerufen
    Plagegeister aller Art und deren Bekämpfung - 11.10.2011 (1)
  5. Google öffnet falsche Internetseiten
    Log-Analyse und Auswertung - 16.07.2011 (22)
  6. Falsche Internetseiten werden aufgerufen!
    Log-Analyse und Auswertung - 01.11.2010 (18)
  7. Weiterleitung auf falsche Internetseiten (aks.com, kdirectory,...)
    Plagegeister aller Art und deren Bekämpfung - 18.10.2010 (1)
  8. Ungewollte Umleitung auf seltsame Internetseiten bei Google Suchtreffern
    Plagegeister aller Art und deren Bekämpfung - 02.10.2010 (25)
  9. Falsche Internetseiten werden geöffnet
    Log-Analyse und Auswertung - 13.09.2009 (8)
  10. Falsche Internetseiten werden geöffnet
    Log-Analyse und Auswertung - 22.06.2009 (4)
  11. Umleitung auf falsche Internetseiten
    Log-Analyse und Auswertung - 14.02.2009 (28)
  12. firefox leitet auf falsche internetseiten
    Log-Analyse und Auswertung - 09.08.2008 (1)
  13. Umleitung auf andere Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 09.08.2008 (9)
  14. Umleitung auf andere Internetseiten
    Log-Analyse und Auswertung - 10.10.2006 (3)
  15. Trojan.Spywad.A ! Ich werd noch wahnsinnig -.-
    Plagegeister aller Art und deren Bekämpfung - 19.04.2006 (5)
  16. Ich werde noch wahnsinnig
    Log-Analyse und Auswertung - 17.05.2005 (2)
  17. TR/StartPage.qr.DLL Ich werd noch wahnsinnig
    Log-Analyse und Auswertung - 15.03.2005 (13)

Zum Thema Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig - Hallo zusammen, ich bin neu hier und habe leider nicht so die Ahnung von Computern. Bin seit ein paar Wochen voll verzweifelt. Habe Windows XP drauf. Bitte helft mir. Logfile - Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig...
Archiv
Du betrachtest: Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.