|
Log-Analyse und Auswertung: Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnigWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.06.2012, 19:20 | #1 |
| Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig Hallo zusammen, ich bin neu hier und habe leider nicht so die Ahnung von Computern. Bin seit ein paar Wochen voll verzweifelt. Habe Windows XP drauf. Bitte helft mir. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:11:59, on 25.06.2012 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\Programme\ltmoh\Ltmoh.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Notebook Hardware Control\nhc.exe C:\Programme\Winamp\winampa.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\Programme\Application Updater\ApplicationUpdater.exe C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\OpenOffice.org 3\program\soffice.exe C:\Programme\OpenOffice.org 3\program\soffice.bin C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\DOKUME~1\Peter\LOKALE~1\Temp\DAT42B.tmp.exe C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\Programme\Motorola\MotoHelper\MotoHelperService.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Programme\Mozilla Firefox\plugin-container.exe D:\Download\HiJackThis204(1).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.freenet.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer bereitgestellt von freenet R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Programme\Notebook Hardware Control\nhc.exe" -quiet O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [SearchSettings] "C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_Plugin.exe -update plugin O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O20 - AppInit_DLLs: O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Programme\Application Updater\ApplicationUpdater.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: hmbpnofrfalw - Unknown owner - C:\DOKUME~1\Peter\LOKALE~1\Temp\DAT42B.tmp.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Programme\Motorola\MotoHelper\MotoHelperService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Sony PC Companion - Avanquest Software - C:\Programme\Sony\Sony PC Companion\PCCService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 7674 bytes |
28.06.2012, 19:29 | #2 |
| Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig Gibt es einen Grund, warum sich keiner meldet ?
__________________ |
29.06.2012, 20:11 | #3 |
/// Malware-holic | Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig hi
__________________ja, weil viel zu viele leute, auf viel zu wenig helfer kommen. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
01.07.2012, 11:47 | #4 |
| Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig OTL TextOTL Logfile: Code:
ATTFilter OTL logfile created on: 01.07.2012 12:20:10 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = D:\Download Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,17 Mb Total Physical Memory | 636,30 Mb Available Physical Memory | 62,25% Memory free 2,40 Gb Paging File | 2,01 Gb Available in Paging File | 83,56% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 27,03 Gb Total Space | 11,58 Gb Free Space | 42,86% Space Free | Partition Type: NTFS Drive D: | 58,89 Gb Total Space | 23,37 Gb Free Space | 39,69% Space Free | Partition Type: NTFS Computer Name: SAMSUNG-23578E4 | User Name: Peter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.01 12:18:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- D:\Download\OTL(2).exe PRC - [2012.06.13 17:37:04 | 001,088,904 | ---- | M] (Spigot, Inc.) -- C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe PRC - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe PRC - [2012.05.18 08:20:09 | 000,061,952 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Temp\DAT42B.tmp.exe PRC - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe PRC - [2012.01.17 11:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.12.09 19:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe PRC - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.21 07:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.01.27 23:13:50 | 000,226,624 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe PRC - [2011.01.27 23:13:40 | 000,673,088 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2007.05.04 02:33:22 | 002,629,632 | ---- | M] (hxxp://www.pbus-167.com) -- C:\Programme\Notebook Hardware Control\nhc.exe PRC - [2005.02.02 12:12:22 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2004.08.17 10:37:00 | 000,184,320 | ---- | M] (Agere Systems) -- C:\Programme\ltmoh\ltmoh.exe PRC - [2004.08.04 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004.07.27 13:48:04 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe ========== Modules (No Company Name) ========== MOD - [2012.05.18 08:20:09 | 000,061,952 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Temp\DAT42B.tmp.exe MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2012.01.25 22:53:09 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2011.12.11 11:12:01 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll MOD - [2011.12.11 11:11:54 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll MOD - [2011.12.11 11:11:53 | 004,878,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\nhc\4ae925e9edebb46b2b03fc6d34d600f2\nhc.ni.exe MOD - [2011.12.10 16:27:05 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll MOD - [2011.12.10 16:26:56 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll MOD - [2011.12.10 16:26:40 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll MOD - [2011.12.10 12:41:35 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll MOD - [2011.12.10 12:41:13 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll MOD - [2011.11.19 00:27:37 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2011.07.21 15:12:30 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2011.01.27 23:13:50 | 000,226,624 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe MOD - [2011.01.27 23:13:40 | 000,673,088 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe MOD - [2001.10.28 18:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.06.18 07:43:35 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.05.18 08:20:09 | 000,061,952 | ---- | M] () [Auto | Stopped] -- C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Temp\DAT42B.tmp.exe -- (hmbpnofrfalw) SRV - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.01.27 23:13:50 | 000,226,624 | ---- | M] () [Auto | Running] -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.07.01 11:39:56 | 000,022,528 | ---- | M] (pBUS-167 Software - hxxp://www.pbus-167.com) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nhcDriver.sys -- (nhcDriverDevice) DRV - [2011.07.21 12:11:12 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.21 12:11:11 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.12.03 14:03:08 | 000,020,352 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp) DRV - [2010.09.29 17:13:46 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem) DRV - [2010.04.01 13:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet) DRV - [2010.01.25 18:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice) DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.29 16:05:15 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.07.13 16:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2009.01.29 16:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl) DRV - [2009.01.29 16:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService) DRV - [2007.11.02 14:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService) DRV - [2005.06.28 07:01:58 | 001,241,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.06.08 16:58:10 | 000,017,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WOWFilter.sys -- (wowfilter) DRV - [2005.04.30 16:01:56 | 003,281,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R) DRV - [2005.04.18 22:21:08 | 000,027,136 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk) DRV - [2005.03.04 12:02:20 | 001,066,278 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2004.12.06 15:51:10 | 000,051,328 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2004.12.05 21:57:14 | 000,307,456 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2004.05.26 15:18:18 | 000,044,928 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {2059CF48-25F3-40d7-9D37-24A3142FD20B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{2059CF48-25F3-40d7-9D37-24A3142FD20B}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=3379&q={searchTerms}&rp=&s_it=tb50-ie-opencandyDE-chromesbox-de-de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.freenet.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{2059CF48-25F3-40d7-9D37-24A3142FD20B}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=3379&q={searchTerms}&rp=&s_it=tb50-ie-opencandyDE-chromesbox-de-de IE - HKCU\..\SearchScopes\{523D04D8-F1DE-49D2-8F08-7731753F2B33}: "URL" = hxxp://freenetsuche.de/?Keywords={searchTerms}&partnerTag=freenet_xml_de_searchbox_freenet2&charEncoding=utf8 IE - HKCU\..\SearchScopes\{F1AAE232-BD1E-47BB-BC5B-DBA2FE5C5984}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\..\SearchScopes\{F5FA5367-86DF-43F3-B2E4-71CCCD776C44}: "URL" = hxxp://active.freenet.de:8081/IE8Activity/ActivityServlet?w=s&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "WiseConvert Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.search.selectedEngine: "WiseConvert Customized Web Search" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.18 07:43:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.06.03 19:59:13 | 000,000,000 | ---D | M] [2011.12.09 17:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Extensions [2012.06.18 17:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\9u540rcs.default\extensions [2011.12.03 11:09:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\9u540rcs.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.17 20:32:52 | 000,000,000 | ---D | M] (WiseConvert Community Toolbar) -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\9u540rcs.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} [2012.05.30 08:45:36 | 000,000,925 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\9u540rcs.default\searchplugins\conduit.xml [2012.02.05 23:29:20 | 000,001,496 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\9u540rcs.default\searchplugins\searchya.xml [2011.12.07 05:45:34 | 000,002,519 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\9u540rcs.default\searchplugins\Search_Results.xml [2012.02.12 12:57:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.18 07:43:37 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.01.25 22:34:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll [2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.07 05:45:34 | 000,002,519 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search_Results.xml [2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.05.18 08:21:03 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LtMoh] C:\Programme\ltmoh\ltmoh.exe (Agere Systems) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NotebookHardwareControl] C:\Programme\Notebook Hardware Control\nhc.exe (hxxp://www.pbus-167.com) O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Peter\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7327A33B-53D3-47EE-98AA-251712DAABD1}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.09.23 09:44:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{0f3fb9c0-ada1-11e1-bbe9-0000f07b3243}\Shell - "" = AutoRun O33 - MountPoints2\{0f3fb9c0-ada1-11e1-bbe9-0000f07b3243}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{0f3fb9c0-ada1-11e1-bbe9-0000f07b3243}\Shell\AutoRun\command - "" = E:\setup.exe -a O33 - MountPoints2\{752928cc-bcb9-11e1-bc23-0000f07b3243}\Shell - "" = AutoRun O33 - MountPoints2\{752928cc-bcb9-11e1-bc23-0000f07b3243}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{752928cc-bcb9-11e1-bc23-0000f07b3243}\Shell\AutoRun\command - "" = F:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {CF1BD0A7-61B4-4614-98D1-12106B1050FC} - freenetSoftware ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: >{D04766A7-5110-444F-A9D4-F43C9EC1DEE4} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.23 01:24:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony Ericsson [2012.06.23 01:24:10 | 000,000,000 | ---D | C] -- C:\Programme\Sony Ericsson [2012.06.23 01:03:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sony [2012.06.23 01:03:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2012.06.23 01:03:19 | 000,000,000 | ---D | C] -- C:\Programme\Sony [2012.06.23 00:51:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2012.06.23 00:51:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2012.06.20 00:41:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter\Startmenü\Programme\MP3Gain [2012.06.20 00:41:02 | 000,000,000 | ---D | C] -- C:\Programme\MP3Gain [2012.06.20 00:38:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter\Desktop\Karaoke - songs 2012 Juni [2012.06.18 17:01:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Search Settings [2012.06.18 17:01:29 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater [2012.06.18 17:01:28 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot [2012.06.18 17:01:28 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar [2012.06.18 17:00:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.05 07:50:18 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0 [2012.06.03 19:26:28 | 000,023,424 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\Motousbnet.sys [2012.06.03 19:26:28 | 000,009,472 | ---- | C] (Motorola Inc) -- C:\WINDOWS\System32\drivers\motusbdevice.sys [2012.06.03 19:26:28 | 000,006,016 | ---- | C] (Motorola Inc) -- C:\WINDOWS\System32\drivers\motfilt.sys [2012.06.03 19:26:26 | 000,024,064 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motmodem.sys [2012.06.03 19:26:25 | 000,020,352 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motccgp.sys [2012.06.03 19:26:25 | 000,008,320 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motccgpfl.sys [2012.06.03 19:26:25 | 000,006,400 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motswch.sys [2012.06.03 19:25:56 | 000,000,000 | ---D | C] -- C:\Program Files [2012.06.03 19:25:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Motorola Shared [2012.06.03 19:25:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Motorola [2012.06.03 19:25:50 | 000,000,000 | ---D | C] -- C:\Programme\Motorola [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.01 11:39:56 | 000,022,528 | ---- | M] (pBUS-167 Software - hxxp://www.pbus-167.com) -- C:\WINDOWS\System32\drivers\nhcDriver.sys [2012.07.01 11:39:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.07.01 04:30:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.24 20:17:01 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\defogger_reenable [2012.06.23 01:17:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf [2012.06.23 01:17:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.06.23 01:17:31 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2012.06.23 01:03:49 | 000,001,703 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sony PC Companion 2.1.lnk [2012.06.23 00:58:59 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2012.06.23 00:53:34 | 004,503,093 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Akcent - I'm sorry Lyrics.mp3 [2012.06.23 00:51:26 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2012.06.23 00:46:07 | 004,005,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Arash Feat. Helena - Broken Angel (Dj Aligator & Weekend Wonderz)(hd1080_H.264-AAC).mp4.mp3 [2012.06.23 00:42:17 | 003,678,161 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\[ REMIX ] Arash ft Helena - broken angel.mp3 [2012.06.23 00:40:58 | 007,147,521 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Arash ft. Helena- Broken Angel ~Austral Esper REMIX.mp3 [2012.06.23 00:29:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.06.22 10:41:05 | 000,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.06.22 10:27:42 | 026,634,866 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\live 3 .mp3 [2012.06.21 00:05:47 | 004,264,001 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Gustavo Lima - Balada - Letra By Nick.mp3 [2012.06.21 00:04:05 | 003,757,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Gustavo Lima - Balada Boa Lyrics HD (Tché Tchérere Tché).mp3 [2012.06.20 23:37:48 | 010,045,440 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\live 1 .mp3 [2012.06.20 23:28:09 | 023,008,026 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\live.mp3 [2012.06.20 00:51:54 | 003,745,999 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Smokie_Needles_and_Pins_(Instrumentalversion)_97402.mp3 [2012.06.16 13:38:05 | 000,077,442 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\ipodtouch.jpg [2012.06.16 13:34:34 | 000,012,576 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\apple-ipod-touch-4g-review-from-techradar-uk-s-expert-reviews-of-ipod-and-mp3-players_1.jpg [2012.06.16 13:32:03 | 000,002,409 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Paint Shop Pro 7.lnk [2012.06.15 19:22:12 | 000,039,424 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.04 08:04:21 | 004,515,569 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Vamos A La Playa (Karaoke-Playback) Cover on Yamaha PSR9000.mp3 [2012.06.04 08:00:49 | 004,758,002 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\RIGHEIRA (VAMOS A LA PLAYA)(INSTRUMENTAL)(1983).mp3 [2012.06.03 19:27:03 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_Motousbnet_01007.Wdf [2012.06.03 19:27:03 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motfilt_01007.Wdf [2012.06.03 19:26:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf [2012.06.03 19:26:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf [2012.06.03 19:26:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01007.Wdf [2012.06.03 19:26:38 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motusbdevice_01007.Wdf [2012.06.02 13:37:50 | 000,000,189 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\kreditkartenhotline.rtf [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.24 20:17:01 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\defogger_reenable [2012.06.23 09:38:42 | 000,745,984 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\SygicKG.exe [2012.06.23 01:17:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf [2012.06.23 01:17:31 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2012.06.23 01:03:49 | 000,001,703 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sony PC Companion 2.1.lnk [2012.06.23 00:52:15 | 004,503,093 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Akcent - I'm sorry Lyrics.mp3 [2012.06.23 00:51:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2012.06.23 00:44:49 | 004,005,419 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Arash Feat. Helena - Broken Angel (Dj Aligator & Weekend Wonderz)(hd1080_H.264-AAC).mp4.mp3 [2012.06.23 00:41:08 | 003,678,161 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\[ REMIX ] Arash ft Helena - broken angel.mp3 [2012.06.23 00:38:24 | 007,147,521 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Arash ft. Helena- Broken Angel ~Austral Esper REMIX.mp3 [2012.06.22 10:09:40 | 003,745,999 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Smokie_Needles_and_Pins_(Instrumentalversion)_97402.mp3 [2012.06.22 10:09:12 | 026,634,866 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\live 3 .mp3 [2012.06.21 00:04:48 | 004,264,001 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Gustavo Lima - Balada - Letra By Nick.mp3 [2012.06.21 00:02:47 | 003,757,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Gustavo Lima - Balada Boa Lyrics HD (Tché Tchérere Tché).mp3 [2012.06.20 23:30:49 | 010,045,440 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\live 1 .mp3 [2012.06.20 23:12:11 | 023,008,026 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\live.mp3 [2012.06.16 13:38:05 | 000,077,442 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\ipodtouch.jpg [2012.06.16 13:31:32 | 000,012,576 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\apple-ipod-touch-4g-review-from-techradar-uk-s-expert-reviews-of-ipod-and-mp3-players_1.jpg [2012.06.04 08:02:46 | 004,515,569 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Vamos A La Playa (Karaoke-Playback) Cover on Yamaha PSR9000.mp3 [2012.06.04 08:00:12 | 004,758,002 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\RIGHEIRA (VAMOS A LA PLAYA)(INSTRUMENTAL)(1983).mp3 [2012.06.03 19:38:37 | 000,727,177 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\IMAG0134.jpg [2012.06.03 19:27:03 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_Motousbnet_01007.Wdf [2012.06.03 19:27:03 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motfilt_01007.Wdf [2012.06.03 19:26:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf [2012.06.03 19:26:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf [2012.06.03 19:26:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01007.Wdf [2012.06.03 19:26:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motusbdevice_01007.Wdf [2012.06.02 13:37:49 | 000,000,189 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\kreditkartenhotline.rtf [2012.05.18 08:20:09 | 000,172,090 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys [2012.01.28 11:18:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DbgOut.INI [2012.01.25 22:39:43 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2012.01.16 11:47:32 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2012.01.16 11:46:14 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll [2011.12.17 15:14:36 | 000,131,736 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011.12.17 13:56:40 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2011.11.13 15:42:56 | 000,039,424 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.20 22:09:24 | 001,413,259 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Barzewski Auftragsbestätigung.pdf [2011.10.07 08:27:48 | 000,011,525 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\DPR HTS 08.10.2011.pdf [2011.10.05 09:27:40 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011.09.23 10:34:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.09.23 10:34:01 | 000,095,617 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2011.09.23 10:33:31 | 000,120,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.09.23 09:46:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.09.23 09:41:26 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011.01.19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Programme\openofficeorg33.msi [2011.01.19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Programme\setup.exe [2011.01.19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Programme\openofficeorg1.cab [2011.01.19 12:15:26 | 000,000,290 | ---- | C] () -- C:\Programme\setup.ini ========== LOP Check ========== [2012.01.16 11:44:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2011.12.07 16:02:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess [2012.06.23 01:03:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2012.01.16 11:44:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Babylon [2012.02.10 22:46:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\DVDVideoSoft [2011.12.03 11:09:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\DVDVideoSoftIEHelpers [2012.01.16 11:45:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\OpenCandy [2012.01.25 22:54:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\OpenOffice.org [2012.05.25 00:44:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Oracle [2012.01.25 23:23:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\pdfforge [2012.06.18 17:01:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Search Settings [2011.12.07 05:51:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\searchquband [2012.05.27 18:39:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\TeamViewer [2012.01.27 17:00:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Teleca ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.11.19 00:22:41 | 000,000,000 | ---D | M] -- C:\7fbe444cb2573de321308282dccbd55c [2012.06.19 00:02:57 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2011.09.23 10:12:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2012.06.03 19:25:56 | 000,000,000 | ---D | M] -- C:\Program Files [2012.06.23 01:24:10 | 000,000,000 | ---D | M] -- C:\Programme [2011.09.29 18:27:30 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011.09.24 00:08:52 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.06.23 09:19:39 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > [2011.01.19 13:33:04 | 000,475,016 | ---- | M] () -- C:\Programme\setup.exe Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll [2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\explorer.exe [2004.08.04 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\system32\dllcache\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll [2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\dllcache\netlogon.dll [2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll [2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\dllcache\scecli.dll [2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\system32\dllcache\user32.dll [2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\system32\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe [2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe [2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2012.05.18 08:20:10 | 000,172,090 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\str.sys < %systemroot%\System32\config\*.sav > [2011.09.23 11:32:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2011.09.23 11:32:50 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2011.09.23 11:32:50 | 000,430,080 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2011.10.20 22:09:24 | 001,413,259 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Barzewski Auftragsbestätigung.pdf [2012.06.24 20:17:01 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\defogger_reenable [2011.10.07 08:27:48 | 000,011,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\DPR HTS 08.10.2011.pdf [2012.07.01 04:48:41 | 003,145,728 | -H-- | M] () -- C:\Dokumente und Einstellungen\Peter\NTUSER.DAT [2012.07.01 12:19:43 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Peter\ntuser.dat.LOG [2012.07.01 04:48:33 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Peter\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2010.05.02 10:24:36 | 001,851,008 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > ========== Files - Unicode (All) ========== [2012.06.23 00:44:09 | 003,306,276 | ---- | M] ()(C:\Dokumente und Einstellungen\Peter\Desktop\? ARASH - _Broken Angel_ Feat. Helena (From the upcoming album).mp3) -- C:\Dokumente und Einstellungen\Peter\Desktop\ღ ARASH - _Broken Angel_ Feat. Helena (From the upcoming album).mp3 [2012.06.23 00:42:58 | 003,306,276 | ---- | C] ()(C:\Dokumente und Einstellungen\Peter\Desktop\? ARASH - _Broken Angel_ Feat. Helena (From the upcoming album).mp3) -- C:\Dokumente und Einstellungen\Peter\Desktop\ღ ARASH - _Broken Angel_ Feat. Helena (From the upcoming album).mp3 < End of report > Extra TextOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.07.2012 12:20:10 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = D:\Download Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,17 Mb Total Physical Memory | 636,30 Mb Available Physical Memory | 62,25% Memory free 2,40 Gb Paging File | 2,01 Gb Available in Paging File | 83,56% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 27,03 Gb Total Space | 11,58 Gb Free Space | 42,86% Space Free | Partition Type: NTFS Drive D: | 58,89 Gb Total Space | 23,37 Gb Free Space | 39,69% Space Free | Partition Type: NTFS Computer Name: SAMSUNG-23578E4 | User Name: Peter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\TeamViewer\Version6\TeamViewer.exe" = C:\Programme\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH) "C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH) "C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe" = C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29 "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4 "{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{37918F52-75C8-47F8-AEFB-389B8E62B5DA}" = pdfforge Toolbar v5.9 "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{825E9A84-1E03-4526-9F8E-45015C938A7C}" = WBFS Manager 4.0 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AAB9478F-DE6B-498B-9420-21E1F1AC700D}" = WOW XT and TSXT Filter Driver "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.065 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{FB29B583-945C-4094-BB4B-3A405574C560}" = Motorola Mobile Drivers Installation 5.0.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Agere Systems Soft Modem" = SENS LT56ADW Modem "All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software "AnalogX Vocal Remover" = AnalogX Vocal Remover "AnalogX Vocal Remover (WinAmp)" = AnalogX Vocal Remover (WinAmp) "ATI Display Driver" = ATI Display Driver "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228 "ie8" = Windows Internet Explorer 8 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MotoHelper" = MotoHelper 2.0.45 Driver 5.0.0 "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Nero - Burning Rom!UninstallKey" = Nero OEM "Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06 "ProInst" = Intel(R) PROSet/Wireless Software "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamViewer 6" = TeamViewer 6 "TeamViewer 7" = TeamViewer 7 "Update Engine" = Sony Ericsson Update Engine "VLC media player" = VLC media player 1.1.11 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "WIC" = Windows Imaging Component "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 10 "WinRAR archiver" = WinRAR 4.01 (32-Bit) "winusb0200" = Microsoft WinUsb 2.0 "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "AOL DE Toolbar" = AOL DE Toolbar "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.06.2012 13:46:27 | Computer Name = SAMSUNG-23578E4 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung winamp.exe, Version 5.6.2.3199, fehlgeschlagenes Modul msvcr90.dll, Version 9.0.30729.4148, Fehleradresse 0x00056b6a. Error - 09.06.2012 01:44:09 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 09.06.2012 04:44:56 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 13.0.0.4535, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 12.06.2012 22:31:30 | Computer Name = SAMSUNG-23578E4 | Source = ESENT | ID = 490 Description = svchost (1348) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error - 18.06.2012 18:03:59 | Computer Name = SAMSUNG-23578E4 | Source = ESENT | ID = 490 Description = svchost (1360) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error - 20.06.2012 18:06:02 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 22.06.2012 18:57:26 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung Startme.exe, Version 2.0.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 24.06.2012 14:39:11 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.53.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 28.06.2012 14:12:37 | Computer Name = SAMSUNG-23578E4 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung avguard.exe, Version 10.0.1.59, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00f49b02. Error - 01.07.2012 06:00:33 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL(1).exe, Version 3.2.53.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ Application Events ] Error - 03.06.2012 13:46:27 | Computer Name = SAMSUNG-23578E4 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung winamp.exe, Version 5.6.2.3199, fehlgeschlagenes Modul msvcr90.dll, Version 9.0.30729.4148, Fehleradresse 0x00056b6a. Error - 09.06.2012 01:44:09 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 09.06.2012 04:44:56 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 13.0.0.4535, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 12.06.2012 22:31:30 | Computer Name = SAMSUNG-23578E4 | Source = ESENT | ID = 490 Description = svchost (1348) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error - 18.06.2012 18:03:59 | Computer Name = SAMSUNG-23578E4 | Source = ESENT | ID = 490 Description = svchost (1360) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error - 20.06.2012 18:06:02 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 22.06.2012 18:57:26 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung Startme.exe, Version 2.0.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 24.06.2012 14:39:11 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.53.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 28.06.2012 14:12:37 | Computer Name = SAMSUNG-23578E4 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung avguard.exe, Version 10.0.1.59, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00f49b02. Error - 01.07.2012 06:00:33 | Computer Name = SAMSUNG-23578E4 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL(1).exe, Version 3.2.53.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ System Events ] Error - 25.06.2012 22:34:58 | Computer Name = SAMSUNG-23578E4 | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst hmbpnofrfalw. Error - 26.06.2012 14:08:45 | Computer Name = SAMSUNG-23578E4 | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst hmbpnofrfalw. Error - 27.06.2012 09:53:19 | Computer Name = SAMSUNG-23578E4 | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst hmbpnofrfalw. Error - 28.06.2012 14:08:49 | Computer Name = SAMSUNG-23578E4 | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst hmbpnofrfalw. Error - 28.06.2012 22:28:07 | Computer Name = SAMSUNG-23578E4 | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst hmbpnofrfalw. Error - 29.06.2012 10:14:05 | Computer Name = SAMSUNG-23578E4 | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst hmbpnofrfalw. Error - 30.06.2012 22:30:47 | Computer Name = SAMSUNG-23578E4 | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst hmbpnofrfalw. Error - 30.06.2012 22:35:37 | Computer Name = SAMSUNG-23578E4 | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst hmbpnofrfalw. Error - 01.07.2012 05:39:11 | Computer Name = SAMSUNG-23578E4 | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst hmbpnofrfalw. Error - 01.07.2012 06:14:46 | Computer Name = SAMSUNG-23578E4 | Source = atapi | ID = 262153 Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht geantwortet. < End of report > |
01.07.2012, 11:49 | #5 | |
/// Malware-holic | Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnigCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
01.07.2012, 19:56 | #6 |
| Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig Combofix Logfile: Code:
ATTFilter ComboFix 12-07-01.03 - Peter 01.07.2012 20:36:49.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.49.1031.18.1022.549 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Peter\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\str.sys D:\setup.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-06-01 bis 2012-07-01 )))))))))))))))))))))))))))))) . . 2012-06-22 23:24 . 2012-06-22 23:24 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Sony Ericsson 2012-06-22 23:24 . 2012-06-22 23:24 -------- d-----w- c:\programme\Sony Ericsson 2012-06-22 23:06 . 2011-05-24 09:00 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2012-06-22 23:06 . 2011-05-24 08:59 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll 2012-06-22 23:03 . 2012-06-22 23:03 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Sony 2012-06-22 23:03 . 2012-06-22 23:03 -------- d-----w- c:\programme\Sony 2012-06-22 22:51 . 2012-06-22 22:58 -------- d-----w- c:\windows\system32\drivers\UMDF 2012-06-22 22:51 . 2012-06-22 22:51 -------- d-----w- c:\windows\system32\LogFiles 2012-06-19 22:41 . 2012-06-19 22:51 -------- d-----w- c:\programme\MP3Gain 2012-06-18 15:01 . 2012-06-18 15:01 -------- d-----w- c:\dokumente und einstellungen\Peter\Anwendungsdaten\Search Settings 2012-06-18 15:01 . 2012-06-18 15:01 -------- d-----w- c:\programme\Application Updater 2012-06-18 15:01 . 2012-06-18 15:01 -------- d-----w- c:\programme\pdfforge Toolbar 2012-06-18 15:01 . 2012-06-18 15:01 -------- d-----w- c:\programme\Gemeinsame Dateien\Spigot 2012-06-08 05:48 . 2012-06-08 05:48 770384 ----a-w- c:\programme\Mozilla Firefox\msvcr100.dll 2012-06-08 05:48 . 2012-06-08 05:48 421200 ----a-w- c:\programme\Mozilla Firefox\msvcp100.dll 2012-06-05 05:50 . 2012-06-05 05:50 -------- d-----w- c:\programme\MSXML 4.0 2012-06-03 17:26 . 2010-04-01 11:31 23424 ----a-w- c:\windows\system32\drivers\Motousbnet.sys 2012-06-03 17:26 . 2010-01-25 16:56 9472 ----a-w- c:\windows\system32\drivers\motusbdevice.sys 2012-06-03 17:26 . 2009-01-29 14:11 6016 ----a-w- c:\windows\system32\drivers\motfilt.sys 2012-06-03 17:26 . 2010-09-29 15:13 24064 ----a-w- c:\windows\system32\drivers\motmodem.sys 2012-06-03 17:26 . 2010-12-03 12:03 20352 ----a-w- c:\windows\system32\drivers\motccgp.sys 2012-06-03 17:26 . 2009-01-29 14:18 8320 ----a-w- c:\windows\system32\drivers\motccgpfl.sys 2012-06-03 17:26 . 2007-11-02 12:51 6400 ----a-w- c:\windows\system32\drivers\motswch.sys 2012-06-03 17:25 . 2012-06-03 17:25 -------- d-----w- c:\programme\Gemeinsame Dateien\Motorola Shared 2012-06-03 17:25 . 2012-06-03 17:25 -------- d-----w- C:\Program Files 2012-06-03 17:25 . 2012-06-03 17:25 -------- d-----w- c:\programme\Motorola . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-01 18:49 . 2011-09-23 21:11 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys 2012-04-04 16:47 . 2012-01-25 20:34 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-04-04 16:47 . 2012-05-24 22:44 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-04-04 16:47 . 2012-01-25 20:34 687504 ----a-w- c:\windows\system32\deployJava1.dll 2011-01-19 11:34 . 2011-01-19 11:34 3003392 ----a-w- c:\programme\openofficeorg33.msi 2011-01-19 11:33 . 2011-01-19 11:33 475016 ----a-w- c:\programme\setup.exe 2012-06-18 05:43 . 2011-10-08 12:33 85472 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll 2006-05-03 11:06 163328 --sha-r- c:\windows\system32\flvDX.dll 2007-02-21 12:47 31232 --sha-r- c:\windows\system32\msfDX.dll 2008-03-16 14:30 216064 --sha-r- c:\windows\system32\nbDX.dll 2010-01-06 23:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064] "SoundMAXPnP"="c:\programme\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544] "SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492] "SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316] "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209] "LtMoh"="c:\programme\ltmoh\Ltmoh.exe" [2004-08-17 184320] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2004-03-16 32768] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768] "NotebookHardwareControl"="c:\programme\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632] "Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "WinampAgent"="c:\programme\Winamp\winampa.exe" [2011-12-09 74752] "SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-17 252296] "SearchSettings"="c:\programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe" [2012-06-13 1088904] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] . c:\dokumente und einstellungen\Peter\Startmenü\Programme\Autostart\ OpenOffice.org 3.3.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Programme\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Programme\\TeamViewer\\Version7\\TeamViewer.exe"= "c:\\Programme\\TeamViewer\\Version7\\TeamViewer_Service.exe"= "c:\\Programme\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"= . R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [23.09.2011 23:00 136360] R2 Application Updater;Application Updater;c:\programme\Application Updater\ApplicationUpdater.exe [13.06.2012 17:27 792512] R2 MotoHelper;MotoHelper Service;c:\programme\Motorola\MotoHelper\MotoHelperService.exe [27.01.2011 23:13 226624] R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [08.06.2005 16:58 17792] S2 hmbpnofrfalw;hmbpnofrfalw;"c:\dokume~1\Peter\LOKALE~1\Temp\DAT42B.tmp.exe" --SERVICE --> c:\dokume~1\Peter\LOKALE~1\Temp\DAT42B.tmp.exe [?] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [03.06.2012 19:26 6016] S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [03.06.2012 19:26 20352] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [03.06.2012 19:26 8320] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [03.06.2012 19:26 23424] S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [03.06.2012 19:26 9472] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [26.04.2012 08:08 113120] S3 Sony PC Companion;Sony PC Companion;c:\programme\Sony\Sony PC Companion\PCCService.exe [23.06.2012 01:03 155320] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Peter\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\dokumente und einstellungen\Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\9u540rcs.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - WiseConvert Customized Web Search FF - prefs.js: browser.startup.homepage - www.google.de FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q= FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101641 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 60cb9e310000000000000000f07b3243 FF - user.js: extensions.BabylonToolbar_i.hardId - 60cb9e310000000000000000f07b3243 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15355 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:44 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: browser.sessionstore.resume_from_crash - false FF - user.js: extensions.searchya_i.hmpg - true FF - user.js: extensions.searchya_i.hmpgUrl - hxxp://searchya.com/?chnl=fxtb-01&s=0&cr=83384407&cd=2XzutAtN2Y1L1QzutDtDtCyDtDtDtCtCtBzz0CyB0Bzy0EtAtCtN0D0TzutBtDtCtBtDtBtDyD FF - user.js: extensions.searchya_i.dfltSrch - true FF - user.js: extensions.searchya_i.srchPrvdr - SearchYa! FF - user.js: extensions.searchya_i.dnsErr - true FF - user.js: extensions.searchya_i.newTab - true FF - user.js: extensions.searchya_i.newTabUrl - hxxp://searchya.com/?chnl=fxtb-01&s=2&cr=83384407&cd=2XzutAtN2Y1L1QzutDtDtCyDtDtDtCtCtBzz0CyB0Bzy0EtAtCtN0D0TzutBtDtCtBtDtBtDyD . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-10 - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-07-01 20:49 Windows 5.1.2600 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'winlogon.exe'(884) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3908) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\programme\Avira\AntiVir Desktop\avguard.exe c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe c:\programme\Avira\AntiVir Desktop\avshadow.exe c:\programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe c:\programme\Analog Devices\SoundMAX\SMAgent.exe c:\programme\Motorola\MotoHelper\MotoHelperAgent.exe c:\windows\AGRSMMSG.exe c:\windows\system32\wscntfy.exe c:\programme\OpenOffice.org 3\program\soffice.exe c:\programme\OpenOffice.org 3\program\soffice.bin c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-07-01 20:54:14 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-07-01 18:54 . Vor Suchlauf: 6 Verzeichnis(se), 13.081.239.552 Bytes frei Nach Suchlauf: 8 Verzeichnis(se), 13.470.666.752 Bytes frei . - - End Of File - - 90F031C98F40E09FED7D4E1B92844864 |
01.07.2012, 20:09 | #7 |
/// Malware-holic | Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
01.07.2012, 20:28 | #8 |
| Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig 21:24:13.0781 2824 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22 21:24:13.0843 2824 ============================================================ 21:24:13.0843 2824 Current date / time: 2012/07/01 21:24:13.0843 21:24:13.0843 2824 SystemInfo: 21:24:13.0843 2824 21:24:13.0843 2824 OS Version: 5.1.2600 ServicePack: 2.0 21:24:13.0843 2824 Product type: Workstation 21:24:13.0843 2824 ComputerName: SAMSUNG-23578E4 21:24:13.0843 2824 UserName: Peter 21:24:13.0843 2824 Windows directory: C:\WINDOWS 21:24:13.0843 2824 System windows directory: C:\WINDOWS 21:24:13.0843 2824 Processor architecture: Intel x86 21:24:13.0843 2824 Number of processors: 1 21:24:13.0843 2824 Page size: 0x1000 21:24:13.0843 2824 Boot type: Normal boot 21:24:13.0843 2824 ============================================================ 21:24:17.0328 2824 Drive \Device\Harddisk0\DR0 - Size: 0x157AC25C00 (85.92 Gb), SectorSize: 0x200, Cylinders: 0x2BCF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 21:24:17.0343 2824 Drive \Device\Harddisk1\DR3 - Size: 0xEA108000 (3.66 Gb), SectorSize: 0x200, Cylinders: 0x1DD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 21:24:17.0343 2824 Drive \Device\Harddisk2\DR4 - Size: 0x1D9000000 (7.39 Gb), SectorSize: 0x200, Cylinders: 0x3C4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 21:24:17.0343 2824 ============================================================ 21:24:17.0343 2824 \Device\Harddisk0\DR0: 21:24:17.0359 2824 MBR partitions: 21:24:17.0359 2824 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x360D389 21:24:17.0375 2824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x360D407, BlocksNum 0x75C5508 21:24:17.0375 2824 \Device\Harddisk1\DR3: 21:24:17.0375 2824 MBR partitions: 21:24:17.0375 2824 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x74E8C0 21:24:17.0375 2824 \Device\Harddisk2\DR4: 21:24:17.0375 2824 MBR partitions: 21:24:17.0375 2824 \Device\Harddisk2\DR4\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xEC6000 21:24:17.0375 2824 ============================================================ 21:24:17.0390 2824 C: <-> \Device\Harddisk0\DR0\Partition0 21:24:17.0437 2824 D: <-> \Device\Harddisk0\DR0\Partition1 21:24:17.0437 2824 ============================================================ 21:24:17.0437 2824 Initialize success 21:24:17.0437 2824 ============================================================ 21:25:13.0531 1716 ============================================================ 21:25:13.0531 1716 Scan started 21:25:13.0531 1716 Mode: Manual; SigCheck; 21:25:13.0531 1716 ============================================================ 21:25:13.0906 1716 Abiosdsk - ok 21:25:13.0921 1716 abp480n5 - ok 21:25:13.0984 1716 ACPI (1268cce85f900a63942000a83d8c03d2) C:\WINDOWS\system32\DRIVERS\ACPI.sys 21:25:14.0015 1716 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: 1268cce85f900a63942000a83d8c03d2, Fake md5: 94b4741d2cf9ed38140b831293d1601a 21:25:14.0015 1716 ACPI ( Virus.Win32.Rloader.a ) - infected 21:25:14.0015 1716 ACPI - detected Virus.Win32.Rloader.a (0) 21:25:14.0046 1716 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 21:25:15.0296 1716 ACPIEC - ok 21:25:15.0296 1716 adpu160m - ok 21:25:15.0375 1716 aeaudio (cde1f62fe63631b932ace2249fb11da0) C:\WINDOWS\system32\drivers\aeaudio.sys 21:25:15.0484 1716 aeaudio - ok 21:25:15.0515 1716 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys 21:25:15.0828 1716 aec - ok 21:25:15.0890 1716 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys 21:25:16.0000 1716 AFD - ok 21:25:16.0109 1716 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 21:25:16.0375 1716 AgereSoftModem - ok 21:25:16.0390 1716 Aha154x - ok 21:25:16.0390 1716 aic78u2 - ok 21:25:16.0406 1716 aic78xx - ok 21:25:16.0453 1716 Alerter (1aab6c5f8376357cb9b16c38c42c4076) C:\WINDOWS\system32\alrsvc.dll 21:25:16.0734 1716 Alerter - ok 21:25:16.0765 1716 ALG (6596dd260ffde1bdc994c1df236307bb) C:\WINDOWS\System32\alg.exe 21:25:16.0937 1716 ALG - ok 21:25:16.0937 1716 AliIde - ok 21:25:16.0953 1716 amsint - ok 21:25:17.0140 1716 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe 21:25:17.0203 1716 AntiVirSchedulerService - ok 21:25:17.0234 1716 AntiVirService (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe 21:25:17.0250 1716 AntiVirService - ok 21:25:17.0359 1716 Application Updater (592f7ae254995274e166eec95c28f551) C:\Programme\Application Updater\ApplicationUpdater.exe 21:25:17.0453 1716 Application Updater - ok 21:25:17.0468 1716 AppMgmt - ok 21:25:17.0515 1716 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 21:25:17.0781 1716 Arp1394 - ok 21:25:17.0796 1716 asc - ok 21:25:17.0796 1716 asc3350p - ok 21:25:17.0812 1716 asc3550 - ok 21:25:17.0921 1716 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 21:25:17.0984 1716 aspnet_state - ok 21:25:18.0000 1716 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 21:25:18.0250 1716 AsyncMac - ok 21:25:18.0359 1716 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 21:25:18.0625 1716 atapi - ok 21:25:18.0640 1716 Atdisk - ok 21:25:18.0703 1716 Ati HotKey Poller (06b67e6a0b679d037d2d9e27a64ce90c) C:\WINDOWS\system32\Ati2evxx.exe 21:25:18.0812 1716 Ati HotKey Poller - ok 21:25:18.0937 1716 ati2mtag (d5537cc8cc9a86668e3903bd53caa83c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 21:25:19.0078 1716 ati2mtag - ok 21:25:19.0140 1716 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 21:25:19.0406 1716 Atmarpc - ok 21:25:19.0453 1716 AudioSrv (e98b8250398f6637b335a76ba8dfb602) C:\WINDOWS\System32\audiosrv.dll 21:25:19.0734 1716 AudioSrv - ok 21:25:19.0765 1716 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 21:25:20.0062 1716 audstub - ok 21:25:20.0203 1716 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 21:25:20.0218 1716 avgio - ok 21:25:20.0265 1716 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 21:25:20.0375 1716 avgntflt - ok 21:25:20.0406 1716 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 21:25:20.0453 1716 avipbb - ok 21:25:20.0484 1716 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 21:25:20.0562 1716 bcm4sbxp - ok 21:25:20.0609 1716 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 21:25:20.0859 1716 Beep - ok 21:25:20.0937 1716 BITS (3a5e54a9ab96ef2d273b58136fb58efe) C:\WINDOWS\system32\qmgr.dll 21:25:21.0250 1716 BITS - ok 21:25:21.0359 1716 Browser (d8653dcd80cf2ebb333fc4fcc43a7def) C:\WINDOWS\System32\browser.dll 21:25:21.0656 1716 Browser - ok 21:25:21.0703 1716 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys 21:25:22.0031 1716 BTCFilterService - ok 21:25:22.0046 1716 catchme - ok 21:25:22.0093 1716 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 21:25:22.0406 1716 cbidf2k - ok 21:25:22.0421 1716 cd20xrnt - ok 21:25:22.0453 1716 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 21:25:22.0703 1716 Cdaudio - ok 21:25:22.0859 1716 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 21:25:23.0125 1716 Cdfs - ok 21:25:23.0171 1716 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 21:25:23.0453 1716 Cdrom - ok 21:25:23.0468 1716 Changer - ok 21:25:23.0515 1716 CiSvc (234d52c63c67a8cf4af9becce43bfb4a) C:\WINDOWS\system32\cisvc.exe 21:25:23.0796 1716 CiSvc - ok 21:25:23.0859 1716 ClipSrv (0461868578d29dc18fb1c79933c5158a) C:\WINDOWS\system32\clipsrv.exe 21:25:24.0109 1716 ClipSrv - ok 21:25:24.0187 1716 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:25:24.0250 1716 clr_optimization_v2.0.50727_32 - ok 21:25:24.0296 1716 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 21:25:24.0562 1716 CmBatt - ok 21:25:24.0562 1716 CmdIde - ok 21:25:24.0625 1716 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys 21:25:24.0875 1716 Compbatt - ok 21:25:24.0890 1716 COMSysApp - ok 21:25:24.0906 1716 Cpqarray - ok 21:25:24.0937 1716 CryptSvc (1a5f9db98df7955b4c7cbdbf2c638238) C:\WINDOWS\System32\cryptsvc.dll 21:25:25.0218 1716 CryptSvc - ok 21:25:25.0218 1716 dac2w2k - ok 21:25:25.0234 1716 dac960nt - ok 21:25:25.0375 1716 DcomLaunch (d45bbcddc74a1b0259a0c4b00c190d20) C:\WINDOWS\system32\rpcss.dll 21:25:25.0515 1716 DcomLaunch - ok 21:25:25.0546 1716 Dhcp (69f986b2688ba95a0d9362b0e233d5ff) C:\WINDOWS\System32\dhcpcsvc.dll 21:25:25.0796 1716 Dhcp - ok 21:25:25.0843 1716 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 21:25:26.0093 1716 Disk - ok 21:25:26.0109 1716 dmadmin - ok 21:25:26.0218 1716 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys 21:25:26.0546 1716 dmboot - ok 21:25:26.0640 1716 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys 21:25:26.0921 1716 dmio - ok 21:25:26.0984 1716 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 21:25:27.0234 1716 dmload - ok 21:25:27.0343 1716 dmserver (fa2d9d1a9f6b5a88d01e1685ce2378ba) C:\WINDOWS\System32\dmserver.dll 21:25:27.0609 1716 dmserver - ok 21:25:27.0656 1716 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 21:25:27.0968 1716 DMusic - ok 21:25:28.0015 1716 Dnscache (d1f5b71bbaeee07b78980dbd878c0bc7) C:\WINDOWS\System32\dnsrslvr.dll 21:25:28.0296 1716 Dnscache - ok 21:25:28.0296 1716 dpti2o - ok 21:25:28.0328 1716 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 21:25:28.0578 1716 drmkaud - ok 21:25:28.0625 1716 ERSvc (877a4512cc9074d6954776af47021766) C:\WINDOWS\System32\ersvc.dll 21:25:28.0906 1716 ERSvc - ok 21:25:28.0937 1716 Eventlog (65f6b774819bd727358157cedea67b8e) C:\WINDOWS\system32\services.exe 21:25:29.0187 1716 Eventlog - ok 21:25:29.0234 1716 EventSystem (d68ed3908c7a0db446111d34ac40dc18) C:\WINDOWS\system32\es.dll 21:25:29.0312 1716 EventSystem - ok 21:25:29.0343 1716 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 21:25:29.0640 1716 Fastfat - ok 21:25:29.0687 1716 FastUserSwitchingCompatibility (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll 21:25:30.0015 1716 FastUserSwitchingCompatibility - ok 21:25:30.0078 1716 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys 21:25:30.0406 1716 Fdc - ok 21:25:30.0453 1716 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys 21:25:30.0890 1716 Fips - ok 21:25:31.0593 1716 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys 21:25:31.0859 1716 Flpydisk - ok 21:25:31.0937 1716 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 21:25:32.0203 1716 FltMgr - ok 21:25:32.0828 1716 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 21:25:32.0859 1716 FontCache3.0.0.0 - ok 21:25:32.0859 1716 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 21:25:33.0125 1716 Fs_Rec - ok 21:25:33.0156 1716 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 21:25:33.0437 1716 Ftdisk - ok 21:25:33.0515 1716 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 21:25:33.0781 1716 Gpc - ok 21:25:33.0843 1716 helpsvc (ba85bcf1a2bcf927c3600574173403e0) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 21:25:34.0109 1716 helpsvc - ok 21:25:34.0109 1716 HidServ - ok 21:25:34.0218 1716 hmbpnofrfalw - ok 21:25:34.0234 1716 hpn - ok 21:25:34.0250 1716 HTCAND32 - ok 21:25:34.0296 1716 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys 21:25:34.0375 1716 HTTP - ok 21:25:34.0390 1716 HTTPFilter (9ec7e866bbdbf3ecc0e67f4e0a838eb2) C:\WINDOWS\System32\w3ssl.dll 21:25:34.0671 1716 HTTPFilter - ok 21:25:34.0671 1716 i2omgmt - ok 21:25:34.0687 1716 i2omp - ok 21:25:34.0718 1716 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 21:25:34.0984 1716 i8042prt - ok 21:25:35.0203 1716 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 21:25:35.0328 1716 idsvc - ok 21:25:35.0359 1716 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 21:25:35.0625 1716 Imapi - ok 21:25:35.0703 1716 ImapiService (57d7267a9ed91ecaf4336b08c9628fca) C:\WINDOWS\system32\imapi.exe 21:25:36.0281 1716 ImapiService - ok 21:25:36.0281 1716 ini910u - ok 21:25:36.0328 1716 IntelIde (d63c33f65f6ebc732116403d88883b2d) C:\WINDOWS\system32\DRIVERS\intelide.sys 21:25:36.0593 1716 IntelIde - ok 21:25:36.0640 1716 intelppm (ae7511ada0d951d50cef95d7ecbace99) C:\WINDOWS\system32\DRIVERS\intelppm.sys 21:25:37.0421 1716 intelppm - ok 21:25:37.0468 1716 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 21:25:37.0734 1716 Ip6Fw - ok 21:25:37.0812 1716 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 21:25:38.0093 1716 IpFilterDriver - ok 21:25:38.0093 1716 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 21:25:38.0359 1716 IpInIp - ok 21:25:38.0390 1716 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys 21:25:38.0718 1716 IpNat - ok 21:25:39.0000 1716 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 21:25:39.0265 1716 IPSec - ok 21:25:39.0296 1716 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 21:25:39.0468 1716 IRENUM - ok 21:25:39.0593 1716 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys 21:25:39.0843 1716 isapnp - ok 21:25:40.0171 1716 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 21:25:40.0218 1716 JavaQuickStarterService - ok 21:25:40.0265 1716 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 21:25:40.0531 1716 Kbdclass - ok 21:25:40.0609 1716 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys 21:25:40.0890 1716 kmixer - ok 21:25:41.0078 1716 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys 21:25:41.0156 1716 KSecDD - ok 21:25:41.0203 1716 lanmanserver (f8170aa51cd202bc062b8a0983f361b7) C:\WINDOWS\System32\srvsvc.dll 21:25:41.0500 1716 lanmanserver - ok 21:25:41.0593 1716 lanmanworkstation (f716a6f5babb6da60c0532510ab52245) C:\WINDOWS\System32\wkssvc.dll 21:25:41.0640 1716 lanmanworkstation - ok 21:25:41.0640 1716 lbrtfdc - ok 21:25:41.0671 1716 LmHosts (4c25fadd7fe1d5bd779b20d3d0eb8d7c) C:\WINDOWS\System32\lmhsvc.dll 21:25:41.0937 1716 LmHosts - ok 21:25:41.0968 1716 Messenger (e5215ab942c5ac5f7eb0e54871d7a27c) C:\WINDOWS\System32\msgsvc.dll 21:25:42.0250 1716 Messenger - ok 21:25:42.0375 1716 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 21:25:42.0750 1716 mnmdd - ok 21:25:42.0796 1716 mnmsrvc (bb2470d20405b272ea47ca5e18f1c58e) C:\WINDOWS\system32\mnmsrvc.exe 21:25:43.0125 1716 mnmsrvc - ok 21:25:43.0156 1716 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys 21:25:43.0437 1716 Modem - ok 21:25:43.0484 1716 motccgp (1088f75c09ebb0a8b0f13b886fd67c52) C:\WINDOWS\system32\DRIVERS\motccgp.sys 21:25:43.0593 1716 motccgp - ok 21:25:43.0625 1716 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys 21:25:43.0718 1716 motccgpfl - ok 21:25:43.0750 1716 motmodem (8f408e9ed2feb8a8b8837c380faf7ad6) C:\WINDOWS\system32\DRIVERS\motmodem.sys 21:25:43.0843 1716 motmodem - ok 21:25:43.0937 1716 MotoHelper (2443b978e80f8a3d1f39855aa25882af) C:\Programme\Motorola\MotoHelper\MotoHelperService.exe 21:25:43.0984 1716 MotoHelper - ok 21:25:44.0000 1716 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys 21:25:44.0109 1716 MotoSwitchService - ok 21:25:44.0125 1716 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys 21:25:44.0218 1716 Motousbnet - ok 21:25:44.0265 1716 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys 21:25:44.0375 1716 motusbdevice - ok 21:25:44.0390 1716 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys 21:25:44.0656 1716 Mouclass - ok 21:25:44.0687 1716 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 21:25:44.0953 1716 MountMgr - ok 21:25:45.0015 1716 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 21:25:45.0062 1716 MozillaMaintenance - ok 21:25:45.0078 1716 mraid35x - ok 21:25:45.0093 1716 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 21:25:45.0390 1716 MRxDAV - ok 21:25:45.0515 1716 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 21:25:45.0625 1716 MRxSmb - ok 21:25:45.0671 1716 MSDTC (d059f9c7752ef461476e83180daa5c62) C:\WINDOWS\system32\msdtc.exe 21:25:45.0921 1716 MSDTC - ok 21:25:45.0937 1716 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 21:25:46.0203 1716 Msfs - ok 21:25:46.0203 1716 MSIServer - ok 21:25:46.0250 1716 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 21:25:46.0500 1716 MSKSSRV - ok 21:25:46.0562 1716 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 21:25:46.0812 1716 MSPCLOCK - ok 21:25:46.0859 1716 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 21:25:47.0125 1716 MSPQM - ok 21:25:47.0171 1716 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 21:25:47.0437 1716 mssmbios - ok 21:25:47.0484 1716 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 21:25:47.0750 1716 Mup - ok 21:25:47.0781 1716 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 21:25:48.0046 1716 NDIS - ok 21:25:48.0093 1716 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 21:25:48.0359 1716 NdisTapi - ok 21:25:48.0406 1716 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 21:25:48.0640 1716 Ndisuio - ok 21:25:48.0671 1716 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 21:25:48.0937 1716 NdisWan - ok 21:25:48.0953 1716 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 21:25:49.0234 1716 NDProxy - ok 21:25:49.0234 1716 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 21:25:49.0500 1716 NetBIOS - ok 21:25:49.0546 1716 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 21:25:49.0828 1716 NetBT - ok 21:25:49.0875 1716 NetDDE (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe 21:25:50.0140 1716 NetDDE - ok 21:25:50.0156 1716 NetDDEdsdm (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe 21:25:50.0406 1716 NetDDEdsdm - ok 21:25:50.0437 1716 Netlogon (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe 21:25:50.0687 1716 Netlogon - ok 21:25:50.0750 1716 Netman (cdf4da6b518105343fe9e8afbbf8fbf4) C:\WINDOWS\System32\netman.dll 21:25:51.0000 1716 Netman - ok 21:25:51.0093 1716 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:25:51.0140 1716 NetTcpPortSharing - ok 21:25:51.0171 1716 nhcDriverDevice (37260a293b6a89373ae76791e6cc5a12) C:\WINDOWS\system32\drivers\nhcDriver.sys 21:25:51.0187 1716 nhcDriverDevice ( UnsignedFile.Multi.Generic ) - warning 21:25:51.0187 1716 nhcDriverDevice - detected UnsignedFile.Multi.Generic (1) 21:25:51.0218 1716 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 21:25:51.0484 1716 NIC1394 - ok 21:25:51.0578 1716 Nla (774274c487493452df3b0126dbe7ff3b) C:\WINDOWS\System32\mswsock.dll 21:25:51.0718 1716 Nla - ok 21:25:51.0734 1716 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 21:25:51.0984 1716 Npfs - ok 21:25:52.0109 1716 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys 21:25:52.0406 1716 Ntfs - ok 21:25:52.0421 1716 NtLmSsp (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe 21:25:52.0687 1716 NtLmSsp - ok 21:25:52.0765 1716 NtmsSvc (428aa946a8d9f32dbb4260c8e6e13377) C:\WINDOWS\system32\ntmssvc.dll 21:25:53.0078 1716 NtmsSvc - ok 21:25:53.0140 1716 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 21:25:53.0421 1716 Null - ok 21:25:53.0484 1716 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 21:25:53.0750 1716 NwlnkFlt - ok 21:25:53.0765 1716 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 21:25:54.0015 1716 NwlnkFwd - ok 21:25:54.0031 1716 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 21:25:54.0312 1716 ohci1394 - ok 21:25:54.0343 1716 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\drivers\Parport.sys 21:25:54.0593 1716 Parport - ok 21:25:54.0609 1716 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 21:25:54.0859 1716 PartMgr - ok 21:25:54.0906 1716 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 21:25:55.0140 1716 ParVdm - ok 21:25:55.0171 1716 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys 21:25:55.0437 1716 PCI - ok 21:25:55.0453 1716 PCIDump - ok 21:25:55.0453 1716 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 21:25:55.0734 1716 PCIIde - ok 21:25:55.0765 1716 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 21:25:56.0046 1716 Pcmcia - ok 21:25:56.0046 1716 PDCOMP - ok 21:25:56.0062 1716 PDFRAME - ok 21:25:56.0062 1716 PDRELI - ok 21:25:56.0093 1716 PDRFRAME - ok 21:25:56.0109 1716 perc2 - ok 21:25:56.0125 1716 perc2hib - ok 21:25:56.0250 1716 PlugPlay (65f6b774819bd727358157cedea67b8e) C:\WINDOWS\system32\services.exe 21:25:56.0500 1716 PlugPlay - ok 21:25:56.0515 1716 PolicyAgent (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe 21:25:56.0953 1716 PolicyAgent - ok 21:25:57.0125 1716 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 21:25:57.0546 1716 PptpMiniport - ok 21:25:57.0562 1716 ProtectedStorage (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe 21:25:57.0812 1716 ProtectedStorage - ok 21:25:57.0828 1716 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 21:25:58.0093 1716 PSched - ok 21:25:58.0125 1716 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 21:25:58.0390 1716 Ptilink - ok 21:25:58.0453 1716 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 21:25:58.0484 1716 PxHelp20 - ok 21:25:58.0484 1716 ql1080 - ok 21:25:58.0500 1716 Ql10wnt - ok 21:25:58.0515 1716 ql12160 - ok 21:25:58.0515 1716 ql1240 - ok 21:25:58.0531 1716 ql1280 - ok 21:25:58.0546 1716 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 21:25:58.0781 1716 RasAcd - ok 21:25:58.0828 1716 RasAuto (e3c6e87c1f84584a773d7c3dd205dbff) C:\WINDOWS\System32\rasauto.dll 21:25:59.0093 1716 RasAuto - ok 21:25:59.0125 1716 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 21:25:59.0390 1716 Rasl2tp - ok 21:25:59.0437 1716 RasMan (a5d2d745a2aefa327dca6da317b5fd70) C:\WINDOWS\System32\rasmans.dll 21:25:59.0703 1716 RasMan - ok 21:25:59.0703 1716 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 21:25:59.0968 1716 RasPppoe - ok 21:25:59.0984 1716 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 21:26:00.0234 1716 Raspti - ok 21:26:00.0296 1716 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys 21:26:01.0031 1716 Rdbss - ok 21:26:01.0031 1716 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 21:26:01.0375 1716 RDPCDD - ok 21:26:01.0437 1716 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys 21:26:01.0718 1716 RDPWD - ok 21:26:01.0968 1716 RDSessMgr (aec159942df64a9890072d7bb1797762) C:\WINDOWS\system32\sessmgr.exe 21:26:02.0250 1716 RDSessMgr - ok 21:26:02.0328 1716 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys 21:26:02.0593 1716 redbook - ok 21:26:02.0656 1716 RemoteAccess (eba80cdf25e02084857957e820004934) C:\WINDOWS\System32\mprdim.dll 21:26:02.0906 1716 RemoteAccess - ok 21:26:02.0953 1716 rimsptsk (5338e12cc00f6ce1b11e252fff25ac1e) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 21:26:03.0000 1716 rimsptsk - ok 21:26:03.0015 1716 risdptsk (c5b1e7188d110aa23961f29abbad8a47) C:\WINDOWS\system32\DRIVERS\risdptsk.sys 21:26:03.0062 1716 risdptsk - ok 21:26:03.0109 1716 rismxdp (3f535dd8d6fb8c22c37ba2a8c4a32c81) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 21:26:03.0156 1716 rismxdp - ok 21:26:03.0203 1716 RpcLocator (da23f9f3f1b1871120f980a6879581ac) C:\WINDOWS\system32\locator.exe 21:26:03.0468 1716 RpcLocator - ok 21:26:03.0531 1716 RpcSs (d45bbcddc74a1b0259a0c4b00c190d20) C:\WINDOWS\System32\rpcss.dll 21:26:03.0671 1716 RpcSs - ok 21:26:03.0734 1716 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe 21:26:04.0000 1716 RSVP - ok 21:26:04.0031 1716 SamSs (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe 21:26:04.0296 1716 SamSs - ok 21:26:04.0359 1716 SCardSvr (b4cf7b42de6cfa6fde7d6af4daa55f57) C:\WINDOWS\System32\SCardSvr.exe 21:26:04.0656 1716 SCardSvr - ok 21:26:04.0781 1716 Schedule (d5e73842f38e24457c63fef8ceffbe19) C:\WINDOWS\system32\schedsvc.dll 21:26:05.0062 1716 Schedule - ok 21:26:05.0109 1716 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys 21:26:05.0375 1716 sdbus - ok 21:26:05.0406 1716 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys 21:26:05.0562 1716 Secdrv - ok 21:26:05.0593 1716 seclogon (fed544b43903fb801b106f062110358a) C:\WINDOWS\System32\seclogon.dll 21:26:05.0843 1716 seclogon - ok 21:26:05.0906 1716 SENS (ab74d986c1dd0d0c95b6ad37ec1e9f4f) C:\WINDOWS\system32\sens.dll 21:26:06.0171 1716 SENS - ok 21:26:06.0203 1716 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\drivers\Serial.sys 21:26:06.0484 1716 Serial - ok 21:26:06.0593 1716 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 21:26:06.0859 1716 Sfloppy - ok 21:26:06.0937 1716 SharedAccess (9245420422e409a25c1410acb4244060) C:\WINDOWS\System32\ipnathlp.dll 21:26:07.0296 1716 SharedAccess - ok 21:26:07.0343 1716 ShellHWDetection (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll 21:26:07.0593 1716 ShellHWDetection - ok 21:26:07.0609 1716 Simbad - ok 21:26:07.0671 1716 smwdm (014ab093e6452ea88031bb6e22919bb5) C:\WINDOWS\system32\drivers\smwdm.sys 21:26:07.0734 1716 smwdm - ok 21:26:07.0875 1716 Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Programme\Sony\Sony PC Companion\PCCService.exe 21:26:07.0921 1716 Sony PC Companion - ok 21:26:07.0953 1716 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Programme\Analog Devices\SoundMAX\SMAgent.exe 21:26:07.0968 1716 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning 21:26:07.0968 1716 SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1) 21:26:07.0984 1716 Sparrow - ok 21:26:08.0000 1716 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys 21:26:08.0250 1716 splitter - ok 21:26:08.0562 1716 Spooler (54e7113a4bd696e430919bcaf5c65e06) C:\WINDOWS\system32\spoolsv.exe 21:26:08.0828 1716 Spooler - ok 21:26:08.0921 1716 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys 21:26:09.0093 1716 sr - ok 21:26:09.0203 1716 srservice (015f302c4cf961f20c3f98f3a7ca7917) C:\WINDOWS\system32\srsvc.dll 21:26:09.0390 1716 srservice - ok 21:26:09.0453 1716 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys 21:26:09.0562 1716 Srv - ok 21:26:09.0609 1716 SSDPSRV (6fa03b462b2fffe2627171b7fe73ee29) C:\WINDOWS\System32\ssdpsrv.dll 21:26:09.0765 1716 SSDPSRV - ok 21:26:09.0906 1716 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 21:26:09.0921 1716 ssmdrv - ok 21:26:09.0968 1716 stisvc (7e751068ada60fc77638622e86a7cd9e) C:\WINDOWS\system32\wiaservc.dll 21:26:10.0281 1716 stisvc - ok 21:26:10.0312 1716 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 21:26:10.0578 1716 swenum - ok 21:26:10.0609 1716 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 21:26:10.0875 1716 swmidi - ok 21:26:10.0875 1716 SwPrv - ok 21:26:10.0890 1716 symc810 - ok 21:26:10.0890 1716 symc8xx - ok 21:26:10.0906 1716 sym_hi - ok 21:26:10.0906 1716 sym_u3 - ok 21:26:10.0953 1716 SynTP (1dbc86da355b5db35174f862c110fd09) C:\WINDOWS\system32\DRIVERS\SynTP.sys 21:26:11.0046 1716 SynTP - ok 21:26:11.0078 1716 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 21:26:11.0343 1716 sysaudio - ok 21:26:11.0390 1716 SysmonLog (6d0c43df9d3a7c5a9b4f94772cbd5ddc) C:\WINDOWS\system32\smlogsvc.exe 21:26:11.0656 1716 SysmonLog - ok 21:26:11.0703 1716 TapiSrv (4584e2a5fe662ab3e7c32936e1449043) C:\WINDOWS\System32\tapisrv.dll 21:26:11.0984 1716 TapiSrv - ok 21:26:12.0046 1716 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 21:26:12.0203 1716 Tcpip - ok 21:26:12.0234 1716 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 21:26:12.0500 1716 TDPIPE - ok 21:26:12.0578 1716 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 21:26:12.0828 1716 TDTCP - ok 21:26:12.0875 1716 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 21:26:13.0125 1716 TermDD - ok 21:26:13.0203 1716 TermService (1850bc10de5dcccede063fc2d0f2ceda) C:\WINDOWS\System32\termsrv.dll 21:26:13.0500 1716 TermService - ok 21:26:13.0593 1716 Themes (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll 21:26:13.0843 1716 Themes - ok 21:26:13.0859 1716 TosIde - ok 21:26:13.0890 1716 TrkWks (a34e894201d66e380e1fa96fe11b587e) C:\WINDOWS\system32\trkwks.dll 21:26:14.0156 1716 TrkWks - ok 21:26:14.0218 1716 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 21:26:14.0484 1716 Udfs - ok 21:26:14.0500 1716 ultra - ok 21:26:14.0515 1716 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 21:26:14.0812 1716 Update - ok 21:26:14.0890 1716 upnphost (09d4a2d7c5a8abec227d118765faaddf) C:\WINDOWS\System32\upnphost.dll 21:26:15.0062 1716 upnphost - ok 21:26:15.0171 1716 UPS (a99f867e76cfdaa28ee305b93f70e84f) C:\WINDOWS\System32\ups.exe 21:26:15.0421 1716 UPS - ok 21:26:15.0468 1716 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 21:26:15.0734 1716 usbccgp - ok 21:26:15.0781 1716 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 21:26:16.0046 1716 usbehci - ok 21:26:16.0078 1716 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 21:26:16.0359 1716 usbhub - ok 21:26:16.0406 1716 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 21:26:16.0671 1716 usbscan - ok 21:26:16.0703 1716 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 21:26:16.0968 1716 USBSTOR - ok 21:26:17.0000 1716 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 21:26:17.0234 1716 usbuhci - ok 21:26:17.0281 1716 usb_rndisx (ee37e5c79d6c788711296075b2bc95f4) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 21:26:17.0546 1716 usb_rndisx - ok 21:26:17.0562 1716 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 21:26:17.0812 1716 VgaSave - ok 21:26:17.0828 1716 ViaIde - ok 21:26:17.0875 1716 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys 21:26:18.0125 1716 VolSnap - ok 21:26:18.0203 1716 VSS (6635ecbf0d8090dc3a452d0d072b5d5b) C:\WINDOWS\System32\vssvc.exe 21:26:18.0390 1716 VSS - ok 21:26:18.0671 1716 w29n51 (67caa926ef06e07f2d31056b39f51c54) C:\WINDOWS\system32\DRIVERS\w29n51.sys 21:26:19.0015 1716 w29n51 - ok 21:26:19.0234 1716 W32Time (c6d874cd2a5b83cd11cdebd28a638584) C:\WINDOWS\system32\w32time.dll 21:26:19.0500 1716 W32Time - ok 21:26:19.0531 1716 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 21:26:19.0796 1716 Wanarp - ok 21:26:19.0906 1716 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 21:26:19.0968 1716 Wdf01000 - ok 21:26:19.0984 1716 WDICA - ok 21:26:20.0015 1716 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys 21:26:20.0281 1716 wdmaud - ok 21:26:20.0359 1716 WebClient (1eb51feea9d3208eae60604f4346c02e) C:\WINDOWS\System32\webclnt.dll 21:26:20.0640 1716 WebClient - ok 21:26:20.0718 1716 winmgmt (da2dadb42916e59c6e4bba593bccda73) C:\WINDOWS\system32\wbem\WMIsvc.dll 21:26:20.0984 1716 winmgmt - ok 21:26:21.0046 1716 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\WINDOWS\system32\DRIVERS\WinUSB.sys 21:26:21.0093 1716 WinUSB - ok 21:26:21.0125 1716 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 21:26:21.0187 1716 WmdmPmSN - ok 21:26:21.0218 1716 WmiApSrv (042a78fcd1adfb0fba9865d55c6f5cc1) C:\WINDOWS\system32\wbem\wmiapsrv.exe 21:26:21.0500 1716 WmiApSrv - ok 21:26:21.0531 1716 wowfilter (c5ccf7e7893c49b101a29c576ba294d4) C:\WINDOWS\system32\drivers\wowfilter.sys 21:26:21.0546 1716 wowfilter ( UnsignedFile.Multi.Generic ) - warning 21:26:21.0546 1716 wowfilter - detected UnsignedFile.Multi.Generic (1) 21:26:21.0578 1716 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys 21:26:21.0609 1716 WpdUsb - ok 21:26:21.0656 1716 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 21:26:21.0906 1716 WS2IFSL - ok 21:26:21.0968 1716 wscsvc (bd3561aae748150cf51c2ca876449ea7) C:\WINDOWS\system32\wscsvc.dll 21:26:22.0234 1716 wscsvc - ok 21:26:22.0281 1716 wuauserv (1eddd5c0ecf3fa6edfd8a25b2b4e7df6) C:\WINDOWS\system32\wuauserv.dll 21:26:22.0546 1716 wuauserv - ok 21:26:22.0671 1716 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 21:26:22.0734 1716 WudfPf - ok 21:26:22.0765 1716 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 21:26:22.0812 1716 WudfRd - ok 21:26:22.0828 1716 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 21:26:22.0890 1716 WudfSvc - ok 21:26:22.0921 1716 WZCSVC (ae83ada96575dacf533c2bcb1fc163dc) C:\WINDOWS\System32\wzcsvc.dll 21:26:23.0218 1716 WZCSVC - ok 21:26:23.0281 1716 xmlprov (8302de1c64618d72346dd0034dbc5d9b) C:\WINDOWS\System32\xmlprov.dll 21:26:23.0562 1716 xmlprov - ok 21:26:23.0640 1716 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 21:26:24.0453 1716 \Device\Harddisk0\DR0 - ok 21:26:24.0468 1716 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3 21:26:24.0468 1716 \Device\Harddisk1\DR3 - ok 21:26:24.0484 1716 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4 21:26:24.0484 1716 \Device\Harddisk2\DR4 - ok 21:26:24.0500 1716 Boot (0x1200) (5acda08618c3ae19d815c0a3b46cf792) \Device\Harddisk0\DR0\Partition0 21:26:24.0500 1716 \Device\Harddisk0\DR0\Partition0 - ok 21:26:24.0515 1716 Boot (0x1200) (227d432414a15eba9d1d2146babe4510) \Device\Harddisk0\DR0\Partition1 21:26:24.0515 1716 \Device\Harddisk0\DR0\Partition1 - ok 21:26:24.0531 1716 Boot (0x1200) (377b69d8f2fd26ab30ba30de4d2230df) \Device\Harddisk1\DR3\Partition0 21:26:24.0531 1716 \Device\Harddisk1\DR3\Partition0 - ok 21:26:24.0531 1716 Boot (0x1200) (717ead5155f0d9b0431c001a638ae20a) \Device\Harddisk2\DR4\Partition0 21:26:24.0546 1716 \Device\Harddisk2\DR4\Partition0 - ok 21:26:24.0546 1716 ============================================================ 21:26:24.0546 1716 Scan finished 21:26:24.0546 1716 ============================================================ 21:26:24.0703 1308 Detected object count: 4 21:26:24.0703 1308 Actual detected object count: 4 21:26:55.0531 1308 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine 21:26:55.0843 1308 Backup copy found, using it.. 21:26:55.0937 1308 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot 21:26:55.0937 1308 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure 21:26:55.0953 1308 nhcDriverDevice ( UnsignedFile.Multi.Generic ) - skipped by user 21:26:55.0953 1308 nhcDriverDevice ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:26:55.0953 1308 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user 21:26:55.0953 1308 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:26:55.0953 1308 wowfilter ( UnsignedFile.Multi.Generic ) - skipped by user 21:26:55.0953 1308 wowfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:24:13.0781 2824 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22 21:24:13.0843 2824 ============================================================ 21:24:13.0843 2824 Current date / time: 2012/07/01 21:24:13.0843 21:24:13.0843 2824 SystemInfo: 21:24:13.0843 2824 21:24:13.0843 2824 OS Version: 5.1.2600 ServicePack: 2.0 21:24:13.0843 2824 Product type: Workstation 21:24:13.0843 2824 ComputerName: SAMSUNG-23578E4 21:24:13.0843 2824 UserName: Peter 21:24:13.0843 2824 Windows directory: C:\WINDOWS 21:24:13.0843 2824 System windows directory: C:\WINDOWS 21:24:13.0843 2824 Processor architecture: Intel x86 21:24:13.0843 2824 Number of processors: 1 21:24:13.0843 2824 Page size: 0x1000 21:24:13.0843 2824 Boot type: Normal boot 21:24:13.0843 2824 ============================================================ 21:24:17.0328 2824 Drive \Device\Harddisk0\DR0 - Size: 0x157AC25C00 (85.92 Gb), SectorSize: 0x200, Cylinders: 0x2BCF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 21:24:17.0343 2824 Drive \Device\Harddisk1\DR3 - Size: 0xEA108000 (3.66 Gb), SectorSize: 0x200, Cylinders: 0x1DD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 21:24:17.0343 2824 Drive \Device\Harddisk2\DR4 - Size: 0x1D9000000 (7.39 Gb), SectorSize: 0x200, Cylinders: 0x3C4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 21:24:17.0343 2824 ============================================================ 21:24:17.0343 2824 \Device\Harddisk0\DR0: 21:24:17.0359 2824 MBR partitions: 21:24:17.0359 2824 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x360D389 21:24:17.0375 2824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x360D407, BlocksNum 0x75C5508 21:24:17.0375 2824 \Device\Harddisk1\DR3: 21:24:17.0375 2824 MBR partitions: 21:24:17.0375 2824 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x74E8C0 21:24:17.0375 2824 \Device\Harddisk2\DR4: 21:24:17.0375 2824 MBR partitions: 21:24:17.0375 2824 \Device\Harddisk2\DR4\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xEC6000 21:24:17.0375 2824 ============================================================ 21:24:17.0390 2824 C: <-> \Device\Harddisk0\DR0\Partition0 21:24:17.0437 2824 D: <-> \Device\Harddisk0\DR0\Partition1 21:24:17.0437 2824 ============================================================ 21:24:17.0437 2824 Initialize success 21:24:17.0437 2824 ============================================================ 21:25:13.0531 1716 ============================================================ 21:25:13.0531 1716 Scan started 21:25:13.0531 1716 Mode: Manual; SigCheck; 21:25:13.0531 1716 ============================================================ 21:25:13.0906 1716 Abiosdsk - ok 21:25:13.0921 1716 abp480n5 - ok 21:25:13.0984 1716 ACPI (1268cce85f900a63942000a83d8c03d2) C:\WINDOWS\system32\DRIVERS\ACPI.sys 21:25:14.0015 1716 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: 1268cce85f900a63942000a83d8c03d2, Fake md5: 94b4741d2cf9ed38140b831293d1601a 21:25:14.0015 1716 ACPI ( Virus.Win32.Rloader.a ) - infected 21:25:14.0015 1716 ACPI - detected Virus.Win32.Rloader.a (0) 21:25:14.0046 1716 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 21:25:15.0296 1716 ACPIEC - ok 21:25:15.0296 1716 adpu160m - ok 21:25:15.0375 1716 aeaudio (cde1f62fe63631b932ace2249fb11da0) C:\WINDOWS\system32\drivers\aeaudio.sys 21:25:15.0484 1716 aeaudio - ok 21:25:15.0515 1716 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys 21:25:15.0828 1716 aec - ok 21:25:15.0890 1716 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys 21:25:16.0000 1716 AFD - ok 21:25:16.0109 1716 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 21:25:16.0375 1716 AgereSoftModem - ok 21:25:16.0390 1716 Aha154x - ok 21:25:16.0390 1716 aic78u2 - ok 21:25:16.0406 1716 aic78xx - ok 21:25:16.0453 1716 Alerter (1aab6c5f8376357cb9b16c38c42c4076) C:\WINDOWS\system32\alrsvc.dll 21:25:16.0734 1716 Alerter - ok 21:25:16.0765 1716 ALG (6596dd260ffde1bdc994c1df236307bb) C:\WINDOWS\System32\alg.exe 21:25:16.0937 1716 ALG - ok 21:25:16.0937 1716 AliIde - ok 21:25:16.0953 1716 amsint - ok 21:25:17.0140 1716 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe 21:25:17.0203 1716 AntiVirSchedulerService - ok 21:25:17.0234 1716 AntiVirService (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe 21:25:17.0250 1716 AntiVirService - ok 21:25:17.0359 1716 Application Updater (592f7ae254995274e166eec95c28f551) C:\Programme\Application Updater\ApplicationUpdater.exe 21:25:17.0453 1716 Application Updater - ok 21:25:17.0468 1716 AppMgmt - ok 21:25:17.0515 1716 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 21:25:17.0781 1716 Arp1394 - ok 21:25:17.0796 1716 asc - ok 21:25:17.0796 1716 asc3350p - ok 21:25:17.0812 1716 asc3550 - ok 21:25:17.0921 1716 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 21:25:17.0984 1716 aspnet_state - ok 21:25:18.0000 1716 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 21:25:18.0250 1716 AsyncMac - ok 21:25:18.0359 1716 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 21:25:18.0625 1716 atapi - ok 21:25:18.0640 1716 Atdisk - ok 21:25:18.0703 1716 Ati HotKey Poller (06b67e6a0b679d037d2d9e27a64ce90c) C:\WINDOWS\system32\Ati2evxx.exe 21:25:18.0812 1716 Ati HotKey Poller - ok 21:25:18.0937 1716 ati2mtag (d5537cc8cc9a86668e3903bd53caa83c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 21:25:19.0078 1716 ati2mtag - ok 21:25:19.0140 1716 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 21:25:19.0406 1716 Atmarpc - ok 21:25:19.0453 1716 AudioSrv (e98b8250398f6637b335a76ba8dfb602) C:\WINDOWS\System32\audiosrv.dll 21:25:19.0734 1716 AudioSrv - ok 21:25:19.0765 1716 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 21:25:20.0062 1716 audstub - ok 21:25:20.0203 1716 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 21:25:20.0218 1716 avgio - ok 21:25:20.0265 1716 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 21:25:20.0375 1716 avgntflt - ok 21:25:20.0406 1716 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 21:25:20.0453 1716 avipbb - ok 21:25:20.0484 1716 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 21:25:20.0562 1716 bcm4sbxp - ok 21:25:20.0609 1716 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 21:25:20.0859 1716 Beep - ok 21:25:20.0937 1716 BITS (3a5e54a9ab96ef2d273b58136fb58efe) C:\WINDOWS\system32\qmgr.dll 21:25:21.0250 1716 BITS - ok 21:25:21.0359 1716 Browser (d8653dcd80cf2ebb333fc4fcc43a7def) C:\WINDOWS\System32\browser.dll 21:25:21.0656 1716 Browser - ok 21:25:21.0703 1716 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys 21:25:22.0031 1716 BTCFilterService - ok 21:25:22.0046 1716 catchme - ok 21:25:22.0093 1716 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 21:25:22.0406 1716 cbidf2k - ok 21:25:22.0421 1716 cd20xrnt - ok 21:25:22.0453 1716 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 21:25:22.0703 1716 Cdaudio - ok 21:25:22.0859 1716 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 21:25:23.0125 1716 Cdfs - ok 21:25:23.0171 1716 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 21:25:23.0453 1716 Cdrom - ok 21:25:23.0468 1716 Changer - ok 21:25:23.0515 1716 CiSvc (234d52c63c67a8cf4af9becce43bfb4a) C:\WINDOWS\system32\cisvc.exe 21:25:23.0796 1716 CiSvc - ok 21:25:23.0859 1716 ClipSrv (0461868578d29dc18fb1c79933c5158a) C:\WINDOWS\system32\clipsrv.exe 21:25:24.0109 1716 ClipSrv - ok 21:25:24.0187 1716 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:25:24.0250 1716 clr_optimization_v2.0.50727_32 - ok 21:25:24.0296 1716 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 21:25:24.0562 1716 CmBatt - ok 21:25:24.0562 1716 CmdIde - ok 21:25:24.0625 1716 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys 21:25:24.0875 1716 Compbatt - ok 21:25:24.0890 1716 COMSysApp - ok 21:25:24.0906 1716 Cpqarray - ok 21:25:24.0937 1716 CryptSvc (1a5f9db98df7955b4c7cbdbf2c638238) C:\WINDOWS\System32\cryptsvc.dll 21:25:25.0218 1716 CryptSvc - ok 21:25:25.0218 1716 dac2w2k - ok 21:25:25.0234 1716 dac960nt - ok 21:25:25.0375 1716 DcomLaunch (d45bbcddc74a1b0259a0c4b00c190d20) C:\WINDOWS\system32\rpcss.dll 21:25:25.0515 1716 DcomLaunch - ok 21:25:25.0546 1716 Dhcp (69f986b2688ba95a0d9362b0e233d5ff) C:\WINDOWS\System32\dhcpcsvc.dll 21:25:25.0796 1716 Dhcp - ok 21:25:25.0843 1716 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 21:25:26.0093 1716 Disk - ok 21:25:26.0109 1716 dmadmin - ok 21:25:26.0218 1716 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys 21:25:26.0546 1716 dmboot - ok 21:25:26.0640 1716 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys 21:25:26.0921 1716 dmio - ok 21:25:26.0984 1716 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 21:25:27.0234 1716 dmload - ok 21:25:27.0343 1716 dmserver (fa2d9d1a9f6b5a88d01e1685ce2378ba) C:\WINDOWS\System32\dmserver.dll 21:25:27.0609 1716 dmserver - ok 21:25:27.0656 1716 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 21:25:27.0968 1716 DMusic - ok 21:25:28.0015 1716 Dnscache (d1f5b71bbaeee07b78980dbd878c0bc7) C:\WINDOWS\System32\dnsrslvr.dll 21:25:28.0296 1716 Dnscache - ok 21:25:28.0296 1716 dpti2o - ok 21:25:28.0328 1716 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 21:25:28.0578 1716 drmkaud - ok 21:25:28.0625 1716 ERSvc (877a4512cc9074d6954776af47021766) C:\WINDOWS\System32\ersvc.dll 21:25:28.0906 1716 ERSvc - ok 21:25:28.0937 1716 Eventlog (65f6b774819bd727358157cedea67b8e) C:\WINDOWS\system32\services.exe 21:25:29.0187 1716 Eventlog - ok 21:25:29.0234 1716 EventSystem (d68ed3908c7a0db446111d34ac40dc18) C:\WINDOWS\system32\es.dll 21:25:29.0312 1716 EventSystem - ok 21:25:29.0343 1716 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 21:25:29.0640 1716 Fastfat - ok 21:25:29.0687 1716 FastUserSwitchingCompatibility (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll 21:25:30.0015 1716 FastUserSwitchingCompatibility - ok 21:25:30.0078 1716 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys 21:25:30.0406 1716 Fdc - ok 21:25:30.0453 1716 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys 21:25:30.0890 1716 Fips - ok 21:25:31.0593 1716 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys 21:25:31.0859 1716 Flpydisk - ok 21:25:31.0937 1716 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 21:25:32.0203 1716 FltMgr - ok 21:25:32.0828 1716 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 21:25:32.0859 1716 FontCache3.0.0.0 - ok 21:25:32.0859 1716 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 21:25:33.0125 1716 Fs_Rec - ok 21:25:33.0156 1716 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 21:25:33.0437 1716 Ftdisk - ok 21:25:33.0515 1716 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 21:25:33.0781 1716 Gpc - ok 21:25:33.0843 1716 helpsvc (ba85bcf1a2bcf927c3600574173403e0) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 21:25:34.0109 1716 helpsvc - ok 21:25:34.0109 1716 HidServ - ok 21:25:34.0218 1716 hmbpnofrfalw - ok 21:25:34.0234 1716 hpn - ok 21:25:34.0250 1716 HTCAND32 - ok 21:25:34.0296 1716 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys 21:25:34.0375 1716 HTTP - ok 21:25:34.0390 1716 HTTPFilter (9ec7e866bbdbf3ecc0e67f4e0a838eb2) C:\WINDOWS\System32\w3ssl.dll 21:25:34.0671 1716 HTTPFilter - ok 21:25:34.0671 1716 i2omgmt - ok 21:25:34.0687 1716 i2omp - ok 21:25:34.0718 1716 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 21:25:34.0984 1716 i8042prt - ok 21:25:35.0203 1716 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 21:25:35.0328 1716 idsvc - ok 21:25:35.0359 1716 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 21:25:35.0625 1716 Imapi - ok 21:25:35.0703 1716 ImapiService (57d7267a9ed91ecaf4336b08c9628fca) C:\WINDOWS\system32\imapi.exe 21:25:36.0281 1716 ImapiService - ok 21:25:36.0281 1716 ini910u - ok 21:25:36.0328 1716 IntelIde (d63c33f65f6ebc732116403d88883b2d) C:\WINDOWS\system32\DRIVERS\intelide.sys 21:25:36.0593 1716 IntelIde - ok 21:25:36.0640 1716 intelppm (ae7511ada0d951d50cef95d7ecbace99) C:\WINDOWS\system32\DRIVERS\intelppm.sys 21:25:37.0421 1716 intelppm - ok 21:25:37.0468 1716 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 21:25:37.0734 1716 Ip6Fw - ok 21:25:37.0812 1716 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 21:25:38.0093 1716 IpFilterDriver - ok 21:25:38.0093 1716 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 21:25:38.0359 1716 IpInIp - ok 21:25:38.0390 1716 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys 21:25:38.0718 1716 IpNat - ok 21:25:39.0000 1716 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 21:25:39.0265 1716 IPSec - ok 21:25:39.0296 1716 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 21:25:39.0468 1716 IRENUM - ok 21:25:39.0593 1716 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys 21:25:39.0843 1716 isapnp - ok 21:25:40.0171 1716 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 21:25:40.0218 1716 JavaQuickStarterService - ok 21:25:40.0265 1716 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 21:25:40.0531 1716 Kbdclass - ok 21:25:40.0609 1716 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys 21:25:40.0890 1716 kmixer - ok 21:25:41.0078 1716 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys 21:25:41.0156 1716 KSecDD - ok 21:25:41.0203 1716 lanmanserver (f8170aa51cd202bc062b8a0983f361b7) C:\WINDOWS\System32\srvsvc.dll 21:25:41.0500 1716 lanmanserver - ok 21:25:41.0593 1716 lanmanworkstation (f716a6f5babb6da60c0532510ab52245) C:\WINDOWS\System32\wkssvc.dll 21:25:41.0640 1716 lanmanworkstation - ok 21:25:41.0640 1716 lbrtfdc - ok 21:25:41.0671 1716 LmHosts (4c25fadd7fe1d5bd779b20d3d0eb8d7c) C:\WINDOWS\System32\lmhsvc.dll 21:25:41.0937 1716 LmHosts - ok 21:25:41.0968 1716 Messenger (e5215ab942c5ac5f7eb0e54871d7a27c) C:\WINDOWS\System32\msgsvc.dll 21:25:42.0250 1716 Messenger - ok 21:25:42.0375 1716 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 21:25:42.0750 1716 mnmdd - ok 21:25:42.0796 1716 mnmsrvc (bb2470d20405b272ea47ca5e18f1c58e) C:\WINDOWS\system32\mnmsrvc.exe 21:25:43.0125 1716 mnmsrvc - ok 21:25:43.0156 1716 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys 21:25:43.0437 1716 Modem - ok 21:25:43.0484 1716 motccgp (1088f75c09ebb0a8b0f13b886fd67c52) C:\WINDOWS\system32\DRIVERS\motccgp.sys 21:25:43.0593 1716 motccgp - ok 21:25:43.0625 1716 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys 21:25:43.0718 1716 motccgpfl - ok 21:25:43.0750 1716 motmodem (8f408e9ed2feb8a8b8837c380faf7ad6) C:\WINDOWS\system32\DRIVERS\motmodem.sys 21:25:43.0843 1716 motmodem - ok 21:25:43.0937 1716 MotoHelper (2443b978e80f8a3d1f39855aa25882af) C:\Programme\Motorola\MotoHelper\MotoHelperService.exe 21:25:43.0984 1716 MotoHelper - ok 21:25:44.0000 1716 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys 21:25:44.0109 1716 MotoSwitchService - ok 21:25:44.0125 1716 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys 21:25:44.0218 1716 Motousbnet - ok 21:25:44.0265 1716 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys 21:25:44.0375 1716 motusbdevice - ok 21:25:44.0390 1716 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys 21:25:44.0656 1716 Mouclass - ok 21:25:44.0687 1716 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 21:25:44.0953 1716 MountMgr - ok 21:25:45.0015 1716 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 21:25:45.0062 1716 MozillaMaintenance - ok 21:25:45.0078 1716 mraid35x - ok 21:25:45.0093 1716 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 21:25:45.0390 1716 MRxDAV - ok 21:25:45.0515 1716 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 21:25:45.0625 1716 MRxSmb - ok 21:25:45.0671 1716 MSDTC (d059f9c7752ef461476e83180daa5c62) C:\WINDOWS\system32\msdtc.exe 21:25:45.0921 1716 MSDTC - ok 21:25:45.0937 1716 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 21:25:46.0203 1716 Msfs - ok 21:25:46.0203 1716 MSIServer - ok 21:25:46.0250 1716 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 21:25:46.0500 1716 MSKSSRV - ok 21:25:46.0562 1716 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 21:25:46.0812 1716 MSPCLOCK - ok 21:25:46.0859 1716 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 21:25:47.0125 1716 MSPQM - ok 21:25:47.0171 1716 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 21:25:47.0437 1716 mssmbios - ok 21:25:47.0484 1716 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 21:25:47.0750 1716 Mup - ok 21:25:47.0781 1716 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 21:25:48.0046 1716 NDIS - ok 21:25:48.0093 1716 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 21:25:48.0359 1716 NdisTapi - ok 21:25:48.0406 1716 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 21:25:48.0640 1716 Ndisuio - ok 21:25:48.0671 1716 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 21:25:48.0937 1716 NdisWan - ok 21:25:48.0953 1716 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 21:25:49.0234 1716 NDProxy - ok 21:25:49.0234 1716 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 21:25:49.0500 1716 NetBIOS - ok 21:25:49.0546 1716 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 21:25:49.0828 1716 NetBT - ok 21:25:49.0875 1716 NetDDE (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe 21:25:50.0140 1716 NetDDE - ok 21:25:50.0156 1716 NetDDEdsdm (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe 21:25:50.0406 1716 NetDDEdsdm - ok 21:25:50.0437 1716 Netlogon (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe 21:25:50.0687 1716 Netlogon - ok 21:25:50.0750 1716 Netman (cdf4da6b518105343fe9e8afbbf8fbf4) C:\WINDOWS\System32\netman.dll 21:25:51.0000 1716 Netman - ok 21:25:51.0093 1716 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:25:51.0140 1716 NetTcpPortSharing - ok 21:25:51.0171 1716 nhcDriverDevice (37260a293b6a89373ae76791e6cc5a12) C:\WINDOWS\system32\drivers\nhcDriver.sys 21:25:51.0187 1716 nhcDriverDevice ( UnsignedFile.Multi.Generic ) - warning 21:25:51.0187 1716 nhcDriverDevice - detected UnsignedFile.Multi.Generic (1) 21:25:51.0218 1716 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 21:25:51.0484 1716 NIC1394 - ok 21:25:51.0578 1716 Nla (774274c487493452df3b0126dbe7ff3b) C:\WINDOWS\System32\mswsock.dll 21:25:51.0718 1716 Nla - ok 21:25:51.0734 1716 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 21:25:51.0984 1716 Npfs - ok 21:25:52.0109 1716 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys 21:25:52.0406 1716 Ntfs - ok 21:25:52.0421 1716 NtLmSsp (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe 21:25:52.0687 1716 NtLmSsp - ok 21:25:52.0765 1716 NtmsSvc (428aa946a8d9f32dbb4260c8e6e13377) C:\WINDOWS\system32\ntmssvc.dll 21:25:53.0078 1716 NtmsSvc - ok 21:25:53.0140 1716 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 21:25:53.0421 1716 Null - ok 21:25:53.0484 1716 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 21:25:53.0750 1716 NwlnkFlt - ok 21:25:53.0765 1716 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 21:25:54.0015 1716 NwlnkFwd - ok 21:25:54.0031 1716 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 21:25:54.0312 1716 ohci1394 - ok 21:25:54.0343 1716 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\drivers\Parport.sys 21:25:54.0593 1716 Parport - ok 21:25:54.0609 1716 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 21:25:54.0859 1716 PartMgr - ok 21:25:54.0906 1716 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 21:25:55.0140 1716 ParVdm - ok 21:25:55.0171 1716 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys 21:25:55.0437 1716 PCI - ok 21:25:55.0453 1716 PCIDump - ok 21:25:55.0453 1716 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 21:25:55.0734 1716 PCIIde - ok 21:25:55.0765 1716 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 21:25:56.0046 1716 Pcmcia - ok 21:25:56.0046 1716 PDCOMP - ok 21:25:56.0062 1716 PDFRAME - ok 21:25:56.0062 1716 PDRELI - ok 21:25:56.0093 1716 PDRFRAME - ok 21:25:56.0109 1716 perc2 - ok 21:25:56.0125 1716 perc2hib - ok 21:25:56.0250 1716 PlugPlay (65f6b774819bd727358157cedea67b8e) C:\WINDOWS\system32\services.exe 21:25:56.0500 1716 PlugPlay - ok 21:25:56.0515 1716 PolicyAgent (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe 21:25:56.0953 1716 PolicyAgent - ok 21:25:57.0125 1716 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 21:25:57.0546 1716 PptpMiniport - ok 21:25:57.0562 1716 ProtectedStorage (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe 21:25:57.0812 1716 ProtectedStorage - ok 21:25:57.0828 1716 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 21:25:58.0093 1716 PSched - ok 21:25:58.0125 1716 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 21:25:58.0390 1716 Ptilink - ok 21:25:58.0453 1716 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 21:25:58.0484 1716 PxHelp20 - ok 21:25:58.0484 1716 ql1080 - ok 21:25:58.0500 1716 Ql10wnt - ok 21:25:58.0515 1716 ql12160 - ok 21:25:58.0515 1716 ql1240 - ok 21:25:58.0531 1716 ql1280 - ok 21:25:58.0546 1716 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 21:25:58.0781 1716 RasAcd - ok 21:25:58.0828 1716 RasAuto (e3c6e87c1f84584a773d7c3dd205dbff) C:\WINDOWS\System32\rasauto.dll 21:25:59.0093 1716 RasAuto - ok 21:25:59.0125 1716 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 21:25:59.0390 1716 Rasl2tp - ok 21:25:59.0437 1716 RasMan (a5d2d745a2aefa327dca6da317b5fd70) C:\WINDOWS\System32\rasmans.dll 21:25:59.0703 1716 RasMan - ok 21:25:59.0703 1716 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 21:25:59.0968 1716 RasPppoe - ok 21:25:59.0984 1716 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 21:26:00.0234 1716 Raspti - ok 21:26:00.0296 1716 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys 21:26:01.0031 1716 Rdbss - ok 21:26:01.0031 1716 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 21:26:01.0375 1716 RDPCDD - ok 21:26:01.0437 1716 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys 21:26:01.0718 1716 RDPWD - ok 21:26:01.0968 1716 RDSessMgr (aec159942df64a9890072d7bb1797762) C:\WINDOWS\system32\sessmgr.exe 21:26:02.0250 1716 RDSessMgr - ok 21:26:02.0328 1716 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys 21:26:02.0593 1716 redbook - ok 21:26:02.0656 1716 RemoteAccess (eba80cdf25e02084857957e820004934) C:\WINDOWS\System32\mprdim.dll 21:26:02.0906 1716 RemoteAccess - ok 21:26:02.0953 1716 rimsptsk (5338e12cc00f6ce1b11e252fff25ac1e) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 21:26:03.0000 1716 rimsptsk - ok 21:26:03.0015 1716 risdptsk (c5b1e7188d110aa23961f29abbad8a47) C:\WINDOWS\system32\DRIVERS\risdptsk.sys 21:26:03.0062 1716 risdptsk - ok 21:26:03.0109 1716 rismxdp (3f535dd8d6fb8c22c37ba2a8c4a32c81) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 21:26:03.0156 1716 rismxdp - ok 21:26:03.0203 1716 RpcLocator (da23f9f3f1b1871120f980a6879581ac) C:\WINDOWS\system32\locator.exe 21:26:03.0468 1716 RpcLocator - ok 21:26:03.0531 1716 RpcSs (d45bbcddc74a1b0259a0c4b00c190d20) C:\WINDOWS\System32\rpcss.dll 21:26:03.0671 1716 RpcSs - ok 21:26:03.0734 1716 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe 21:26:04.0000 1716 RSVP - ok 21:26:04.0031 1716 SamSs (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe 21:26:04.0296 1716 SamSs - ok 21:26:04.0359 1716 SCardSvr (b4cf7b42de6cfa6fde7d6af4daa55f57) C:\WINDOWS\System32\SCardSvr.exe 21:26:04.0656 1716 SCardSvr - ok 21:26:04.0781 1716 Schedule (d5e73842f38e24457c63fef8ceffbe19) C:\WINDOWS\system32\schedsvc.dll 21:26:05.0062 1716 Schedule - ok 21:26:05.0109 1716 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys 21:26:05.0375 1716 sdbus - ok 21:26:05.0406 1716 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys 21:26:05.0562 1716 Secdrv - ok 21:26:05.0593 1716 seclogon (fed544b43903fb801b106f062110358a) C:\WINDOWS\System32\seclogon.dll 21:26:05.0843 1716 seclogon - ok 21:26:05.0906 1716 SENS (ab74d986c1dd0d0c95b6ad37ec1e9f4f) C:\WINDOWS\system32\sens.dll 21:26:06.0171 1716 SENS - ok 21:26:06.0203 1716 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\drivers\Serial.sys 21:26:06.0484 1716 Serial - ok 21:26:06.0593 1716 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 21:26:06.0859 1716 Sfloppy - ok 21:26:06.0937 1716 SharedAccess (9245420422e409a25c1410acb4244060) C:\WINDOWS\System32\ipnathlp.dll 21:26:07.0296 1716 SharedAccess - ok 21:26:07.0343 1716 ShellHWDetection (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll 21:26:07.0593 1716 ShellHWDetection - ok 21:26:07.0609 1716 Simbad - ok 21:26:07.0671 1716 smwdm (014ab093e6452ea88031bb6e22919bb5) C:\WINDOWS\system32\drivers\smwdm.sys 21:26:07.0734 1716 smwdm - ok 21:26:07.0875 1716 Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Programme\Sony\Sony PC Companion\PCCService.exe 21:26:07.0921 1716 Sony PC Companion - ok 21:26:07.0953 1716 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Programme\Analog Devices\SoundMAX\SMAgent.exe 21:26:07.0968 1716 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning 21:26:07.0968 1716 SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1) 21:26:07.0984 1716 Sparrow - ok 21:26:08.0000 1716 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys 21:26:08.0250 1716 splitter - ok 21:26:08.0562 1716 Spooler (54e7113a4bd696e430919bcaf5c65e06) C:\WINDOWS\system32\spoolsv.exe 21:26:08.0828 1716 Spooler - ok 21:26:08.0921 1716 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys 21:26:09.0093 1716 sr - ok 21:26:09.0203 1716 srservice (015f302c4cf961f20c3f98f3a7ca7917) C:\WINDOWS\system32\srsvc.dll 21:26:09.0390 1716 srservice - ok 21:26:09.0453 1716 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys 21:26:09.0562 1716 Srv - ok 21:26:09.0609 1716 SSDPSRV (6fa03b462b2fffe2627171b7fe73ee29) C:\WINDOWS\System32\ssdpsrv.dll 21:26:09.0765 1716 SSDPSRV - ok 21:26:09.0906 1716 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 21:26:09.0921 1716 ssmdrv - ok 21:26:09.0968 1716 stisvc (7e751068ada60fc77638622e86a7cd9e) C:\WINDOWS\system32\wiaservc.dll 21:26:10.0281 1716 stisvc - ok 21:26:10.0312 1716 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 21:26:10.0578 1716 swenum - ok 21:26:10.0609 1716 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 21:26:10.0875 1716 swmidi - ok 21:26:10.0875 1716 SwPrv - ok 21:26:10.0890 1716 symc810 - ok 21:26:10.0890 1716 symc8xx - ok 21:26:10.0906 1716 sym_hi - ok 21:26:10.0906 1716 sym_u3 - ok 21:26:10.0953 1716 SynTP (1dbc86da355b5db35174f862c110fd09) C:\WINDOWS\system32\DRIVERS\SynTP.sys 21:26:11.0046 1716 SynTP - ok 21:26:11.0078 1716 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 21:26:11.0343 1716 sysaudio - ok 21:26:11.0390 1716 SysmonLog (6d0c43df9d3a7c5a9b4f94772cbd5ddc) C:\WINDOWS\system32\smlogsvc.exe 21:26:11.0656 1716 SysmonLog - ok 21:26:11.0703 1716 TapiSrv (4584e2a5fe662ab3e7c32936e1449043) C:\WINDOWS\System32\tapisrv.dll 21:26:11.0984 1716 TapiSrv - ok 21:26:12.0046 1716 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 21:26:12.0203 1716 Tcpip - ok 21:26:12.0234 1716 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 21:26:12.0500 1716 TDPIPE - ok 21:26:12.0578 1716 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 21:26:12.0828 1716 TDTCP - ok 21:26:12.0875 1716 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 21:26:13.0125 1716 TermDD - ok 21:26:13.0203 1716 TermService (1850bc10de5dcccede063fc2d0f2ceda) C:\WINDOWS\System32\termsrv.dll 21:26:13.0500 1716 TermService - ok 21:26:13.0593 1716 Themes (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll 21:26:13.0843 1716 Themes - ok 21:26:13.0859 1716 TosIde - ok 21:26:13.0890 1716 TrkWks (a34e894201d66e380e1fa96fe11b587e) C:\WINDOWS\system32\trkwks.dll 21:26:14.0156 1716 TrkWks - ok 21:26:14.0218 1716 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 21:26:14.0484 1716 Udfs - ok 21:26:14.0500 1716 ultra - ok 21:26:14.0515 1716 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 21:26:14.0812 1716 Update - ok 21:26:14.0890 1716 upnphost (09d4a2d7c5a8abec227d118765faaddf) C:\WINDOWS\System32\upnphost.dll 21:26:15.0062 1716 upnphost - ok 21:26:15.0171 1716 UPS (a99f867e76cfdaa28ee305b93f70e84f) C:\WINDOWS\System32\ups.exe 21:26:15.0421 1716 UPS - ok 21:26:15.0468 1716 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 21:26:15.0734 1716 usbccgp - ok 21:26:15.0781 1716 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 21:26:16.0046 1716 usbehci - ok 21:26:16.0078 1716 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 21:26:16.0359 1716 usbhub - ok 21:26:16.0406 1716 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 21:26:16.0671 1716 usbscan - ok 21:26:16.0703 1716 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 21:26:16.0968 1716 USBSTOR - ok 21:26:17.0000 1716 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 21:26:17.0234 1716 usbuhci - ok 21:26:17.0281 1716 usb_rndisx (ee37e5c79d6c788711296075b2bc95f4) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 21:26:17.0546 1716 usb_rndisx - ok 21:26:17.0562 1716 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 21:26:17.0812 1716 VgaSave - ok 21:26:17.0828 1716 ViaIde - ok 21:26:17.0875 1716 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys 21:26:18.0125 1716 VolSnap - ok 21:26:18.0203 1716 VSS (6635ecbf0d8090dc3a452d0d072b5d5b) C:\WINDOWS\System32\vssvc.exe 21:26:18.0390 1716 VSS - ok 21:26:18.0671 1716 w29n51 (67caa926ef06e07f2d31056b39f51c54) C:\WINDOWS\system32\DRIVERS\w29n51.sys 21:26:19.0015 1716 w29n51 - ok 21:26:19.0234 1716 W32Time (c6d874cd2a5b83cd11cdebd28a638584) C:\WINDOWS\system32\w32time.dll 21:26:19.0500 1716 W32Time - ok 21:26:19.0531 1716 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 21:26:19.0796 1716 Wanarp - ok 21:26:19.0906 1716 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 21:26:19.0968 1716 Wdf01000 - ok 21:26:19.0984 1716 WDICA - ok 21:26:20.0015 1716 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys 21:26:20.0281 1716 wdmaud - ok 21:26:20.0359 1716 WebClient (1eb51feea9d3208eae60604f4346c02e) C:\WINDOWS\System32\webclnt.dll 21:26:20.0640 1716 WebClient - ok 21:26:20.0718 1716 winmgmt (da2dadb42916e59c6e4bba593bccda73) C:\WINDOWS\system32\wbem\WMIsvc.dll 21:26:20.0984 1716 winmgmt - ok 21:26:21.0046 1716 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\WINDOWS\system32\DRIVERS\WinUSB.sys 21:26:21.0093 1716 WinUSB - ok 21:26:21.0125 1716 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 21:26:21.0187 1716 WmdmPmSN - ok 21:26:21.0218 1716 WmiApSrv (042a78fcd1adfb0fba9865d55c6f5cc1) C:\WINDOWS\system32\wbem\wmiapsrv.exe 21:26:21.0500 1716 WmiApSrv - ok 21:26:21.0531 1716 wowfilter (c5ccf7e7893c49b101a29c576ba294d4) C:\WINDOWS\system32\drivers\wowfilter.sys 21:26:21.0546 1716 wowfilter ( UnsignedFile.Multi.Generic ) - warning 21:26:21.0546 1716 wowfilter - detected UnsignedFile.Multi.Generic (1) 21:26:21.0578 1716 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys 21:26:21.0609 1716 WpdUsb - ok 21:26:21.0656 1716 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 21:26:21.0906 1716 WS2IFSL - ok 21:26:21.0968 1716 wscsvc (bd3561aae748150cf51c2ca876449ea7) C:\WINDOWS\system32\wscsvc.dll 21:26:22.0234 1716 wscsvc - ok 21:26:22.0281 1716 wuauserv (1eddd5c0ecf3fa6edfd8a25b2b4e7df6) C:\WINDOWS\system32\wuauserv.dll 21:26:22.0546 1716 wuauserv - ok 21:26:22.0671 1716 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 21:26:22.0734 1716 WudfPf - ok 21:26:22.0765 1716 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 21:26:22.0812 1716 WudfRd - ok 21:26:22.0828 1716 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 21:26:22.0890 1716 WudfSvc - ok 21:26:22.0921 1716 WZCSVC (ae83ada96575dacf533c2bcb1fc163dc) C:\WINDOWS\System32\wzcsvc.dll 21:26:23.0218 1716 WZCSVC - ok 21:26:23.0281 1716 xmlprov (8302de1c64618d72346dd0034dbc5d9b) C:\WINDOWS\System32\xmlprov.dll 21:26:23.0562 1716 xmlprov - ok 21:26:23.0640 1716 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 21:26:24.0453 1716 \Device\Harddisk0\DR0 - ok 21:26:24.0468 1716 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3 21:26:24.0468 1716 \Device\Harddisk1\DR3 - ok 21:26:24.0484 1716 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4 21:26:24.0484 1716 \Device\Harddisk2\DR4 - ok 21:26:24.0500 1716 Boot (0x1200) (5acda08618c3ae19d815c0a3b46cf792) \Device\Harddisk0\DR0\Partition0 21:26:24.0500 1716 \Device\Harddisk0\DR0\Partition0 - ok 21:26:24.0515 1716 Boot (0x1200) (227d432414a15eba9d1d2146babe4510) \Device\Harddisk0\DR0\Partition1 21:26:24.0515 1716 \Device\Harddisk0\DR0\Partition1 - ok 21:26:24.0531 1716 Boot (0x1200) (377b69d8f2fd26ab30ba30de4d2230df) \Device\Harddisk1\DR3\Partition0 21:26:24.0531 1716 \Device\Harddisk1\DR3\Partition0 - ok 21:26:24.0531 1716 Boot (0x1200) (717ead5155f0d9b0431c001a638ae20a) \Device\Harddisk2\DR4\Partition0 21:26:24.0546 1716 \Device\Harddisk2\DR4\Partition0 - ok 21:26:24.0546 1716 ============================================================ 21:26:24.0546 1716 Scan finished 21:26:24.0546 1716 ============================================================ 21:26:24.0703 1308 Detected object count: 4 21:26:24.0703 1308 Actual detected object count: 4 21:26:55.0531 1308 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine 21:26:55.0843 1308 Backup copy found, using it.. 21:26:55.0937 1308 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot 21:26:55.0937 1308 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure 21:26:55.0953 1308 nhcDriverDevice ( UnsignedFile.Multi.Generic ) - skipped by user 21:26:55.0953 1308 nhcDriverDevice ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:26:55.0953 1308 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user 21:26:55.0953 1308 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:26:55.0953 1308 wowfilter ( UnsignedFile.Multi.Generic ) - skipped by user 21:26:55.0953 1308 wowfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip |
02.07.2012, 11:44 | #9 |
/// Malware-holic | Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig hi nutzt du deinen pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtiges wie berufliches?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
02.07.2012, 12:15 | #10 |
| Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig ja. wieso ??????? |
02.07.2012, 14:25 | #11 |
/// Malware-holic | Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig hi bank bitte anrufen, onlinebanking aufgrund eines rootkits sperren lassen. der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig |
adobe, antivir, antivir guard, avira, bho, computer, converter, desktop, einstellungen, explorer, firefox, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, mozilla, mp3, notebook, pdfforge toolbar, plug-in, programme, seiten, software, system, temp, windows, windows internet, windows xp |