Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Internet Weiterleitung zu Werbe- und Pornoseiten

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.11.2012, 18:08   #1
0magertrud
 
Internet Weiterleitung zu Werbe- und Pornoseiten - Böse

Internet Weiterleitung zu Werbe- und Pornoseiten



Hallo, wie bereits die Überschrift verrät werde ich dauern nach der Googlesuche auf Porno und oder Werbeseiten weitergeleitet. Ich habe bereits erfolglos mehrere Virenscanner und die Kaspersky Notfall CD 10 durchlaufen lassen.
Dieses Problem habe ich beim Googlen auch mehrmals gefunden, die Lösung bestand allerdings aus mir vollkommen unverständlichen Logfiles etc. kann mir jemand weiterhelfen?

MfG
0magertrud

Alt 04.11.2012, 18:34   #2
markusg
/// Malware-holic
 
Internet Weiterleitung zu Werbe- und Pornoseiten - Standard

Internet Weiterleitung zu Werbe- und Pornoseiten



hi
hatt einer der scanner was gefunden? falls ja, fundmeldung mit pfadangabe posten
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 04.11.2012, 20:50   #3
0magertrud
 
Internet Weiterleitung zu Werbe- und Pornoseiten - Standard

Internet Weiterleitung zu Werbe- und Pornoseiten



OTL.txt:
Code:
ATTFilter
OTL logfile created on: 4-11-2012 19:34:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wilma\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
 
1,75 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 46,32% Memory free
3,74 Gb Paging File | 2,48 Gb Available in Paging File | 66,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103,78 Gb Total Space | 33,63 Gb Free Space | 32,41% Space Free | Partition Type: NTFS
 
Computer Name: PC_VAN_WILMA | User Name: Wilma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012-11-04 19:31:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wilma\Desktop\OTL.exe
PRC - [2012-10-24 08:04:59 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012-10-16 18:07:01 | 004,762,496 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012-08-30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
PRC - [2012-07-11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011-01-17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011-01-17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010-04-02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010-03-25 03:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009-12-21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-01-29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007-07-19 14:32:34 | 001,120,568 | ---- | M] (Packard Bell BV) -- C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
PRC - [2007-04-19 10:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007-02-15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007-02-14 19:46:20 | 000,278,608 | ---- | M] () -- c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
PRC - [2007-02-14 19:45:48 | 000,159,744 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Powercinema\PCMService.exe
PRC - [2007-02-05 17:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007-01-11 10:40:22 | 000,232,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006-12-18 16:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012-08-30 22:24:20 | 007,422,392 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll
MOD - [2012-08-30 22:24:18 | 001,270,200 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll
MOD - [2012-08-30 22:24:18 | 000,192,952 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll
MOD - [2012-08-30 22:24:16 | 002,453,944 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll
MOD - [2012-08-30 22:24:16 | 002,126,264 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll
MOD - [2012-08-30 22:24:16 | 000,795,064 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll
MOD - [2012-08-30 22:23:02 | 000,459,192 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll
MOD - [2012-06-15 03:06:22 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012-06-15 03:00:15 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012-06-15 02:56:46 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012-05-13 03:19:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012-05-13 03:13:24 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012-05-13 03:10:09 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012-05-13 03:09:58 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012-02-10 19:13:37 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011-09-05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll
MOD - [2011-09-05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll
MOD - [2007-09-18 20:04:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2665.42168__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2007-09-18 20:04:16 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2665.42152__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2007-09-18 20:04:16 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2665.42149__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2007-09-18 20:04:16 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2665.42240__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2007-09-18 20:03:55 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2700.37112__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2007-09-18 20:03:55 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2700.37110__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2007-09-18 20:03:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2665.42158__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2007-09-18 20:03:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2665.42169__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2007-09-18 20:03:53 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2700.37112__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2007-05-24 14:52:46 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007-03-02 10:44:34 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
MOD - [2007-02-14 19:46:24 | 000,339,968 | ---- | M] () -- c:\Program Files\Powercinema\Kernel\TV\CLTinyDB.dll
MOD - [2007-02-14 19:46:06 | 000,241,750 | ---- | M] () -- c:\Program Files\Powercinema\Kernel\TV\CLCapEngine.dll
MOD - [2007-02-14 19:46:06 | 000,114,768 | ---- | M] () -- c:\Program Files\Powercinema\Kernel\TV\CLSchMgr.dll
MOD - [2007-02-14 19:46:06 | 000,032,768 | ---- | M] () -- c:\Program Files\Powercinema\Kernel\TV\CLCapSvcps.dll
MOD - [2007-01-11 10:02:14 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2002-07-04 08:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012-10-24 18:49:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-08-30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (AVP)
SRV - [2012-07-13 12:39:50 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-07-11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009-12-21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2008-01-29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008-01-19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-09-26 11:47:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007-02-14 19:46:24 | 000,110,677 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Powercinema\Kernel\TV\CLSched.exe -- (CLSched)
SRV - [2007-02-14 19:46:20 | 000,278,608 | ---- | M] () [Auto | Running] -- c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc)
SRV - [2007-02-05 17:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012-11-03 14:06:07 | 000,585,560 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011-10-20 11:48:00 | 000,135,984 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2011-10-20 11:48:00 | 000,013,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011-07-22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011-07-12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011-03-10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009-12-14 12:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\CSCrySec.sys -- (CSCrySec)
DRV - [2009-12-14 12:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV - [2009-11-02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009-09-03 01:16:05 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007-05-24 15:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007-05-02 10:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007-05-02 10:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007-05-02 10:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus)
DRV - [2007-02-28 17:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007-02-24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007-01-23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007-01-23 04:01:00 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006-12-14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006-11-28 14:53:14 | 000,847,536 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.ing.nl/particulier/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL (Ask.com)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_nl&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=vtDiaDsaybdk_hA94Q8vnK-EuU4?q={searchTerms}
IE - HKCU\..\SearchScopes\{7E1E5ABB-A9A3-41F5-949C-10FA46DCA085}: "URL" = hxxp://de.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20110521,16991,0,5,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2012-11-03 14:08:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2012-11-03 14:08:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2012-11-03 14:06:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-11-04 00:06:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-11-04 00:06:17 | 000,000,000 | ---D | M]
 
[2012-11-04 00:07:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wilma\AppData\Roaming\mozilla\Extensions
[2012-11-04 00:07:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wilma\AppData\Roaming\mozilla\Firefox\Profiles\c0ktcxpu.default\extensions
[2009-07-24 14:37:15 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Wilma\AppData\Roaming\mozilla\Firefox\Profiles\c0ktcxpu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010-02-21 01:10:43 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Wilma\AppData\Roaming\mozilla\Firefox\Profiles\c0ktcxpu.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2012-11-04 00:07:47 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Wilma\AppData\Roaming\mozilla\firefox\profiles\c0ktcxpu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2010-05-05 12:08:39 | 000,000,873 | ---- | M] () -- C:\Users\Wilma\AppData\Roaming\mozilla\firefox\profiles\c0ktcxpu.default\searchplugins\conduit.xml
[2012-11-04 00:06:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007-09-18 20:13:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010-08-03 10:13:10 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2012-10-24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-05-04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006-11-09 14:20:40 | 002,111,096 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2012-10-24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012-10-24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-10-24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012-10-24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012-10-24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012-10-24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\
CHR - Extension: Virtual Keyboard = C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\
CHR - Extension: Google Mail = C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\
 
O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL (Ask.com)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (Packard Bell)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL (Ask.com)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
O4 - HKLM..\Run: [PCMService] c:\Program Files\Powercinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( )
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 File not found
O4 - HKCU..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Wilma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///D:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///D:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///D:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EEB64B2-F0B4-4A65-BCF7-2051F59949CF}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DE85206-892D-4BB3-98F7-C660B1C232CF}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7aa9a8c1-dcf1-11df-8f36-001d60072977}\Shell - "" = AutoRun
O33 - MountPoints2\{7aa9a8c1-dcf1-11df-8f36-001d60072977}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{edb15dc3-df6d-11dd-9754-001d60072977}\Shell - "" = AutoRun
O33 - MountPoints2\{edb15dc3-df6d-11dd-9754-001d60072977}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012-11-04 19:31:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wilma\Desktop\OTL.exe
[2012-11-04 00:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012-11-04 00:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012-11-03 16:26:46 | 000,000,000 | ---D | C] -- C:\Users\Wilma\AppData\Roaming\SUPERAntiSpyware.com
[2012-11-03 16:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012-11-03 16:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012-11-03 16:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012-11-03 14:14:17 | 000,000,000 | R--D | C] -- C:\Backup
[2012-11-03 14:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0
[2012-11-03 14:08:23 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys
[2012-11-03 14:08:23 | 000,039,352 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
[2012-11-03 14:08:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012-11-03 14:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InfoWatch
[2012-11-03 14:06:07 | 000,585,560 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012-10-31 22:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012-10-31 22:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012-10-31 22:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2009-03-08 17:29:37 | 000,133,104 | ---- | C] (Google Inc.) -- C:\Users\Wilma\GOOGLEUPDATE.EXE
[2 C:\Users\Wilma\Documents\*.tmp files -> C:\Users\Wilma\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012-11-04 19:31:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wilma\Desktop\OTL.exe
[2012-11-04 19:30:08 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\Uitgebreide garantie.job
[2012-11-04 19:30:08 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator.job
[2012-11-04 19:29:34 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-11-04 19:29:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-11-04 19:29:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-11-04 19:28:52 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\GJMFX.job
[2012-11-04 19:28:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-11-04 19:28:38 | 1878,220,800 | -HS- | M] () -- C:\hiberfil.sys
[2012-11-04 12:18:01 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-11-04 12:03:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012-11-04 12:01:24 | 000,691,458 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2012-11-04 12:01:24 | 000,608,526 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-11-04 12:01:24 | 000,137,188 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2012-11-04 12:01:23 | 000,109,764 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-11-04 00:06:41 | 000,000,873 | ---- | M] () -- C:\Users\Wilma\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-11-04 00:06:40 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012-11-03 16:54:17 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 17d3d17a-e736-4c1f-bc7a-8667748e1ff8.job
[2012-11-03 16:54:17 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 09e54ffb-8ca2-4f44-b330-bd09e0621cb1.job
[2012-11-03 16:26:31 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012-11-03 14:15:00 | 000,017,408 | ---- | M] () -- C:\Users\Wilma\AppData\Local\WebpageIcons.db
[2012-11-03 14:10:07 | 000,116,189 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2012-11-03 14:10:06 | 000,098,168 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2012-11-03 14:06:07 | 000,585,560 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012-10-31 22:40:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012-10-31 22:25:49 | 000,001,966 | ---- | M] () -- C:\Users\Wilma\Desktop\Google Chrome.lnk
[2012-10-31 22:25:49 | 000,001,958 | ---- | M] () -- C:\Users\Wilma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012-10-23 21:48:31 | 035,175,761 | ---- | M] () -- C:\Users\Wilma\Desktop\Markierte_Lernvokabeln_Griechisch.pdf
[2012-10-17 14:10:31 | 040,254,154 | ---- | M] () -- C:\Users\Wilma\Desktop\Christian_Bischoff_Rednermappe.pdf
[2012-10-16 21:48:22 | 000,094,208 | RHS- | M] () -- C:\Windows\System32\PxAFSU.dll
[2 C:\Users\Wilma\Documents\*.tmp files -> C:\Users\Wilma\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012-11-04 00:06:41 | 000,000,873 | ---- | C] () -- C:\Users\Wilma\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-11-04 00:06:40 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012-11-04 00:06:40 | 000,000,849 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012-11-03 16:27:11 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 09e54ffb-8ca2-4f44-b330-bd09e0621cb1.job
[2012-11-03 16:27:09 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 17d3d17a-e736-4c1f-bc7a-8667748e1ff8.job
[2012-11-03 16:26:31 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012-11-03 14:14:56 | 000,017,408 | ---- | C] () -- C:\Users\Wilma\AppData\Local\WebpageIcons.db
[2012-11-03 14:10:07 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012-11-03 14:10:06 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012-10-31 22:25:49 | 000,001,966 | ---- | C] () -- C:\Users\Wilma\Desktop\Google Chrome.lnk
[2012-10-31 22:25:49 | 000,001,958 | ---- | C] () -- C:\Users\Wilma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012-10-21 19:20:02 | 035,175,761 | ---- | C] () -- C:\Users\Wilma\Desktop\Markierte_Lernvokabeln_Griechisch.pdf
[2012-10-17 14:10:30 | 040,254,154 | ---- | C] () -- C:\Users\Wilma\Desktop\Christian_Bischoff_Rednermappe.pdf
[2012-10-16 21:48:23 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\GJMFX.job
[2012-10-16 21:48:22 | 000,094,208 | RHS- | C] () -- C:\Windows\System32\PxAFSU.dll
[2011-08-29 23:36:12 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011-04-29 20:42:40 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011-03-11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2010-12-26 21:09:18 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2009-09-03 00:15:20 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009-07-24 14:20:02 | 000,001,024 | ---- | C] () -- C:\Users\Wilma\.rnd
[2008-05-23 22:54:48 | 000,002,943 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008-01-20 10:22:29 | 000,007,268 | ---- | C] () -- C:\Users\Wilma\AppData\Local\d3d9caps.dat
[2008-01-17 17:01:45 | 000,020,992 | ---- | C] () -- C:\Users\Wilma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-01-17 16:46:59 | 000,000,093 | ---- | C] () -- C:\Users\Wilma\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006-11-02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011-02-27 14:56:31 | 000,000,000 | ---D | M] -- C:\Users\Wilma\AppData\Roaming\Canon
[2010-08-03 00:19:35 | 000,000,000 | ---D | M] -- C:\Users\Wilma\AppData\Roaming\Cornelsen
[2010-12-05 23:01:06 | 000,000,000 | ---D | M] -- C:\Users\Wilma\AppData\Roaming\LimeWirePlus
[2012-02-10 19:39:11 | 000,000,000 | ---D | M] -- C:\Users\Wilma\AppData\Roaming\OpenOffice.org
[2008-05-23 22:47:25 | 000,000,000 | ---D | M] -- C:\Users\Wilma\AppData\Roaming\Packard Bell
[2009-09-03 00:51:21 | 000,000,000 | ---D | M] -- C:\Users\Wilma\AppData\Roaming\Samsung
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006-11-02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006-11-02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006-11-02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006-11-02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009-04-11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006-11-02 13:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006-11-02 13:58:10 | 000,032,602 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2008-01-17 16:48:31 | 000,000,340 | ---- | C] () -- C:\Windows\Tasks\Recovery DVD Creator.job
[2008-01-17 16:48:32 | 000,000,340 | ---- | C] () -- C:\Windows\Tasks\Uitgebreide garantie.job
[2009-03-08 17:25:53 | 000,000,924 | ---- | C] () -- C:\Windows\Tasks\Google Software Updater.job
[2011-03-20 19:49:02 | 000,001,042 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011-03-20 19:49:03 | 000,001,046 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012-10-16 21:48:23 | 000,000,298 | ---- | C] () -- C:\Windows\Tasks\GJMFX.job
[2012-11-03 16:27:09 | 000,000,510 | ---- | C] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 17d3d17a-e736-4c1f-bc7a-8667748e1ff8.job
[2012-11-03 16:27:11 | 000,000,510 | ---- | C] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 09e54ffb-8ca2-4f44-b330-bd09e0621cb1.job
 
< MD5 for: AGP440.SYS  >
[2008-01-19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008-01-19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008-01-19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008-01-19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006-11-02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006-11-02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009-04-11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009-04-11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009-04-11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2007-10-24 04:56:19 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\SoftwareDistribution\Download\849b321448ad54f888bc4129bd98f62b\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sys
[2008-01-19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008-01-19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006-11-02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008-02-17 01:43:52 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008-02-17 01:43:52 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2007-10-24 05:11:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\SoftwareDistribution\Download\849b321448ad54f888bc4129bd98f62b\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sys
[2008-02-17 01:43:52 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006-11-02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006-11-02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008-10-29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008-10-29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008-10-30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008-02-16 00:08:33 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008-02-16 00:08:32 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008-10-28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006-11-02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008-01-19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008-01-19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008-01-19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006-11-02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006-11-02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006-11-02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009-04-11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009-04-11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008-01-19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006-11-02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006-11-02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008-01-19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008-01-19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008-01-19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006-11-02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009-04-11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009-04-11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007-09-19 05:26:38 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007-09-19 05:26:39 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008-01-19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006-11-02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009-04-11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009-04-11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008-01-19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008-01-19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006-11-02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009-04-11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009-04-11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006-11-02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008-01-19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006-11-02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008-01-19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008-01-19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011-10-20 11:48:00 | 000,135,984 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys
[2011-10-20 11:48:00 | 000,013,104 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl2.sys
[2012-11-03 14:06:07 | 000,585,560 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys
[2011-03-10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys
[2009-11-02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys
 
< %systemroot%\System32\config\*.sav >
[2006-11-02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006-11-02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006-11-02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006-11-02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006-11-02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[2007-05-24 14:53:00 | 000,339,968 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
[2011-08-14 18:53:29 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011-08-14 18:53:29 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2006-11-02 10:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll
[2012-08-30 22:23:46 | 000,229,816 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\klogon.dll
[2012-10-16 21:48:22 | 000,094,208 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\PxAFSU.dll
 
< %USERPROFILE%\*.* >
[2010-12-26 21:10:19 | 000,001,024 | ---- | M] () -- C:\Users\Wilma\.rnd
[2009-03-08 17:29:37 | 000,133,104 | ---- | M] (Google Inc.) -- C:\Users\Wilma\GOOGLEUPDATE.EXE
[2012-11-04 20:26:21 | 004,718,592 | -HS- | M] () -- C:\Users\Wilma\ntuser.dat
[2012-11-04 20:26:21 | 000,262,144 | -H-- | M] () -- C:\Users\Wilma\ntuser.dat.LOG1
[2011-07-06 22:39:04 | 000,262,144 | -H-- | M] () -- C:\Users\Wilma\ntuser.dat.LOG2
[2012-11-04 12:59:13 | 000,065,536 | -HS- | M] () -- C:\Users\Wilma\ntuser.dat{56d4f770-f8d5-11df-950e-912ffc9b6972}.TM.blf
[2012-11-04 12:59:13 | 000,524,288 | -HS- | M] () -- C:\Users\Wilma\ntuser.dat{56d4f770-f8d5-11df-950e-912ffc9b6972}.TMContainer00000000000000000001.regtrans-ms
[2010-11-25 22:20:38 | 000,524,288 | -HS- | M] () -- C:\Users\Wilma\ntuser.dat{56d4f770-f8d5-11df-950e-912ffc9b6972}.TMContainer00000000000000000002.regtrans-ms
[2010-11-25 21:58:17 | 000,065,536 | -HS- | M] () -- C:\Users\Wilma\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010-11-25 21:58:17 | 000,524,288 | -HS- | M] () -- C:\Users\Wilma\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2008-01-17 17:08:32 | 000,524,288 | -HS- | M] () -- C:\Users\Wilma\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2008-01-17 16:36:30 | 000,000,020 | -HS- | M] () -- C:\Users\Wilma\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
[2011-01-09 13:49:55 | 000,493,672 | ---- | M] (McAfee, Inc.) -- C:\Users\Wilma\Local Settings\Temp\contentDATs.exe
[2009-07-12 23:56:18 | 001,914,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Wilma\Local Settings\Temp\FlashPlayerUpdate.exe
[2010-11-02 10:32:33 | 002,826,192 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Wilma\Local Settings\Temp\FlashPlayerUpdate01.exe
[2010-06-30 02:44:29 | 000,922,400 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Wilma\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe
[2011-02-10 01:48:12 | 000,885,536 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Wilma\Local Settings\Temp\jre-6u24-windows-i586-iftw-rv.exe
[2011-07-14 22:45:41 | 000,909,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Wilma\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe
[2012-02-20 16:45:21 | 000,909,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Wilma\Local Settings\Temp\jre-6u31-windows-i586-iftw-rv.exe
[2012-04-13 22:47:23 | 000,910,112 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Wilma\Local Settings\Temp\jre-6u32-windows-i586-iftw.exe
[2012-08-29 13:07:10 | 000,908,272 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Wilma\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe
[2012-10-26 16:05:21 | 000,912,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Wilma\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
[2010-02-05 17:46:06 | 000,779,600 | ---- | M] (CANON INC.) -- C:\Users\Wilma\Local Settings\Temp\MSETUP4.EXE
[2010-11-17 11:26:54 | 000,424,600 | ---- | M] (Google Inc.) -- C:\Users\Wilma\Local Settings\Temp\SearchWithGoogleUpdate.exe
[2010-12-09 11:44:34 | 003,598,224 | ---- | M] (McAfee, Inc.) -- C:\Users\Wilma\Local Settings\Temp\SecurityScan_Release.exe
[2008-05-23 22:52:36 | 001,174,664 | ---- | M] (Symantec Corporation) -- C:\Users\Wilma\Local Settings\Temp\SymLCSVC.EXE
[960 C:\Users\Wilma\Local Settings\Temp\*.tmp files -> C:\Users\Wilma\Local Settings\Temp\*.tmp -> ]
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
[2012-08-23 04:38:58 | 000,248,008 | ---- | M] (Ask.com) -- C:\Users\Wilma\Local Settings\Temp\AskSLib.dll
[960 C:\Users\Wilma\Local Settings\Temp\*.tmp files -> C:\Users\Wilma\Local Settings\Temp\*.tmp -> ]
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 864 bytes -> C:\Users\Wilma\Documents\Gleichwertigkeit Prüfungsleistungen NL.eml:OECustomProperty
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Wilma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\weltbild 1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\vrede:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\voorzetsels:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Voor Wilmi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\vlucht naar Engeland:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\tussen.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\stadtwaage:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\stadtwaage emden:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\stadthalle:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Stadthalle Emden:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\SS 2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\siegel Kirche:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Screenshots:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Scannen.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\scan2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\scan 1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\SantaCla.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\samenvatting 9:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\samenvatting 8:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\samenvatting 7:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\samenvatting 6b:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\samenvatting 6a:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\samenvatting 5b:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\samenvatting 5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\samenvatting 4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\samenvatting 3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\samenvatting 1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\restore:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\plattegrond:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Perry and the poor boys:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Osterlampe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\osterglocken_by_Joujou_pixelio_de.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\om.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\ogentest1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\naast.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\naambordje:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\My Music:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\My Art:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\My Albums:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Mijn Google Gadgets:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Kapellealtar_mcf-Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Kapelaltaar1_mcf-Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Kapelaltaar_mcf-Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Israel:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Israel 1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\in.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Geschenkboekje_mcf-Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Freemake:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\familie-verschillende-leeftijden-8729.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\eva:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Echt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\DVDVideoSoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Didaktische Ausarbeitung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\dagtekst2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Dagtekst:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Bremen 090.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Altaar2_mcf-Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Altaar_mcf-Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\album:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\achter.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\24-06-2010:Roxio EMC Stream

< End of report >
         
Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 4-11-2012 19:34:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wilma\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
 
1,75 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 46,32% Memory free
3,74 Gb Paging File | 2,48 Gb Available in Paging File | 66,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103,78 Gb Total Space | 33,63 Gb Free Space | 32,41% Space Free | Partition Type: NTFS
 
Computer Name: PC_VAN_WILMA | User Name: Wilma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Trekpleister fotoservice] -- "C:\Program Files\Trekpleister\Trekpleister fotoservice\Trekpleister fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C9A6AF4-0C05-402F-8C00-A8A54DC2D742}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2D3D3BE2-DEB6-4A2F-94BC-3F700BC83A11}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3E7A5DE9-5004-4025-930F-5BA67F081CD1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3FA7CDE6-18A8-46DC-8212-945540B4A22C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{455B74DC-C64D-4285-95F3-8E900D954A6C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{57DFBD9E-8D71-40AC-B787-EF8D5E42705D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{60E5FA3D-BCF7-42F0-B842-B753BFBD9FF1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{73049F38-6637-42EF-AEF1-6C6F409850B6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{742E9B61-C0E4-48E7-B8C8-0F5FCA1F8131}" = rport=138 | protocol=17 | dir=out | app=system | 
"{83D8A191-A4C3-4F75-B69E-AB6F85F2B0E3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{8E82E059-A6AC-4B8F-A423-01BDFB90D607}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | 
"{9E2FD0B1-DE95-402C-9DA2-0DB58A5E151A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A4D5B2F4-8588-47FE-9E4E-C82BF281B942}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A59815C8-15D2-41F9-B748-D8B447A4A748}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BF10892F-2F57-48A0-8E6C-C0ED21A0B193}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C7C5BEB6-1FAA-4F9C-910E-626AB86DE9F8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D202894D-DCE1-4F87-8011-57886629991D}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | 
"{E22BB168-9BCA-4D6A-8FDC-64D6158D8B5F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E43285BC-EE55-48AF-9F12-67404B274FD9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002C4BCC-3DE0-4A10-8893-6EB2A4C5066F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{083EF299-8E27-480F-8BE0-A3AC234CDE17}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{0D600FBA-E89A-4E56-873A-47A9E6B6E691}" = protocol=6 | dir=in | app=c:\program files\powercinema\powercinema.exe | 
"{188845C9-7930-44E3-9431-29CC04E76FCD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{195FE30D-9474-415F-A80F-62B29EEB8AD6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{41651206-1948-43B8-9869-5A31EACB2572}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{47E31CD9-4948-45EF-8E0C-90A1440C0417}" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe | 
"{4CACB475-C6E4-417F-BE0E-E9B62E055BF9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{504AC9D1-0581-4CB7-A9F7-C48237B44973}" = dir=in | app=c:\program files\powercinema\kernel\dms\clmsservice.exe | 
"{566D2618-C534-4DE3-B689-507A9DECDCD4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{5B23BEFC-440E-4B7A-A394-CD2D6BD61F91}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{69FE7DC4-954F-4200-AD4F-4FB017B37872}" = dir=in | app=c:\program files\powercinema\pcmservice.exe | 
"{7E209CE0-023E-4E84-8CEF-19894176A64F}" = protocol=6 | dir=in | app=c:\program files\powercinema\pcmservice.exe | 
"{899FC00F-959C-46A6-A968-944AA23CD930}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{99B166ED-7921-4A9F-9ED2-ABD73F71ECD9}" = protocol=17 | dir=in | app=c:\program files\powercinema\powercinema.exe | 
"{AA87530B-8A12-466F-B51D-26DE2E2D0467}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{BAD17FE0-956D-406A-8247-8748AB342C24}" = dir=in | app=c:\program files\powercinema\powercinema.exe | 
"{BD77E75B-5ECD-4BD6-B70F-814888578F31}" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe | 
"{D7738908-2E0B-43AC-B7DF-11D2877D01A5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E3AA117F-A685-4EF2-A83D-FC6451C783D7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E8FF027A-BF44-4401-9175-71CA3EA58720}" = protocol=17 | dir=in | app=c:\program files\powercinema\pcmservice.exe | 
"{ED2FA439-4B71-4CFA-9881-0031DBAD6778}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{F2C2DCD7-9F24-479D-A5A7-3E6BC170E99E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{FC814DA1-32D2-41C2-9488-9A3C254BC9A9}" = dir=in | app=c:\program files\powercinema\kernel\dmp\clbrowserengine.exe | 
"TCP Query User{0B535C9F-C3A7-46B1-9797-190D20BFC4AF}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"TCP Query User{67D33195-05D1-4BCB-B3EE-8A524C99FEF2}C:\program files\limewire plus\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire plus\limewire.exe | 
"TCP Query User{69D6554F-D0B2-461B-9824-E0E2F2BF7164}C:\windows\temp\navbrowser.exe" = protocol=6 | dir=in | app=c:\windows\temp\navbrowser.exe | 
"TCP Query User{B573CB6B-0F76-43AE-A43A-16082B1BE5C5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{C2B67180-8333-4DFD-8039-7651A9058EF7}C:\windows\temp\navbrowser.exe" = protocol=6 | dir=in | app=c:\windows\temp\navbrowser.exe | 
"TCP Query User{E0D23213-A501-4E7A-A60E-BCE652C2C57B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{E13EBA21-B5F7-4C83-A22B-CE7494B3BC69}C:\program files\limewire plus\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire plus\limewire.exe | 
"UDP Query User{12DF269C-353C-4A10-B68E-BEBF2DC790DF}C:\program files\limewire plus\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire plus\limewire.exe | 
"UDP Query User{531CF9E6-1D8B-4472-A272-1F70BD06CCE2}C:\windows\temp\navbrowser.exe" = protocol=17 | dir=in | app=c:\windows\temp\navbrowser.exe | 
"UDP Query User{71D9D652-278A-415C-B66B-87D3AA5AD50C}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"UDP Query User{769F9582-C38F-4A5B-8998-8163ECAD8058}C:\program files\limewire plus\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire plus\limewire.exe | 
"UDP Query User{8C4E984C-7D06-4B27-90B2-EC1D0885D7B5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{9318AEEB-7B63-440B-BE45-FAAD4ADE356D}C:\windows\temp\navbrowser.exe" = protocol=17 | dir=in | app=c:\windows\temp\navbrowser.exe | 
"UDP Query User{F549C9F0-0C64-4C87-B804-4C70A1257DA3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{049DE0EA-163F-2FDB-3E9D-C4B2DF1ED6C0}" = Catalyst Control Center Core Implementation
"{057847EC-F678-553C-23C3-F756D12D94CC}" = CCC Help Hungarian
"{06D387CA-93A6-DF48-44F4-DEF679C9773F}" = Catalyst Control Center Localization Polish
"{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR
"{0C4C1082-BED7-9F55-1817-140C358DD2A9}" = CCC Help Japanese
"{0E3E1968-69D0-A3C6-6F27-BCD4C55E8877}" = CCC Help Danish
"{0F2ECBF6-E946-D953-C820-216CA7C60766}" = Catalyst Control Center Localization Dutch
"{0FAAA044-04CF-4766-84A2-A6A95CE196BD}" = Samsung PC Studio 3
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{12D57DBB-AF1B-ACB9-C188-0CD15AB88714}" = Catalyst Control Center Localization Norwegian
"{14D55F2C-2A03-4291-B1CE-CC6FC5088386}" = HDRegNL
"{1680A88C-184E-771D-B084-475932F722F2}" = Catalyst Control Center Localization Swedish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B9EF5E8-1537-1C02-8E1B-E0F6C8B9804B}" = Catalyst Control Center Graphics Full New
"{1D02E648-3981-C46A-C490-7626CBD677E5}" = Catalyst Control Center Localization Italian
"{1D0775F7-EAA3-3B04-7E62-5F0B201E7784}" = Catalyst Control Center Localization Czech
"{1E4EBAF3-B745-D820-DAA1-A9D994ACEAC1}" = Catalyst Control Center Localization German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{27FA0EA8-B597-6156-3F71-0600589E5DF5}" = Catalyst Control Center Localization Korean
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"{2EA63C93-C1ED-AA5D-63A4-809AC014130A}" = CCC Help Turkish
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{324A6FDE-72E6-FE4A-3E96-79FC082FF05C}" = CCC Help Korean
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44D3E73C-DD4F-E9F5-ED67-6449A95BDAEE}" = Catalyst Control Center Localization Chinese Standard
"{471E6731-9F77-7642-6FEE-82BF38572F41}" = Catalyst Control Center Localization Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = USB2.0 350K WebCam
"{4E2966E3-6CE2-7044-9BBE-69D73C9A5669}" = Catalyst Control Center Localization Turkish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{63F6B4DE-D927-71D2-DB37-E3D57324BFBD}" = Catalyst Control Center Localization Chinese Traditional
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = PhotoImpression 5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B170DF1-44D5-EE03-488B-B14022926269}" = Catalyst Control Center Localization Portuguese
"{6E6420FE-4C99-3ED5-7519-B5C22B6253BC}" = CCC Help English
"{70CB0558-9487-5AFF-A0C7-868A29345FC1}" = Catalyst Control Center Graphics Full Existing
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}" = PIF DESIGNER2.1
"{7C926B5D-DC4A-5E89-5E17-B3A3B1A89BAA}" = Skins
"{7C9A109D-C870-F116-A730-D8D36FF0BDE4}" = Catalyst Control Center Graphics Light
"{7DD9CFAE-5CF1-9AE0-1318-C08252C13944}" = Catalyst Control Center Localization Hungarian
"{7DE47C72-0A60-705B-8CC5-6C97ED457EAD}" = Catalyst Control Center Localization Greek
"{858F597F-0927-DDD2-F997-FAD8D1E35C76}" = ccc-utility
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISE_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_ENTERPRISE_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2007
"{90120000-00BA-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{94FC9A0E-2C2E-A90E-0286-3B89514C1C66}" = CCC Help Polish
"{97F38321-6488-7AF4-66E6-D0E54DED4DB5}" = CCC Help German
"{9B452711-75BD-875D-F364-E422598C7E03}" = Catalyst Control Center Localization Danish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A121592B-3807-E758-5707-CEADF57C7DD8}" = CCC Help Italian
"{A2C2600A-8AB7-E6C9-246E-DB019DBB537F}" = Catalyst Control Center Localization Japanese
"{A416058E-754E-792A-EA8A-28643F2E69E9}" = CCC Help Chinese Traditional
"{A7DB362E-16DC-4E29-8A34-E74381E00B5B}" = Adobe Shockwave Player
"{A8A96EA0-6198-66D5-6C5A-0C478374D4FB}" = Catalyst Control Center Localization Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AAD153D6-EA7D-E913-7EDF-441871A7D58B}" = Catalyst Control Center Graphics Previews Vista
"{AC76BA86-7AD7-1043-7B44-A81300000003}" = Adobe Reader 8.1.3 - Nederlands
"{ADE489CC-D322-D86E-E386-DA5E8615EC28}" = CCC Help Dutch
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master
"{B0544A18-DC32-E7C2-6D53-5DF018A08182}" = CCC Help Swedish
"{B4904CE1-9B11-B1E7-55BF-3C14990D5D13}" = Catalyst Control Center Localization Russian
"{B4D43702-3A40-3840-61B2-A16C52F6DA23}" = CCC Help Portuguese
"{B7B16694-9557-6946-6B7D-5C5D19522A16}" = ccc-core-static
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Creator 9 LE
"{B9290344-051D-CAE7-7D33-C6EC3C5E6F88}" = CCC Help Finnish
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant
"{CB0150AB-0D06-A3CE-F177-00AD5CD88A9A}" = CCC Help Spanish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E9704D-2D80-9EDC-A9AF-805E5FF4CF3A}" = Catalyst Control Center Localization Finnish
"{D6AB9AB2-252C-DDAA-6FDD-75C1D1944848}" = CCC Help Czech
"{D847C95B-FD35-A198-A034-1884DDD113F4}" = CCC Help Norwegian
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E142866C-701D-CD53-ECEE-E641EA1989C4}" = CCC Help Chinese Standard
"{E17E3426-4F92-01EC-13CB-BE4B31F86D5C}" = CCC Help French
"{E20921C0-C0EE-1409-DE92-7B93B94EF1F0}" = CCC Help Greek
"{E42F19D3-1C46-630E-62AB-302AB9A08C83}" = Catalyst Control Center Localization French
"{EA17E7C5-5C86-6DF7-C161-C5C34A2F0E11}" = CCC Help Russian
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF5C9C17-2FCA-C04E-67B0-5EAEFD783DD4}" = CCC Help Thai
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AdobeReader" = Adobe Reader 8
"AskTBar Uninstall" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CDex" = CDex extraction audio
"COMPUSERVE" = Compuserve ADSL
"CREATOR9" = Creator 9
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FirefoxNL" = Firefox
"Flashplayer" = Flash Player 9 Internet Explorer
"Freemake Video Downloader_is1" = Freemake Video Downloader version 2.0.0
"Gebruikersregistratie voor Canon MG5100 series" = Gebruikersregistratie voor Canon MG5100 series
"Gebruikersregistratie voor Canon MP550 series" = Gebruikersregistratie voor Canon MP550 series
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GOOGLE_EARTH" = Google Earth
"GoogleBAE" = Google BAE
"GoogleDesktop" = Google Desktop
"GOOGLETOOLBAR" = Google Toolbar
"ImageWriter" = Packard Bell ImageWriter
"Infocentre" = Infocentre Rev. 2.0
"InstallWIX_{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"LCDTest" = Packard Bell LCD Test
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360_2007_NL" = Norton 360 2007
"Picasa 3" = Picasa 3
"Picasa_2" = Picasa2
"PowerCinema5" = Power Cinema 5
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SETUPMYPC_NL" = SetUp My PC
"Shockwave" = Shockwave player 10
"SKYPE" = Skype 3.2.2.163
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trekpleister fotoservice" = Trekpleister fotoservice
"Trusted Software Assistant_is1" = File Type Assistant
"Uninstall_is1" = Uninstall 1.0.0.1
"Updator" = Packard Bell Updator
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NetAssistant" = Freeze.com NetAssistant
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11-9-2012 17:22:02 | Computer Name = PC_van_Wilma | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.
 
Error - 11-9-2012 17:22:08 | Computer Name = PC_van_Wilma | Source = Application Error | ID = 1000
Description = Toepassing met fout SETUP.EXE_Microsoft Setup Bootstrapper, versie
 12.0.6606.1000, tijdstempel 0x4e26b0a2, module met fout ole32.dll, versie 6.0.6002.18277,
 tijdstempel 0x4c28d53e, uitzonderingscode 0xc0000005, foutmarge 0x00047333,  proces-id
 0x11f8, starttijd van toepassing 0x01cd9062baec8570.
 
Error - 15-9-2012 3:48:50 | Computer Name = PC_van_Wilma | Source = Application Error | ID = 1000
Description = Toepassing met fout AcroRd32.exe, versie 8.1.0.137, tijdstempel 0x46444e37,
 module met fout AcroRd32.dll, versie 8.1.3.187, tijdstempel 0x48f5acd6, uitzonderingscode
 0xc0000005, foutmarge 0x0009608a,  proces-id 0x1624, starttijd van toepassing 0x01cd931677ae5610.
 
Error - 24-9-2012 10:32:01 | Computer Name = PC_van_Wilma | Source = Application Hang | ID = 1002
Description = Programma iexplore.exe, versie 9.0.8112.16450 reageert niet meer op
 Windows en is afgesloten. Als u wilt zien of meer informatie over het probleem 
beschikbaar is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en
 -oplossingen in het Configuratiescherm controleren.  Proces-id: f68  Starttijd: 01cd9a611d74d690
Eindtijd:
 67
 
Error - 27-9-2012 9:19:29 | Computer Name = PC_van_Wilma | Source = System Restore | ID = 8193
Description = 
 
Error - 27-9-2012 9:19:29 | Computer Name = PC_van_Wilma | Source = System Restore | ID = 8210
Description = 
 
Error - 1-10-2012 10:44:40 | Computer Name = PC_van_Wilma | Source = System Restore | ID = 8193
Description = 
 
Error - 1-10-2012 10:44:40 | Computer Name = PC_van_Wilma | Source = System Restore | ID = 8210
Description = 
 
Error - 8-10-2012 13:49:07 | Computer Name = PC_van_Wilma | Source = EventSystem | ID = 4621
Description = 
 
Error - 16-10-2012 17:27:46 | Computer Name = PC_van_Wilma | Source = EventSystem | ID = 4621
Description = 
 
[ OSession Events ]
Error - 15-12-2008 20:24:38 | Computer Name = PC_van_Wilma | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session 
lasted 5028 seconds with 4620 seconds of active time.  This session ended with a
 crash.
 
[ System Events ]
Error - 3-11-2012 19:00:23 | Computer Name = PC_van_Wilma | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 3-11-2012 19:25:02 | Computer Name = PC_van_Wilma | Source = DCOM | ID = 10010
Description = 
 
Error - 4-11-2012 4:58:29 | Computer Name = PC_van_Wilma | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 4-11-2012 4:58:29 | Computer Name = PC_van_Wilma | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 4-11-2012 5:44:27 | Computer Name = PC_van_Wilma | Source = DCOM | ID = 10010
Description = 
 
Error - 4-11-2012 6:02:00 | Computer Name = PC_van_Wilma | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 4-11-2012 6:02:00 | Computer Name = PC_van_Wilma | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 4-11-2012 7:59:08 | Computer Name = PC_van_Wilma | Source = DCOM | ID = 10010
Description = 
 
Error - 4-11-2012 14:31:15 | Computer Name = PC_van_Wilma | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 4-11-2012 14:31:15 | Computer Name = PC_van_Wilma | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
         
Was passiert jetzt? Danke schonmal!
__________________

Alt 05.11.2012, 15:19   #4
markusg
/// Malware-holic
 
Internet Weiterleitung zu Werbe- und Pornoseiten - Standard

Internet Weiterleitung zu Werbe- und Pornoseiten



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2012-10-16 21:48:22 | 000,094,208 | RHS- | M] () -- C:\Windows\System32\PxAFSU.dll
[2012-11-04 19:28:52 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\GJMFX.job
 :Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

lade unhide:
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar

Frage:
hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt?
wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.11.2012, 18:53   #5
0magertrud
 
Internet Weiterleitung zu Werbe- und Pornoseiten - Standard

Internet Weiterleitung zu Werbe- und Pornoseiten



Gut alles gemacht und hochgeladen.
Hier die Text-Datei vom Reboot:
Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Windows\System32\PxAFSU.dll moved successfully.
C:\Windows\Tasks\GJMFX.job moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Wilma
->Flash cache emptied: 3156095 bytes
 
Total Flash Files Cleaned = 3,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
 
User: Public
 
User: Wilma
->Temp folder emptied: 1241513639 bytes
->Temporary Internet Files folder emptied: 736968685 bytes
->Java cache emptied: 53445180 bytes
->FireFox cache emptied: 53298381 bytes
->Google Chrome cache emptied: 28889819 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 360219512 bytes
RecycleBin emptied: 27570724 bytes
 
Total Files Cleaned = 2.386,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11052012_180448

Files\Folders moved on Reboot...
C:\Windows\temp\JET5B29.tmp moved successfully.
C:\Windows\temp\~ROMFN_0000021C moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         


Alt 05.11.2012, 19:35   #6
markusg
/// Malware-holic
 
Internet Weiterleitung zu Werbe- und Pornoseiten - Standard

Internet Weiterleitung zu Werbe- und Pornoseiten



hi
downloade get info:
http://markusg.trojaner-board.de/GetInfo.exe
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt
diese doppelklicken und deren inhalt posten.
__________________
--> Internet Weiterleitung zu Werbe- und Pornoseiten

Alt 05.11.2012, 19:40   #7
0magertrud
 
Internet Weiterleitung zu Werbe- und Pornoseiten - Standard

Internet Weiterleitung zu Werbe- und Pornoseiten



Summary:

Code:
ATTFilter
System volume information:	 dwHighDateTime = 0x1c85913,dwLowDateTime = 0x7b594079
System32:			 dwHighDateTime = 0x1c6fe70,dwLowDateTime = 0xa3cd0a16
dwSerialNumber = 0x22a7e47c
         

Alt 05.11.2012, 19:43   #8
markusg
/// Malware-holic
 
Internet Weiterleitung zu Werbe- und Pornoseiten - Standard

Internet Weiterleitung zu Werbe- und Pornoseiten



danke
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.11.2012, 21:16   #9
0magertrud
 
Internet Weiterleitung zu Werbe- und Pornoseiten - Standard

Internet Weiterleitung zu Werbe- und Pornoseiten



Hallo, folgendes Problem: das Programm sagt, dass "Avira Desktop" aktiv wäre, obwohl ich das gar nicht installiert habe und es sich nicht auf dem Rechner befindet!

Habe das Programm trotzdem laufen lassen:
Code:
ATTFilter
ComboFix 12-11-05.03 - Wilma 05-11-2012  20:50:49.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.31.1043.18.1790.635 [GMT 1:00]
Gestart vanuit: c:\users\Wilma\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Freeze.com\NetAssistant\NeTAssistant.dll
c:\users\Wilma\Documents\~WRL0367.tmp
c:\users\Wilma\Documents\~WRL2253.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2012-10-05 to 2012-11-05  ))))))))))))))))))))))))))))))
.
.
2012-11-05 20:03 . 2012-11-05 20:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-05 17:04 . 2012-11-05 17:49	--------	d-----w-	C:\_OTL
2012-11-03 13:14 . 2012-11-03 13:14	--------	d-----r-	C:\Backup
2012-11-03 13:08 . 2009-12-14 11:44	88632	----a-w-	c:\windows\system32\drivers\CSCrySec.sys
2012-11-03 13:08 . 2009-12-14 11:44	39352	----a-w-	c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-11-03 13:08 . 2012-11-03 13:08	--------	dc----w-	c:\windows\system32\DRVSTORE
2012-11-03 13:06 . 2012-11-03 13:06	--------	d-----w-	c:\program files\Common Files\InfoWatch
2012-10-31 21:39 . 2012-11-03 12:34	--------	d-----w-	c:\programdata\AVAST Software
2012-10-31 21:39 . 2012-10-31 21:39	--------	d-----w-	c:\program files\AVAST Software
2012-10-16 09:25 . 2012-06-02 00:02	985088	----a-w-	c:\windows\system32\crypt32.dll
2012-10-16 09:25 . 2012-06-02 00:02	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-16 09:25 . 2012-06-02 00:02	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-16 09:25 . 2012-08-24 15:53	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-10-16 09:25 . 2012-09-13 13:28	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-16 09:25 . 2012-08-29 11:27	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-10-16 09:25 . 2012-08-29 11:27	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 19:32 . 2012-09-13 19:32	696520	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-13 19:32 . 2011-09-05 08:16	73416	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 21:23 . 2012-08-30 21:23	229816	----a-w-	c:\windows\system32\klogon.dll
2012-08-24 06:59 . 2012-09-24 01:02	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-24 01:02	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-24 01:02	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-24 01:02	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-24 01:02	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-24 01:02	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-10-24 17:50 . 2012-11-03 23:06	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-16 12:51 . 2008-09-24 23:11	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL" [2009-07-24 57344]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVD0.dll" [2010-10-27 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2010-10-27 10:34	2735200	----a-w-	c:\program files\DVDVideoSoft\tbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVD0.dll" [2010-10-27 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVD0.dll" [2010-10-27 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-16 30192]
"PCMService"="c:\program files\Powercinema\PCMService.exe" [2007-02-14 159744]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
.
c:\users\Wilma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
--- Andere Services/Drivers In Geheugen ---
.
*Deregistered* - CSVirtualDiskDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhoud van de 'Gedeelde Taken' map
.
2012-11-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-18 08:40]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-20 18:48]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-20 18:48]
.
2012-11-05 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-09-18 16:34]
.
2012-11-05 c:\windows\Tasks\Uitgebreide garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-09-18 16:38]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Wilma\AppData\Roaming\Mozilla\Firefox\Profiles\c0ktcxpu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - google.de
FF - ExtSQL: 2012-11-03 14:06; KavAntiBanner@Kaspersky.ru; c:\program files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru
FF - ExtSQL: 2012-11-03 14:08; virtualKeyboard@kaspersky.ru; c:\program files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru
FF - ExtSQL: !HIDDEN! 2007-09-18 21:13; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - ExtSQL: !HIDDEN! 2009-08-09 14:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-11-03 14:08; linkfilter@kaspersky.ru; c:\program files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-05 21:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ... 
.
 [0] 0x7A22CAEA
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2012-11-05  21:07:46
ComboFix-quarantined-files.txt  2012-11-05 20:07
.
Pre-Run: 39.350.734.848 bytes beschikbaar
Post-Run: 38.879.936.512 bytes beschikbaar
.
- - End Of File - - 76FC267FC33EE4B8FC18AD38E4E19252
         

Alt 05.11.2012, 21:22   #10
markusg
/// Malware-holic
 
Internet Weiterleitung zu Werbe- und Pornoseiten - Standard

Internet Weiterleitung zu Werbe- und Pornoseiten



hi
sieht ok aus
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.11.2012, 21:30   #11
0magertrud
 
Internet Weiterleitung zu Werbe- und Pornoseiten - Standard

Internet Weiterleitung zu Werbe- und Pornoseiten



Hier:
Code:
ATTFilter
21:27:28.0915 4688  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:27:29.0030 4688  ============================================================
21:27:29.0030 4688  Current date / time: 2012/11/05 21:27:29.0030
21:27:29.0030 4688  SystemInfo:
21:27:29.0030 4688  
21:27:29.0031 4688  OS Version: 6.0.6002 ServicePack: 2.0
21:27:29.0031 4688  Product type: Workstation
21:27:29.0031 4688  ComputerName: PC_VAN_WILMA
21:27:29.0031 4688  UserName: Wilma
21:27:29.0031 4688  Windows directory: C:\Windows
21:27:29.0031 4688  System windows directory: C:\Windows
21:27:29.0031 4688  Processor architecture: Intel x86
21:27:29.0031 4688  Number of processors: 1
21:27:29.0031 4688  Page size: 0x1000
21:27:29.0031 4688  Boot type: Normal boot
21:27:29.0031 4688  ============================================================
21:27:29.0702 4688  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:27:29.0705 4688  ============================================================
21:27:29.0705 4688  \Device\Harddisk0\DR0:
21:27:29.0705 4688  MBR partitions:
21:27:29.0705 4688  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1003000, BlocksNum 0xCF91000
21:27:29.0705 4688  ============================================================
21:27:29.0743 4688  C: <-> \Device\Harddisk0\DR0\Partition1
21:27:29.0743 4688  ============================================================
21:27:29.0743 4688  Initialize success
21:27:29.0743 4688  ============================================================
21:27:58.0409 5560  ============================================================
21:27:58.0410 5560  Scan started
21:27:58.0410 5560  Mode: Manual; SigCheck; TDLFS; 
21:27:58.0410 5560  ============================================================
21:27:58.0923 5560  ================ Scan system memory ========================
21:27:58.0923 5560  System memory - ok
21:27:58.0928 5560  ================ Scan services =============================
21:27:59.0160 5560  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
21:27:59.0302 5560  ACPI - ok
21:27:59.0370 5560  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:27:59.0423 5560  adp94xx - ok
21:27:59.0480 5560  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:27:59.0503 5560  adpahci - ok
21:27:59.0562 5560  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
21:27:59.0580 5560  adpu160m - ok
21:27:59.0623 5560  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:27:59.0642 5560  adpu320 - ok
21:27:59.0722 5560  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:27:59.0767 5560  AeLookupSvc - ok
21:27:59.0879 5560  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
21:27:59.0942 5560  AFD - ok
21:28:00.0007 5560  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:28:00.0025 5560  agp440 - ok
21:28:00.0105 5560  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
21:28:00.0124 5560  aic78xx - ok
21:28:00.0205 5560  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
21:28:00.0261 5560  ALG - ok
21:28:00.0317 5560  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:28:00.0331 5560  aliide - ok
21:28:00.0404 5560  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:28:00.0419 5560  amdagp - ok
21:28:00.0451 5560  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
21:28:00.0467 5560  amdide - ok
21:28:00.0510 5560  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
21:28:00.0588 5560  AmdK7 - ok
21:28:00.0638 5560  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:28:00.0673 5560  AmdK8 - ok
21:28:00.0737 5560  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
21:28:00.0763 5560  Appinfo - ok
21:28:00.0838 5560  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
21:28:00.0857 5560  arc - ok
21:28:00.0906 5560  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:28:00.0925 5560  arcsas - ok
21:28:01.0030 5560  [ 66597AD6098352D11239C0C42100B176 ] ASLDRService    C:\Program Files\ATK Hotkey\ASLDRSrv.exe
21:28:01.0048 5560  ASLDRService ( UnsignedFile.Multi.Generic ) - warning
21:28:01.0048 5560  ASLDRService - detected UnsignedFile.Multi.Generic (1)
21:28:01.0183 5560  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:28:01.0214 5560  AsyncMac - ok
21:28:01.0290 5560  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:28:01.0306 5560  atapi - ok
21:28:01.0398 5560  [ 0C8DFA21B1D9D2EF14B692104AE68A69 ] athr            C:\Windows\system32\DRIVERS\athr.sys
21:28:01.0500 5560  athr - ok
21:28:01.0561 5560  [ 702F6D03C671DA99C282D8DF32FE559E ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
21:28:01.0630 5560  Ati External Event Utility - ok
21:28:01.0787 5560  [ 2A32F08763CEDE62DD3C0DD83C4325E0 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:28:01.0983 5560  atikmdag - ok
21:28:02.0084 5560  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:28:02.0130 5560  AudioEndpointBuilder - ok
21:28:02.0152 5560  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:28:02.0189 5560  Audiosrv - ok
21:28:02.0300 5560  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:28:02.0330 5560  Beep - ok
21:28:02.0390 5560  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
21:28:02.0437 5560  BFE - ok
21:28:02.0535 5560  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\system32\qmgr.dll
21:28:02.0599 5560  BITS - ok
21:28:02.0613 5560  blbdrive - ok
21:28:02.0660 5560  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:28:02.0679 5560  bowser - ok
21:28:02.0750 5560  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
21:28:02.0793 5560  BrFiltLo - ok
21:28:02.0826 5560  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
21:28:02.0856 5560  BrFiltUp - ok
21:28:02.0913 5560  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
21:28:02.0952 5560  Browser - ok
21:28:03.0043 5560  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
21:28:03.0125 5560  Brserid - ok
21:28:03.0167 5560  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
21:28:03.0239 5560  BrSerWdm - ok
21:28:03.0284 5560  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
21:28:03.0336 5560  BrUsbMdm - ok
21:28:03.0368 5560  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
21:28:03.0439 5560  BrUsbSer - ok
21:28:03.0484 5560  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:28:03.0538 5560  BTHMODEM - ok
21:28:03.0634 5560  [ 7621340D31FB049A1257A9840C537C47 ] Cam5603D        C:\Windows\system32\Drivers\BisonCam.sys
21:28:03.0705 5560  Cam5603D - ok
21:28:03.0825 5560  catchme - ok
21:28:03.0886 5560  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:28:03.0945 5560  cdfs - ok
21:28:04.0018 5560  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:28:04.0048 5560  cdrom - ok
21:28:04.0155 5560  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:28:04.0194 5560  CertPropSvc - ok
21:28:04.0238 5560  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
21:28:04.0297 5560  circlass - ok
21:28:04.0423 5560  [ CD6D23E3ADF57035C30B53843F21A416 ] CLCapSvc        c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
21:28:04.0456 5560  CLCapSvc ( UnsignedFile.Multi.Generic ) - warning
21:28:04.0456 5560  CLCapSvc - detected UnsignedFile.Multi.Generic (1)
21:28:04.0520 5560  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
21:28:04.0545 5560  CLFS - ok
21:28:04.0624 5560  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:28:04.0642 5560  clr_optimization_v2.0.50727_32 - ok
21:28:04.0795 5560  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:28:04.0816 5560  clr_optimization_v4.0.30319_32 - ok
21:28:04.0866 5560  [ 4FA0B771DF428DE79CE96108E5370841 ] CLSched         c:\Program Files\Powercinema\Kernel\TV\CLSched.exe
21:28:04.0891 5560  CLSched ( UnsignedFile.Multi.Generic ) - warning
21:28:04.0892 5560  CLSched - detected UnsignedFile.Multi.Generic (1)
21:28:04.0958 5560  CLTNetCnService - ok
21:28:04.0994 5560  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:28:05.0031 5560  CmBatt - ok
21:28:05.0080 5560  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:28:05.0100 5560  cmdide - ok
21:28:05.0136 5560  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:28:05.0156 5560  Compbatt - ok
21:28:05.0174 5560  COMSysApp - ok
21:28:05.0198 5560  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:28:05.0216 5560  crcdisk - ok
21:28:05.0254 5560  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
21:28:05.0328 5560  Crusoe - ok
21:28:05.0444 5560  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:28:05.0462 5560  CryptSvc - ok
21:28:05.0518 5560  [ 2C3F213EDDD231099FB779A45D7680E0 ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
21:28:05.0534 5560  CSVirtualDiskDrv - ok
21:28:05.0640 5560  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:28:05.0719 5560  DcomLaunch - ok
21:28:05.0790 5560  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:28:05.0815 5560  DfsC - ok
21:28:05.0972 5560  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
21:28:06.0197 5560  DFSR - ok
21:28:06.0299 5560  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
21:28:06.0387 5560  Dhcp - ok
21:28:06.0470 5560  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
21:28:06.0491 5560  disk - ok
21:28:06.0586 5560  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:28:06.0621 5560  Dnscache - ok
21:28:06.0688 5560  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:28:06.0740 5560  dot3svc - ok
21:28:06.0799 5560  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
21:28:06.0840 5560  DPS - ok
21:28:06.0914 5560  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:28:06.0956 5560  drmkaud - ok
21:28:07.0071 5560  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:28:07.0120 5560  DXGKrnl - ok
21:28:07.0187 5560  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
21:28:07.0243 5560  E1G60 - ok
21:28:07.0313 5560  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
21:28:07.0353 5560  EapHost - ok
21:28:07.0408 5560  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
21:28:07.0430 5560  Ecache - ok
21:28:07.0503 5560  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:28:07.0527 5560  elxstor - ok
21:28:07.0598 5560  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
21:28:07.0647 5560  EMDMgmt - ok
21:28:07.0720 5560  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
21:28:07.0754 5560  EventSystem - ok
21:28:07.0829 5560  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
21:28:07.0868 5560  exfat - ok
21:28:07.0937 5560  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:28:07.0978 5560  fastfat - ok
21:28:08.0041 5560  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:28:08.0096 5560  fdc - ok
21:28:08.0158 5560  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:28:08.0189 5560  fdPHost - ok
21:28:08.0237 5560  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:28:08.0295 5560  FDResPub - ok
21:28:08.0349 5560  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:28:08.0368 5560  FileInfo - ok
21:28:08.0415 5560  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:28:08.0449 5560  Filetrace - ok
21:28:08.0484 5560  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:28:08.0564 5560  flpydisk - ok
21:28:08.0622 5560  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:28:08.0648 5560  FltMgr - ok
21:28:08.0738 5560  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
21:28:08.0829 5560  FontCache - ok
21:28:08.0910 5560  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:28:08.0928 5560  FontCache3.0.0.0 - ok
21:28:09.0008 5560  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:28:09.0050 5560  Fs_Rec - ok
21:28:09.0122 5560  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:28:09.0142 5560  gagp30kx - ok
21:28:09.0186 5560  [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM     C:\Windows\system32\Drivers\GEARAspiWDM.sys
21:28:09.0200 5560  GEARAspiWDM - ok
21:28:09.0307 5560  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
21:28:09.0321 5560  GoogleDesktopManager-051210-111108 - ok
21:28:09.0389 5560  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:28:09.0429 5560  gpsvc - ok
21:28:09.0539 5560  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
21:28:09.0556 5560  gupdate - ok
21:28:09.0594 5560  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:28:09.0610 5560  gupdatem - ok
21:28:09.0667 5560  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:28:09.0685 5560  gusvc - ok
21:28:09.0756 5560  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:28:09.0814 5560  HDAudBus - ok
21:28:09.0861 5560  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:28:09.0949 5560  HidBth - ok
21:28:09.0987 5560  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:28:10.0051 5560  HidIr - ok
21:28:10.0123 5560  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll
21:28:10.0151 5560  hidserv - ok
21:28:10.0209 5560  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:28:10.0238 5560  HidUsb - ok
21:28:10.0285 5560  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:28:10.0325 5560  hkmsvc - ok
21:28:10.0369 5560  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
21:28:10.0387 5560  HpCISSs - ok
21:28:10.0449 5560  [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:28:10.0556 5560  HTTP - ok
21:28:10.0605 5560  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
21:28:10.0635 5560  i2omp - ok
21:28:10.0731 5560  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:28:10.0773 5560  i8042prt - ok
21:28:10.0833 5560  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
21:28:10.0854 5560  iaStorV - ok
21:28:10.0930 5560  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:28:10.0957 5560  IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:28:10.0957 5560  IDriverT - detected UnsignedFile.Multi.Generic (1)
21:28:11.0119 5560  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:28:11.0302 5560  idsvc - ok
21:28:11.0354 5560  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:28:11.0373 5560  iirsp - ok
21:28:11.0453 5560  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
21:28:11.0544 5560  IKEEXT - ok
21:28:11.0638 5560  [ AEF2FA29204056B81BC4CBF30260DEE1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:28:11.0768 5560  IntcAzAudAddService - ok
21:28:11.0818 5560  [ 97469037714070E45194ED318D636401 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:28:11.0835 5560  intelide - ok
21:28:11.0890 5560  [ CE44CC04262F28216DD4341E9E36A16F ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:28:11.0971 5560  intelppm - ok
21:28:12.0023 5560  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:28:12.0101 5560  IPBusEnum - ok
21:28:12.0153 5560  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:28:12.0210 5560  IpFilterDriver - ok
21:28:12.0264 5560  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:28:12.0298 5560  iphlpsvc - ok
21:28:12.0310 5560  IpInIp - ok
21:28:12.0352 5560  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
21:28:12.0427 5560  IPMIDRV - ok
21:28:12.0464 5560  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
21:28:12.0504 5560  IPNAT - ok
21:28:12.0538 5560  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:28:12.0568 5560  IRENUM - ok
21:28:12.0629 5560  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:28:12.0644 5560  isapnp - ok
21:28:12.0708 5560  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
21:28:12.0735 5560  iScsiPrt - ok
21:28:12.0766 5560  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
21:28:12.0781 5560  iteatapi - ok
21:28:12.0818 5560  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
21:28:12.0844 5560  iteraid - ok
21:28:12.0905 5560  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:28:12.0923 5560  kbdclass - ok
21:28:12.0978 5560  [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:28:13.0055 5560  kbdhid - ok
21:28:13.0131 5560  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
21:28:13.0151 5560  KeyIso - ok
21:28:13.0183 5560  kl1 - ok
21:28:13.0213 5560  kl2 - ok
21:28:13.0253 5560  KLIF - ok
21:28:13.0281 5560  klmouflt - ok
21:28:13.0342 5560  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:28:13.0378 5560  KSecDD - ok
21:28:13.0440 5560  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:28:13.0513 5560  KtmRm - ok
21:28:13.0574 5560  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll
21:28:13.0607 5560  LanmanServer - ok
21:28:13.0691 5560  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:28:13.0748 5560  LanmanWorkstation - ok
21:28:13.0808 5560  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:28:13.0854 5560  lltdio - ok
21:28:13.0902 5560  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:28:13.0946 5560  lltdsvc - ok
21:28:13.0988 5560  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:28:14.0054 5560  lmhosts - ok
21:28:14.0103 5560  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:28:14.0122 5560  LSI_FC - ok
21:28:14.0155 5560  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:28:14.0175 5560  LSI_SAS - ok
21:28:14.0200 5560  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:28:14.0219 5560  LSI_SCSI - ok
21:28:14.0266 5560  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
21:28:14.0306 5560  luafv - ok
21:28:14.0329 5560  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
21:28:14.0347 5560  megasas - ok
21:28:14.0434 5560  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:28:14.0452 5560  Microsoft Office Groove Audit Service - ok
21:28:14.0509 5560  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
21:28:14.0561 5560  MMCSS - ok
21:28:14.0610 5560  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
21:28:14.0669 5560  Modem - ok
21:28:14.0722 5560  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:28:14.0776 5560  monitor - ok
21:28:14.0799 5560  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:28:14.0819 5560  mouclass - ok
21:28:14.0854 5560  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:28:14.0893 5560  mouhid - ok
21:28:14.0935 5560  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
21:28:14.0958 5560  MountMgr - ok
21:28:15.0034 5560  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:28:15.0055 5560  MozillaMaintenance - ok
21:28:15.0130 5560  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:28:15.0150 5560  mpio - ok
21:28:15.0190 5560  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:28:15.0234 5560  mpsdrv - ok
21:28:15.0324 5560  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:28:15.0389 5560  MpsSvc - ok
21:28:15.0411 5560  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
21:28:15.0447 5560  Mraid35x - ok
21:28:15.0509 5560  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:28:15.0542 5560  MRxDAV - ok
21:28:15.0610 5560  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:28:15.0656 5560  mrxsmb - ok
21:28:15.0735 5560  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:28:15.0768 5560  mrxsmb10 - ok
21:28:15.0801 5560  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:28:15.0838 5560  mrxsmb20 - ok
21:28:15.0880 5560  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:28:15.0899 5560  msahci - ok
21:28:15.0929 5560  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:28:15.0967 5560  msdsm - ok
21:28:16.0021 5560  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
21:28:16.0110 5560  MSDTC - ok
21:28:16.0169 5560  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:28:16.0206 5560  Msfs - ok
21:28:16.0268 5560  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:28:16.0287 5560  msisadrv - ok
21:28:16.0340 5560  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:28:16.0381 5560  MSiSCSI - ok
21:28:16.0394 5560  msiserver - ok
21:28:16.0443 5560  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:28:16.0480 5560  MSKSSRV - ok
21:28:16.0537 5560  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:28:16.0592 5560  MSPCLOCK - ok
21:28:16.0639 5560  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:28:16.0678 5560  MSPQM - ok
21:28:16.0745 5560  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:28:16.0795 5560  MsRPC - ok
21:28:16.0852 5560  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:28:16.0873 5560  mssmbios - ok
21:28:16.0923 5560  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:28:16.0972 5560  MSTEE - ok
21:28:17.0033 5560  [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor        C:\Windows\system32\DRIVERS\ATKACPI.sys
21:28:17.0060 5560  MTsensor - ok
21:28:17.0107 5560  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
21:28:17.0128 5560  Mup - ok
21:28:17.0187 5560  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
21:28:17.0245 5560  napagent - ok
21:28:17.0378 5560  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:28:17.0426 5560  NativeWifiP - ok
21:28:17.0523 5560  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:28:17.0603 5560  NDIS - ok
21:28:17.0699 5560  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:28:17.0729 5560  NdisTapi - ok
21:28:17.0788 5560  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:28:17.0866 5560  Ndisuio - ok
21:28:17.0947 5560  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:28:17.0997 5560  NdisWan - ok
21:28:18.0056 5560  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:28:18.0087 5560  NDProxy - ok
21:28:18.0135 5560  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:28:18.0189 5560  NetBIOS - ok
21:28:18.0283 5560  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
21:28:18.0351 5560  netbt - ok
21:28:18.0405 5560  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
21:28:18.0459 5560  Netlogon - ok
21:28:18.0564 5560  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
21:28:18.0610 5560  Netman - ok
21:28:18.0685 5560  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
21:28:18.0746 5560  netprofm - ok
21:28:18.0800 5560  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:28:18.0821 5560  NetTcpPortSharing - ok
21:28:18.0861 5560  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:28:18.0881 5560  nfrd960 - ok
21:28:18.0938 5560  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:28:18.0991 5560  NlaSvc - ok
21:28:19.0053 5560  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:28:19.0109 5560  Npfs - ok
21:28:19.0175 5560  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
21:28:19.0267 5560  nsi - ok
21:28:19.0338 5560  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:28:19.0395 5560  nsiproxy - ok
21:28:19.0479 5560  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:28:19.0552 5560  Ntfs - ok
21:28:19.0604 5560  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
21:28:19.0670 5560  ntrigdigi - ok
21:28:19.0720 5560  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
21:28:19.0757 5560  Null - ok
21:28:19.0788 5560  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:28:19.0808 5560  nvraid - ok
21:28:19.0830 5560  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:28:19.0845 5560  nvstor - ok
21:28:19.0885 5560  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:28:19.0902 5560  nv_agp - ok
21:28:19.0916 5560  NwlnkFlt - ok
21:28:19.0926 5560  NwlnkFwd - ok
21:28:20.0040 5560  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:28:20.0068 5560  odserv - ok
21:28:20.0122 5560  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:28:20.0183 5560  ohci1394 - ok
21:28:20.0230 5560  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:28:20.0247 5560  ose - ok
21:28:20.0324 5560  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
21:28:20.0384 5560  p2pimsvc - ok
21:28:20.0446 5560  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:28:20.0477 5560  p2psvc - ok
21:28:20.0540 5560  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
21:28:20.0612 5560  Parport - ok
21:28:20.0664 5560  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:28:20.0683 5560  partmgr - ok
21:28:20.0706 5560  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
21:28:20.0765 5560  Parvdm - ok
21:28:20.0817 5560  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:28:20.0856 5560  PcaSvc - ok
21:28:20.0922 5560  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
21:28:20.0946 5560  pci - ok
21:28:20.0982 5560  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
21:28:21.0002 5560  pciide - ok
21:28:21.0044 5560  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:28:21.0067 5560  pcmcia - ok
21:28:21.0145 5560  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:28:21.0332 5560  PEAUTH - ok
21:28:21.0498 5560  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
21:28:21.0616 5560  pla - ok
21:28:21.0707 5560  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:28:21.0744 5560  PlugPlay - ok
21:28:21.0802 5560  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
21:28:21.0905 5560  PNRPAutoReg - ok
21:28:21.0957 5560  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
21:28:22.0020 5560  PNRPsvc - ok
21:28:22.0060 5560  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:28:22.0125 5560  PolicyAgent - ok
21:28:22.0212 5560  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:28:22.0251 5560  PptpMiniport - ok
21:28:22.0292 5560  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
21:28:22.0373 5560  Processor - ok
21:28:22.0427 5560  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:28:22.0464 5560  ProfSvc - ok
21:28:22.0491 5560  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
21:28:22.0512 5560  ProtectedStorage - ok
21:28:22.0562 5560  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
21:28:22.0592 5560  PSched - ok
21:28:22.0613 5560  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
21:28:22.0630 5560  PxHelp20 - ok
21:28:22.0702 5560  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:28:22.0793 5560  ql2300 - ok
21:28:22.0834 5560  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:28:22.0855 5560  ql40xx - ok
21:28:22.0927 5560  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
21:28:22.0973 5560  QWAVE - ok
21:28:23.0014 5560  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:28:23.0035 5560  QWAVEdrv - ok
21:28:23.0085 5560  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:28:23.0152 5560  RasAcd - ok
21:28:23.0208 5560  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
21:28:23.0266 5560  RasAuto - ok
21:28:23.0321 5560  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:28:23.0361 5560  Rasl2tp - ok
21:28:23.0427 5560  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
21:28:23.0472 5560  RasMan - ok
21:28:23.0530 5560  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:28:23.0560 5560  RasPppoe - ok
21:28:23.0612 5560  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:28:23.0661 5560  RasSstp - ok
21:28:23.0711 5560  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:28:23.0757 5560  rdbss - ok
21:28:23.0797 5560  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:28:23.0847 5560  RDPCDD - ok
21:28:23.0901 5560  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
21:28:23.0990 5560  rdpdr - ok
21:28:24.0027 5560  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:28:24.0081 5560  RDPENCDD - ok
21:28:24.0162 5560  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:28:24.0205 5560  RDPWD - ok
21:28:24.0263 5560  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:28:24.0304 5560  RemoteAccess - ok
21:28:24.0352 5560  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:28:24.0379 5560  RemoteRegistry - ok
21:28:24.0411 5560  [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
21:28:24.0447 5560  rimmptsk - ok
21:28:24.0460 5560  [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
21:28:24.0479 5560  rimsptsk - ok
21:28:24.0588 5560  [ 9638E5820858593A12005C753B03CEAE ] RoxMediaDB9     C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
21:28:24.0673 5560  RoxMediaDB9 - ok
21:28:24.0727 5560  [ 910FBA95EE4F56449AA81315884C8EFD ] RoxWatch9       C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
21:28:24.0748 5560  RoxWatch9 - ok
21:28:24.0800 5560  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
21:28:24.0836 5560  RpcLocator - ok
21:28:24.0927 5560  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\System32\rpcss.dll
21:28:24.0969 5560  RpcSs - ok
21:28:25.0031 5560  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:28:25.0079 5560  rspndr - ok
21:28:25.0138 5560  [ 8DE22FB05E4A0F797B1E442EB4B3B51C ] RTL8023xp       C:\Windows\system32\DRIVERS\Rtnicxp.sys
21:28:25.0197 5560  RTL8023xp - ok
21:28:25.0222 5560  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
21:28:25.0243 5560  SamSs - ok
21:28:25.0292 5560  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:28:25.0311 5560  sbp2port - ok
21:28:25.0371 5560  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:28:25.0404 5560  SCardSvr - ok
21:28:25.0479 5560  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
21:28:25.0537 5560  Schedule - ok
21:28:25.0573 5560  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:28:25.0603 5560  SCPolicySvc - ok
21:28:25.0664 5560  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
21:28:25.0690 5560  sdbus - ok
21:28:25.0735 5560  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:28:25.0762 5560  SDRSVC - ok
21:28:25.0803 5560  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:28:25.0894 5560  secdrv - ok
21:28:25.0961 5560  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
21:28:26.0005 5560  seclogon - ok
21:28:26.0059 5560  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
21:28:26.0097 5560  SENS - ok
21:28:26.0143 5560  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:28:26.0218 5560  Serenum - ok
21:28:26.0259 5560  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
21:28:26.0332 5560  Serial - ok
21:28:26.0364 5560  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:28:26.0402 5560  sermouse - ok
21:28:26.0474 5560  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:28:26.0515 5560  SessionEnv - ok
21:28:26.0560 5560  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
21:28:26.0589 5560  sffdisk - ok
21:28:26.0632 5560  [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:28:26.0660 5560  sffp_mmc - ok
21:28:26.0718 5560  [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
21:28:26.0749 5560  sffp_sd - ok
21:28:26.0776 5560  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:28:26.0838 5560  sfloppy - ok
21:28:26.0878 5560  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:28:26.0916 5560  SharedAccess - ok
21:28:26.0983 5560  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:28:27.0004 5560  ShellHWDetection - ok
21:28:27.0061 5560  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:28:27.0076 5560  sisagp - ok
21:28:27.0106 5560  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
21:28:27.0121 5560  SiSRaid2 - ok
21:28:27.0147 5560  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:28:27.0164 5560  SiSRaid4 - ok
21:28:27.0222 5560  [ A61BEC28D555B65D1CE2604AF85AD9BE ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
21:28:27.0242 5560  SkypeUpdate - ok
21:28:27.0388 5560  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
21:28:27.0702 5560  slsvc - ok
21:28:27.0757 5560  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
21:28:27.0805 5560  SLUINotify - ok
21:28:27.0859 5560  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:28:27.0891 5560  Smb - ok
21:28:27.0945 5560  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:28:27.0966 5560  SNMPTRAP - ok
21:28:28.0029 5560  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
21:28:28.0048 5560  spldr - ok
21:28:28.0111 5560  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
21:28:28.0134 5560  Spooler - ok
21:28:28.0198 5560  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:28:28.0233 5560  srv - ok
21:28:28.0289 5560  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:28:28.0314 5560  srv2 - ok
21:28:28.0341 5560  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:28:28.0363 5560  srvnet - ok
21:28:28.0420 5560  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:28:28.0468 5560  SSDPSRV - ok
21:28:28.0535 5560  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:28:28.0570 5560  SstpSvc - ok
21:28:28.0609 5560  [ 5A1D0CA8A5F1E7B4EC50B9D76C001F0E ] ss_bus          C:\Windows\system32\DRIVERS\ss_bus.sys
21:28:28.0628 5560  ss_bus - ok
21:28:28.0691 5560  [ F0A85580E36A3A85059037D39A9CF079 ] ss_mdfl         C:\Windows\system32\DRIVERS\ss_mdfl.sys
21:28:28.0708 5560  ss_mdfl - ok
21:28:28.0742 5560  [ 84C3DBFD1BFA4ADC0A950B3D5506CB00 ] ss_mdm          C:\Windows\system32\DRIVERS\ss_mdm.sys
21:28:28.0766 5560  ss_mdm - ok
21:28:28.0843 5560  [ 306521935042FC0A6988D528643619B3 ] StarOpen        C:\Windows\system32\drivers\StarOpen.sys
21:28:28.0851 5560  StarOpen ( UnsignedFile.Multi.Generic ) - warning
21:28:28.0851 5560  StarOpen - detected UnsignedFile.Multi.Generic (1)
21:28:28.0920 5560  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
21:28:28.0980 5560  stisvc - ok
21:28:29.0033 5560  [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:28:29.0042 5560  stllssvr ( UnsignedFile.Multi.Generic ) - warning
21:28:29.0042 5560  stllssvr - detected UnsignedFile.Multi.Generic (1)
21:28:29.0082 5560  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:28:29.0101 5560  swenum - ok
21:28:29.0168 5560  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
21:28:29.0240 5560  swprv - ok
21:28:29.0298 5560  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
21:28:29.0316 5560  Symc8xx - ok
21:28:29.0336 5560  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
21:28:29.0354 5560  Sym_hi - ok
21:28:29.0373 5560  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
21:28:29.0391 5560  Sym_u3 - ok
21:28:29.0447 5560  [ 760E4F5A1E754BBE4A1BD2A0B54F6AA6 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
21:28:29.0465 5560  SynTP - ok
21:28:29.0529 5560  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
21:28:29.0580 5560  SysMain - ok
21:28:29.0629 5560  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:28:29.0650 5560  TabletInputService - ok
21:28:29.0700 5560  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:28:29.0729 5560  TapiSrv - ok
21:28:29.0789 5560  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
21:28:29.0826 5560  TBS - ok
21:28:29.0926 5560  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:28:29.0967 5560  Tcpip - ok
21:28:30.0017 5560  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
21:28:30.0096 5560  Tcpip6 - ok
21:28:30.0149 5560  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:28:30.0197 5560  tcpipreg - ok
21:28:30.0251 5560  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:28:30.0288 5560  TDPIPE - ok
21:28:30.0353 5560  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:28:30.0391 5560  TDTCP - ok
21:28:30.0450 5560  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:28:30.0480 5560  tdx - ok
21:28:30.0551 5560  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:28:30.0574 5560  TermDD - ok
21:28:30.0640 5560  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
21:28:30.0681 5560  TermService - ok
21:28:30.0714 5560  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
21:28:30.0766 5560  Themes - ok
21:28:30.0786 5560  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
21:28:30.0828 5560  THREADORDER - ok
21:28:30.0884 5560  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
21:28:30.0925 5560  TrkWks - ok
21:28:30.0988 5560  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:28:31.0018 5560  TrustedInstaller - ok
21:28:31.0074 5560  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:28:31.0153 5560  tssecsrv - ok
21:28:31.0226 5560  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
21:28:31.0272 5560  tunmp - ok
21:28:31.0325 5560  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:28:31.0357 5560  tunnel - ok
21:28:31.0402 5560  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:28:31.0421 5560  uagp35 - ok
21:28:31.0479 5560  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:28:31.0516 5560  udfs - ok
21:28:31.0583 5560  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:28:31.0653 5560  UI0Detect - ok
21:28:31.0685 5560  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:28:31.0704 5560  uliagpkx - ok
21:28:31.0734 5560  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
21:28:31.0761 5560  uliahci - ok
21:28:31.0788 5560  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
21:28:31.0809 5560  UlSata - ok
21:28:31.0835 5560  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
21:28:31.0856 5560  ulsata2 - ok
21:28:31.0897 5560  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:28:31.0936 5560  umbus - ok
21:28:31.0990 5560  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
21:28:32.0034 5560  upnphost - ok
21:28:32.0074 5560  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:28:32.0105 5560  usbccgp - ok
21:28:32.0144 5560  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:28:32.0221 5560  usbcir - ok
21:28:32.0302 5560  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:28:32.0349 5560  usbehci - ok
21:28:32.0392 5560  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:28:32.0438 5560  usbhub - ok
21:28:32.0468 5560  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
21:28:32.0497 5560  usbohci - ok
21:28:32.0527 5560  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:28:32.0575 5560  usbprint - ok
21:28:32.0622 5560  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:28:32.0669 5560  usbscan - ok
21:28:32.0754 5560  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:28:32.0783 5560  USBSTOR - ok
21:28:32.0855 5560  [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:28:33.0007 5560  usbuhci - ok
21:28:33.0073 5560  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
21:28:33.0099 5560  UxSms - ok
21:28:33.0157 5560  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
21:28:33.0194 5560  vds - ok
21:28:33.0237 5560  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:28:33.0319 5560  vga - ok
21:28:33.0358 5560  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:28:33.0389 5560  VgaSave - ok
21:28:33.0423 5560  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:28:33.0440 5560  viaagp - ok
21:28:33.0481 5560  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
21:28:33.0551 5560  ViaC7 - ok
21:28:33.0582 5560  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
21:28:33.0598 5560  viaide - ok
21:28:33.0624 5560  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:28:33.0643 5560  volmgr - ok
21:28:33.0701 5560  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:28:33.0728 5560  volmgrx - ok
21:28:33.0800 5560  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:28:33.0827 5560  volsnap - ok
21:28:33.0868 5560  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:28:33.0889 5560  vsmraid - ok
21:28:33.0947 5560  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
21:28:34.0096 5560  VSS - ok
21:28:34.0175 5560  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
21:28:34.0212 5560  W32Time - ok
21:28:34.0265 5560  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:28:34.0329 5560  WacomPen - ok
21:28:34.0384 5560  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
21:28:34.0426 5560  Wanarp - ok
21:28:34.0462 5560  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:28:34.0491 5560  Wanarpv6 - ok
21:28:34.0556 5560  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:28:34.0609 5560  wcncsvc - ok
21:28:34.0651 5560  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:28:34.0684 5560  WcsPlugInService - ok
21:28:34.0716 5560  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
21:28:34.0734 5560  Wd - ok
21:28:34.0804 5560  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:28:34.0846 5560  Wdf01000 - ok
21:28:34.0934 5560  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:28:34.0984 5560  WdiServiceHost - ok
21:28:35.0011 5560  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:28:35.0046 5560  WdiSystemHost - ok
21:28:35.0070 5560  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
21:28:35.0102 5560  WebClient - ok
21:28:35.0151 5560  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:28:35.0224 5560  Wecsvc - ok
21:28:35.0280 5560  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:28:35.0339 5560  wercplsupport - ok
21:28:35.0386 5560  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:28:35.0433 5560  WerSvc - ok
21:28:35.0536 5560  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:28:35.0564 5560  WinDefend - ok
21:28:35.0583 5560  WinHttpAutoProxySvc - ok
21:28:35.0628 5560  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:28:35.0661 5560  Winmgmt - ok
21:28:35.0737 5560  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:28:35.0820 5560  WinRM - ok
21:28:35.0933 5560  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:28:35.0993 5560  Wlansvc - ok
21:28:36.0030 5560  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:28:36.0094 5560  WmiAcpi - ok
21:28:36.0156 5560  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:28:36.0183 5560  wmiApSrv - ok
21:28:36.0281 5560  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:28:36.0451 5560  WMPNetworkSvc - ok
21:28:36.0508 5560  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:28:36.0539 5560  WPCSvc - ok
21:28:36.0622 5560  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:28:36.0644 5560  WPDBusEnum - ok
21:28:36.0719 5560  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
21:28:36.0758 5560  WpdUsb - ok
21:28:37.0105 5560  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:28:37.0172 5560  WPFFontCache_v0400 - ok
21:28:37.0241 5560  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:28:37.0281 5560  ws2ifsl - ok
21:28:37.0333 5560  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll
21:28:37.0358 5560  wscsvc - ok
21:28:37.0375 5560  WSearch - ok
21:28:37.0506 5560  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
21:28:37.0643 5560  wuauserv - ok
21:28:37.0752 5560  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:28:37.0804 5560  WUDFRd - ok
21:28:37.0851 5560  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:28:37.0893 5560  wudfsvc - ok
21:28:37.0922 5560  ================ Scan global ===============================
21:28:37.0975 5560  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:28:38.0055 5560  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:28:38.0094 5560  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:28:38.0151 5560  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
21:28:38.0157 5560  [Global] - ok
21:28:38.0162 5560  ================ Scan MBR ==================================
21:28:38.0200 5560  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:28:38.0503 5560  \Device\Harddisk0\DR0 - ok
21:28:38.0512 5560  ================ Scan VBR ==================================
21:28:38.0546 5560  [ F69C39059DC82AB1C8251E49A6943066 ] \Device\Harddisk0\DR0\Partition1
21:28:38.0551 5560  \Device\Harddisk0\DR0\Partition1 - ok
21:28:38.0564 5560  ============================================================
21:28:38.0564 5560  Scan finished
21:28:38.0564 5560  ============================================================
21:28:38.0617 1732  Detected object count: 6
21:28:38.0617 1732  Actual detected object count: 6
21:28:47.0945 1732  ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:47.0945 1732  ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:28:47.0946 1732  CLCapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:47.0946 1732  CLCapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:28:47.0947 1732  CLSched ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:47.0947 1732  CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:28:47.0949 1732  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:47.0949 1732  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:28:47.0950 1732  StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:47.0950 1732  StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:28:47.0957 1732  stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:47.0957 1732  stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 06.11.2012, 22:23   #12
0magertrud
 
Internet Weiterleitung zu Werbe- und Pornoseiten - Standard

Internet Weiterleitung zu Werbe- und Pornoseiten



Ist jetzt noch etwas Zutun oder ist noch die Auswertung im Gange?
Danke!
MfG 0magertrud

Alt 07.11.2012, 16:15   #13
markusg
/// Malware-holic
 
Internet Weiterleitung zu Werbe- und Pornoseiten - Standard

Internet Weiterleitung zu Werbe- und Pornoseiten



malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.11.2012, 21:54   #14
0magertrud
 
Internet Weiterleitung zu Werbe- und Pornoseiten - Standard

Internet Weiterleitung zu Werbe- und Pornoseiten



Keine Funde:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.07.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Wilma :: PC_VAN_WILMA [Administrator]

Schutz: Aktiviert

7-11-2012 19:32:36
mbam-log-2012-11-07 (19-32-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 342731
Laufzeit: 1 Stunde(n), 51 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Ist gut oder?

Alt 08.11.2012, 18:58   #15
markusg
/// Malware-holic
 
Internet Weiterleitung zu Werbe- und Pornoseiten - Standard

Internet Weiterleitung zu Werbe- und Pornoseiten



ja

lade den CCleaner standard:
CCleaner Download - CCleaner 3.24.1850
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Internet Weiterleitung zu Werbe- und Pornoseiten
bereits, erfolglos, gefunde, google, googlen, googlesuche, inter, interne, internet, kaspersky, logfiles, lösung, mehrmals, notfall, porno, pornoseiten, problem, redirecting, scan, scanner, verständliche, virenscan, virenscanner, weiterhelfen, weiterleitung, werbeseite, werbeseiten, werbung; pop-up; falsche weiterleitung; links




Ähnliche Themen: Internet Weiterleitung zu Werbe- und Pornoseiten


  1. Werbe-Spams Internet Explorer und Reaktionsprobleme Win8
    Log-Analyse und Auswertung - 06.09.2014 (9)
  2. Google Chrome öffnet eigene Werbe-Tabs (marketittzer.net - Weiterleitung zu andere Werbeseiten)
    Plagegeister aller Art und deren Bekämpfung - 21.07.2014 (24)
  3. parking.supernova-advertising Weiterleitung Firefox+Internet Explorer
    Plagegeister aller Art und deren Bekämpfung - 21.03.2013 (18)
  4. Falsche Weiterleitung von Links und Werbe-Popup unten Rechts
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (36)
  5. Google Weiterleitung / Lüfter dreht hoch / langsames Internet
    Log-Analyse und Auswertung - 04.10.2012 (16)
  6. Internet extrem langsam + Weiterleitung auf startsear.ch
    Plagegeister aller Art und deren Bekämpfung - 16.09.2012 (29)
  7. ad.yieldmanager.com - lästige, sporadische werbe popups + weiterleitung auf falsche webseiten
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (23)
  8. Falsche Weiterleitung von Links und Werbe-Popup unten Rechts Falsche Weiterleitung von Links und Werbe-Popup unten Rechts
    Mülltonne - 03.09.2012 (1)
  9. Immer wieder Werbe Pop ups unten rechts im Firefox und Internet Explorer
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (13)
  10. Ungewollte Weiterleitung bei Google Suche unter Internet Explorer 8
    Log-Analyse und Auswertung - 06.01.2012 (44)
  11. Falsche Google Weiterleitung und gar kein Internet mehr
    Plagegeister aller Art und deren Bekämpfung - 31.03.2010 (29)
  12. Falsche Weiterleitung von Google im Internet Explorer
    Plagegeister aller Art und deren Bekämpfung - 28.04.2009 (10)
  13. Werbe PopUp beim Internet Explorer...
    Log-Analyse und Auswertung - 01.09.2008 (5)
  14. Internet Explorer öffnet ständig Werbe-Fenster
    Log-Analyse und Auswertung - 01.10.2007 (3)
  15. emule werbe-popups internet explorer
    Log-Analyse und Auswertung - 17.09.2007 (2)
  16. Ungewollte Werbe PopUps im Internet Explorer
    Plagegeister aller Art und deren Bekämpfung - 14.11.2005 (18)
  17. Sex- u. Pornoseiten
    Plagegeister aller Art und deren Bekämpfung - 31.01.2005 (1)

Zum Thema Internet Weiterleitung zu Werbe- und Pornoseiten - Hallo, wie bereits die Überschrift verrät werde ich dauern nach der Googlesuche auf Porno und oder Werbeseiten weitergeleitet. Ich habe bereits erfolglos mehrere Virenscanner und die Kaspersky Notfall CD 10 - Internet Weiterleitung zu Werbe- und Pornoseiten...
Archiv
Du betrachtest: Internet Weiterleitung zu Werbe- und Pornoseiten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.