| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google-Suchergebnisse verfälscht...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.01.2013, 15:54
| #1 |
 |  Google-Suchergebnisse verfälscht... Hallo, seit ein paar Tagen liefert Google mir unerwünschte Suchergebnisse und zwar stets von den selben dubiosen Websites. Folgende Bilder sollen illustrieren, wie das aussieht: [Bild 1 zeigt die 'normalen' Suchergebnisse, auf Bild 2 sind die 'verfälschten' zu sehen, zu denen Google nach knapp 1 Sekunde wechselt]   Suchmaschinen haben mir bisher nicht weitergeholfen, auch nicht die auf meinem System installierten Sicherheitsprogramme; ein Bekannter hat das System begutachtet, jedoch keine Lösung finden können. Ich hoffe, das Problem lässt sich nun hier beheben. |
|
31.01.2013, 16:05
| #2 |
| /// Malware-holic   | Google-Suchergebnisse verfälscht... hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
31.01.2013, 16:44
| #3 |
| | Google-Suchergebnisse verfälscht...Code:
ATTFilter OTL logfile created on: 31.01.2013 16:28:32 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = H:\Dokumente und Einstellungen\TERMINAL DOGMA\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 66,71% Memory free 3,60 Gb Paging File | 3,15 Gb Available in Paging File | 87,30% Paging File free Paging file location(s): H:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Programme Drive H: | 48,83 Gb Total Space | 17,24 Gb Free Space | 35,31% Space Free | Partition Type: NTFS Drive I: | 208,46 Gb Total Space | 113,23 Gb Free Space | 54,32% Space Free | Partition Type: NTFS Computer Name: MAGI | User Name: TERMINAL DOGMA | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.31 16:27:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Desktop\OTL.exe PRC - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- H:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.09.12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- H:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.07.03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- H:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.05.04 18:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- H:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe PRC - [2011.09.01 13:25:38 | 000,671,552 | ---- | M] (TuneUp Software) -- H:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe PRC - [2011.09.01 13:23:08 | 001,526,080 | ---- | M] (TuneUp Software) -- H:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- H:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe PRC - [2004.09.21 17:36:08 | 000,106,496 | ---- | M] () -- H:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe PRC - [2004.07.20 17:18:54 | 000,090,112 | ---- | M] (ICSI Technology Ltd.) -- H:\WINDOWS\Dit.exe PRC - [2004.02.24 13:05:58 | 000,508,416 | ---- | M] (Chicony) -- H:\WINDOWS\mHotkey.exe PRC - [2004.02.03 16:15:54 | 005,794,816 | ---- | M] (Chicony) -- H:\WINDOWS\CNYHKey.exe ========== Modules (No Company Name) ========== MOD - [2013.01.09 11:51:18 | 011,817,472 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\33ff7d73f01be8329a95c6e03f1dd555\System.Web.ni.dll MOD - [2013.01.09 11:48:29 | 000,971,264 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll MOD - [2013.01.09 11:48:18 | 000,025,600 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll MOD - [2013.01.09 09:59:42 | 005,450,752 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll MOD - [2013.01.09 09:59:31 | 012,433,920 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll MOD - [2013.01.09 09:59:05 | 001,593,856 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll MOD - [2013.01.09 09:57:09 | 007,977,984 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll MOD - [2013.01.09 09:57:00 | 011,492,352 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll MOD - [2013.01.09 09:56:14 | 000,303,104 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2011.08.29 18:39:10 | 000,011,776 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll MOD - [2011.08.29 18:39:10 | 000,008,704 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll MOD - [2011.08.29 18:39:10 | 000,007,680 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3693.42556__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll MOD - [2011.08.29 18:39:10 | 000,007,680 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll MOD - [2011.08.29 18:39:09 | 001,728,512 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2011.08.29 18:39:09 | 000,692,224 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3693.42508__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll MOD - [2011.08.29 18:39:09 | 000,364,544 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3693.42522__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2011.08.29 18:39:09 | 000,290,816 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2011.08.29 18:39:09 | 000,204,800 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2011.08.29 18:39:09 | 000,077,824 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3693.42517__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2011.08.29 18:39:09 | 000,040,960 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3693.42456__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2011.08.29 18:39:09 | 000,036,864 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2011.08.29 18:39:09 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3693.42451__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2011.08.29 18:39:08 | 000,491,520 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2011.08.29 18:39:08 | 000,073,728 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3693.42450__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2011.08.29 18:39:08 | 000,069,632 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3693.42499__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2011.08.29 18:39:07 | 000,139,264 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2011.08.29 18:39:07 | 000,106,496 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll MOD - [2011.08.29 18:39:07 | 000,028,672 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll MOD - [2011.08.29 18:39:06 | 000,364,544 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2011.08.29 18:39:06 | 000,094,208 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2011.08.29 18:39:06 | 000,061,440 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3693.42503__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2011.08.29 18:39:05 | 001,036,288 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Dashboard\2.0.3693.42473__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Dashboard.dll MOD - [2011.08.29 18:39:04 | 000,069,632 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Runtime\2.0.3693.42472__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Runtime.dll MOD - [2011.08.29 18:39:03 | 000,811,008 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3693.42488__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2011.08.29 18:39:03 | 000,405,504 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3693.42512__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2011.08.29 18:39:03 | 000,225,280 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2011.08.29 18:39:03 | 000,081,920 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2011.08.29 18:39:02 | 000,798,720 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3693.42518__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2011.08.29 18:39:02 | 000,712,704 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3693.42452__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2011.08.29 18:39:02 | 000,589,824 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2011.08.29 18:39:02 | 000,450,560 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3693.42482__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2011.08.29 18:39:02 | 000,126,976 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2011.08.29 18:39:02 | 000,040,960 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3693.42466__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2011.08.29 18:39:02 | 000,036,864 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2011.08.29 18:39:02 | 000,032,768 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3693.42497__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2011.08.29 18:39:01 | 000,675,840 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3693.42500__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll MOD - [2011.08.29 18:39:01 | 000,438,272 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2011.08.29 18:39:01 | 000,065,536 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2011.08.29 18:39:01 | 000,040,960 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2011.08.29 18:39:01 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2011.08.29 18:39:01 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2011.08.29 18:39:01 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2011.08.29 18:39:01 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2011.08.29 18:39:01 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2011.08.29 18:39:00 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2011.08.29 18:39:00 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2011.08.29 18:39:00 | 000,007,168 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2011.08.29 18:38:59 | 000,073,728 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll MOD - [2011.08.29 18:38:59 | 000,045,056 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2011.08.29 18:38:59 | 000,032,768 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll MOD - [2011.08.29 18:38:59 | 000,028,672 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2011.08.29 18:38:59 | 000,028,672 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2011.08.29 18:38:59 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2011.08.29 18:38:59 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll MOD - [2011.08.29 18:38:59 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll MOD - [2011.08.29 18:38:59 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2011.08.29 18:38:59 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll MOD - [2011.08.29 18:38:59 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2011.08.29 18:38:58 | 000,061,440 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2011.08.29 18:38:58 | 000,040,960 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2011.08.29 18:38:58 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2011.08.29 18:38:58 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2011.08.29 18:38:58 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2011.08.29 18:38:58 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll MOD - [2011.08.29 18:38:58 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2011.08.29 18:38:58 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2011.08.29 18:38:58 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2011.08.29 18:38:57 | 000,053,248 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2011.08.29 18:38:56 | 000,024,576 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.3309.28633__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.dll MOD - [2011.08.29 18:38:55 | 000,053,248 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2011.08.29 18:38:55 | 000,024,576 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2011.08.29 18:38:55 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2011.08.29 18:38:54 | 000,028,672 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2011.08.29 18:38:53 | 000,065,536 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2011.08.29 18:38:52 | 000,032,768 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2011.08.29 18:38:52 | 000,028,672 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2011.08.29 18:38:51 | 000,053,248 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2011.08.29 18:38:51 | 000,049,152 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2011.08.29 18:38:51 | 000,040,960 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2011.08.29 18:38:51 | 000,028,672 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2011.08.29 18:38:51 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll MOD - [2011.08.29 18:38:50 | 000,045,056 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2011.08.29 18:38:50 | 000,024,576 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2011.08.29 18:38:50 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2011.08.29 18:38:49 | 000,013,312 | ---- | M] () -- H:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2011.08.29 18:38:49 | 000,007,168 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3693.42437__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2011.08.29 18:38:48 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2011.08.29 18:38:48 | 000,014,848 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2011.08.29 18:38:47 | 000,106,496 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll MOD - [2011.08.29 18:38:47 | 000,032,768 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2011.08.29 18:38:46 | 000,405,504 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2011.08.29 18:38:46 | 000,061,440 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2011.08.29 18:38:46 | 000,057,344 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2011.08.29 18:38:46 | 000,040,960 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2011.08.29 18:38:46 | 000,024,576 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2011.08.29 18:38:46 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2011.08.29 18:38:45 | 001,142,784 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2011.08.29 18:38:45 | 000,081,920 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2011.08.29 18:38:45 | 000,081,920 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll MOD - [2011.08.29 18:38:45 | 000,061,440 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3693.42439__90ba9c70f846762e\APM.Server.dll MOD - [2011.08.29 18:38:45 | 000,045,056 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2011.08.29 18:38:45 | 000,040,960 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2011.08.29 18:38:45 | 000,032,768 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2011.08.29 18:38:45 | 000,028,672 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll MOD - [2011.08.29 18:38:45 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2011.08.29 18:38:45 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2011.08.29 18:38:44 | 000,045,056 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll MOD - [2009.11.24 12:36:36 | 000,016,384 | R--- | M] () -- H:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2004.09.21 17:36:08 | 000,106,496 | ---- | M] () -- H:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe MOD - [2003.06.16 16:42:20 | 000,049,152 | ---- | M] () -- H:\WINDOWS\CNYUSB.dll MOD - [2003.05.27 16:13:02 | 000,024,576 | ---- | M] () -- H:\WINDOWS\HKCYDLL.dll MOD - [2003.05.16 19:09:32 | 000,011,776 | ---- | M] () -- H:\WINDOWS\HIDMNT.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- J:\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013.01.19 09:56:28 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- H:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.09 19:14:21 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.08 18:16:19 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- H:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.08.03 19:36:38 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- H:\Programme\Gemeinsame Dateien\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.04 18:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- H:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2011.09.01 13:23:08 | 001,526,080 | ---- | M] (TuneUp Software) [Auto | Running] -- H:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.09.01 13:19:26 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- H:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2007.12.17 14:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) SRV - [2007.01.11 14:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) SRV - [2004.09.21 17:36:08 | 000,106,496 | ---- | M] () [Auto | Running] -- H:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service) SRV - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand | Stopped] -- H:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\XDva401.sys -- (XDva401) DRV - File not found [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\XDva400.sys -- (XDva400) DRV - File not found [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\XDva399.sys -- (XDva399) DRV - File not found [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\XDva398.sys -- (XDva398) DRV - File not found [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\XDva397.sys -- (XDva397) DRV - File not found [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\XDva392.sys -- (XDva392) DRV - File not found [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\XDva391.sys -- (XDva391) DRV - File not found [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\XDva390.sys -- (XDva390) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- H:\DOKUME~1\TERMIN~1\LOKALE~1\Temp\CFcatchme.sys -- (CFcatchme) DRV - File not found [Kernel | On_Demand | Stopped] -- H:\ComboFix\catchme.sys -- (catchme) DRV - [2013.01.31 16:26:58 | 000,017,408 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\USBCRFT.SYS -- (CardReaderFilter) DRV - [2012.06.03 09:44:46 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- H:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2011.06.06 15:03:54 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- H:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011.01.01 10:12:18 | 000,081,168 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV - [2010.06.07 04:12:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2010.04.28 00:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2010.04.28 00:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2010.04.28 00:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2010.04.27 22:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2010.02.11 08:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.03.09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0) DRV - [2004.10.01 13:58:10 | 001,272,000 | R--- | M] (C-Media Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax) DRV - [2004.09.22 17:08:46 | 000,081,548 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr) DRV - [2004.09.21 17:18:52 | 000,061,048 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\VComm.sys -- (VComm) DRV - [2004.09.21 17:18:40 | 000,023,640 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2004.09.21 17:18:36 | 000,019,712 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2004.09.21 17:18:02 | 000,028,719 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr) DRV - [2004.09.21 17:18:02 | 000,011,604 | ---- | M] () [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum) DRV - [2004.09.21 17:15:34 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT) DRV - [2004.03.17 15:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) DRV - [2004.01.16 12:02:58 | 000,017,408 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF) DRV - [2003.12.19 16:13:30 | 000,011,672 | ---- | M] (Chicony) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\UKBFLT.sys -- (UKBFLT) DRV - [2002.04.24 11:07:56 | 000,019,928 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\wbscr.sys -- (wbscr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{64B80B97-414B-4D64-91C9-285ED11CFADE}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\..\SearchScopes,DefaultScope = {64B80B97-414B-4D64-91C9-285ED11CFADE} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{64B80B97-414B-4D64-91C9-285ED11CFADE}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deAT459 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: H:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: H:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: H:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: H:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: K:\lib\deploy\jqs\ff FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: H:\Programme\Mozilla Firefox\components [2013.01.19 09:56:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: H:\Programme\Mozilla Firefox\plugins [2013.01.19 09:55:35 | 000,000,000 | ---D | M] [2011.08.29 15:14:34 | 000,000,000 | ---D | M] (No name found) -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Anwendungsdaten\Mozilla\Extensions [2013.01.13 12:09:25 | 000,000,000 | ---D | M] (No name found) -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Anwendungsdaten\Mozilla\Firefox\Profiles\9ic1goaj.default\extensions [2013.01.13 12:09:25 | 000,316,778 | ---- | M] () (No name found) -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Anwendungsdaten\Mozilla\Firefox\Profiles\9ic1goaj.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2012.11.23 19:10:29 | 000,804,627 | ---- | M] () (No name found) -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Anwendungsdaten\Mozilla\Firefox\Profiles\9ic1goaj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.19 09:55:33 | 000,000,000 | ---D | M] (No name found) -- H:\Programme\Mozilla Firefox\extensions [2011.09.01 07:43:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- H:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2013.01.19 09:56:29 | 000,262,552 | ---- | M] (Mozilla Foundation) -- H:\Programme\mozilla firefox\components\browsercomps.dll [2012.06.10 12:49:21 | 000,001,392 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 17:18:52 | 000,002,465 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.10 12:49:21 | 000,001,153 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.10 12:49:21 | 000,006,805 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.10 12:49:21 | 000,001,178 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.10 12:49:21 | 000,001,105 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.01.11 14:13:34 | 000,444,298 | R--- | M]) - H:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15287 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - K:\lib\deploy\jqs\ie\jqs_plugin.dll File not found O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - H:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - H:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - H:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [CHotkey] H:\WINDOWS\mHotkey.exe (Chicony) O4 - HKLM..\Run: [Dit] H:\WINDOWS\Dit.exe (ICSI Technology Ltd.) O4 - HKLM..\Run: [ledpointer] H:\WINDOWS\CNYHKey.exe (Chicony) O4 - HKLM..\Run: [MSC] H:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [StartCCC] H:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] H:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] H:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider) O4 - HKCU..\Run: [SpybotSD TeaTimer] H:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: H:\Dokumente und Einstellungen\TERMINAL DOGMA\Startmenü\Programme\Autostart\Adobe Gamma.lnk = H:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1346358755359 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1314636246562 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBACB145-7B96-4973-8DFA-49BC293A7104}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - H:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: H:\Dokumente und Einstellungen\TERMINAL DOGMA\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: H:\Dokumente und Einstellungen\TERMINAL DOGMA\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection H:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection H:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - H:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - H:\WINDOWS\system32\Rundll32.exe H:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - H:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - H:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - H:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "H:\WINDOWS\system32\rundll32.exe" "H:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: UxTuneUp - H:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.01.31 16:27:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Desktop\OTL.exe [2013.01.19 09:55:33 | 000,000,000 | ---D | C] -- H:\Programme\Mozilla Firefox [2013.01.09 10:23:45 | 000,000,000 | RH-D | C] -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Recent [2013.01.08 18:33:45 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Eigene Dateien\Updater [2013.01.08 18:33:28 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Lokale Einstellungen\Anwendungsdaten\Adobe [2013.01.08 18:16:38 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Dokumente\Adobe PDF [2013.01.08 18:16:09 | 000,000,000 | ---D | C] -- H:\Programme\Gemeinsame Dateien\Adobe Systems Shared [2013.01.08 18:14:55 | 000,000,000 | ---D | C] -- H:\Programme\Gemeinsame Dateien\Adobe [2013.01.08 18:14:35 | 000,000,000 | ---D | C] -- H:\Programme\Adobe [2013.01.08 18:13:45 | 000,000,000 | ---D | C] -- H:\PhSp_CS2_UE_Ret [6 H:\WINDOWS\System32\*.tmp files -> H:\WINDOWS\System32\*.tmp -> ] [4 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.31 16:27:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Desktop\OTL.exe [2013.01.31 16:26:58 | 000,017,408 | ---- | M] (ICSI Technology Ltd.) -- H:\WINDOWS\System32\drivers\USBCRFT.SYS [2013.01.31 16:26:53 | 000,001,102 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.01.31 16:26:46 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat [2013.01.31 16:14:00 | 000,000,884 | ---- | M] () -- H:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.01.31 16:01:00 | 000,001,106 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.01.31 15:38:08 | 000,000,386 | -H-- | M] () -- H:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013.01.29 09:00:42 | 000,164,320 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT [2013.01.27 20:04:27 | 000,002,206 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl [2013.01.16 18:36:01 | 000,022,528 | ---- | M] () -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.11 14:13:34 | 000,444,298 | R--- | M] () -- H:\WINDOWS\System32\drivers\etc\hosts [2013.01.09 09:56:32 | 000,448,898 | ---- | M] () -- H:\WINDOWS\System32\perfh007.dat [2013.01.09 09:56:32 | 000,432,784 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat [2013.01.09 09:56:32 | 000,080,338 | ---- | M] () -- H:\WINDOWS\System32\perfc007.dat [2013.01.09 09:56:32 | 000,067,740 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat [2013.01.08 18:16:53 | 000,001,008 | ---- | M] () -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Startmenü\Programme\Autostart\Adobe Gamma.lnk [6 H:\WINDOWS\System32\*.tmp files -> H:\WINDOWS\System32\*.tmp -> ] [4 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.14 10:11:40 | 000,167,456 | ---- | C] () -- H:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2013.01.08 18:16:53 | 000,001,008 | ---- | C] () -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Startmenü\Programme\Autostart\Adobe Gamma.lnk [2013.01.08 18:15:20 | 000,001,762 | ---- | C] () -- H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Photoshop CS2.lnk [2012.12.10 18:36:24 | 000,033,792 | ---- | C] () -- H:\WINDOWS\System32\drivers\libusb0.sys [2012.07.03 09:56:17 | 000,005,504 | ---- | C] () -- H:\WINDOWS\System32\drivers\StarOpen.sys [2012.02.16 06:02:23 | 000,003,072 | ---- | C] () -- H:\WINDOWS\System32\iacenc.dll [2011.12.25 15:36:25 | 000,000,075 | ---- | C] () -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\jagex_cl_runescape_LIVE.dat [2011.12.25 15:36:25 | 000,000,024 | ---- | C] () -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\random.dat [2011.11.13 21:57:54 | 000,000,116 | ---- | C] () -- H:\WINDOWS\NeroDigital.ini [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- H:\WINDOWS\System32\xlive.dll.cat [2011.09.01 08:13:10 | 000,022,528 | ---- | C] () -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.30 07:51:48 | 000,000,097 | ---- | C] () -- H:\WINDOWS\System32\PICSDK.ini [2011.08.30 07:51:47 | 000,111,932 | ---- | C] () -- H:\WINDOWS\System32\EPPICPrinterDB.dat [2011.08.30 07:51:47 | 000,031,053 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern131.dat [2011.08.30 07:51:47 | 000,027,417 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern121.dat [2011.08.30 07:51:47 | 000,026,154 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern1.dat [2011.08.30 07:51:47 | 000,024,903 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern3.dat [2011.08.30 07:51:47 | 000,021,390 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern5.dat [2011.08.30 07:51:47 | 000,020,148 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern2.dat [2011.08.30 07:51:47 | 000,011,811 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern4.dat [2011.08.30 07:51:47 | 000,004,943 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern6.dat [2011.08.30 07:51:47 | 000,001,146 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_DU.dat [2011.08.30 07:51:47 | 000,001,139 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_PT.dat [2011.08.30 07:51:47 | 000,001,139 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_BP.dat [2011.08.30 07:51:47 | 000,001,136 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_ES.dat [2011.08.30 07:51:47 | 000,001,129 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_FR.dat [2011.08.30 07:51:47 | 000,001,129 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_CF.dat [2011.08.30 07:51:47 | 000,001,120 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_IT.dat [2011.08.30 07:51:47 | 000,001,107 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_GE.dat [2011.08.30 07:51:47 | 000,001,104 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_EN.dat [2011.08.30 07:49:38 | 000,000,025 | ---- | C] () -- H:\WINDOWS\CDESX100DEFGIPS.ini [2011.08.29 20:22:01 | 000,000,400 | ---- | C] () -- H:\WINDOWS\ODBC.INI [2011.08.29 16:49:45 | 000,000,000 | ---- | C] () -- H:\WINDOWS\ativpsrm.bin [2011.08.29 15:20:22 | 000,004,161 | ---- | C] () -- H:\WINDOWS\ODBCINST.INI [2011.08.29 15:20:15 | 000,593,920 | ---- | C] () -- H:\WINDOWS\System32\ati2sgag.exe [2011.08.29 15:19:11 | 000,164,320 | ---- | C] () -- H:\WINDOWS\System32\FNTCACHE.DAT [2011.08.29 15:03:20 | 000,532,544 | ---- | C] () -- H:\WINDOWS\PIC.dll [2011.08.29 15:03:20 | 000,049,152 | ---- | C] () -- H:\WINDOWS\CNYUSB.dll [2011.08.29 15:03:20 | 000,024,576 | ---- | C] () -- H:\WINDOWS\HKCYDLL.dll [2011.08.29 15:03:20 | 000,011,776 | ---- | C] () -- H:\WINDOWS\HIDMNT.dll [2011.08.29 15:03:20 | 000,000,360 | ---- | C] () -- H:\WINDOWS\CNYHKey.ini [2011.08.29 15:00:14 | 000,001,176 | R--- | C] () -- H:\WINDOWS\ImpTable.bin [2011.08.29 15:00:12 | 000,237,568 | R--- | C] () -- H:\WINDOWS\System32\cmirmdrv.exe [2011.08.29 15:00:12 | 000,028,672 | R--- | C] () -- H:\WINDOWS\System32\cmirmdrv.dll [2011.08.29 14:59:00 | 000,127,184 | ---- | C] () -- H:\WINDOWS\Unwise.exe [2011.08.29 14:56:50 | 000,000,269 | ---- | C] () -- H:\WINDOWS\Dit.INI [2011.08.29 14:55:14 | 000,013,299 | ---- | C] () -- H:\WINDOWS\System32\drivers\packet.sys [2011.08.29 14:55:14 | 000,011,604 | ---- | C] () -- H:\WINDOWS\System32\drivers\vbtenum.sys [2011.08.29 14:34:55 | 000,002,048 | --S- | C] () -- H:\WINDOWS\bootstat.dat [2011.08.29 14:30:47 | 000,021,740 | ---- | C] () -- H:\WINDOWS\System32\emptyregdb.dat ========== ZeroAccess Check ========== [2011.08.29 18:35:42 | 000,000,227 | RHS- | M] () -- H:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010.04.16 17:06:44 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.08.29 15:02:29 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth [2012.07.03 09:56:58 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2011.11.22 15:18:59 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ebner [2011.08.30 07:50:42 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2011.09.05 14:27:29 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GARMIN [2012.02.24 10:24:25 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp [2011.08.29 17:18:12 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2011.08.29 17:17:18 | 000,000,000 | -HSD | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2012.04.01 13:50:09 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Anwendungsdaten\Alien Skin [2012.07.03 09:56:58 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Anwendungsdaten\Canneverbe Limited [2012.05.06 19:55:51 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Anwendungsdaten\DVDVideoSoft [2011.11.22 15:20:10 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Anwendungsdaten\Ebner [2012.08.30 20:37:04 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Anwendungsdaten\ElevatedDiagnostics [2011.08.30 08:06:34 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Anwendungsdaten\EPSON [2011.09.07 09:10:45 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Anwendungsdaten\Foxit Software [2011.09.05 14:27:29 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Anwendungsdaten\GARMIN [2012.06.09 10:00:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Anwendungsdaten\Oracle [2012.09.01 07:37:27 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Anwendungsdaten\QuickScan [2011.08.29 18:54:10 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Anwendungsdaten\TuneUp Software [2013.01.25 07:45:13 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\Anwendungsdaten\uTorrent ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.08.29 15:18:43 | 000,000,000 | ---D | M] -- H:\ATI [2012.08.31 17:56:59 | 000,000,000 | RHSD | M] -- H:\cmdcons [2011.08.29 14:49:41 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen [2011.09.05 14:46:58 | 000,000,000 | ---D | M] -- H:\Garmin [2011.08.29 18:28:57 | 000,000,000 | ---D | M] -- H:\Intel [2012.08.16 09:28:26 | 000,000,000 | ---D | M] -- H:\Medion [2011.10.31 17:21:43 | 000,000,000 | ---D | M] -- H:\Netgear [2011.09.29 07:49:18 | 000,000,000 | ---D | M] -- H:\Perfect World Entertainment [2013.01.08 18:14:12 | 000,000,000 | ---D | M] -- H:\PhSp_CS2_UE_Ret [2013.01.31 15:56:26 | 000,000,000 | R--D | M] -- H:\Programme [2012.09.02 14:59:34 | 000,000,000 | -HSD | M] -- H:\RECYCLER [2013.01.31 15:37:03 | 000,000,000 | -HSD | M] -- H:\System Volume Information [2012.12.12 14:56:08 | 000,000,000 | ---D | M] -- H:\tmp [2011.09.05 14:25:52 | 000,000,000 | ---D | M] -- H:\WebUpdater [2013.01.15 17:03:56 | 000,000,000 | ---D | M] -- H:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2011.08.29 14:31:25 | 000,000,065 | RH-- | C] () -- H:\WINDOWS\Tasks\desktop.ini [2011.08.29 14:44:31 | 000,000,006 | -H-- | C] () -- H:\WINDOWS\Tasks\SA.DAT [2011.09.05 14:31:33 | 000,001,102 | ---- | C] () -- H:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [2011.09.05 14:31:34 | 000,001,106 | ---- | C] () -- H:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [2012.07.25 08:02:22 | 000,000,884 | ---- | C] () -- H:\WINDOWS\Tasks\Adobe Flash Player Updater.job [2012.10.02 13:29:30 | 000,000,386 | -H-- | C] () -- H:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job < MD5 for: AGP440.SYS > [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2011.08.29 18:05:50 | 023,898,261 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2011.08.29 18:05:50 | 023,898,261 | ---- | M] () .cab file -- H:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- H:\WINDOWS\erdnt\cache\agp440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- H:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- H:\WINDOWS\system32\dllcache\agp440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- H:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2011.08.29 18:05:50 | 023,898,261 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2011.08.29 18:05:50 | 023,898,261 | ---- | M] () .cab file -- H:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- H:\WINDOWS\erdnt\cache\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- H:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- H:\WINDOWS\system32\dllcache\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- H:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- H:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys [2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- H:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- H:\WINDOWS\erdnt\cache\eventlog.dll [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- H:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- H:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- H:\WINDOWS\erdnt\cache\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- H:\WINDOWS\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- H:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- H:\WINDOWS\erdnt\cache\netlogon.dll [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- H:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- H:\WINDOWS\system32\netlogon.dll [2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- H:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- H:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- H:\WINDOWS\erdnt\cache\scecli.dll [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- H:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- H:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- H:\WINDOWS\erdnt\cache\user32.dll [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- H:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- H:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\WINDOWS\erdnt\cache\userinit.exe [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\WINDOWS\erdnt\cache\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- H:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- H:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2011.08.29 16:18:37 | 000,094,208 | ---- | M] () -- H:\WINDOWS\System32\config\default.sav [2011.08.29 16:18:37 | 000,638,976 | ---- | M] () -- H:\WINDOWS\System32\config\software.sav [2011.08.29 16:18:37 | 000,466,944 | ---- | M] () -- H:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [6 H:\WINDOWS\system32\*.tmp files -> H:\WINDOWS\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2011.08.29 18:39:11 | 000,075,485 | ---- | M] () -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\CCCInstall_201108291939111250.log [2011.12.25 15:55:02 | 000,000,075 | ---- | M] () -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\jagex_cl_runescape_LIVE.dat [2013.01.31 16:25:57 | 009,961,472 | -H-- | M] () -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\NTUSER.DAT [2013.01.31 16:28:32 | 000,001,024 | -H-- | M] () -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\ntuser.dat.LOG [2011.08.30 08:30:27 | 000,000,000 | -H-- | M] () -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\NTUSER.DAT_tureg_new.LOG [2012.02.02 12:13:02 | 003,932,160 | -H-- | M] () -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\NTUSER.DAT_tureg_old [2013.01.31 16:25:57 | 000,000,190 | -HS- | M] () -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\ntuser.ini [2011.12.25 15:58:22 | 000,000,024 | ---- | M] () -- H:\Dokumente und Einstellungen\TERMINAL DOGMA\random.dat < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.11.13 12:55:38 | 001,866,496 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < End of report > Wo finde ich die Datei 'Extra.txt'? Am Desktop war sie jedenfalls nicht... |
|
31.01.2013, 17:15
| #4 |
| /// Malware-holic | Google-Suchergebnisse verfälscht... hi hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
:Files
:Commands
[resethosts]
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.01.2013, 17:21
| #5 |
| | Google-Suchergebnisse verfälscht...Code:
ATTFilter All processes killed
========== OTL ==========
========== COMMANDS ==========
H:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: TERMINAL DOGMA
->Flash cache emptied: 3133341 bytes
Total Flash Files Cleaned = 3,00 mb
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 1553682 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: TERMINAL DOGMA
->Temp folder emptied: 40852811 bytes
->Temporary Internet Files folder emptied: 415705597 bytes
->Java cache emptied: 3014345 bytes
->FireFox cache emptied: 177659099 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134333 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1228930 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 613,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01312013_171659
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
31.01.2013, 17:39
| #6 |
| /// Malware-holic | Google-Suchergebnisse verfälscht... hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ --> Google-Suchergebnisse verfälscht... |
|
31.01.2013, 17:52
| #7 |
| | Google-Suchergebnisse verfälscht...Code:
ATTFilter 17:50:58.0031 3968 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:50:58.0203 3968 ============================================================
17:50:58.0203 3968 Current date / time: 2013/01/31 17:50:58.0203
17:50:58.0203 3968 SystemInfo:
17:50:58.0203 3968
17:50:58.0203 3968 OS Version: 5.1.2600 ServicePack: 3.0
17:50:58.0203 3968 Product type: Workstation
17:50:58.0203 3968 ComputerName: MAGI
17:50:58.0203 3968 UserName: TERMINAL DOGMA
17:50:58.0203 3968 Windows directory: H:\WINDOWS
17:50:58.0203 3968 System windows directory: H:\WINDOWS
17:50:58.0203 3968 Processor architecture: Intel x86
17:50:58.0203 3968 Number of processors: 2
17:50:58.0203 3968 Page size: 0x1000
17:50:58.0203 3968 Boot type: Normal boot
17:50:58.0203 3968 ============================================================
17:51:00.0234 3968 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:51:00.0265 3968 ============================================================
17:51:00.0265 3968 \Device\Harddisk0\DR0:
17:51:00.0281 3968 MBR partitions:
17:51:00.0281 3968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927
17:51:00.0296 3968 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61A79A5, BlocksNum 0x1A0EC9CE
17:51:00.0296 3968 ============================================================
17:51:00.0296 3968 H: <-> \Device\Harddisk0\DR0\Partition1
17:51:00.0343 3968 I: <-> \Device\Harddisk0\DR0\Partition2
17:51:00.0343 3968 ============================================================
17:51:00.0343 3968 Initialize success
17:51:00.0343 3968 ============================================================
17:51:24.0390 1460 ============================================================
17:51:24.0390 1460 Scan started
17:51:24.0390 1460 Mode: Manual; SigCheck; TDLFS;
17:51:24.0390 1460 ============================================================
17:51:24.0734 1460 ================ Scan system memory ========================
17:51:24.0734 1460 System memory - ok
17:51:24.0734 1460 ================ Scan services =============================
17:51:24.0843 1460 Abiosdsk - ok
17:51:24.0843 1460 abp480n5 - ok
17:51:24.0875 1460 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI H:\WINDOWS\system32\DRIVERS\ACPI.sys
17:51:25.0562 1460 ACPI - ok
17:51:25.0578 1460 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC H:\WINDOWS\system32\drivers\ACPIEC.sys
17:51:25.0703 1460 ACPIEC - ok
17:51:25.0781 1460 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service H:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
17:51:25.0812 1460 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
17:51:25.0812 1460 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
17:51:25.0875 1460 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:51:25.0906 1460 AdobeFlashPlayerUpdateSvc - ok
17:51:25.0921 1460 adpu160m - ok
17:51:25.0937 1460 [ 8BED39E3C35D6A489438B8141717A557 ] aec H:\WINDOWS\system32\drivers\aec.sys
17:51:26.0062 1460 aec - ok
17:51:26.0093 1460 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD H:\WINDOWS\System32\drivers\afd.sys
17:51:26.0109 1460 AFD - ok
17:51:26.0125 1460 Aha154x - ok
17:51:26.0125 1460 aic78u2 - ok
17:51:26.0140 1460 aic78xx - ok
17:51:26.0171 1460 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter H:\WINDOWS\system32\alrsvc.dll
17:51:26.0312 1460 Alerter - ok
17:51:26.0328 1460 [ 190CD73D4984F94D823F9444980513E5 ] ALG H:\WINDOWS\System32\alg.exe
17:51:26.0468 1460 ALG - ok
17:51:26.0468 1460 AliIde - ok
17:51:26.0484 1460 amsint - ok
17:51:26.0484 1460 AppMgmt - ok
17:51:26.0500 1460 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 H:\WINDOWS\system32\DRIVERS\arp1394.sys
17:51:26.0625 1460 Arp1394 - ok
17:51:26.0625 1460 asc - ok
17:51:26.0640 1460 asc3350p - ok
17:51:26.0656 1460 asc3550 - ok
17:51:26.0718 1460 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:51:26.0750 1460 aspnet_state - ok
17:51:26.0765 1460 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac H:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:51:26.0875 1460 AsyncMac - ok
17:51:26.0906 1460 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi H:\WINDOWS\system32\DRIVERS\atapi.sys
17:51:27.0015 1460 atapi - ok
17:51:27.0031 1460 Atdisk - ok
17:51:27.0062 1460 [ 471087B5E1E01CC82604E81EA14781D8 ] Ati HotKey Poller H:\WINDOWS\system32\Ati2evxx.exe
17:51:27.0109 1460 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - warning
17:51:27.0109 1460 Ati HotKey Poller - detected UnsignedFile.Multi.Generic (1)
17:51:27.0125 1460 [ B979BA0120B6DB757196A8E2E873FE3C ] ATI Smart H:\WINDOWS\system32\ati2sgag.exe
17:51:27.0171 1460 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
17:51:27.0171 1460 ATI Smart - detected UnsignedFile.Multi.Generic (1)
17:51:27.0250 1460 [ C0B86ECB324E50F6BBD529F9D5C6B24B ] ati2mtag H:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:51:27.0875 1460 ati2mtag ( UnsignedFile.Multi.Generic ) - warning
17:51:27.0875 1460 ati2mtag - detected UnsignedFile.Multi.Generic (1)
17:51:27.0906 1460 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc H:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:51:28.0031 1460 Atmarpc - ok
17:51:28.0062 1460 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv H:\WINDOWS\System32\audiosrv.dll
17:51:28.0171 1460 AudioSrv - ok
17:51:28.0187 1460 [ D9F724AA26C010A217C97606B160ED68 ] audstub H:\WINDOWS\system32\DRIVERS\audstub.sys
17:51:28.0296 1460 audstub - ok
17:51:28.0328 1460 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep H:\WINDOWS\system32\drivers\Beep.sys
17:51:28.0468 1460 Beep - ok
17:51:28.0484 1460 [ D6F603772A789BB3228F310D650B8BD1 ] BITS H:\WINDOWS\system32\qmgr.dll
17:51:28.0656 1460 BITS - ok
17:51:28.0671 1460 [ 59B6F5ACC898D123F0CDA4F5AFE5CC16 ] BlueletAudio H:\WINDOWS\system32\DRIVERS\blueletaudio.sys
17:51:28.0718 1460 BlueletAudio ( UnsignedFile.Multi.Generic ) - warning
17:51:28.0718 1460 BlueletAudio - detected UnsignedFile.Multi.Generic (1)
17:51:28.0750 1460 [ B95DCFA52F9BDB2DE602B56A384CA63D ] BlueSoleil Hid Service H:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
17:51:28.0765 1460 BlueSoleil Hid Service ( UnsignedFile.Multi.Generic ) - warning
17:51:28.0765 1460 BlueSoleil Hid Service - detected UnsignedFile.Multi.Generic (1)
17:51:28.0796 1460 [ B71549F23736ADF83A571061C47777FD ] Browser H:\WINDOWS\System32\browser.dll
17:51:28.0843 1460 Browser - ok
17:51:28.0859 1460 [ 9DA8ABC4885AFF4793D4AA420E40BB12 ] BT H:\WINDOWS\system32\DRIVERS\btnetdrv.sys
17:51:28.0937 1460 BT ( UnsignedFile.Multi.Generic ) - warning
17:51:28.0937 1460 BT - detected UnsignedFile.Multi.Generic (1)
17:51:28.0953 1460 [ 89C42B67AA4B2478B1CF738FB8F68EF6 ] Btcsrusb H:\WINDOWS\system32\Drivers\btcusb.sys
17:51:28.0984 1460 Btcsrusb ( UnsignedFile.Multi.Generic ) - warning
17:51:28.0984 1460 Btcsrusb - detected UnsignedFile.Multi.Generic (1)
17:51:28.0984 1460 [ 083AD7F6FF500D0A93C0BEA2CF298C93 ] BTHidEnum H:\WINDOWS\system32\DRIVERS\vbtenum.sys
17:51:29.0031 1460 BTHidEnum ( UnsignedFile.Multi.Generic ) - warning
17:51:29.0031 1460 BTHidEnum - detected UnsignedFile.Multi.Generic (1)
17:51:29.0046 1460 [ 445FF6802F15EF240077F8FA96F69426 ] BTHidMgr H:\WINDOWS\system32\Drivers\BTHidMgr.sys
17:51:29.0078 1460 BTHidMgr ( UnsignedFile.Multi.Generic ) - warning
17:51:29.0078 1460 BTHidMgr - detected UnsignedFile.Multi.Generic (1)
17:51:29.0093 1460 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 H:\WINDOWS\system32\drivers\BVRPMPR5.SYS
17:51:29.0109 1460 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
17:51:29.0109 1460 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
17:51:29.0125 1460 [ 66B71DD7794D3B8A88CCB645896D3E53 ] CardReaderFilter H:\WINDOWS\system32\Drivers\USBCRFT.SYS
17:51:29.0156 1460 CardReaderFilter ( UnsignedFile.Multi.Generic ) - warning
17:51:29.0156 1460 CardReaderFilter - detected UnsignedFile.Multi.Generic (1)
17:51:29.0156 1460 catchme - ok
17:51:29.0187 1460 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k H:\WINDOWS\system32\drivers\cbidf2k.sys
17:51:29.0296 1460 cbidf2k - ok
17:51:29.0312 1460 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE H:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:51:29.0437 1460 CCDECODE - ok
17:51:29.0437 1460 cd20xrnt - ok
17:51:29.0468 1460 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio H:\WINDOWS\system32\drivers\Cdaudio.sys
17:51:29.0578 1460 Cdaudio - ok
17:51:29.0593 1460 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs H:\WINDOWS\system32\drivers\Cdfs.sys
17:51:29.0734 1460 Cdfs - ok
17:51:29.0750 1460 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom H:\WINDOWS\system32\DRIVERS\cdrom.sys
17:51:29.0859 1460 Cdrom - ok
17:51:29.0953 1460 CFcatchme - ok
17:51:29.0953 1460 Changer - ok
17:51:29.0984 1460 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc H:\WINDOWS\system32\cisvc.exe
17:51:30.0109 1460 CiSvc - ok
17:51:30.0125 1460 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv H:\WINDOWS\system32\clipsrv.exe
17:51:30.0234 1460 ClipSrv - ok
17:51:30.0265 1460 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:51:30.0296 1460 clr_optimization_v2.0.50727_32 - ok
17:51:30.0312 1460 CmdIde - ok
17:51:30.0359 1460 [ 53C90D77476EDD52B3ABAFCA8D5D01DB ] cmudax H:\WINDOWS\system32\drivers\cmudax.sys
17:51:30.0453 1460 cmudax - ok
17:51:30.0453 1460 COMSysApp - ok
17:51:30.0468 1460 Cpqarray - ok
17:51:30.0500 1460 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc H:\WINDOWS\System32\cryptsvc.dll
17:51:30.0625 1460 CryptSvc - ok
17:51:30.0640 1460 dac2w2k - ok
17:51:30.0656 1460 dac960nt - ok
17:51:30.0687 1460 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch H:\WINDOWS\system32\rpcss.dll
17:51:30.0750 1460 DcomLaunch - ok
17:51:30.0781 1460 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp H:\WINDOWS\System32\dhcpcsvc.dll
17:51:30.0906 1460 Dhcp - ok
17:51:30.0937 1460 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk H:\WINDOWS\system32\DRIVERS\disk.sys
17:51:31.0046 1460 Disk - ok
17:51:31.0062 1460 dmadmin - ok
17:51:31.0093 1460 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot H:\WINDOWS\system32\drivers\dmboot.sys
17:51:31.0250 1460 dmboot - ok
17:51:31.0265 1460 [ 53720AB12B48719D00E327DA470A619A ] dmio H:\WINDOWS\system32\drivers\dmio.sys
17:51:31.0390 1460 dmio - ok
17:51:31.0437 1460 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload H:\WINDOWS\system32\drivers\dmload.sys
17:51:31.0546 1460 dmload - ok
17:51:31.0562 1460 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver H:\WINDOWS\System32\dmserver.dll
17:51:31.0687 1460 dmserver - ok
17:51:31.0703 1460 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic H:\WINDOWS\system32\drivers\DMusic.sys
17:51:31.0828 1460 DMusic - ok
17:51:31.0859 1460 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache H:\WINDOWS\System32\dnsrslvr.dll
17:51:31.0921 1460 Dnscache - ok
17:51:31.0953 1460 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc H:\WINDOWS\System32\dot3svc.dll
17:51:32.0062 1460 Dot3svc - ok
17:51:32.0062 1460 dpti2o - ok
17:51:32.0078 1460 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud H:\WINDOWS\system32\drivers\drmkaud.sys
17:51:32.0203 1460 drmkaud - ok
17:51:32.0218 1460 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost H:\WINDOWS\System32\eapsvc.dll
17:51:32.0343 1460 EapHost - ok
17:51:32.0390 1460 [ EC6A73CD8413F68655E5E0B99C415A21 ] EPSON_EB_RPCV4_01 H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S40ST7.EXE
17:51:32.0421 1460 EPSON_EB_RPCV4_01 - ok
17:51:32.0437 1460 [ 8FE6AB59CAB8F2C038FEA9522A5EEBA7 ] EPSON_PM_RPCV4_01 H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S40RP7.EXE
17:51:32.0453 1460 EPSON_PM_RPCV4_01 - ok
17:51:32.0484 1460 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc H:\WINDOWS\System32\ersvc.dll
17:51:32.0609 1460 ERSvc - ok
17:51:32.0640 1460 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog H:\WINDOWS\system32\services.exe
17:51:32.0687 1460 Eventlog - ok
17:51:32.0703 1460 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem H:\WINDOWS\system32\es.dll
17:51:32.0734 1460 EventSystem - ok
17:51:32.0765 1460 [ 38D332A6D56AF32635675F132548343E ] Fastfat H:\WINDOWS\system32\drivers\Fastfat.sys
17:51:32.0875 1460 Fastfat - ok
17:51:32.0906 1460 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility H:\WINDOWS\System32\shsvcs.dll
17:51:32.0968 1460 FastUserSwitchingCompatibility - ok
17:51:33.0031 1460 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc H:\WINDOWS\system32\DRIVERS\fdc.sys
17:51:33.0140 1460 Fdc - ok
17:51:33.0156 1460 [ 29063004926B225C417E7147822F5866 ] FETNDISB H:\WINDOWS\system32\DRIVERS\fetnd5b.sys
17:51:33.0187 1460 FETNDISB - ok
17:51:33.0203 1460 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips H:\WINDOWS\system32\drivers\Fips.sys
17:51:33.0312 1460 Fips - ok
17:51:33.0328 1460 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk H:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:51:33.0453 1460 Flpydisk - ok
17:51:33.0484 1460 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr H:\WINDOWS\system32\drivers\fltmgr.sys
17:51:33.0593 1460 FltMgr - ok
17:51:33.0640 1460 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 H:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:51:33.0656 1460 FontCache3.0.0.0 - ok
17:51:33.0671 1460 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec H:\WINDOWS\system32\drivers\Fs_Rec.sys
17:51:33.0796 1460 Fs_Rec - ok
17:51:33.0812 1460 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk H:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:51:33.0937 1460 Ftdisk - ok
17:51:33.0953 1460 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc H:\WINDOWS\system32\DRIVERS\msgpc.sys
17:51:34.0062 1460 Gpc - ok
17:51:34.0093 1460 [ 6003BC70F1A8307262BD3C941BDA0B7E ] grmnusb H:\WINDOWS\system32\drivers\grmnusb.sys
17:51:34.0140 1460 grmnusb - ok
17:51:34.0187 1460 [ F02A533F517EB38333CB12A9E8963773 ] gupdate H:\Programme\Google\Update\GoogleUpdate.exe
17:51:34.0203 1460 gupdate - ok
17:51:34.0218 1460 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem H:\Programme\Google\Update\GoogleUpdate.exe
17:51:34.0234 1460 gupdatem - ok
17:51:34.0265 1460 [ 160B24FD894E79E71C983EA403A6E6E7 ] HdAudAddService H:\WINDOWS\system32\drivers\HdAudio.sys
17:51:34.0296 1460 HdAudAddService - ok
17:51:34.0328 1460 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus H:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:51:34.0468 1460 HDAudBus - ok
17:51:34.0515 1460 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc H:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:51:34.0640 1460 helpsvc - ok
17:51:34.0656 1460 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ H:\WINDOWS\System32\hidserv.dll
17:51:34.0781 1460 HidServ - ok
17:51:34.0796 1460 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb H:\WINDOWS\system32\DRIVERS\hidusb.sys
17:51:34.0921 1460 hidusb - ok
17:51:34.0937 1460 [ ED29F14101523A6E0E808107405D452C ] hkmsvc H:\WINDOWS\System32\kmsvc.dll
17:51:35.0062 1460 hkmsvc - ok
17:51:35.0062 1460 hpn - ok
17:51:35.0093 1460 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP H:\WINDOWS\system32\Drivers\HTTP.sys
17:51:35.0125 1460 HTTP - ok
17:51:35.0140 1460 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter H:\WINDOWS\System32\w3ssl.dll
17:51:35.0265 1460 HTTPFilter - ok
17:51:35.0265 1460 i2omgmt - ok
17:51:35.0281 1460 i2omp - ok
17:51:35.0296 1460 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt H:\WINDOWS\system32\drivers\i8042prt.sys
17:51:35.0421 1460 i8042prt - ok
17:51:35.0468 1460 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:51:35.0515 1460 idsvc - ok
17:51:35.0546 1460 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi H:\WINDOWS\system32\DRIVERS\imapi.sys
17:51:35.0656 1460 Imapi - ok
17:51:35.0718 1460 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService H:\WINDOWS\system32\imapi.exe
17:51:35.0828 1460 ImapiService - ok
17:51:35.0843 1460 ini910u - ok
17:51:35.0859 1460 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde H:\WINDOWS\system32\DRIVERS\intelide.sys
17:51:35.0968 1460 IntelIde - ok
17:51:36.0000 1460 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm H:\WINDOWS\system32\DRIVERS\intelppm.sys
17:51:36.0109 1460 intelppm - ok
17:51:36.0125 1460 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw H:\WINDOWS\system32\drivers\ip6fw.sys
17:51:36.0234 1460 Ip6Fw - ok
17:51:36.0265 1460 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver H:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:51:36.0390 1460 IpFilterDriver - ok
17:51:36.0406 1460 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp H:\WINDOWS\system32\DRIVERS\ipinip.sys
17:51:36.0515 1460 IpInIp - ok
17:51:36.0531 1460 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat H:\WINDOWS\system32\DRIVERS\ipnat.sys
17:51:36.0656 1460 IpNat - ok
17:51:36.0656 1460 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec H:\WINDOWS\system32\DRIVERS\ipsec.sys
17:51:36.0765 1460 IPSec - ok
17:51:36.0781 1460 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM H:\WINDOWS\system32\DRIVERS\irenum.sys
17:51:36.0890 1460 IRENUM - ok
17:51:36.0906 1460 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp H:\WINDOWS\system32\DRIVERS\isapnp.sys
17:51:37.0015 1460 isapnp - ok
17:51:37.0062 1460 [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService H:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
17:51:37.0078 1460 JavaQuickStarterService - ok
17:51:37.0093 1460 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass H:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:51:37.0203 1460 Kbdclass - ok
17:51:37.0218 1460 [ B6D6C117D771C98130497265F26D1882 ] kbdhid H:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:51:37.0328 1460 kbdhid - ok
17:51:37.0343 1460 [ 692BCF44383D056AED41B045A323D378 ] kmixer H:\WINDOWS\system32\drivers\kmixer.sys
17:51:37.0453 1460 kmixer - ok
17:51:37.0468 1460 [ B467646C54CC746128904E1654C750C1 ] KSecDD H:\WINDOWS\system32\drivers\KSecDD.sys
17:51:37.0515 1460 KSecDD - ok
17:51:37.0546 1460 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver H:\WINDOWS\System32\srvsvc.dll
17:51:37.0578 1460 lanmanserver - ok
17:51:37.0593 1460 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation H:\WINDOWS\System32\wkssvc.dll
17:51:37.0625 1460 lanmanworkstation - ok
17:51:37.0640 1460 lbrtfdc - ok
17:51:37.0671 1460 [ E2F1DCF4A68CC6CF694FBFBA1842F4CD ] libusb0 H:\WINDOWS\system32\drivers\libusb0.sys
17:51:37.0703 1460 libusb0 ( UnsignedFile.Multi.Generic ) - warning
17:51:37.0703 1460 libusb0 - detected UnsignedFile.Multi.Generic (1)
17:51:37.0750 1460 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts H:\WINDOWS\System32\lmhsvc.dll
17:51:37.0859 1460 LmHosts - ok
17:51:37.0890 1460 [ B7550A7107281D170CE85524B1488C98 ] Messenger H:\WINDOWS\System32\msgsvc.dll
17:51:38.0000 1460 Messenger - ok
17:51:38.0031 1460 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd H:\WINDOWS\system32\drivers\mnmdd.sys
17:51:38.0140 1460 mnmdd - ok
17:51:38.0187 1460 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc H:\WINDOWS\system32\mnmsrvc.exe
17:51:38.0296 1460 mnmsrvc - ok
17:51:38.0328 1460 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem H:\WINDOWS\system32\drivers\Modem.sys
17:51:38.0468 1460 Modem - ok
17:51:38.0515 1460 [ 61448BA3CCA3063541437694A5527AF2 ] MotioninJoyXFilter H:\WINDOWS\system32\DRIVERS\MijXfilt.sys
17:51:38.0593 1460 MotioninJoyXFilter - ok
17:51:38.0625 1460 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass H:\WINDOWS\system32\DRIVERS\mouclass.sys
17:51:38.0750 1460 Mouclass - ok
17:51:38.0781 1460 [ 66A6F73C74E1791464160A7065CE711A ] mouhid H:\WINDOWS\system32\DRIVERS\mouhid.sys
17:51:38.0875 1460 mouhid - ok
17:51:38.0890 1460 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr H:\WINDOWS\system32\drivers\MountMgr.sys
17:51:39.0000 1460 MountMgr - ok
17:51:39.0046 1460 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance H:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
17:51:39.0062 1460 MozillaMaintenance - ok
17:51:39.0078 1460 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter H:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:51:39.0093 1460 MpFilter - ok
17:51:39.0171 1460 [ A69630D039C38018689190234F866D77 ] MpKsla9c086d8 H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{377D1AE1-5959-4F16-9B9C-A7B61ADDC5CC}\MpKsla9c086d8.sys
17:51:39.0187 1460 MpKsla9c086d8 - ok
17:51:39.0187 1460 mraid35x - ok
17:51:39.0218 1460 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV H:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:51:39.0343 1460 MRxDAV - ok
17:51:39.0375 1460 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb H:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:51:39.0453 1460 MRxSmb - ok
17:51:39.0468 1460 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC H:\WINDOWS\system32\msdtc.exe
17:51:39.0578 1460 MSDTC - ok
17:51:39.0593 1460 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs H:\WINDOWS\system32\drivers\Msfs.sys
17:51:39.0703 1460 Msfs - ok
17:51:39.0718 1460 MSIServer - ok
17:51:39.0734 1460 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV H:\WINDOWS\system32\drivers\MSKSSRV.sys
17:51:39.0843 1460 MSKSSRV - ok
17:51:39.0875 1460 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc H:\Programme\Microsoft Security Client\MsMpEng.exe
17:51:39.0906 1460 MsMpSvc - ok
17:51:39.0921 1460 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK H:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:51:40.0062 1460 MSPCLOCK - ok
17:51:40.0078 1460 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM H:\WINDOWS\system32\drivers\MSPQM.sys
17:51:40.0187 1460 MSPQM - ok
17:51:40.0203 1460 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios H:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:51:40.0312 1460 mssmbios - ok
17:51:40.0328 1460 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE H:\WINDOWS\system32\drivers\MSTEE.sys
17:51:40.0453 1460 MSTEE - ok
17:51:40.0468 1460 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup H:\WINDOWS\system32\drivers\Mup.sys
17:51:40.0484 1460 Mup - ok
17:51:40.0515 1460 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:51:40.0609 1460 NABTSFEC - ok
17:51:40.0640 1460 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent H:\WINDOWS\System32\qagentrt.dll
17:51:40.0765 1460 napagent - ok
17:51:40.0781 1460 [ 1DF7F42665C94B825322FAE71721130D ] NDIS H:\WINDOWS\system32\drivers\NDIS.sys
17:51:40.0890 1460 NDIS - ok
17:51:40.0906 1460 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP H:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:51:41.0015 1460 NdisIP - ok
17:51:41.0046 1460 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi H:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:51:41.0062 1460 NdisTapi - ok
17:51:41.0078 1460 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio H:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:51:41.0203 1460 Ndisuio - ok
17:51:41.0203 1460 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan H:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:51:41.0312 1460 NdisWan - ok
17:51:41.0328 1460 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy H:\WINDOWS\system32\drivers\NDProxy.sys
17:51:41.0359 1460 NDProxy - ok
17:51:41.0375 1460 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS H:\WINDOWS\system32\DRIVERS\netbios.sys
17:51:41.0500 1460 NetBIOS - ok
17:51:41.0531 1460 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT H:\WINDOWS\system32\DRIVERS\netbt.sys
17:51:41.0625 1460 NetBT - ok
17:51:41.0656 1460 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE H:\WINDOWS\system32\netdde.exe
17:51:41.0781 1460 NetDDE - ok
17:51:41.0781 1460 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm H:\WINDOWS\system32\netdde.exe
17:51:41.0890 1460 NetDDEdsdm - ok
17:51:41.0921 1460 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon H:\WINDOWS\system32\lsass.exe
17:51:42.0031 1460 Netlogon - ok
17:51:42.0046 1460 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman H:\WINDOWS\System32\netman.dll
17:51:42.0171 1460 Netman - ok
17:51:42.0203 1460 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:51:42.0218 1460 NetTcpPortSharing - ok
17:51:42.0234 1460 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 H:\WINDOWS\system32\DRIVERS\nic1394.sys
17:51:42.0375 1460 NIC1394 - ok
17:51:42.0390 1460 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla H:\WINDOWS\System32\mswsock.dll
17:51:42.0437 1460 Nla - ok
17:51:42.0453 1460 NMSAccess - ok
17:51:42.0468 1460 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs H:\WINDOWS\system32\drivers\Npfs.sys
17:51:42.0578 1460 Npfs - ok
17:51:42.0593 1460 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs H:\WINDOWS\system32\drivers\Ntfs.sys
17:51:42.0734 1460 Ntfs - ok
17:51:42.0750 1460 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp H:\WINDOWS\system32\lsass.exe
17:51:42.0859 1460 NtLmSsp - ok
17:51:42.0875 1460 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc H:\WINDOWS\system32\ntmssvc.dll
17:51:43.0015 1460 NtmsSvc - ok
17:51:43.0046 1460 [ 4D3EB5A8021AF05C7FE5F313443A533B ] NTSIM H:\WINDOWS\system32\ntsim.sys
17:51:43.0062 1460 NTSIM ( UnsignedFile.Multi.Generic ) - warning
17:51:43.0062 1460 NTSIM - detected UnsignedFile.Multi.Generic (1)
17:51:43.0078 1460 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null H:\WINDOWS\system32\drivers\Null.sys
17:51:43.0203 1460 Null - ok
17:51:43.0234 1460 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt H:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:51:43.0359 1460 NwlnkFlt - ok
17:51:43.0359 1460 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd H:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:51:43.0484 1460 NwlnkFwd - ok
17:51:43.0484 1460 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 H:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:51:43.0593 1460 ohci1394 - ok
17:51:43.0609 1460 [ F84785660305B9B903FB3BCA8BA29837 ] Parport H:\WINDOWS\system32\DRIVERS\parport.sys
17:51:43.0734 1460 Parport - ok
17:51:43.0734 1460 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr H:\WINDOWS\system32\drivers\PartMgr.sys
17:51:43.0843 1460 PartMgr - ok
17:51:43.0906 1460 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm H:\WINDOWS\system32\drivers\ParVdm.sys
17:51:44.0015 1460 ParVdm - ok
17:51:44.0031 1460 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI H:\WINDOWS\system32\DRIVERS\pci.sys
17:51:44.0140 1460 PCI - ok
17:51:44.0156 1460 PCIDump - ok
17:51:44.0171 1460 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde H:\WINDOWS\system32\DRIVERS\pciide.sys
17:51:44.0296 1460 PCIIde - ok
17:51:44.0312 1460 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia H:\WINDOWS\system32\drivers\Pcmcia.sys
17:51:44.0437 1460 Pcmcia - ok
17:51:44.0437 1460 PDCOMP - ok
17:51:44.0453 1460 PDFRAME - ok
17:51:44.0453 1460 PDRELI - ok
17:51:44.0468 1460 PDRFRAME - ok
17:51:44.0468 1460 perc2 - ok
17:51:44.0484 1460 perc2hib - ok
17:51:44.0515 1460 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay H:\WINDOWS\system32\services.exe
17:51:44.0562 1460 PlugPlay - ok
17:51:44.0578 1460 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent H:\WINDOWS\system32\lsass.exe
17:51:44.0671 1460 PolicyAgent - ok
17:51:44.0703 1460 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport H:\WINDOWS\system32\DRIVERS\raspptp.sys
17:51:44.0812 1460 PptpMiniport - ok
17:51:44.0812 1460 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage H:\WINDOWS\system32\lsass.exe
17:51:44.0921 1460 ProtectedStorage - ok
17:51:44.0937 1460 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched H:\WINDOWS\system32\DRIVERS\psched.sys
17:51:45.0046 1460 PSched - ok
17:51:45.0062 1460 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink H:\WINDOWS\system32\DRIVERS\ptilink.sys
17:51:45.0171 1460 Ptilink - ok
17:51:45.0171 1460 ql1080 - ok
17:51:45.0187 1460 Ql10wnt - ok
17:51:45.0203 1460 ql12160 - ok
17:51:45.0203 1460 ql1240 - ok
17:51:45.0218 1460 ql1280 - ok
17:51:45.0218 1460 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd H:\WINDOWS\system32\DRIVERS\rasacd.sys
17:51:45.0343 1460 RasAcd - ok
17:51:45.0359 1460 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto H:\WINDOWS\System32\rasauto.dll
17:51:45.0468 1460 RasAuto - ok
17:51:45.0484 1460 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp H:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:51:45.0593 1460 Rasl2tp - ok
17:51:45.0640 1460 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan H:\WINDOWS\System32\rasmans.dll
17:51:45.0750 1460 RasMan - ok
17:51:45.0765 1460 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe H:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:51:45.0875 1460 RasPppoe - ok
17:51:45.0890 1460 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti H:\WINDOWS\system32\DRIVERS\raspti.sys
17:51:46.0015 1460 Raspti - ok
17:51:46.0031 1460 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss H:\WINDOWS\system32\DRIVERS\rdbss.sys
17:51:46.0140 1460 Rdbss - ok
17:51:46.0140 1460 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD H:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:51:46.0281 1460 RDPCDD - ok
17:51:46.0312 1460 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD H:\WINDOWS\system32\drivers\RDPWD.sys
17:51:46.0359 1460 RDPWD - ok
17:51:46.0375 1460 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr H:\WINDOWS\system32\sessmgr.exe
17:51:46.0500 1460 RDSessMgr - ok
17:51:46.0531 1460 [ ED761D453856F795A7FE056E42C36365 ] redbook H:\WINDOWS\system32\DRIVERS\redbook.sys
17:51:46.0625 1460 redbook - ok
17:51:46.0671 1460 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess H:\WINDOWS\System32\mprdim.dll
17:51:46.0796 1460 RemoteAccess - ok
17:51:46.0812 1460 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM H:\WINDOWS\system32\Drivers\RootMdm.sys
17:51:46.0921 1460 ROOTMODEM - ok
17:51:46.0937 1460 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator H:\WINDOWS\system32\locator.exe
17:51:47.0062 1460 RpcLocator - ok
17:51:47.0078 1460 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs H:\WINDOWS\System32\rpcss.dll
17:51:47.0125 1460 RpcSs - ok
17:51:47.0156 1460 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP H:\WINDOWS\system32\rsvp.exe
17:51:47.0265 1460 RSVP - ok
17:51:47.0281 1460 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs H:\WINDOWS\system32\lsass.exe
17:51:47.0390 1460 SamSs - ok
17:51:47.0406 1460 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr H:\WINDOWS\System32\SCardSvr.exe
17:51:47.0515 1460 SCardSvr - ok
17:51:47.0531 1460 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule H:\WINDOWS\system32\schedsvc.dll
17:51:47.0640 1460 Schedule - ok
17:51:47.0656 1460 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv H:\WINDOWS\system32\DRIVERS\secdrv.sys
17:51:47.0765 1460 Secdrv - ok
17:51:47.0781 1460 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon H:\WINDOWS\System32\seclogon.dll
17:51:47.0906 1460 seclogon - ok
17:51:47.0921 1460 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS H:\WINDOWS\system32\sens.dll
17:51:48.0046 1460 SENS - ok
17:51:48.0062 1460 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum H:\WINDOWS\system32\DRIVERS\serenum.sys
17:51:48.0171 1460 serenum - ok
17:51:48.0187 1460 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial H:\WINDOWS\system32\DRIVERS\serial.sys
17:51:48.0296 1460 Serial - ok
17:51:48.0328 1460 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy H:\WINDOWS\system32\drivers\Sfloppy.sys
17:51:48.0468 1460 Sfloppy - ok
17:51:48.0484 1460 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess H:\WINDOWS\System32\ipnathlp.dll
17:51:48.0609 1460 SharedAccess - ok
17:51:48.0625 1460 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection H:\WINDOWS\System32\shsvcs.dll
17:51:48.0656 1460 ShellHWDetection - ok
17:51:48.0656 1460 Simbad - ok
17:51:48.0671 1460 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP H:\WINDOWS\system32\DRIVERS\SLIP.sys
17:51:48.0781 1460 SLIP - ok
17:51:48.0796 1460 Sparrow - ok
17:51:48.0828 1460 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter H:\WINDOWS\system32\drivers\splitter.sys
17:51:48.0937 1460 splitter - ok
17:51:48.0953 1460 [ 60784F891563FB1B767F70117FC2428F ] Spooler H:\WINDOWS\system32\spoolsv.exe
17:51:48.0984 1460 Spooler - ok
17:51:49.0000 1460 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr H:\WINDOWS\system32\DRIVERS\sr.sys
17:51:49.0109 1460 sr - ok
17:51:49.0125 1460 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice H:\WINDOWS\system32\srsvc.dll
17:51:49.0234 1460 srservice - ok
17:51:49.0265 1460 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv H:\WINDOWS\system32\DRIVERS\srv.sys
17:51:49.0296 1460 Srv - ok
17:51:49.0312 1460 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV H:\WINDOWS\System32\ssdpsrv.dll
17:51:49.0421 1460 SSDPSRV - ok
17:51:49.0437 1460 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen H:\WINDOWS\system32\drivers\StarOpen.sys
17:51:49.0437 1460 StarOpen ( UnsignedFile.Multi.Generic ) - warning
17:51:49.0437 1460 StarOpen - detected UnsignedFile.Multi.Generic (1)
17:51:49.0453 1460 Steam Client Service - ok
17:51:49.0484 1460 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc H:\WINDOWS\system32\wiaservc.dll
17:51:49.0593 1460 stisvc - ok
17:51:49.0609 1460 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip H:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:51:49.0734 1460 streamip - ok
17:51:49.0750 1460 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum H:\WINDOWS\system32\DRIVERS\swenum.sys
17:51:49.0859 1460 swenum - ok
17:51:49.0890 1460 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi H:\WINDOWS\system32\drivers\swmidi.sys
17:51:50.0000 1460 swmidi - ok
17:51:50.0015 1460 SwPrv - ok
17:51:50.0031 1460 symc810 - ok
17:51:50.0031 1460 symc8xx - ok
17:51:50.0046 1460 sym_hi - ok
17:51:50.0046 1460 sym_u3 - ok
17:51:50.0078 1460 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio H:\WINDOWS\system32\drivers\sysaudio.sys
17:51:50.0187 1460 sysaudio - ok
17:51:50.0203 1460 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog H:\WINDOWS\system32\smlogsvc.exe
17:51:50.0312 1460 SysmonLog - ok
17:51:50.0359 1460 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv H:\WINDOWS\System32\tapisrv.dll
17:51:50.0484 1460 TapiSrv - ok
17:51:50.0500 1460 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip H:\WINDOWS\system32\DRIVERS\tcpip.sys
17:51:50.0546 1460 Tcpip - ok
17:51:50.0578 1460 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE H:\WINDOWS\system32\drivers\TDPIPE.sys
17:51:50.0687 1460 TDPIPE - ok
17:51:50.0718 1460 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP H:\WINDOWS\system32\drivers\TDTCP.sys
17:51:50.0812 1460 TDTCP - ok
17:51:50.0828 1460 [ 88155247177638048422893737429D9E ] TermDD H:\WINDOWS\system32\DRIVERS\termdd.sys
17:51:50.0953 1460 TermDD - ok
17:51:50.0968 1460 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService H:\WINDOWS\System32\termsrv.dll
17:51:51.0109 1460 TermService - ok
17:51:51.0125 1460 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes H:\WINDOWS\System32\shsvcs.dll
17:51:51.0140 1460 Themes - ok
17:51:51.0156 1460 TosIde - ok
17:51:51.0156 1460 [ 626504572B175867F30F3215C04B3E2F ] TrkWks H:\WINDOWS\system32\trkwks.dll
17:51:51.0281 1460 TrkWks - ok
17:51:51.0359 1460 [ 91F2D525AA6C4BFD8E901C4F9C82FD02 ] TuneUp.UtilitiesSvc H:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
17:51:51.0406 1460 TuneUp.UtilitiesSvc - ok
17:51:51.0437 1460 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv H:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
17:51:51.0453 1460 TuneUpUtilitiesDrv - ok
17:51:51.0468 1460 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs H:\WINDOWS\system32\drivers\Udfs.sys
17:51:51.0578 1460 Udfs - ok
17:51:51.0609 1460 [ 121B9EB8372F9309B12A2C698F655F84 ] UKBFLT H:\WINDOWS\system32\DRIVERS\UKBFLT.sys
17:51:51.0640 1460 UKBFLT - ok
17:51:51.0640 1460 ultra - ok
17:51:51.0687 1460 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update H:\WINDOWS\system32\DRIVERS\update.sys
17:51:51.0828 1460 Update - ok
17:51:51.0843 1460 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost H:\WINDOWS\System32\upnphost.dll
17:51:51.0968 1460 upnphost - ok
17:51:51.0968 1460 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS H:\WINDOWS\System32\ups.exe
17:51:52.0093 1460 UPS - ok
17:51:52.0109 1460 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp H:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:51:52.0234 1460 usbccgp - ok
17:51:52.0250 1460 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci H:\WINDOWS\system32\DRIVERS\usbehci.sys
17:51:52.0375 1460 usbehci - ok
17:51:52.0375 1460 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub H:\WINDOWS\system32\DRIVERS\usbhub.sys
17:51:52.0515 1460 usbhub - ok
17:51:52.0546 1460 [ A717C8721046828520C9EDF31288FC00 ] usbprint H:\WINDOWS\system32\DRIVERS\usbprint.sys
17:51:52.0656 1460 usbprint - ok
17:51:52.0656 1460 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan H:\WINDOWS\system32\DRIVERS\usbscan.sys
17:51:52.0781 1460 usbscan - ok
17:51:52.0796 1460 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:51:52.0937 1460 usbstor - ok
17:51:52.0953 1460 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci H:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:51:53.0062 1460 usbuhci - ok
17:51:53.0078 1460 [ 10DC288E01FBB279FC29EAEF30FF6253 ] UxTuneUp H:\WINDOWS\System32\uxtuneup.dll
17:51:53.0109 1460 UxTuneUp - ok
17:51:53.0140 1460 [ 760B5A696E86284D7087F3079A398652 ] VComm H:\WINDOWS\system32\DRIVERS\VComm.sys
17:51:53.0171 1460 VComm ( UnsignedFile.Multi.Generic ) - warning
17:51:53.0171 1460 VComm - detected UnsignedFile.Multi.Generic (1)
17:51:53.0187 1460 [ 8996C17E289F200934D8D13B2285DC08 ] VcommMgr H:\WINDOWS\system32\Drivers\VcommMgr.sys
17:51:53.0218 1460 VcommMgr ( UnsignedFile.Multi.Generic ) - warning
17:51:53.0218 1460 VcommMgr - detected UnsignedFile.Multi.Generic (1)
17:51:53.0234 1460 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave H:\WINDOWS\System32\drivers\vga.sys
17:51:53.0328 1460 VgaSave - ok
17:51:53.0343 1460 ViaIde - ok
17:51:53.0359 1460 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap H:\WINDOWS\system32\drivers\VolSnap.sys
17:51:53.0468 1460 VolSnap - ok
17:51:53.0500 1460 [ 68F106273BE29E7B7EF8266977268E78 ] VSS H:\WINDOWS\System32\vssvc.exe
17:51:53.0609 1460 VSS - ok
17:51:53.0625 1460 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time H:\WINDOWS\system32\w32time.dll
17:51:53.0750 1460 W32Time - ok
17:51:53.0765 1460 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp H:\WINDOWS\system32\DRIVERS\wanarp.sys
17:51:53.0859 1460 Wanarp - ok
17:51:53.0875 1460 [ 67014473F902F3023F892C3A0950958A ] wbscr H:\WINDOWS\system32\drivers\wbscr.sys
17:51:53.0906 1460 wbscr - ok
17:51:53.0937 1460 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 H:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:51:53.0968 1460 Wdf01000 - ok
17:51:53.0984 1460 WDICA - ok
17:51:54.0000 1460 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud H:\WINDOWS\system32\drivers\wdmaud.sys
17:51:54.0125 1460 wdmaud - ok
17:51:54.0140 1460 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient H:\WINDOWS\System32\webclnt.dll
17:51:54.0250 1460 WebClient - ok
17:51:54.0296 1460 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt H:\WINDOWS\system32\wbem\WMIsvc.dll
17:51:54.0437 1460 winmgmt - ok
17:51:54.0515 1460 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:51:54.0562 1460 wlidsvc - ok
17:51:54.0578 1460 [ 5D410936831F7FB58EFF941EAC3F6D3D ] WmBEnum H:\WINDOWS\system32\drivers\WmBEnum.sys
17:51:54.0593 1460 WmBEnum - ok
17:51:54.0625 1460 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN H:\WINDOWS\system32\MsPMSNSv.dll
17:51:54.0687 1460 WmdmPmSN - ok
17:51:54.0718 1460 [ 7A13CFDE92956CA61A0927D766C5AD4F ] WmFilter H:\WINDOWS\system32\drivers\WmFilter.sys
17:51:54.0734 1460 WmFilter - ok
17:51:54.0765 1460 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv H:\WINDOWS\system32\wbem\wmiapsrv.exe
17:51:54.0875 1460 WmiApSrv - ok
17:51:54.0953 1460 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc H:\Programme\Windows Media Player\WMPNetwk.exe
17:51:55.0000 1460 WMPNetworkSvc - ok
17:51:55.0031 1460 [ 6F04646BC690F8BBFC344BE32A60796D ] WmVirHid H:\WINDOWS\system32\drivers\WmVirHid.sys
17:51:55.0046 1460 WmVirHid - ok
17:51:55.0062 1460 [ 1D6CA43D562333F4DFB40BCEF2453F3A ] WmXlCore H:\WINDOWS\system32\drivers\WmXlCore.sys
17:51:55.0078 1460 WmXlCore - ok
17:51:55.0093 1460 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb H:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:51:55.0109 1460 WpdUsb - ok
17:51:55.0140 1460 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL H:\WINDOWS\System32\drivers\ws2ifsl.sys
17:51:55.0265 1460 WS2IFSL - ok
17:51:55.0281 1460 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc H:\WINDOWS\system32\wscsvc.dll
17:51:55.0390 1460 wscsvc - ok
17:51:55.0406 1460 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:51:55.0531 1460 WSTCODEC - ok
17:51:55.0546 1460 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv H:\WINDOWS\system32\wuauserv.dll
17:51:55.0671 1460 wuauserv - ok
17:51:55.0687 1460 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf H:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:51:55.0718 1460 WudfPf - ok
17:51:55.0750 1460 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd H:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:51:55.0765 1460 WudfRd - ok
17:51:55.0781 1460 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc H:\WINDOWS\System32\WUDFSvc.dll
17:51:55.0812 1460 WudfSvc - ok
17:51:55.0859 1460 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC H:\WINDOWS\System32\wzcsvc.dll
17:51:55.0984 1460 WZCSVC - ok
17:51:56.0015 1460 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets H:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
17:51:56.0015 1460 x10nets ( UnsignedFile.Multi.Generic ) - warning
17:51:56.0015 1460 x10nets - detected UnsignedFile.Multi.Generic (1)
17:51:56.0031 1460 XDva390 - ok
17:51:56.0031 1460 XDva391 - ok
17:51:56.0046 1460 XDva392 - ok
17:51:56.0062 1460 XDva397 - ok
17:51:56.0062 1460 XDva398 - ok
17:51:56.0078 1460 XDva399 - ok
17:51:56.0078 1460 XDva400 - ok
17:51:56.0093 1460 XDva401 - ok
17:51:56.0109 1460 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov H:\WINDOWS\System32\xmlprov.dll
17:51:56.0234 1460 xmlprov - ok
17:51:56.0265 1460 [ 93692D6B2FCBB63F517642048F5295FB ] XUIF H:\WINDOWS\system32\Drivers\x10ufx2.sys
17:51:56.0312 1460 XUIF - ok
17:51:56.0343 1460 [ F5E5F944E63A9B5F6E76C2EBB2AC462F ] xusb21 H:\WINDOWS\system32\DRIVERS\xusb21.sys
17:51:56.0437 1460 xusb21 - ok
17:51:56.0453 1460 ================ Scan global ===============================
17:51:56.0484 1460 [ 2C60091CA5F67C3032EAB3B30390C27F ] H:\WINDOWS\system32\basesrv.dll
17:51:56.0500 1460 [ A28CE25B59C90E12743001A1F2AE3613 ] H:\WINDOWS\system32\winsrv.dll
17:51:56.0515 1460 [ A28CE25B59C90E12743001A1F2AE3613 ] H:\WINDOWS\system32\winsrv.dll
17:51:56.0531 1460 [ A3EDBE9053889FB24AB22492472B39DC ] H:\WINDOWS\system32\services.exe
17:51:56.0531 1460 [Global] - ok
17:51:56.0531 1460 ================ Scan MBR ==================================
17:51:56.0546 1460 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
17:51:56.0765 1460 \Device\Harddisk0\DR0 - ok
17:51:56.0765 1460 ================ Scan VBR ==================================
17:51:56.0765 1460 [ 520663BB845781FBBFB6956FEE63A69E ] \Device\Harddisk0\DR0\Partition1
17:51:56.0781 1460 \Device\Harddisk0\DR0\Partition1 - ok
17:51:56.0796 1460 [ 9E4B46397659C857CE99F382A665642E ] \Device\Harddisk0\DR0\Partition2
17:51:56.0796 1460 \Device\Harddisk0\DR0\Partition2 - ok
17:51:56.0796 1460 ============================================================
17:51:56.0796 1460 Scan finished
17:51:56.0796 1460 ============================================================
17:51:56.0921 2904 Detected object count: 18
17:51:56.0921 2904 Actual detected object count: 18
17:52:13.0343 2904 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:13.0343 2904 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:13.0343 2904 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:13.0343 2904 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:13.0343 2904 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:13.0343 2904 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:13.0359 2904 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:13.0359 2904 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:13.0359 2904 BlueletAudio ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:13.0359 2904 BlueletAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:13.0359 2904 BlueSoleil Hid Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:13.0359 2904 BlueSoleil Hid Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:13.0359 2904 BT ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:13.0359 2904 BT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:13.0359 2904 Btcsrusb ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:13.0359 2904 Btcsrusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:13.0375 2904 BTHidEnum ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:13.0375 2904 BTHidEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:13.0375 2904 BTHidMgr ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:13.0375 2904 BTHidMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:13.0375 2904 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:13.0375 2904 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:13.0375 2904 CardReaderFilter ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:13.0375 2904 CardReaderFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:13.0375 2904 libusb0 ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:13.0375 2904 libusb0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:13.0375 2904 NTSIM ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:13.0390 2904 NTSIM ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:13.0390 2904 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:13.0390 2904 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:13.0390 2904 VComm ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:13.0390 2904 VComm ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:13.0390 2904 VcommMgr ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:13.0390 2904 VcommMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:13.0390 2904 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:13.0390 2904 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
31.01.2013, 20:38
| #8 | |
| /// Malware-holic | Google-Suchergebnisse verfälscht... combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.02.2013, 09:33
| #9 |
| | Google-Suchergebnisse verfälscht... folgende Unregelmäßigkeit: obwohl ich 'Microsoft Securiry Essentials' zuvor geschlossen hatte, meinte Combofix, es wäre noch aktiv; der Scan wurde dennoch fortgesetzt Code:
ATTFilter ComboFix 13-01-31.03 - TERMINAL DOGMA 01.02.2013 9:22.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1791.1305 [GMT 1:00]
ausgeführt von:: h:\dokumente und einstellungen\TERMINAL DOGMA\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-01 bis 2013-02-01 ))))))))))))))))))))))))))))))
.
.
2013-02-01 08:16 . 2013-02-01 08:16 51852 ----a-w- h:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2013-02-01 08:16 . 2013-02-01 08:16 20719 ----a-w- h:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2013-02-01 08:16 . 2013-02-01 08:16 7271 ----a-w- h:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-02-01 08:16 . 2013-02-01 08:16 23327 ----a-w- h:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-02-01 08:16 . 2013-02-01 08:16 8782 ----a-w- h:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-01-31 16:16 . 2013-01-31 16:16 -------- d-----w- H:\_OTL
2013-01-31 11:08 . 2013-01-08 04:57 6991832 ----a-w- h:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{377D1AE1-5959-4F16-9B9C-A7B61ADDC5CC}\mpengine.dll
2013-01-30 08:36 . 2013-01-08 04:57 6991832 ----a-w- h:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-15 12:26 . 2013-01-12 02:30 94112 ----a-w- h:\windows\system32\WindowsAccessBridge.dll
2013-01-08 17:33 . 2013-01-08 17:34 -------- d-----w- h:\dokumente und einstellungen\TERMINAL DOGMA\Lokale Einstellungen\Anwendungsdaten\Adobe
2013-01-08 17:16 . 2013-01-08 17:16 -------- d-----w- h:\programme\Gemeinsame Dateien\Adobe Systems Shared
2013-01-08 17:14 . 2013-01-08 17:16 -------- d-----w- h:\programme\Gemeinsame Dateien\Adobe
2013-01-08 17:13 . 2013-01-08 17:14 -------- d-----w- H:\PhSp_CS2_UE_Ret
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-01 08:16 . 2011-08-29 13:56 17408 ----a-w- h:\windows\system32\drivers\USBCRFT.SYS
2013-01-30 10:53 . 2011-08-29 17:27 232336 ------w- h:\windows\system32\MpSigStub.exe
2013-01-09 18:14 . 2012-05-02 15:56 697864 ----a-w- h:\windows\system32\FlashPlayerApp.exe
2013-01-09 18:14 . 2011-08-29 17:09 74248 ----a-w- h:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- h:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2004-08-04 12:00 1866496 ----a-w- h:\windows\system32\win32k.sys
2012-11-06 02:01 . 2011-08-29 16:04 1371648 ------w- h:\windows\system32\msxml6.dll
2013-01-19 08:56 . 2013-01-19 08:55 262552 ----a-w- h:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="h:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dit"="Dit.exe" [2004-07-20 90112]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAudPropShortcut.exe" [2004-03-17 61952]
"CHotkey"="mHotkey.exe" [2004-02-24 508416]
"ledpointer"="CNYHKey.exe" [2004-02-03 5794816]
"StartCCC"="h:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"NeroFilterCheck"="h:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MSC"="h:\programme\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"SunJavaUpdateSched"="h:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
h:\dokumente und einstellungen\TERMINAL DOGMA\Startmenü\Programme\Autostart\
Adobe Gamma.lnk - h:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Programme\\uTorrent\\uTorrent.exe"=
"h:\\Programme\\Steam\\Steam.exe"=
"h:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"h:\\Programme\\TuneUp Utilities 2011\\Integrator.exe"=
"h:\\Programme\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"h:\\Programme\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"h:\\Programme\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=
"h:\\Programme\\Steam\\SteamApps\\common\\dear esther\\dearesther.exe"=
"h:\\Programme\\Steam\\SteamApps\\common\\Spellforce 2 - Faith in Destiny\\SpellForce2FaithinDestinyEditor.exe"=
"h:\\Programme\\Steam\\SteamApps\\common\\Spellforce 2 - Faith in Destiny\\Docs\\SF2_FiD_Manual.pdf"=
"h:\\Programme\\Steam\\SteamApps\\common\\Spellforce 2 - Faith in Destiny\\Docs\\MapEditorFirstSteps.pdf"=
"h:\\Programme\\Steam\\SteamApps\\common\\Spellforce 2 - Faith in Destiny\\SpellForce2FaithinDestiny.exe"=
.
R1 MpKslf5b9537c;MpKslf5b9537c;h:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{377D1AE1-5959-4F16-9B9C-A7B61ADDC5CC}\MpKslf5b9537c.sys [01.02.2013 09:17 29904]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;h:\programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [01.09.2011 13:23 1526080]
R3 cmudax;C-Media High Definition Audio Interface;h:\windows\system32\drivers\cmudax.sys [29.08.2011 15:00 1272000]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;h:\programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [06.06.2011 15:03 10064]
R3 UKBFLT;UKBFLT;h:\windows\system32\drivers\UKBFLT.sys [29.08.2011 15:03 11672]
R3 wbscr;Winbond Smartcard Reader for I/O;h:\windows\system32\drivers\wbscr.sys [29.08.2011 14:59 19928]
S3 CardReaderFilter;Card Reader Filter;h:\windows\system32\drivers\USBCRFT.SYS [29.08.2011 14:56 17408]
S3 CFcatchme;CFcatchme;\??\h:\dokume~1\TERMIN~1\LOKALE~1\Temp\CFcatchme.sys --> h:\dokume~1\TERMIN~1\LOKALE~1\Temp\CFcatchme.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;h:\windows\system32\drivers\libusb0.sys [10.12.2012 18:36 33792]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;h:\windows\system32\drivers\MijXfilt.sys [10.12.2012 19:39 81168]
S3 XDva390;XDva390;\??\h:\windows\system32\XDva390.sys --> h:\windows\system32\XDva390.sys [?]
S3 XDva391;XDva391;\??\h:\windows\system32\XDva391.sys --> h:\windows\system32\XDva391.sys [?]
S3 XDva392;XDva392;\??\h:\windows\system32\XDva392.sys --> h:\windows\system32\XDva392.sys [?]
S3 XDva397;XDva397;\??\h:\windows\system32\XDva397.sys --> h:\windows\system32\XDva397.sys [?]
S3 XDva398;XDva398;\??\h:\windows\system32\XDva398.sys --> h:\windows\system32\XDva398.sys [?]
S3 XDva399;XDva399;\??\h:\windows\system32\XDva399.sys --> h:\windows\system32\XDva399.sys [?]
S3 XDva400;XDva400;\??\h:\windows\system32\XDva400.sys --> h:\windows\system32\XDva400.sys [?]
S3 XDva401;XDva401;\??\h:\windows\system32\XDva401.sys --> h:\windows\system32\XDva401.sys [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSLF5B9537C
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-31 h:\windows\Tasks\Adobe Flash Player Updater.job
- h:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 18:14]
.
2013-02-01 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- h:\programme\Google\Update\GoogleUpdate.exe [2011-09-05 13:31]
.
2013-01-31 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- h:\programme\Google\Update\GoogleUpdate.exe [2011-09-05 13:31]
.
2013-02-01 h:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- h:\programme\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
IE: Nach Microsoft &Excel exportieren - h:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - h:\dokumente und einstellungen\TERMINAL DOGMA\Anwendungsdaten\Mozilla\Firefox\Profiles\9ic1goaj.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-02-01 09:27
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@h:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="h:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(968)
h:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1192)
h:\windows\system32\webcheck.dll
h:\windows\system32\WPDShServiceObj.dll
h:\windows\system32\PortableDeviceTypes.dll
h:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2013-02-01 09:29:24
ComboFix-quarantined-files.txt 2013-02-01 08:29
.
Vor Suchlauf: 14 Verzeichnis(se), 18.857.590.784 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 18.838.900.736 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 4CE0992971E9BB1C89D61D18DBD5367C
|
|
02.02.2013, 19:44
| #10 |
| /// Malware-holic | Google-Suchergebnisse verfälscht... passt. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.02.2013, 21:04
| #11 |
| | Google-Suchergebnisse verfälscht... hat nichts Verdächtiges gefunden; das Problem besteht aber weiterhin (unter Firefox) Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.02.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 TERMINAL DOGMA :: MAGI [Administrator] 02.02.2013 20:03:41 mbam-log-2013-02-02 (20-03-41).txt Art des Suchlaufs: Vollständiger Suchlauf (H:\|I:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 354842 Laufzeit: 56 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
04.02.2013, 11:48
| #12 |
| /// Malware-holic | Google-Suchergebnisse verfälscht... hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.02.2013, 16:04
| #13 |
| | Google-Suchergebnisse verfälscht... hi! vorweg: hab es vorne dazugeschrieben, ich hoffe das passt; als 'unbekannt' habe ich alles deklariert, über dessen funktion ich mir nicht 100% im klaren bin; daher z.b. auch adobe flash und shockwave, obwohl ich die zumindest irgendwie kenne; 'unnötig' sind widerum viele programme, die sich mitunter gegenseitig ersetzen, auch wenn ich nicht auf allesamt verzichten kann (z.b. firefox und chrome, wo ich zumindest eines der beiden behalten möchte); wenn mit 'unbekannt' aber 'namentlich ganz und gar unbekannt' gemeint ist, und wenn mit 'unnötig' gemeint ist 'verwende ich gar nicht', muss ich die liste nochmal überarbeiten Code:
ATTFilter notwendig 7-Zip 9.20 30.11.2011 unbekannt ABBYY FineReader 6.0 Sprint ABBYY Software House 30.08.2011 119,00MB 6.00.1395.4512 unbekannt Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 18.01.2013 11.5.502.146 unbekannt Adobe Flash Player 11 Plugin Adobe Systems Incorporated 18.01.2013 11.5.502.146 notwendig Adobe Photoshop CS2 Adobe Systems, Inc. 08.01.2013 9.0 notwendig ATI - Dienstprogramm zur Deinstallation der Software 29.08.2011 6.14.10.1022 notwendig ATI Catalyst Control Center 2.010.0210.2338 notwendig ATI Display Driver 29.08.2011 8.593.100-100210a-095952E-ATI unnötig BIPA FotoShop 20.02.2012 unbekannt BlueSoleil 29.08.2011 unbekannt C-Media High Definition Audio Driver 29.08.2011 unnötig CCleaner Piriform 22.08.2012 3.22 notwendig CDex - Open Source Digital Audio CD Extractor Georgy Berdyshev 16.04.2012 1.70.4.2009 notwendig Compatibility Pack für 2007 Office System Microsoft Corporation 09.01.2013 219,00MB 12.0.6612.1000 notwendig Dear Esther 18.12.2012 notwendig EPSON Scan 30.08.2011 unnötig EPSON Stylus SX100_TX100 Handbuch 30.08.2011 notwendig EPSON SX100 Series Printer Uninstall SEIKO EPSON Corporation 25.08.2012 unbekannt EPSON Web-To-Page 30.08.2011 unnötig EVEREST Home Edition v2.20 Lavalys Inc 29.08.2011 2.20 notwendig Foxit Reader 5.1 Foxit Corporation 07.01.2012 5.1.4.104 notwendig Garmin MapSource Garmin Ltd or its subsidiaries 05.09.2011 58,05MB 6.16.3 notwendig Garmin Trip and Waypoint Manager v5 Garmin Ltd or its subsidiaries 05.09.2011 56,31MB 5.0.0.0 notwendig Garmin USB Drivers Garmin Ltd or its subsidiaries 05.09.2011 0,12MB 2.3.0.0 unbekannt Generic USB CardReader 2.0 29.08.2011 unnötig Google Chrome Google Inc. 03.02.2013 24.0.1312.57 unnötig Google Earth Google 12.11.2011 92,77MB 6.1.0.5001 unbekannt Java 7 Update 13 Oracle 02.02.2013 129,00MB 7.0.130 unbekannt Java(TM) 6 Update 30 Oracle 25.12.2011 91,34MB 6.0.300 unbekannt JavaFX 2.1.1 Oracle Corporation 20.06.2012 20,88MB 2.1.1 notwendig Macromedia Dreamweaver 8 Macromedia 29.08.2011 167,00MB 8.0.0.2751 unbekannt Macromedia Extension Manager Ihr Firmenname 29.08.2011 4,90MB 1.7.270 notwendig Macromedia Fireworks 8 Macromedia 29.08.2011 141,00MB 8.0.0.777 unnötig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 02.02.2013 1.70.0.1100 unbekannt Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 09.01.2013 183,00MB 2.2.30729 unbekannt Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 09.01.2013 253,00MB 3.2.30729 unbekannt Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 09.01.2013 unbekannt Microsoft Games for Windows - LIVE Microsoft Corporation 30.11.2011 10,30MB 2.0.687.0 unbekannt Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 30.11.2011 32,73MB 3.5.92.0 unbekannt Microsoft Office Live Add-in 1.5 Microsoft Corporation 18.04.2012 0,49MB 2.0.4024.1 notwendig Microsoft Office XP Professional mit FrontPage Microsoft Corporation 01.09.2011 349,00MB 10.0.6626.0 notwendig Microsoft Security Essentials Microsoft Corporation 02.10.2012 4.1.522.0 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 29.09.2011 4,64MB 8.0.59193 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 03.09.2011 10,29MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 31.10.2011 9,64MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 04.09.2011 10,20MB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 02.11.2011 14,85MB 10.0.30319 unnötig Mozilla Firefox 18.0.1 (x86 de) Mozilla 19.01.2013 18.0.1 unbekannt Mozilla Maintenance Service Mozilla 19.01.2013 18.0.1 notwendig Nero Suite 11.11.2011 unnötig RESIDENT EVIL 5 CAPCOM CO., LTD. 30.11.2011 6.938,00MB 1.0.0.129 unbekannt Shockwave 31.08.2012 unnötig SpellForce 2 - Dragon Storm JoWood 09.06.2012 5.282,00MB 1.0.0 notwendig SpellForce 2 - Faith in Destiny 18.12.2012 unnötig Spybot - Search & Destroy Safer Networking Limited 31.08.2012 1.6.2 notwendig Steam Valve Corporation 30.08.2011 35,47MB 1.0.0.0 unnötig TuneUp Utilities 2011 TuneUp Software 09.09.2011 10.0.4400.22 notwendig USB Wireless Keyboard Driver 29.08.2011 unbekannt W83L518D 29.08.2011 notwendig Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Garmin 05.09.2011 06/03/2009 2.3.0.0 unbekannt Windows Genuine Advantage Validation Tool (KB892130) Microsoft Corporation 29.08.2011 notwendig Windows Internet Explorer 8 Microsoft Corporation 29.08.2011 20090308.140743 notwendig Windows Live Essentials Microsoft Corporation 29.08.2011 14.0.8117.0416 unbekannt Windows Live ID Sign-in Assistant Microsoft Corporation 30.11.2011 4,69MB 6.500.3165.0 unbekannt Windows Live-Uploadtool Microsoft Corporation 29.08.2011 0,22MB 14.0.8014.1029 unbekannt Windows Media Format 11 runtime 21.09.2011 notwendig Windows Media Player 11 21.09.2011 unbekannt X10 Hardware(TM) 29.08.2011 unbekannt XP Codec Pack 20.10.2011 notwendig µTorrent 08.08.2012 3.1.3 ich habe soeben eine e-Mail bekommen und damit das Problem lösen können: der Ursprung der verfälschten Google-Suchergebnisse war das Add-on 'Fast Video Download' für Firefox; obwohl ich das schon lange in Verwendung hatte (ohne Unregelmäßigkeiten) hat das die Umleitungen verursacht; aktuelle User-Reviews bestätigen dies auch befindet sich nun aber weiterhin schädliche Software o.ä. auf meinem System oder sollte es damit behoben sein? Geändert von errodin (04.02.2013 um 16:19 Uhr) |
|
04.02.2013, 16:32
| #14 |
| /// Malware-holic | Google-Suchergebnisse verfälscht... deinstaliere: ABBYY deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. Deinstaliere: BIPA EVEREST Google : beide Java(TM) Malwarebytes Mozilla : beide RESIDENT Shockwave SpellForce : unötiges Spybot TuneUp Windows Live : alle fr dich unnötigen XP Codec zu dem adon währen wir noch gekommen. Öffne CCleaner, analysieren starten, pcneustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.02.2013, 17:42
| #15 |
| | Google-Suchergebnisse verfälscht... folgendes Problem: Java 6 lässt sich nicht deinstallieren, bringt die Fehlermeldung 'schwerwiegender Fehler bei der Installation' Code:
ATTFilter # AdwCleaner v2.109 - Datei am 04/02/2013 um 17:41:01 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : TERMINAL DOGMA - MAGI
# Bootmodus : Normal
# Ausgeführt unter : H:\Dokumente und Einstellungen\TERMINAL DOGMA\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0ENGA4FO\adwcleaner_2.1.0.9[1].exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]
Datei : H:\Dokumente und Einstellungen\TERMINAL DOGMA\Anwendungsdaten\Mozilla\Firefox\Profiles\9ic1goaj.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R2].txt - [885 octets] - [04/02/2013 17:41:01]
########## EOF - H:\AdwCleaner[R2].txt - [944 octets] ##########
|
|
| Themen zu Google-Suchergebnisse verfälscht... |
| beheben, bekannter, bilder, dubiose, google, hoffe, installier, installierte, knapp, liefert, lösung, normale, normalen, problem, stets, suchergebnisse, system, tagen, unerwünschte, wechsel, wechselt |
Linear-Darstellung
