| |
| |||||||
Log-Analyse und Auswertung: Hotel.de TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.03.2013, 17:21
| #17 |
 |  Hotel.de Trojaner Hallo,
__________________er hat 2 Dateien gefunden und entfernt Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.18.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
npc1 :: NPC1 [administrator]
18.3.2013 16:34:15
mbar-log-2013-03-18 (16-34-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 25938
Time elapsed: 14 minute(s), 46 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
c:\Dokumente und Einstellungen\npc1\Anwendungsdaten\Anyr\uhuqupa.exe (Spyware.Zbot) -> Delete on reboot.
c:\Dokumente und Einstellungen\npc1\Lokale Einstellungen\Temp\1344712146.exe (Spyware.Zbot) -> Delete on reboot.
(end)
2. Durchlauf Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.18.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
npc1 :: NPC1 [administrator]
18.3.2013 17:05:56
mbar-log-2013-03-18 (17-05-56).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 25957
Time elapsed: 21 minute(s), 48 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
19.03.2013, 09:23
| #19 |
| | Hotel.de Trojaner Guten Morgen, ich habe es nochmal versucht mit Gmer Diesmal hatte ich einen Blue Screen Page_Fault_in_nonpaged_area 0x00000050 |
|
19.03.2013, 12:33
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Hotel.de Trojaner aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.03.2013, 14:59
| #21 |
| | Hotel.de Trojaner fertig.. Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-19 13:34:59
-----------------------------
13:34:59.724 OS Version: Windows 5.1.2600 Service Pack 3
13:34:59.724 Number of processors: 2 586 0x170A
13:34:59.724 ComputerName: NPC1 UserName: npc1
13:35:02.474 Initialize success
13:38:03.586 AVAST engine defs: 13031900
13:38:57.258 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-7
13:38:57.258 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5CA Size: 476940MB BusType: 3
13:38:57.430 Disk 0 MBR read successfully
13:38:57.430 Disk 0 MBR scan
13:38:57.477 Disk 0 Windows XP default MBR code
13:38:57.477 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 250019 MB offset 63
13:38:57.477 Disk 0 Partition - 00 05 Extended 226918 MB offset 512039745
13:38:57.493 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 226918 MB offset 512039808
13:38:57.493 Disk 0 scanning sectors +976768065
13:38:57.571 Disk 0 scanning C:\WINXP\system32\drivers
13:39:11.962 Service scanning
13:39:41.149 Modules scanning
13:39:50.806 Disk 0 trace - called modules:
13:39:50.821 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
13:39:50.821 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad39ab8]
13:39:50.821 3 CLASSPNP.SYS[b80c8fd7] -> nt!IofCallDriver -> \Device\00000068[0x8ae7ff18]
13:39:50.821 5 ACPI.sys[b7f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-7[0x8ad5f940]
13:39:52.852 AVAST engine scan C:\WINXP
13:40:03.931 AVAST engine scan C:\WINXP\system32
13:44:41.307 AVAST engine scan C:\WINXP\system32\drivers
13:45:01.698 AVAST engine scan C:\Dokumente und Einstellungen\npc1
14:44:02.151 AVAST engine scan C:\Dokumente und Einstellungen\All Users
14:47:11.151 Scan finished successfully
14:48:27.698 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\npc1\Desktop\MBR.dat"
14:48:27.698 The log file has been saved successfully to "C:\Dokumente und Einstellungen\npc1\Desktop\aswMBR.txt"
Code:
ATTFilter 14:49:02.0557 0924 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:49:02.0979 0924 ============================================================
14:49:02.0979 0924 Current date / time: 2013/03/19 14:49:02.0979
14:49:02.0979 0924 SystemInfo:
14:49:02.0979 0924
14:49:02.0979 0924 OS Version: 5.1.2600 ServicePack: 3.0
14:49:02.0979 0924 Product type: Workstation
14:49:02.0979 0924 ComputerName: NPC1
14:49:02.0979 0924 UserName: npc1
14:49:02.0979 0924 Windows directory: C:\WINXP
14:49:02.0979 0924 System windows directory: C:\WINXP
14:49:02.0979 0924 Processor architecture: Intel x86
14:49:02.0979 0924 Number of processors: 2
14:49:02.0979 0924 Page size: 0x1000
14:49:02.0979 0924 Boot type: Normal boot
14:49:02.0979 0924 ============================================================
14:49:04.0260 0924 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:49:04.0260 0924 ============================================================
14:49:04.0260 0924 \Device\Harddisk0\DR0:
14:49:04.0260 0924 MBR partitions:
14:49:04.0260 0924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1E851B02
14:49:04.0291 0924 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E851B80, BlocksNum 0x1BB330C1
14:49:04.0291 0924 ============================================================
14:49:04.0307 0924 D: <-> \Device\Harddisk0\DR0\Partition2
14:49:04.0354 0924 C: <-> \Device\Harddisk0\DR0\Partition1
14:49:04.0354 0924 ============================================================
14:49:04.0354 0924 Initialize success
14:49:04.0354 0924 ============================================================
14:49:23.0541 3916 ============================================================
14:49:23.0541 3916 Scan started
14:49:23.0541 3916 Mode: Manual;
14:49:23.0541 3916 ============================================================
14:49:24.0229 3916 ================ Scan system memory ========================
14:49:24.0229 3916 System memory - ok
14:49:24.0229 3916 ================ Scan services =============================
14:49:24.0401 3916 Abiosdsk - ok
14:49:24.0401 3916 abp480n5 - ok
14:49:24.0479 3916 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINXP\system32\drivers\ACPI.sys
14:49:24.0510 3916 ACPI - ok
14:49:24.0557 3916 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINXP\system32\drivers\ACPIEC.sys
14:49:24.0557 3916 ACPIEC - ok
14:49:24.0635 3916 [ 177FF6608B48638D4066726F3A3F8444 ] AdobeActiveFileMonitor5.0 C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
14:49:24.0651 3916 AdobeActiveFileMonitor5.0 - ok
14:49:24.0745 3916 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:49:24.0791 3916 AdobeFlashPlayerUpdateSvc - ok
14:49:24.0807 3916 adpu160m - ok
14:49:24.0838 3916 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINXP\system32\drivers\aec.sys
14:49:24.0870 3916 aec - ok
14:49:24.0932 3916 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINXP\System32\drivers\afd.sys
14:49:24.0979 3916 AFD - ok
14:49:24.0979 3916 Aha154x - ok
14:49:24.0979 3916 aic78u2 - ok
14:49:24.0979 3916 aic78xx - ok
14:49:25.0495 3916 [ 35045A23957A71BA649740741E69408C ] ALCXWDM C:\WINXP\system32\drivers\ALCXWDM.SYS
14:49:25.0948 3916 ALCXWDM - ok
14:49:25.0979 3916 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINXP\system32\alrsvc.dll
14:49:25.0995 3916 Alerter - ok
14:49:26.0010 3916 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINXP\System32\alg.exe
14:49:26.0026 3916 ALG - ok
14:49:26.0026 3916 AliIde - ok
14:49:26.0026 3916 amsint - ok
14:49:26.0073 3916 [ E2AD6CC7D407F2B5CB2899775CF84F51 ] AN983 C:\WINXP\system32\DRIVERS\AN983.sys
14:49:26.0088 3916 AN983 - ok
14:49:26.0151 3916 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINXP\System32\appmgmts.dll
14:49:26.0198 3916 AppMgmt - ok
14:49:26.0229 3916 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINXP\system32\DRIVERS\arp1394.sys
14:49:26.0245 3916 Arp1394 - ok
14:49:26.0245 3916 asc - ok
14:49:26.0245 3916 asc3350p - ok
14:49:26.0245 3916 asc3550 - ok
14:49:26.0338 3916 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINXP\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:49:26.0338 3916 aspnet_state - ok
14:49:26.0370 3916 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINXP\system32\DRIVERS\asyncmac.sys
14:49:26.0370 3916 AsyncMac - ok
14:49:26.0401 3916 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINXP\system32\drivers\atapi.sys
14:49:26.0401 3916 atapi - ok
14:49:26.0401 3916 Atdisk - ok
14:49:26.0432 3916 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINXP\system32\DRIVERS\atmarpc.sys
14:49:26.0448 3916 Atmarpc - ok
14:49:26.0495 3916 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINXP\System32\audiosrv.dll
14:49:26.0495 3916 AudioSrv - ok
14:49:26.0541 3916 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINXP\system32\DRIVERS\audstub.sys
14:49:26.0541 3916 audstub - ok
14:49:26.0573 3916 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINXP\system32\drivers\Beep.sys
14:49:26.0573 3916 Beep - ok
14:49:26.0682 3916 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINXP\System32\qmgr.dll
14:49:26.0760 3916 BITS - ok
14:49:26.0807 3916 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINXP\System32\browser.dll
14:49:26.0823 3916 Browser - ok
14:49:26.0854 3916 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINXP\system32\drivers\cbidf2k.sys
14:49:26.0870 3916 cbidf2k - ok
14:49:26.0870 3916 cd20xrnt - ok
14:49:26.0885 3916 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINXP\system32\drivers\Cdaudio.sys
14:49:26.0885 3916 Cdaudio - ok
14:49:26.0932 3916 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINXP\system32\drivers\Cdfs.sys
14:49:26.0932 3916 Cdfs - ok
14:49:26.0963 3916 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINXP\system32\DRIVERS\cdrom.sys
14:49:26.0979 3916 Cdrom - ok
14:49:26.0979 3916 Changer - ok
14:49:27.0026 3916 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINXP\system32\cisvc.exe
14:49:27.0026 3916 CiSvc - ok
14:49:27.0041 3916 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINXP\system32\clipsrv.exe
14:49:27.0057 3916 ClipSrv - ok
14:49:27.0120 3916 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:49:27.0166 3916 clr_optimization_v2.0.50727_32 - ok
14:49:27.0166 3916 CmdIde - ok
14:49:27.0166 3916 COMSysApp - ok
14:49:27.0166 3916 Cpqarray - ok
14:49:27.0213 3916 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINXP\System32\cryptsvc.dll
14:49:27.0229 3916 CryptSvc - ok
14:49:27.0229 3916 dac2w2k - ok
14:49:27.0229 3916 dac960nt - ok
14:49:27.0354 3916 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINXP\system32\rpcss.dll
14:49:27.0432 3916 DcomLaunch - ok
14:49:27.0495 3916 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINXP\System32\dhcpcsvc.dll
14:49:27.0526 3916 Dhcp - ok
14:49:27.0541 3916 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINXP\system32\DRIVERS\disk.sys
14:49:27.0541 3916 Disk - ok
14:49:27.0541 3916 dmadmin - ok
14:49:27.0713 3916 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINXP\system32\drivers\dmboot.sys
14:49:27.0885 3916 dmboot - ok
14:49:27.0916 3916 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINXP\system32\DRIVERS\dmio.sys
14:49:27.0948 3916 dmio - ok
14:49:27.0963 3916 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINXP\system32\drivers\dmload.sys
14:49:27.0963 3916 dmload - ok
14:49:27.0963 3916 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINXP\System32\dmserver.dll
14:49:27.0963 3916 dmserver - ok
14:49:28.0010 3916 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINXP\system32\drivers\DMusic.sys
14:49:28.0026 3916 DMusic - ok
14:49:28.0073 3916 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINXP\System32\dnsrslvr.dll
14:49:28.0073 3916 Dnscache - ok
14:49:28.0135 3916 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINXP\System32\dot3svc.dll
14:49:28.0166 3916 Dot3svc - ok
14:49:28.0166 3916 dpti2o - ok
14:49:28.0182 3916 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINXP\system32\drivers\drmkaud.sys
14:49:28.0182 3916 drmkaud - ok
14:49:28.0182 3916 DWMRCS - ok
14:49:28.0213 3916 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINXP\System32\eapsvc.dll
14:49:28.0213 3916 EapHost - ok
14:49:28.0260 3916 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINXP\System32\ersvc.dll
14:49:28.0260 3916 ERSvc - ok
14:49:28.0323 3916 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINXP\system32\services.exe
14:49:28.0354 3916 Eventlog - ok
14:49:28.0416 3916 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINXP\System32\es.dll
14:49:28.0479 3916 EventSystem - ok
14:49:28.0526 3916 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINXP\system32\drivers\Fastfat.sys
14:49:28.0557 3916 Fastfat - ok
14:49:28.0620 3916 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINXP\System32\shsvcs.dll
14:49:28.0651 3916 FastUserSwitchingCompatibility - ok
14:49:28.0666 3916 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINXP\system32\DRIVERS\fdc.sys
14:49:28.0682 3916 Fdc - ok
14:49:28.0698 3916 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINXP\system32\drivers\Fips.sys
14:49:28.0713 3916 Fips - ok
14:49:28.0729 3916 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINXP\system32\DRIVERS\flpydisk.sys
14:49:28.0729 3916 Flpydisk - ok
14:49:28.0807 3916 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINXP\system32\drivers\fltmgr.sys
14:49:28.0823 3916 FltMgr - ok
14:49:28.0901 3916 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINXP\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:49:28.0916 3916 FontCache3.0.0.0 - ok
14:49:28.0948 3916 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINXP\system32\drivers\Fs_Rec.sys
14:49:28.0948 3916 Fs_Rec - ok
14:49:28.0995 3916 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINXP\system32\DRIVERS\ftdisk.sys
14:49:29.0026 3916 Ftdisk - ok
14:49:29.0057 3916 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINXP\system32\DRIVERS\msgpc.sys
14:49:29.0057 3916 Gpc - ok
14:49:29.0104 3916 [ 1C51E9DB4A24C4A6B7AD5BE4BC4B19A6 ] hcmon C:\WINXP\system32\drivers\hcmon.sys
14:49:29.0120 3916 hcmon - ok
14:49:29.0166 3916 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINXP\system32\DRIVERS\HDAudBus.sys
14:49:29.0198 3916 HDAudBus - ok
14:49:29.0260 3916 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:49:29.0260 3916 helpsvc - ok
14:49:29.0276 3916 HidServ - ok
14:49:29.0307 3916 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINXP\system32\DRIVERS\hidusb.sys
14:49:29.0307 3916 HidUsb - ok
14:49:29.0338 3916 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINXP\System32\kmsvc.dll
14:49:29.0338 3916 hkmsvc - ok
14:49:29.0354 3916 hpn - ok
14:49:29.0416 3916 [ 937031C085718C1C04A9C0864625EC6B ] HTTP C:\WINXP\system32\Drivers\HTTP.sys
14:49:29.0479 3916 HTTP - ok
14:49:29.0510 3916 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINXP\System32\w3ssl.dll
14:49:29.0526 3916 HTTPFilter - ok
14:49:29.0526 3916 i2omgmt - ok
14:49:29.0526 3916 i2omp - ok
14:49:29.0573 3916 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINXP\system32\DRIVERS\i8042prt.sys
14:49:29.0573 3916 i8042prt - ok
14:49:29.0651 3916 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:49:29.0666 3916 IDriverT - ok
14:49:29.0901 3916 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:49:30.0104 3916 idsvc - ok
14:49:30.0135 3916 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINXP\system32\DRIVERS\imapi.sys
14:49:30.0135 3916 Imapi - ok
14:49:30.0198 3916 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINXP\System32\imapi.exe
14:49:30.0229 3916 ImapiService - ok
14:49:30.0245 3916 ini910u - ok
14:49:31.0198 3916 [ EB5608FD4F2961517AC9F5CAC88B023B ] IntcAzAudAddService C:\WINXP\system32\drivers\RtkHDAud.sys
14:49:32.0120 3916 IntcAzAudAddService - ok
14:49:32.0120 3916 IntelIde - ok
14:49:32.0166 3916 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINXP\system32\DRIVERS\intelppm.sys
14:49:32.0166 3916 intelppm - ok
14:49:32.0198 3916 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINXP\system32\drivers\ip6fw.sys
14:49:32.0198 3916 Ip6Fw - ok
14:49:32.0213 3916 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINXP\system32\DRIVERS\ipfltdrv.sys
14:49:32.0213 3916 IpFilterDriver - ok
14:49:32.0229 3916 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINXP\system32\DRIVERS\ipinip.sys
14:49:32.0245 3916 IpInIp - ok
14:49:32.0291 3916 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINXP\system32\DRIVERS\ipnat.sys
14:49:32.0323 3916 IpNat - ok
14:49:32.0338 3916 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINXP\system32\DRIVERS\ipsec.sys
14:49:32.0354 3916 IPSec - ok
14:49:32.0370 3916 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINXP\system32\DRIVERS\irenum.sys
14:49:32.0370 3916 IRENUM - ok
14:49:32.0401 3916 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINXP\system32\drivers\isapnp.sys
14:49:32.0401 3916 isapnp - ok
14:49:32.0495 3916 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
14:49:32.0526 3916 JavaQuickStarterService - ok
14:49:32.0526 3916 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINXP\system32\DRIVERS\kbdclass.sys
14:49:32.0541 3916 Kbdclass - ok
14:49:32.0588 3916 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINXP\system32\drivers\kmixer.sys
14:49:32.0620 3916 kmixer - ok
14:49:32.0651 3916 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINXP\system32\drivers\KSecDD.sys
14:49:32.0666 3916 KSecDD - ok
14:49:32.0713 3916 [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer C:\WINXP\System32\srvsvc.dll
14:49:32.0729 3916 LanmanServer - ok
14:49:32.0791 3916 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINXP\System32\wkssvc.dll
14:49:32.0823 3916 lanmanworkstation - ok
14:49:32.0823 3916 lbrtfdc - ok
14:49:32.0838 3916 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINXP\System32\lmhsvc.dll
14:49:32.0838 3916 LmHosts - ok
14:49:32.0870 3916 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINXP\system32\drivers\mbam.sys
14:49:32.0885 3916 MBAMProtector - ok
14:49:33.0010 3916 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:49:33.0088 3916 MBAMScheduler - ok
14:49:33.0245 3916 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
14:49:33.0370 3916 MBAMService - ok
14:49:33.0510 3916 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
14:49:33.0573 3916 MDM - ok
14:49:33.0604 3916 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINXP\System32\msgsvc.dll
14:49:33.0604 3916 Messenger - ok
14:49:33.0651 3916 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINXP\system32\drivers\mnmdd.sys
14:49:33.0651 3916 mnmdd - ok
14:49:33.0682 3916 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINXP\System32\mnmsrvc.exe
14:49:33.0698 3916 mnmsrvc - ok
14:49:33.0713 3916 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINXP\system32\drivers\Modem.sys
14:49:33.0729 3916 Modem - ok
14:49:33.0745 3916 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINXP\system32\DRIVERS\mouclass.sys
14:49:33.0745 3916 Mouclass - ok
14:49:33.0776 3916 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINXP\system32\DRIVERS\mouhid.sys
14:49:33.0776 3916 mouhid - ok
14:49:33.0807 3916 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINXP\system32\drivers\MountMgr.sys
14:49:33.0823 3916 MountMgr - ok
14:49:33.0885 3916 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
14:49:33.0901 3916 MozillaMaintenance - ok
14:49:33.0901 3916 mraid35x - ok
14:49:33.0948 3916 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINXP\system32\DRIVERS\mrxdav.sys
14:49:33.0979 3916 MRxDAV - ok
14:49:34.0120 3916 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINXP\system32\DRIVERS\mrxsmb.sys
14:49:34.0213 3916 MRxSmb - ok
14:49:34.0213 3916 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINXP\system32\msdtc.exe
14:49:34.0213 3916 MSDTC - ok
14:49:34.0229 3916 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINXP\system32\drivers\Msfs.sys
14:49:34.0229 3916 Msfs - ok
14:49:34.0229 3916 MSIServer - ok
14:49:34.0260 3916 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINXP\system32\drivers\MSKSSRV.sys
14:49:34.0260 3916 MSKSSRV - ok
14:49:34.0260 3916 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINXP\system32\drivers\MSPCLOCK.sys
14:49:34.0260 3916 MSPCLOCK - ok
14:49:34.0260 3916 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINXP\system32\drivers\MSPQM.sys
14:49:34.0260 3916 MSPQM - ok
14:49:34.0307 3916 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINXP\system32\DRIVERS\mssmbios.sys
14:49:34.0307 3916 mssmbios - ok
14:49:34.0354 3916 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINXP\system32\DRIVERS\ASACPI.sys
14:49:34.0354 3916 MTsensor - ok
14:49:34.0401 3916 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINXP\system32\drivers\Mup.sys
14:49:34.0416 3916 Mup - ok
14:49:34.0495 3916 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINXP\System32\qagentrt.dll
14:49:34.0541 3916 napagent - ok
14:49:34.0588 3916 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINXP\system32\drivers\NDIS.sys
14:49:34.0635 3916 NDIS - ok
14:49:34.0635 3916 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINXP\system32\DRIVERS\ndistapi.sys
14:49:34.0635 3916 NdisTapi - ok
14:49:34.0666 3916 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINXP\system32\DRIVERS\ndisuio.sys
14:49:34.0666 3916 Ndisuio - ok
14:49:34.0698 3916 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINXP\system32\DRIVERS\ndiswan.sys
14:49:34.0713 3916 NdisWan - ok
14:49:34.0760 3916 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINXP\system32\drivers\NDProxy.sys
14:49:34.0776 3916 NDProxy - ok
14:49:34.0791 3916 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINXP\system32\DRIVERS\netbios.sys
14:49:34.0791 3916 NetBIOS - ok
14:49:34.0838 3916 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINXP\system32\DRIVERS\netbt.sys
14:49:34.0870 3916 NetBT - ok
14:49:34.0932 3916 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINXP\system32\netdde.exe
14:49:34.0948 3916 NetDDE - ok
14:49:34.0979 3916 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINXP\system32\netdde.exe
14:49:34.0979 3916 NetDDEdsdm - ok
14:49:35.0010 3916 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINXP\System32\lsass.exe
14:49:35.0026 3916 Netlogon - ok
14:49:35.0088 3916 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINXP\System32\netman.dll
14:49:35.0135 3916 Netman - ok
14:49:35.0182 3916 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:49:35.0198 3916 NetTcpPortSharing - ok
14:49:35.0245 3916 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINXP\system32\DRIVERS\nic1394.sys
14:49:35.0260 3916 NIC1394 - ok
14:49:35.0323 3916 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINXP\System32\mswsock.dll
14:49:35.0370 3916 Nla - ok
14:49:35.0370 3916 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINXP\system32\drivers\Npfs.sys
14:49:35.0385 3916 Npfs - ok
14:49:35.0495 3916 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINXP\system32\drivers\Ntfs.sys
14:49:35.0604 3916 Ntfs - ok
14:49:35.0620 3916 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINXP\System32\lsass.exe
14:49:35.0620 3916 NtLmSsp - ok
14:49:35.0729 3916 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINXP\system32\ntmssvc.dll
14:49:35.0807 3916 NtmsSvc - ok
14:49:35.0916 3916 [ CEC052D67B20F5BE1D46CB73AA169B38 ] ntrtscan C:\Programme\Trend Micro\OfficeScan Client\ntrtscan.exe
14:49:35.0995 3916 ntrtscan - ok
14:49:36.0041 3916 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINXP\system32\drivers\Null.sys
14:49:36.0041 3916 Null - ok
14:49:38.0245 3916 [ 625F0E2467F6800E1D939CF22F2F6C99 ] nv C:\WINXP\system32\DRIVERS\nv4_mini.sys
14:49:40.0432 3916 nv - ok
14:49:40.0479 3916 [ CCD0C2A9A9C4C59441072564B011B546 ] NVENETFD C:\WINXP\system32\DRIVERS\NVENETFD.sys
14:49:40.0479 3916 NVENETFD - ok
14:49:40.0541 3916 [ FA740E97A0FE36E368C2299D9F3C01C1 ] nvgts C:\WINXP\system32\drivers\nvgts.sys
14:49:40.0557 3916 nvgts - ok
14:49:40.0604 3916 [ A4931D96F111B5A8F3129507AE7BDF12 ] nvnetbus C:\WINXP\system32\DRIVERS\nvnetbus.sys
14:49:40.0604 3916 nvnetbus - ok
14:49:40.0651 3916 [ A05ED8F4EC71E2CE84BA3CFEF48E8C9A ] nvrd32 C:\WINXP\system32\drivers\nvrd32.sys
14:49:40.0682 3916 nvrd32 - ok
14:49:40.0745 3916 [ E666A28CC51F04C7D972EF8AD4234BBA ] NVSvc C:\WINXP\system32\nvsvc32.exe
14:49:40.0776 3916 NVSvc - ok
14:49:41.0213 3916 [ E7973587C80CC49DAD8E88AD45D2A1CC ] nvUpdatusService C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:49:41.0526 3916 nvUpdatusService - ok
14:49:41.0557 3916 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINXP\system32\DRIVERS\nwlnkflt.sys
14:49:41.0557 3916 NwlnkFlt - ok
14:49:41.0588 3916 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINXP\system32\DRIVERS\nwlnkfwd.sys
14:49:41.0588 3916 NwlnkFwd - ok
14:49:41.0651 3916 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINXP\system32\DRIVERS\ohci1394.sys
14:49:41.0682 3916 ohci1394 - ok
14:49:41.0760 3916 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
14:49:41.0791 3916 ose - ok
14:49:41.0870 3916 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINXP\system32\DRIVERS\parport.sys
14:49:41.0916 3916 Parport - ok
14:49:42.0010 3916 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINXP\system32\drivers\PartMgr.sys
14:49:42.0010 3916 PartMgr - ok
14:49:42.0088 3916 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINXP\system32\drivers\ParVdm.sys
14:49:42.0088 3916 ParVdm - ok
14:49:42.0104 3916 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINXP\system32\drivers\pci.sys
14:49:42.0120 3916 PCI - ok
14:49:42.0120 3916 PCIDump - ok
14:49:42.0151 3916 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINXP\system32\drivers\pciide.sys
14:49:42.0151 3916 PCIIde - ok
14:49:42.0198 3916 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINXP\system32\drivers\Pcmcia.sys
14:49:42.0213 3916 Pcmcia - ok
14:49:42.0213 3916 PDCOMP - ok
14:49:42.0213 3916 PDFRAME - ok
14:49:42.0213 3916 PDRELI - ok
14:49:42.0229 3916 PDRFRAME - ok
14:49:42.0229 3916 perc2 - ok
14:49:42.0229 3916 perc2hib - ok
14:49:42.0276 3916 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINXP\system32\services.exe
14:49:42.0276 3916 PlugPlay - ok
14:49:42.0291 3916 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINXP\System32\lsass.exe
14:49:42.0291 3916 PolicyAgent - ok
14:49:42.0338 3916 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINXP\system32\DRIVERS\raspptp.sys
14:49:42.0370 3916 PptpMiniport - ok
14:49:42.0604 3916 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINXP\system32\drivers\processr.sys
14:49:42.0620 3916 Processor - ok
14:49:42.0666 3916 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINXP\system32\lsass.exe
14:49:42.0666 3916 ProtectedStorage - ok
14:49:42.0682 3916 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINXP\system32\DRIVERS\psched.sys
14:49:42.0713 3916 PSched - ok
14:49:42.0760 3916 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINXP\system32\DRIVERS\ptilink.sys
14:49:42.0776 3916 Ptilink - ok
14:49:42.0870 3916 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\WINXP\system32\Drivers\PxHelp20.sys
14:49:42.0885 3916 PxHelp20 - ok
14:49:42.0885 3916 ql1080 - ok
14:49:42.0885 3916 Ql10wnt - ok
14:49:42.0885 3916 ql12160 - ok
14:49:42.0885 3916 ql1240 - ok
14:49:42.0885 3916 ql1280 - ok
14:49:42.0932 3916 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINXP\system32\DRIVERS\rasacd.sys
14:49:42.0932 3916 RasAcd - ok
14:49:43.0088 3916 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINXP\System32\rasauto.dll
14:49:43.0182 3916 RasAuto - ok
14:49:43.0245 3916 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINXP\system32\DRIVERS\rasl2tp.sys
14:49:43.0291 3916 Rasl2tp - ok
14:49:43.0448 3916 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINXP\System32\rasmans.dll
14:49:43.0495 3916 RasMan - ok
14:49:43.0510 3916 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINXP\system32\DRIVERS\raspppoe.sys
14:49:43.0526 3916 RasPppoe - ok
14:49:43.0541 3916 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINXP\system32\DRIVERS\raspti.sys
14:49:43.0541 3916 Raspti - ok
14:49:43.0604 3916 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINXP\system32\DRIVERS\rdbss.sys
14:49:43.0635 3916 Rdbss - ok
14:49:43.0682 3916 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINXP\system32\DRIVERS\RDPCDD.sys
14:49:43.0682 3916 RDPCDD - ok
14:49:43.0713 3916 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINXP\system32\DRIVERS\rdpdr.sys
14:49:43.0760 3916 rdpdr - ok
14:49:43.0838 3916 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINXP\system32\drivers\RDPWD.sys
14:49:43.0901 3916 RDPWD - ok
14:49:44.0010 3916 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINXP\system32\sessmgr.exe
14:49:44.0041 3916 RDSessMgr - ok
14:49:44.0088 3916 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINXP\system32\DRIVERS\redbook.sys
14:49:44.0088 3916 redbook - ok
14:49:44.0135 3916 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINXP\System32\mprdim.dll
14:49:44.0135 3916 RemoteAccess - ok
14:49:44.0182 3916 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINXP\system32\regsvc.dll
14:49:44.0198 3916 RemoteRegistry - ok
14:49:44.0229 3916 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINXP\System32\locator.exe
14:49:44.0245 3916 RpcLocator - ok
14:49:44.0338 3916 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINXP\system32\rpcss.dll
14:49:44.0338 3916 RpcSs - ok
14:49:44.0385 3916 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINXP\System32\rsvp.exe
14:49:44.0416 3916 RSVP - ok
14:49:44.0448 3916 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINXP\system32\lsass.exe
14:49:44.0448 3916 SamSs - ok
14:49:44.0463 3916 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINXP\System32\SCardSvr.exe
14:49:44.0495 3916 SCardSvr - ok
14:49:44.0541 3916 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINXP\system32\schedsvc.dll
14:49:44.0573 3916 Schedule - ok
14:49:44.0604 3916 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINXP\system32\DRIVERS\secdrv.sys
14:49:44.0604 3916 Secdrv - ok
14:49:44.0620 3916 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINXP\System32\seclogon.dll
14:49:44.0620 3916 seclogon - ok
14:49:44.0635 3916 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINXP\system32\sens.dll
14:49:44.0635 3916 SENS - ok
14:49:44.0651 3916 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINXP\system32\DRIVERS\serenum.sys
14:49:44.0666 3916 serenum - ok
14:49:44.0682 3916 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINXP\system32\DRIVERS\serial.sys
14:49:44.0698 3916 Serial - ok
14:49:44.0713 3916 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINXP\system32\drivers\Sfloppy.sys
14:49:44.0713 3916 Sfloppy - ok
14:49:44.0791 3916 [ 5944ECBCF555DEDD7F48F9982D5DDFF4 ] SFUSVC C:\Programme\Kyocera\FileUtility\SFUSVC.exe
14:49:44.0807 3916 SFUSVC - ok
14:49:44.0901 3916 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINXP\System32\ipnathlp.dll
14:49:44.0979 3916 SharedAccess - ok
14:49:45.0010 3916 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINXP\System32\shsvcs.dll
14:49:45.0010 3916 ShellHWDetection - ok
14:49:45.0010 3916 Simbad - ok
14:49:45.0120 3916 [ E3CF27C168A97018C9F9C7ECC335A761 ] SiS315 C:\WINXP\system32\DRIVERS\sisgrp.sys
14:49:45.0166 3916 SiS315 - ok
14:49:45.0198 3916 [ E14435CF5D555BDC2F35097E403B79C5 ] SiSkp C:\WINXP\system32\DRIVERS\srvkp.sys
14:49:45.0198 3916 SiSkp - ok
14:49:45.0229 3916 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINXP\system32\DRIVERS\SONYPVU1.SYS
14:49:45.0229 3916 SONYPVU1 - ok
14:49:45.0229 3916 Sparrow - ok
14:49:45.0260 3916 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINXP\system32\drivers\splitter.sys
14:49:45.0260 3916 splitter - ok
14:49:45.0307 3916 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINXP\system32\spoolsv.exe
14:49:45.0323 3916 Spooler - ok
14:49:45.0354 3916 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINXP\system32\DRIVERS\sr.sys
14:49:45.0370 3916 sr - ok
14:49:45.0432 3916 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINXP\System32\srsvc.dll
14:49:45.0479 3916 srservice - ok
14:49:45.0557 3916 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINXP\system32\DRIVERS\srv.sys
14:49:45.0635 3916 Srv - ok
14:49:45.0666 3916 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINXP\System32\ssdpsrv.dll
14:49:45.0682 3916 SSDPSRV - ok
14:49:45.0760 3916 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINXP\system32\wiaservc.dll
14:49:45.0823 3916 stisvc - ok
14:49:45.0838 3916 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINXP\system32\DRIVERS\swenum.sys
14:49:45.0838 3916 swenum - ok
14:49:45.0854 3916 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINXP\system32\drivers\swmidi.sys
14:49:45.0870 3916 swmidi - ok
14:49:45.0870 3916 SwPrv - ok
14:49:45.0870 3916 symc810 - ok
14:49:45.0870 3916 symc8xx - ok
14:49:45.0870 3916 sym_hi - ok
14:49:45.0885 3916 sym_u3 - ok
14:49:45.0901 3916 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINXP\system32\drivers\sysaudio.sys
14:49:45.0932 3916 sysaudio - ok
14:49:45.0963 3916 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINXP\system32\smlogsvc.exe
14:49:45.0995 3916 SysmonLog - ok
14:49:46.0057 3916 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINXP\System32\tapisrv.dll
14:49:46.0120 3916 TapiSrv - ok
14:49:46.0229 3916 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINXP\system32\DRIVERS\tcpip.sys
14:49:46.0307 3916 Tcpip - ok
14:49:46.0370 3916 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINXP\system32\drivers\TDPIPE.sys
14:49:46.0385 3916 TDPIPE - ok
14:49:46.0401 3916 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINXP\system32\drivers\TDTCP.sys
14:49:46.0416 3916 TDTCP - ok
14:49:47.0432 3916 [ 6B1B2F8D62D606B200C2072564090104 ] TeamViewer8 C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
14:49:48.0276 3916 TeamViewer8 - ok
14:49:48.0307 3916 [ 88155247177638048422893737429D9E ] TermDD C:\WINXP\system32\DRIVERS\termdd.sys
14:49:48.0307 3916 TermDD - ok
14:49:48.0401 3916 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINXP\System32\termsrv.dll
14:49:48.0463 3916 TermService - ok
14:49:48.0510 3916 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINXP\System32\shsvcs.dll
14:49:48.0510 3916 Themes - ok
14:49:48.0573 3916 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINXP\system32\tlntsvr.exe
14:49:48.0588 3916 TlntSvr - ok
14:49:48.0666 3916 [ AC940A15959BE57958B91CDB914AAA6C ] TmFilter C:\Programme\Trend Micro\OfficeScan Client\TmXPFlt.sys
14:49:48.0713 3916 TmFilter - ok
14:49:48.0807 3916 [ 74EFD08250CB5830E8ACBD6EEAE7418A ] tmlisten C:\Programme\Trend Micro\OfficeScan Client\tmlisten.exe
14:49:48.0885 3916 tmlisten - ok
14:49:48.0901 3916 [ 8651A867C78BD2B69F1D5F982138A074 ] TmPreFilter C:\Programme\Trend Micro\OfficeScan Client\TmPreFlt.sys
14:49:48.0916 3916 TmPreFilter - ok
14:49:49.0010 3916 [ EFEF22B9577E5051057FDE1AE381B50C ] TomTomHOMEService C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
14:49:49.0026 3916 TomTomHOMEService - ok
14:49:49.0041 3916 TosIde - ok
14:49:49.0073 3916 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINXP\system32\trkwks.dll
14:49:49.0088 3916 TrkWks - ok
14:49:49.0135 3916 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINXP\system32\DRIVERS\uagp35.sys
14:49:49.0151 3916 uagp35 - ok
14:49:49.0182 3916 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINXP\system32\drivers\Udfs.sys
14:49:49.0198 3916 Udfs - ok
14:49:49.0198 3916 ultra - ok
14:49:49.0323 3916 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINXP\system32\DRIVERS\update.sys
14:49:49.0401 3916 Update - ok
14:49:49.0463 3916 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINXP\System32\upnphost.dll
14:49:49.0495 3916 upnphost - ok
14:49:49.0526 3916 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINXP\System32\ups.exe
14:49:49.0526 3916 UPS - ok
14:49:49.0541 3916 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINXP\system32\DRIVERS\usbccgp.sys
14:49:49.0557 3916 usbccgp - ok
14:49:49.0573 3916 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINXP\system32\DRIVERS\usbehci.sys
14:49:49.0588 3916 usbehci - ok
14:49:49.0620 3916 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINXP\system32\DRIVERS\usbhub.sys
14:49:49.0635 3916 usbhub - ok
14:49:49.0635 3916 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINXP\system32\DRIVERS\usbohci.sys
14:49:49.0635 3916 usbohci - ok
14:49:49.0651 3916 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINXP\system32\DRIVERS\usbscan.sys
14:49:49.0666 3916 usbscan - ok
14:49:49.0682 3916 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINXP\system32\DRIVERS\USBSTOR.SYS
14:49:49.0698 3916 USBSTOR - ok
14:49:49.0713 3916 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINXP\System32\drivers\vga.sys
14:49:49.0713 3916 VgaSave - ok
14:49:49.0713 3916 ViaIde - ok
14:49:49.0885 3916 [ 6C551C8B0672C926B80FA8199C8682E7 ] VMUSBArbService C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
14:49:50.0010 3916 VMUSBArbService - ok
14:49:50.0135 3916 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINXP\system32\drivers\VolSnap.sys
14:49:50.0151 3916 VolSnap - ok
14:49:50.0463 3916 [ 71A53597BFB4BAD7218AD2BEABA5C564 ] VSApiNt C:\Programme\Trend Micro\OfficeScan Client\VSApiNt.sys
14:49:50.0729 3916 VSApiNt - ok
14:49:50.0791 3916 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINXP\System32\vssvc.exe
14:49:50.0854 3916 VSS - ok
14:49:50.0916 3916 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINXP\System32\w32time.dll
14:49:50.0948 3916 W32Time - ok
14:49:50.0995 3916 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINXP\system32\DRIVERS\wanarp.sys
14:49:51.0010 3916 Wanarp - ok
14:49:51.0010 3916 WDICA - ok
14:49:51.0073 3916 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINXP\system32\drivers\wdmaud.sys
14:49:51.0088 3916 wdmaud - ok
14:49:51.0135 3916 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINXP\System32\webclnt.dll
14:49:51.0151 3916 WebClient - ok
14:49:51.0245 3916 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINXP\system32\wbem\WMIsvc.dll
14:49:51.0276 3916 winmgmt - ok
14:49:51.0416 3916 [ F3EDC9909A02E6BCA863EB702D37B505 ] WinVNC4 C:\Programme\RealVNC\VNC4\WinVNC4.exe
14:49:51.0510 3916 WinVNC4 - ok
14:49:51.0541 3916 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINXP\system32\MsPMSNSv.dll
14:49:51.0541 3916 WmdmPmSN - ok
14:49:51.0823 3916 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINXP\System32\advapi32.dll
14:49:52.0104 3916 Wmi - ok
14:49:52.0198 3916 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINXP\System32\wbem\wmiapsrv.exe
14:49:52.0229 3916 WmiApSrv - ok
14:49:52.0307 3916 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINXP\system32\wscsvc.dll
14:49:52.0338 3916 wscsvc - ok
14:49:52.0401 3916 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINXP\system32\wuauserv.dll
14:49:52.0416 3916 wuauserv - ok
14:49:52.0620 3916 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINXP\System32\wzcsvc.dll
14:49:52.0854 3916 WZCSVC - ok
14:49:52.0963 3916 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINXP\System32\xmlprov.dll
14:49:52.0995 3916 xmlprov - ok
14:49:52.0995 3916 ================ Scan global ===============================
14:49:53.0041 3916 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINXP\system32\basesrv.dll
14:49:53.0120 3916 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINXP\system32\winsrv.dll
14:49:53.0260 3916 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINXP\system32\winsrv.dll
14:49:53.0291 3916 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINXP\system32\services.exe
14:49:53.0291 3916 [Global] - ok
14:49:53.0291 3916 ================ Scan MBR ==================================
14:49:53.0323 3916 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
14:49:53.0510 3916 \Device\Harddisk0\DR0 - ok
14:49:53.0510 3916 ================ Scan VBR ==================================
14:49:53.0510 3916 [ 9FA8B648524A893119144FA6A77FFE28 ] \Device\Harddisk0\DR0\Partition1
14:49:53.0510 3916 \Device\Harddisk0\DR0\Partition1 - ok
14:49:53.0541 3916 [ 870DA3DAA3DBD0B316F06626BAD75A22 ] \Device\Harddisk0\DR0\Partition2
14:49:53.0541 3916 \Device\Harddisk0\DR0\Partition2 - ok
14:49:53.0541 3916 ============================================================
14:49:53.0541 3916 Scan finished
14:49:53.0541 3916 ============================================================
14:49:53.0541 2632 Detected object count: 0
14:49:53.0541 2632 Actual detected object count: 0
14:50:28.0979 3028 ============================================================
14:50:28.0979 3028 Scan started
14:50:28.0979 3028 Mode: Manual; SigCheck; TDLFS;
14:50:28.0979 3028 ============================================================
14:50:29.0760 3028 ================ Scan system memory ========================
14:50:29.0760 3028 System memory - ok
14:50:29.0760 3028 ================ Scan services =============================
14:50:29.0916 3028 Abiosdsk - ok
14:50:29.0916 3028 abp480n5 - ok
14:50:29.0995 3028 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINXP\system32\drivers\ACPI.sys
14:50:31.0620 3028 ACPI - ok
14:50:31.0651 3028 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINXP\system32\drivers\ACPIEC.sys
14:50:31.0729 3028 ACPIEC - ok
14:50:31.0838 3028 [ 177FF6608B48638D4066726F3A3F8444 ] AdobeActiveFileMonitor5.0 C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
14:50:31.0854 3028 AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - warning
14:50:31.0854 3028 AdobeActiveFileMonitor5.0 - detected UnsignedFile.Multi.Generic (1)
14:50:31.0979 3028 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:50:31.0979 3028 AdobeFlashPlayerUpdateSvc - ok
14:50:31.0995 3028 adpu160m - ok
14:50:32.0041 3028 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINXP\system32\drivers\aec.sys
14:50:32.0120 3028 aec - ok
14:50:32.0182 3028 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINXP\System32\drivers\afd.sys
14:50:32.0213 3028 AFD - ok
14:50:32.0213 3028 Aha154x - ok
14:50:32.0229 3028 aic78u2 - ok
14:50:32.0229 3028 aic78xx - ok
14:50:32.0729 3028 [ 35045A23957A71BA649740741E69408C ] ALCXWDM C:\WINXP\system32\drivers\ALCXWDM.SYS
14:50:33.0323 3028 ALCXWDM - ok
14:50:33.0354 3028 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINXP\system32\alrsvc.dll
14:50:33.0416 3028 Alerter - ok
14:50:33.0448 3028 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINXP\System32\alg.exe
14:50:33.0510 3028 ALG - ok
14:50:33.0510 3028 AliIde - ok
14:50:33.0510 3028 amsint - ok
14:50:33.0557 3028 [ E2AD6CC7D407F2B5CB2899775CF84F51 ] AN983 C:\WINXP\system32\DRIVERS\AN983.sys
14:50:33.0588 3028 AN983 - ok
14:50:33.0666 3028 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINXP\System32\appmgmts.dll
14:50:33.0745 3028 AppMgmt - ok
14:50:33.0791 3028 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINXP\system32\DRIVERS\arp1394.sys
14:50:33.0870 3028 Arp1394 - ok
14:50:33.0870 3028 asc - ok
14:50:33.0870 3028 asc3350p - ok
14:50:33.0870 3028 asc3550 - ok
14:50:33.0948 3028 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINXP\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:50:33.0963 3028 aspnet_state - ok
14:50:33.0979 3028 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINXP\system32\DRIVERS\asyncmac.sys
14:50:34.0041 3028 AsyncMac - ok
14:50:34.0073 3028 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINXP\system32\drivers\atapi.sys
14:50:34.0151 3028 atapi - ok
14:50:34.0151 3028 Atdisk - ok
14:50:34.0182 3028 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINXP\system32\DRIVERS\atmarpc.sys
14:50:34.0245 3028 Atmarpc - ok
14:50:34.0276 3028 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINXP\System32\audiosrv.dll
14:50:34.0338 3028 AudioSrv - ok
14:50:34.0370 3028 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINXP\system32\DRIVERS\audstub.sys
14:50:34.0432 3028 audstub - ok
14:50:34.0479 3028 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINXP\system32\drivers\Beep.sys
14:50:34.0541 3028 Beep - ok
14:50:34.0651 3028 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINXP\System32\qmgr.dll
14:50:34.0760 3028 BITS - ok
14:50:34.0823 3028 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINXP\System32\browser.dll
14:50:34.0885 3028 Browser - ok
14:50:34.0916 3028 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINXP\system32\drivers\cbidf2k.sys
14:50:34.0995 3028 cbidf2k - ok
14:50:34.0995 3028 cd20xrnt - ok
14:50:35.0026 3028 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINXP\system32\drivers\Cdaudio.sys
14:50:35.0088 3028 Cdaudio - ok
14:50:35.0135 3028 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINXP\system32\drivers\Cdfs.sys
14:50:35.0182 3028 Cdfs - ok
14:50:35.0213 3028 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINXP\system32\DRIVERS\cdrom.sys
14:50:35.0276 3028 Cdrom - ok
14:50:35.0291 3028 Changer - ok
14:50:35.0338 3028 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINXP\system32\cisvc.exe
14:50:35.0401 3028 CiSvc - ok
14:50:35.0416 3028 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINXP\system32\clipsrv.exe
14:50:35.0495 3028 ClipSrv - ok
14:50:35.0541 3028 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:50:35.0557 3028 clr_optimization_v2.0.50727_32 - ok
14:50:35.0557 3028 CmdIde - ok
14:50:35.0557 3028 COMSysApp - ok
14:50:35.0557 3028 Cpqarray - ok
14:50:35.0620 3028 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINXP\System32\cryptsvc.dll
14:50:35.0682 3028 CryptSvc - ok
14:50:35.0682 3028 dac2w2k - ok
14:50:35.0682 3028 dac960nt - ok
14:50:35.0791 3028 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINXP\system32\rpcss.dll
14:50:35.0901 3028 DcomLaunch - ok
14:50:35.0963 3028 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINXP\System32\dhcpcsvc.dll
14:50:36.0057 3028 Dhcp - ok
14:50:36.0088 3028 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINXP\system32\DRIVERS\disk.sys
14:50:36.0135 3028 Disk - ok
14:50:36.0151 3028 dmadmin - ok
14:50:36.0323 3028 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINXP\system32\drivers\dmboot.sys
14:50:36.0510 3028 dmboot - ok
14:50:36.0541 3028 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINXP\system32\DRIVERS\dmio.sys
14:50:36.0588 3028 dmio - ok
14:50:36.0620 3028 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINXP\system32\drivers\dmload.sys
14:50:36.0698 3028 dmload - ok
14:50:36.0745 3028 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINXP\System32\dmserver.dll
14:50:36.0807 3028 dmserver - ok
14:50:36.0838 3028 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINXP\system32\drivers\DMusic.sys
14:50:36.0901 3028 DMusic - ok
14:50:36.0963 3028 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINXP\System32\dnsrslvr.dll
14:50:36.0995 3028 Dnscache - ok
14:50:37.0041 3028 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINXP\System32\dot3svc.dll
14:50:37.0120 3028 Dot3svc - ok
14:50:37.0120 3028 dpti2o - ok
14:50:37.0135 3028 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINXP\system32\drivers\drmkaud.sys
14:50:37.0198 3028 drmkaud - ok
14:50:37.0198 3028 DWMRCS - ok
14:50:37.0213 3028 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINXP\System32\eapsvc.dll
14:50:37.0276 3028 EapHost - ok
14:50:37.0323 3028 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINXP\System32\ersvc.dll
14:50:37.0385 3028 ERSvc - ok
14:50:37.0448 3028 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINXP\system32\services.exe
14:50:37.0463 3028 Eventlog - ok
14:50:37.0541 3028 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINXP\System32\es.dll
14:50:37.0573 3028 EventSystem - ok
14:50:37.0635 3028 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINXP\system32\drivers\Fastfat.sys
14:50:37.0698 3028 Fastfat - ok
14:50:37.0760 3028 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINXP\System32\shsvcs.dll
14:50:37.0823 3028 FastUserSwitchingCompatibility - ok
14:50:37.0838 3028 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINXP\system32\DRIVERS\fdc.sys
14:50:37.0901 3028 Fdc - ok
14:50:37.0932 3028 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINXP\system32\drivers\Fips.sys
14:50:37.0995 3028 Fips - ok
14:50:38.0026 3028 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINXP\system32\DRIVERS\flpydisk.sys
14:50:38.0088 3028 Flpydisk - ok
14:50:38.0135 3028 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINXP\system32\drivers\fltmgr.sys
14:50:38.0198 3028 FltMgr - ok
14:50:38.0260 3028 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINXP\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:50:38.0276 3028 FontCache3.0.0.0 - ok
14:50:38.0307 3028 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINXP\system32\drivers\Fs_Rec.sys
14:50:38.0370 3028 Fs_Rec - ok
14:50:38.0416 3028 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINXP\system32\DRIVERS\ftdisk.sys
14:50:38.0479 3028 Ftdisk - ok
14:50:38.0510 3028 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINXP\system32\DRIVERS\msgpc.sys
14:50:38.0573 3028 Gpc - ok
14:50:38.0635 3028 [ 1C51E9DB4A24C4A6B7AD5BE4BC4B19A6 ] hcmon C:\WINXP\system32\drivers\hcmon.sys
14:50:38.0729 3028 hcmon - ok
14:50:38.0791 3028 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINXP\system32\DRIVERS\HDAudBus.sys
14:50:38.0870 3028 HDAudBus - ok
14:50:38.0948 3028 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:50:39.0026 3028 helpsvc - ok
14:50:39.0026 3028 HidServ - ok
14:50:39.0073 3028 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINXP\system32\DRIVERS\hidusb.sys
14:50:39.0151 3028 HidUsb - ok
14:50:39.0198 3028 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINXP\System32\kmsvc.dll
14:50:39.0260 3028 hkmsvc - ok
14:50:39.0260 3028 hpn - ok
14:50:39.0323 3028 [ 937031C085718C1C04A9C0864625EC6B ] HTTP C:\WINXP\system32\Drivers\HTTP.sys
14:50:39.0338 3028 HTTP ( UnsignedFile.Multi.Generic ) - warning
14:50:39.0338 3028 HTTP - detected UnsignedFile.Multi.Generic (1)
14:50:39.0370 3028 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINXP\System32\w3ssl.dll
14:50:39.0448 3028 HTTPFilter - ok
14:50:39.0448 3028 i2omgmt - ok
14:50:39.0448 3028 i2omp - ok
14:50:39.0495 3028 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINXP\system32\DRIVERS\i8042prt.sys
14:50:39.0557 3028 i8042prt - ok
14:50:39.0635 3028 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:50:39.0651 3028 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:50:39.0651 3028 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:50:39.0885 3028 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:50:40.0057 3028 idsvc - ok
14:50:40.0088 3028 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINXP\system32\DRIVERS\imapi.sys
14:50:40.0151 3028 Imapi - ok
14:50:40.0213 3028 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINXP\System32\imapi.exe
14:50:40.0291 3028 ImapiService - ok
14:50:40.0291 3028 ini910u - ok
14:50:41.0260 3028 [ EB5608FD4F2961517AC9F5CAC88B023B ] IntcAzAudAddService C:\WINXP\system32\drivers\RtkHDAud.sys
14:50:42.0307 3028 IntcAzAudAddService - ok
14:50:42.0307 3028 IntelIde - ok
14:50:42.0354 3028 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINXP\system32\DRIVERS\intelppm.sys
14:50:42.0416 3028 intelppm - ok
14:50:42.0448 3028 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINXP\system32\drivers\ip6fw.sys
14:50:42.0495 3028 Ip6Fw - ok
14:50:42.0510 3028 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINXP\system32\DRIVERS\ipfltdrv.sys
14:50:42.0588 3028 IpFilterDriver - ok
14:50:42.0604 3028 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINXP\system32\DRIVERS\ipinip.sys
14:50:42.0666 3028 IpInIp - ok
14:50:42.0713 3028 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINXP\system32\DRIVERS\ipnat.sys
14:50:42.0776 3028 IpNat - ok
14:50:42.0791 3028 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINXP\system32\DRIVERS\ipsec.sys
14:50:42.0854 3028 IPSec - ok
14:50:42.0870 3028 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINXP\system32\DRIVERS\irenum.sys
14:50:42.0948 3028 IRENUM - ok
14:50:42.0963 3028 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINXP\system32\drivers\isapnp.sys
14:50:43.0041 3028 isapnp - ok
14:50:43.0104 3028 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
14:50:43.0120 3028 JavaQuickStarterService - ok
14:50:43.0135 3028 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINXP\system32\DRIVERS\kbdclass.sys
14:50:43.0198 3028 Kbdclass - ok
14:50:43.0245 3028 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINXP\system32\drivers\kmixer.sys
14:50:43.0307 3028 kmixer - ok
14:50:43.0338 3028 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINXP\system32\drivers\KSecDD.sys
14:50:43.0416 3028 KSecDD - ok
14:50:43.0448 3028 [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer C:\WINXP\System32\srvsvc.dll
14:50:43.0479 3028 LanmanServer - ok
14:50:43.0541 3028 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINXP\System32\wkssvc.dll
14:50:43.0573 3028 lanmanworkstation - ok
14:50:43.0573 3028 lbrtfdc - ok
14:50:43.0620 3028 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINXP\System32\lmhsvc.dll
14:50:43.0682 3028 LmHosts - ok
14:50:43.0713 3028 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINXP\system32\drivers\mbam.sys
14:50:43.0713 3028 MBAMProtector - ok
14:50:43.0854 3028 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:50:43.0916 3028 MBAMScheduler - ok
14:50:44.0057 3028 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
14:50:44.0182 3028 MBAMService - ok
14:50:44.0323 3028 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
14:50:44.0338 3028 MDM - ok
14:50:44.0370 3028 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINXP\System32\msgsvc.dll
14:50:44.0432 3028 Messenger - ok
14:50:44.0479 3028 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINXP\system32\drivers\mnmdd.sys
14:50:44.0541 3028 mnmdd - ok
14:50:44.0588 3028 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINXP\System32\mnmsrvc.exe
14:50:44.0666 3028 mnmsrvc - ok
14:50:44.0698 3028 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINXP\system32\drivers\Modem.sys
14:50:44.0745 3028 Modem - ok
14:50:44.0776 3028 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINXP\system32\DRIVERS\mouclass.sys
14:50:44.0823 3028 Mouclass - ok
14:50:44.0854 3028 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINXP\system32\DRIVERS\mouhid.sys
14:50:44.0916 3028 mouhid - ok
14:50:44.0948 3028 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINXP\system32\drivers\MountMgr.sys
14:50:45.0010 3028 MountMgr - ok
14:50:45.0073 3028 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
14:50:45.0088 3028 MozillaMaintenance - ok
14:50:45.0088 3028 mraid35x - ok
14:50:45.0135 3028 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINXP\system32\DRIVERS\mrxdav.sys
14:50:45.0182 3028 MRxDAV - ok
14:50:45.0323 3028 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINXP\system32\DRIVERS\mrxsmb.sys
14:50:45.0463 3028 MRxSmb - ok
14:50:45.0463 3028 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINXP\system32\msdtc.exe
14:50:45.0526 3028 MSDTC - ok
14:50:45.0526 3028 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINXP\system32\drivers\Msfs.sys
14:50:45.0588 3028 Msfs - ok
14:50:45.0588 3028 MSIServer - ok
14:50:45.0604 3028 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINXP\system32\drivers\MSKSSRV.sys
14:50:45.0682 3028 MSKSSRV - ok
14:50:45.0682 3028 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINXP\system32\drivers\MSPCLOCK.sys
14:50:45.0745 3028 MSPCLOCK - ok
14:50:45.0745 3028 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINXP\system32\drivers\MSPQM.sys
14:50:45.0807 3028 MSPQM - ok
14:50:45.0854 3028 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINXP\system32\DRIVERS\mssmbios.sys
14:50:45.0916 3028 mssmbios - ok
14:50:45.0963 3028 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINXP\system32\DRIVERS\ASACPI.sys
14:50:45.0995 3028 MTsensor - ok
14:50:46.0057 3028 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINXP\system32\drivers\Mup.sys
14:50:46.0120 3028 Mup - ok
14:50:46.0198 3028 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINXP\System32\qagentrt.dll
14:50:46.0260 3028 napagent - ok
14:50:46.0338 3028 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINXP\system32\drivers\NDIS.sys
14:50:46.0401 3028 NDIS - ok
14:50:46.0416 3028 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINXP\system32\DRIVERS\ndistapi.sys
14:50:46.0448 3028 NdisTapi - ok
14:50:46.0463 3028 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINXP\system32\DRIVERS\ndisuio.sys
14:50:46.0526 3028 Ndisuio - ok
14:50:46.0557 3028 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINXP\system32\DRIVERS\ndiswan.sys
14:50:46.0620 3028 NdisWan - ok
14:50:46.0666 3028 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINXP\system32\drivers\NDProxy.sys
14:50:46.0698 3028 NDProxy - ok
14:50:46.0713 3028 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINXP\system32\DRIVERS\netbios.sys
14:50:46.0776 3028 NetBIOS - ok
14:50:46.0823 3028 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINXP\system32\DRIVERS\netbt.sys
14:50:46.0885 3028 NetBT - ok
14:50:46.0948 3028 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINXP\system32\netdde.exe
14:50:47.0026 3028 NetDDE - ok
14:50:47.0057 3028 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINXP\system32\netdde.exe
14:50:47.0104 3028 NetDDEdsdm - ok
14:50:47.0135 3028 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINXP\System32\lsass.exe
14:50:47.0198 3028 Netlogon - ok
14:50:47.0245 3028 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINXP\System32\netman.dll
14:50:47.0307 3028 Netman - ok
14:50:47.0370 3028 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:50:47.0370 3028 NetTcpPortSharing - ok
14:50:47.0416 3028 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINXP\system32\DRIVERS\nic1394.sys
14:50:47.0479 3028 NIC1394 - ok
14:50:47.0541 3028 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINXP\System32\mswsock.dll
14:50:47.0557 3028 Nla - ok
14:50:47.0557 3028 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINXP\system32\drivers\Npfs.sys
14:50:47.0635 3028 Npfs - ok
14:50:47.0745 3028 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINXP\system32\drivers\Ntfs.sys
14:50:47.0870 3028 Ntfs - ok
14:50:47.0885 3028 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINXP\System32\lsass.exe
14:50:47.0932 3028 NtLmSsp - ok
14:50:48.0073 3028 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINXP\system32\ntmssvc.dll
14:50:48.0198 3028 NtmsSvc - ok
14:50:48.0323 3028 [ CEC052D67B20F5BE1D46CB73AA169B38 ] ntrtscan C:\Programme\Trend Micro\OfficeScan Client\ntrtscan.exe
14:50:48.0385 3028 ntrtscan ( UnsignedFile.Multi.Generic ) - warning
14:50:48.0385 3028 ntrtscan - detected UnsignedFile.Multi.Generic (1)
14:50:48.0432 3028 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINXP\system32\drivers\Null.sys
14:50:48.0495 3028 Null - ok
14:50:50.0745 3028 [ 625F0E2467F6800E1D939CF22F2F6C99 ] nv C:\WINXP\system32\DRIVERS\nv4_mini.sys
14:50:53.0010 3028 nv - ok
14:50:53.0041 3028 [ CCD0C2A9A9C4C59441072564B011B546 ] NVENETFD C:\WINXP\system32\DRIVERS\NVENETFD.sys
14:50:53.0088 3028 NVENETFD - ok
14:50:53.0135 3028 [ FA740E97A0FE36E368C2299D9F3C01C1 ] nvgts C:\WINXP\system32\drivers\nvgts.sys
14:50:53.0151 3028 nvgts ( UnsignedFile.Multi.Generic ) - warning
14:50:53.0151 3028 nvgts - detected UnsignedFile.Multi.Generic (1)
14:50:53.0182 3028 [ A4931D96F111B5A8F3129507AE7BDF12 ] nvnetbus C:\WINXP\system32\DRIVERS\nvnetbus.sys
14:50:53.0229 3028 nvnetbus - ok
14:50:53.0276 3028 [ A05ED8F4EC71E2CE84BA3CFEF48E8C9A ] nvrd32 C:\WINXP\system32\drivers\nvrd32.sys
14:50:53.0291 3028 nvrd32 ( UnsignedFile.Multi.Generic ) - warning
14:50:53.0291 3028 nvrd32 - detected UnsignedFile.Multi.Generic (1)
14:50:53.0354 3028 [ E666A28CC51F04C7D972EF8AD4234BBA ] NVSvc C:\WINXP\system32\nvsvc32.exe
14:50:53.0370 3028 NVSvc - ok
14:50:53.0698 3028 [ E7973587C80CC49DAD8E88AD45D2A1CC ] nvUpdatusService C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:50:53.0932 3028 nvUpdatusService - ok
14:50:53.0948 3028 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINXP\system32\DRIVERS\nwlnkflt.sys
14:50:54.0026 3028 NwlnkFlt - ok
14:50:54.0041 3028 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINXP\system32\DRIVERS\nwlnkfwd.sys
14:50:54.0104 3028 NwlnkFwd - ok
14:50:54.0151 3028 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINXP\system32\DRIVERS\ohci1394.sys
14:50:54.0213 3028 ohci1394 - ok
14:50:54.0260 3028 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
14:50:54.0276 3028 ose - ok
14:50:54.0323 3028 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINXP\system32\DRIVERS\parport.sys
14:50:54.0370 3028 Parport - ok
14:50:54.0385 3028 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINXP\system32\drivers\PartMgr.sys
14:50:54.0448 3028 PartMgr - ok
14:50:54.0495 3028 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINXP\system32\drivers\ParVdm.sys
14:50:54.0557 3028 ParVdm - ok
14:50:54.0588 3028 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINXP\system32\drivers\pci.sys
14:50:54.0651 3028 PCI - ok
14:50:54.0651 3028 PCIDump - ok
14:50:54.0666 3028 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINXP\system32\drivers\pciide.sys
14:50:54.0729 3028 PCIIde - ok
14:50:54.0776 3028 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINXP\system32\drivers\Pcmcia.sys
14:50:54.0838 3028 Pcmcia - ok
14:50:54.0838 3028 PDCOMP - ok
14:50:54.0854 3028 PDFRAME - ok
14:50:54.0854 3028 PDRELI - ok
14:50:54.0854 3028 PDRFRAME - ok
14:50:54.0854 3028 perc2 - ok
14:50:54.0854 3028 perc2hib - ok
14:50:54.0885 3028 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINXP\system32\services.exe
14:50:54.0901 3028 PlugPlay - ok
14:50:54.0901 3028 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINXP\System32\lsass.exe
14:50:54.0963 3028 PolicyAgent - ok
14:50:54.0979 3028 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINXP\system32\DRIVERS\raspptp.sys
14:50:55.0026 3028 PptpMiniport - ok
14:50:55.0057 3028 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINXP\system32\drivers\processr.sys
14:50:55.0120 3028 Processor - ok
14:50:55.0120 3028 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINXP\system32\lsass.exe
14:50:55.0182 3028 ProtectedStorage - ok
14:50:55.0198 3028 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINXP\system32\DRIVERS\psched.sys
14:50:55.0260 3028 PSched - ok
14:50:55.0307 3028 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINXP\system32\DRIVERS\ptilink.sys
14:50:55.0370 3028 Ptilink - ok
14:50:55.0416 3028 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\WINXP\system32\Drivers\PxHelp20.sys
14:50:55.0448 3028 PxHelp20 - ok
14:50:55.0463 3028 ql1080 - ok
14:50:55.0463 3028 Ql10wnt - ok
14:50:55.0463 3028 ql12160 - ok
14:50:55.0463 3028 ql1240 - ok
14:50:55.0463 3028 ql1280 - ok
14:50:55.0495 3028 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINXP\system32\DRIVERS\rasacd.sys
14:50:55.0573 3028 RasAcd - ok
14:50:55.0635 3028 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINXP\System32\rasauto.dll
14:50:55.0713 3028 RasAuto - ok
14:50:55.0729 3028 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINXP\system32\DRIVERS\rasl2tp.sys
14:50:55.0791 3028 Rasl2tp - ok
14:50:55.0870 3028 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINXP\System32\rasmans.dll
14:50:55.0948 3028 RasMan - ok
14:50:55.0963 3028 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINXP\system32\DRIVERS\raspppoe.sys
14:50:56.0026 3028 RasPppoe - ok
14:50:56.0041 3028 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINXP\system32\DRIVERS\raspti.sys
14:50:56.0120 3028 Raspti - ok
14:50:56.0166 3028 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINXP\system32\DRIVERS\rdbss.sys
14:50:56.0213 3028 Rdbss - ok
14:50:56.0245 3028 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINXP\system32\DRIVERS\RDPCDD.sys
14:50:56.0307 3028 RDPCDD - ok
14:50:56.0354 3028 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINXP\system32\DRIVERS\rdpdr.sys
14:50:56.0401 3028 rdpdr - ok
14:50:56.0463 3028 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINXP\system32\drivers\RDPWD.sys
14:50:56.0510 3028 RDPWD - ok
14:50:56.0573 3028 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINXP\system32\sessmgr.exe
14:50:56.0635 3028 RDSessMgr - ok
14:50:56.0666 3028 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINXP\system32\DRIVERS\redbook.sys
14:50:56.0713 3028 redbook - ok
14:50:56.0760 3028 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINXP\System32\mprdim.dll
14:50:56.0838 3028 RemoteAccess - ok
14:50:56.0854 3028 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINXP\system32\regsvc.dll
14:50:56.0916 3028 RemoteRegistry - ok
14:50:56.0948 3028 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINXP\System32\locator.exe
14:50:57.0010 3028 RpcLocator - ok
14:50:57.0104 3028 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINXP\system32\rpcss.dll
14:50:57.0182 3028 RpcSs - ok
14:50:57.0213 3028 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINXP\System32\rsvp.exe
14:50:57.0291 3028 RSVP - ok
14:50:57.0307 3028 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINXP\system32\lsass.exe
14:50:57.0354 3028 SamSs - ok
14:50:57.0385 3028 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINXP\System32\SCardSvr.exe
14:50:57.0448 3028 SCardSvr - ok
14:50:57.0510 3028 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINXP\system32\schedsvc.dll
14:50:57.0573 3028 Schedule - ok
14:50:57.0604 3028 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINXP\system32\DRIVERS\secdrv.sys
14:50:57.0651 3028 Secdrv - ok
14:50:57.0682 3028 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINXP\System32\seclogon.dll
14:50:57.0745 3028 seclogon - ok
14:50:57.0760 3028 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINXP\system32\sens.dll
14:50:57.0823 3028 SENS - ok
14:50:57.0838 3028 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINXP\system32\DRIVERS\serenum.sys
14:50:57.0901 3028 serenum - ok
14:50:57.0916 3028 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINXP\system32\DRIVERS\serial.sys
14:50:57.0963 3028 Serial - ok
14:50:57.0979 3028 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINXP\system32\drivers\Sfloppy.sys
14:50:58.0057 3028 Sfloppy - ok
14:50:58.0120 3028 [ 5944ECBCF555DEDD7F48F9982D5DDFF4 ] SFUSVC C:\Programme\Kyocera\FileUtility\SFUSVC.exe
14:50:58.0120 3028 SFUSVC ( UnsignedFile.Multi.Generic ) - warning
14:50:58.0120 3028 SFUSVC - detected UnsignedFile.Multi.Generic (1)
14:50:58.0245 3028 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINXP\System32\ipnathlp.dll
14:50:58.0370 3028 SharedAccess - ok
14:50:58.0401 3028 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINXP\System32\shsvcs.dll
14:50:58.0416 3028 ShellHWDetection - ok
14:50:58.0416 3028 Simbad - ok
14:50:58.0495 3028 [ E3CF27C168A97018C9F9C7ECC335A761 ] SiS315 C:\WINXP\system32\DRIVERS\sisgrp.sys
14:50:58.0541 3028 SiS315 - ok
14:50:58.0573 3028 [ E14435CF5D555BDC2F35097E403B79C5 ] SiSkp C:\WINXP\system32\DRIVERS\srvkp.sys
14:50:58.0588 3028 SiSkp - ok
14:50:58.0620 3028 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINXP\system32\DRIVERS\SONYPVU1.SYS
14:50:58.0698 3028 SONYPVU1 - ok
14:50:58.0698 3028 Sparrow - ok
14:50:58.0729 3028 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINXP\system32\drivers\splitter.sys
14:50:58.0791 3028 splitter - ok
14:50:58.0854 3028 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINXP\system32\spoolsv.exe
14:50:58.0885 3028 Spooler - ok
14:50:58.0901 3028 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINXP\system32\DRIVERS\sr.sys
14:50:58.0963 3028 sr - ok
14:50:59.0041 3028 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINXP\System32\srsvc.dll
14:50:59.0135 3028 srservice - ok
14:50:59.0213 3028 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINXP\system32\DRIVERS\srv.sys
14:50:59.0276 3028 Srv - ok
14:50:59.0323 3028 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINXP\System32\ssdpsrv.dll
14:50:59.0370 3028 SSDPSRV - ok
14:50:59.0448 3028 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINXP\system32\wiaservc.dll
14:50:59.0573 3028 stisvc - ok
14:50:59.0620 3028 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINXP\system32\DRIVERS\swenum.sys
14:50:59.0682 3028 swenum - ok
14:50:59.0698 3028 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINXP\system32\drivers\swmidi.sys
14:50:59.0776 3028 swmidi - ok
14:50:59.0776 3028 SwPrv - ok
14:50:59.0776 3028 symc810 - ok
14:50:59.0776 3028 symc8xx - ok
14:50:59.0776 3028 sym_hi - ok
14:50:59.0776 3028 sym_u3 - ok
14:50:59.0807 3028 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINXP\system32\drivers\sysaudio.sys
14:50:59.0854 3028 sysaudio - ok
14:50:59.0932 3028 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINXP\system32\smlogsvc.exe
14:50:59.0979 3028 SysmonLog - ok
14:51:00.0041 3028 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINXP\System32\tapisrv.dll
14:51:00.0120 3028 TapiSrv - ok
14:51:00.0229 3028 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINXP\system32\DRIVERS\tcpip.sys
14:51:00.0307 3028 Tcpip - ok
14:51:00.0338 3028 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINXP\system32\drivers\TDPIPE.sys
14:51:00.0401 3028 TDPIPE - ok
14:51:00.0401 3028 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINXP\system32\drivers\TDTCP.sys
14:51:00.0479 3028 TDTCP - ok
14:51:01.0385 3028 [ 6B1B2F8D62D606B200C2072564090104 ] TeamViewer8 C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
14:51:02.0120 3028 TeamViewer8 - ok
14:51:02.0166 3028 [ 88155247177638048422893737429D9E ] TermDD C:\WINXP\system32\DRIVERS\termdd.sys
14:51:02.0245 3028 TermDD - ok
14:51:02.0323 3028 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINXP\System32\termsrv.dll
14:51:02.0401 3028 TermService - ok
14:51:02.0432 3028 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINXP\System32\shsvcs.dll
14:51:02.0448 3028 Themes - ok
14:51:02.0495 3028 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINXP\system32\tlntsvr.exe
14:51:02.0557 3028 TlntSvr - ok
14:51:02.0635 3028 [ AC940A15959BE57958B91CDB914AAA6C ] TmFilter C:\Programme\Trend Micro\OfficeScan Client\TmXPFlt.sys
14:51:02.0651 3028 TmFilter - ok
14:51:02.0745 3028 [ 74EFD08250CB5830E8ACBD6EEAE7418A ] tmlisten C:\Programme\Trend Micro\OfficeScan Client\tmlisten.exe
14:51:02.0823 3028 tmlisten ( UnsignedFile.Multi.Generic ) - warning
14:51:02.0823 3028 tmlisten - detected UnsignedFile.Multi.Generic (1)
14:51:02.0854 3028 [ 8651A867C78BD2B69F1D5F982138A074 ] TmPreFilter C:\Programme\Trend Micro\OfficeScan Client\TmPreFlt.sys
14:51:02.0854 3028 TmPreFilter - ok
14:51:02.0948 3028 [ EFEF22B9577E5051057FDE1AE381B50C ] TomTomHOMEService C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
14:51:02.0963 3028 TomTomHOMEService - ok
14:51:02.0963 3028 TosIde - ok
14:51:03.0010 3028 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINXP\system32\trkwks.dll
14:51:03.0104 3028 TrkWks - ok
14:51:03.0151 3028 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINXP\system32\DRIVERS\uagp35.sys
14:51:03.0213 3028 uagp35 - ok
14:51:03.0245 3028 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINXP\system32\drivers\Udfs.sys
14:51:03.0323 3028 Udfs - ok
14:51:03.0323 3028 ultra - ok
14:51:03.0432 3028 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINXP\system32\DRIVERS\update.sys
14:51:03.0557 3028 Update - ok
14:51:03.0604 3028 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINXP\System32\upnphost.dll
14:51:03.0682 3028 upnphost - ok
14:51:03.0698 3028 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINXP\System32\ups.exe
14:51:03.0776 3028 UPS - ok
14:51:03.0791 3028 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINXP\system32\DRIVERS\usbccgp.sys
14:51:03.0854 3028 usbccgp - ok
14:51:03.0885 3028 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINXP\system32\DRIVERS\usbehci.sys
14:51:03.0948 3028 usbehci - ok
14:51:03.0963 3028 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINXP\system32\DRIVERS\usbhub.sys
14:51:04.0041 3028 usbhub - ok
14:51:04.0041 3028 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINXP\system32\DRIVERS\usbohci.sys
14:51:04.0120 3028 usbohci - ok
14:51:04.0151 3028 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINXP\system32\DRIVERS\usbscan.sys
14:51:04.0198 3028 usbscan - ok
14:51:04.0245 3028 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINXP\system32\DRIVERS\USBSTOR.SYS
14:51:04.0307 3028 USBSTOR - ok
14:51:04.0323 3028 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINXP\System32\drivers\vga.sys
14:51:04.0385 3028 VgaSave - ok
14:51:04.0385 3028 ViaIde - ok
14:51:04.0557 3028 [ 6C551C8B0672C926B80FA8199C8682E7 ] VMUSBArbService C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
14:51:04.0666 3028 VMUSBArbService - ok
14:51:04.0698 3028 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINXP\system32\drivers\VolSnap.sys
14:51:04.0745 3028 VolSnap - ok
14:51:05.0041 3028 [ 71A53597BFB4BAD7218AD2BEABA5C564 ] VSApiNt C:\Programme\Trend Micro\OfficeScan Client\VSApiNt.sys
14:51:05.0276 3028 VSApiNt - ok
14:51:05.0370 3028 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINXP\System32\vssvc.exe
14:51:05.0432 3028 VSS - ok
14:51:05.0495 3028 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINXP\System32\w32time.dll
14:51:05.0541 3028 W32Time - ok
14:51:05.0573 3028 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINXP\system32\DRIVERS\wanarp.sys
14:51:05.0651 3028 Wanarp - ok
14:51:05.0651 3028 WDICA - ok
14:51:05.0698 3028 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINXP\system32\drivers\wdmaud.sys
14:51:05.0776 3028 wdmaud - ok
14:51:05.0791 3028 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINXP\System32\webclnt.dll
14:51:05.0870 3028 WebClient - ok
14:51:05.0963 3028 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINXP\system32\wbem\WMIsvc.dll
14:51:06.0041 3028 winmgmt - ok
14:51:06.0182 3028 [ F3EDC9909A02E6BCA863EB702D37B505 ] WinVNC4 C:\Programme\RealVNC\VNC4\WinVNC4.exe
14:51:06.0245 3028 WinVNC4 - ok
14:51:06.0276 3028 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINXP\system32\MsPMSNSv.dll
14:51:06.0307 3028 WmdmPmSN - ok
14:51:06.0463 3028 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINXP\System32\advapi32.dll
14:51:06.0588 3028 Wmi - ok
14:51:06.0635 3028 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINXP\System32\wbem\wmiapsrv.exe
14:51:06.0698 3028 WmiApSrv - ok
14:51:06.0745 3028 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINXP\system32\wscsvc.dll
14:51:06.0823 3028 wscsvc - ok
14:51:06.0854 3028 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINXP\system32\wuauserv.dll
14:51:06.0916 3028 wuauserv - ok
14:51:07.0057 3028 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINXP\System32\wzcsvc.dll
14:51:07.0198 3028 WZCSVC - ok
14:51:07.0229 3028 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINXP\System32\xmlprov.dll
14:51:07.0291 3028 xmlprov - ok
14:51:07.0291 3028 ================ Scan global ===============================
14:51:07.0338 3028 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINXP\system32\basesrv.dll
14:51:07.0416 3028 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINXP\system32\winsrv.dll
14:51:07.0479 3028 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINXP\system32\winsrv.dll
14:51:07.0526 3028 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINXP\system32\services.exe
14:51:07.0526 3028 [Global] - ok
14:51:07.0526 3028 ================ Scan MBR ==================================
14:51:07.0557 3028 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
14:51:07.0885 3028 \Device\Harddisk0\DR0 - ok
14:51:07.0885 3028 ================ Scan VBR ==================================
14:51:07.0885 3028 [ 9FA8B648524A893119144FA6A77FFE28 ] \Device\Harddisk0\DR0\Partition1
14:51:07.0885 3028 \Device\Harddisk0\DR0\Partition1 - ok
14:51:07.0901 3028 [ 870DA3DAA3DBD0B316F06626BAD75A22 ] \Device\Harddisk0\DR0\Partition2
14:51:07.0901 3028 \Device\Harddisk0\DR0\Partition2 - ok
14:51:07.0901 3028 ============================================================
14:51:07.0901 3028 Scan finished
14:51:07.0901 3028 ============================================================
14:51:08.0010 1856 Detected object count: 8
14:51:08.0010 1856 Actual detected object count: 8
14:52:37.0151 1856 AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:37.0151 1856 AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:37.0151 1856 HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:37.0151 1856 HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:37.0151 1856 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:37.0151 1856 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:37.0166 1856 ntrtscan ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:37.0166 1856 ntrtscan ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:37.0166 1856 nvgts ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:37.0166 1856 nvgts ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:37.0166 1856 nvrd32 ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:37.0166 1856 nvrd32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:37.0166 1856 SFUSVC ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:37.0166 1856 SFUSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:37.0166 1856 tmlisten ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:37.0166 1856 tmlisten ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:42.0666 0764 Deinitialize success
|
|
19.03.2013, 15:34
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hotel.de TrojanerZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.03.2013, 15:46
| #23 |
| | Hotel.de Trojaner ja der 1. Durchlauf fehlte die Einstellung hier sind aber 2 Durchläufe drin im Post Code:
ATTFilter 14:49:52.0995 3916 ================ Scan global ===============================
14:49:53.0041 3916 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINXP\system32\basesrv.dll
14:49:53.0120 3916 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINXP\system32\winsrv.dll
14:49:53.0260 3916 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINXP\system32\winsrv.dll
14:49:53.0291 3916 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINXP\system32\services.exe
14:49:53.0291 3916 [Global] - ok
14:49:53.0291 3916 ================ Scan MBR ==================================
14:49:53.0323 3916 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
14:49:53.0510 3916 \Device\Harddisk0\DR0 - ok
14:49:53.0510 3916 ================ Scan VBR ==================================
14:49:53.0510 3916 [ 9FA8B648524A893119144FA6A77FFE28 ] \Device\Harddisk0\DR0\Partition1
14:49:53.0510 3916 \Device\Harddisk0\DR0\Partition1 - ok
14:49:53.0541 3916 [ 870DA3DAA3DBD0B316F06626BAD75A22 ] \Device\Harddisk0\DR0\Partition2
14:49:53.0541 3916 \Device\Harddisk0\DR0\Partition2 - ok
14:49:53.0541 3916 ============================================================
14:49:53.0541 3916 Scan finished
14:49:53.0541 3916 ============================================================
14:49:53.0541 2632 Detected object count: 0
14:49:53.0541 2632 Actual detected object count: 0
14:50:28.0979 3028 ============================================================
14:50:28.0979 3028 Scan started
14:50:28.0979 3028 Mode: Manual; SigCheck; TDLFS;
14:50:28.0979 3028 ============================================================
14:50:29.0760 3028 ================ Scan system memory ========================
14:50:29.0760 3028 System memory - ok
14:50:29.0760 3028 ================ Scan services =============================
14:50:29.0916 3028 Abiosdsk - ok
14:50:29.0916 3028 abp480n5 - ok
14:50:29.0995 3028 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINXP\system32\drivers\ACPI.sys
14:50:31.0620 3028 ACPI - ok
14:50:31.0651 3028 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINXP\system32\drivers\ACPIEC.sys
14:50:31.0729 3028 ACPIEC - ok
14:50:31.0838 3028 [ 177FF6608B48638D4066726F3A3F8444 ] AdobeActiveFileMonitor5.0 C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
14:50:31.0854 3028 AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - warning
14:50:31.0854 3028 AdobeActiveFileMonitor5.0 - detected UnsignedFile.Multi.Generic (1)
14:50:31.0979 3028 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:50:31.0979 3028 AdobeFlashPlayerUpdateSvc - ok
14:50:31.0995 3028 adpu160m - ok
14:50:32.0041 3028 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINXP\system32\drivers\aec.sys
14:50:32.0120 3028 aec - ok
14:50:32.0182 3028 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINXP\System32\drivers\afd.sys
14:50:32.0213 3028 AFD - ok
14:50:32.0213 3028 Aha154x - ok
14:50:32.0229 3028 aic78u2 - ok
14:50:32.0229 3028 aic78xx - ok
14:50:32.0729 3028 [ 35045A23957A71BA649740741E69408C ] ALCXWDM C:\WINXP\system32\drivers\ALCXWDM.SYS
14:50:33.0323 3028 ALCXWDM - ok
14:50:33.0354 3028 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINXP\system32\alrsvc.dll
14:50:33.0416 3028 Alerter - ok
14:50:33.0448 3028 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINXP\System32\alg.exe
14:50:33.0510 3028 ALG - ok
14:50:33.0510 3028 AliIde - ok
14:50:33.0510 3028 amsint - ok
14:50:33.0557 3028 [ E2AD6CC7D407F2B5CB2899775CF84F51 ] AN983 C:\WINXP\system32\DRIVERS\AN983.sys
14:50:33.0588 3028 AN983 - ok
14:50:33.0666 3028 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINXP\System32\appmgmts.dll
14:50:33.0745 3028 AppMgmt - ok
14:50:33.0791 3028 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINXP\system32\DRIVERS\arp1394.sys
14:50:33.0870 3028 Arp1394 - ok
14:50:33.0870 3028 asc - ok
14:50:33.0870 3028 asc3350p - ok
14:50:33.0870 3028 asc3550 - ok
14:50:33.0948 3028 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINXP\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:50:33.0963 3028 aspnet_state - ok
14:50:33.0979 3028 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINXP\system32\DRIVERS\asyncmac.sys
14:50:34.0041 3028 AsyncMac - ok
14:50:34.0073 3028 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINXP\system32\drivers\atapi.sys
14:50:34.0151 3028 atapi - ok
14:50:34.0151 3028 Atdisk - ok
14:50:34.0182 3028 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINXP\system32\DRIVERS\atmarpc.sys
14:50:34.0245 3028 Atmarpc - ok
14:50:34.0276 3028 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINXP\System32\audiosrv.dll
14:50:34.0338 3028 AudioSrv - ok
14:50:34.0370 3028 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINXP\system32\DRIVERS\audstub.sys
14:50:34.0432 3028 audstub - ok
14:50:34.0479 3028 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINXP\system32\drivers\Beep.sys
14:50:34.0541 3028 Beep - ok
14:50:34.0651 3028 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINXP\System32\qmgr.dll
14:50:34.0760 3028 BITS - ok
14:50:34.0823 3028 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINXP\System32\browser.dll
14:50:34.0885 3028 Browser - ok
14:50:34.0916 3028 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINXP\system32\drivers\cbidf2k.sys
14:50:34.0995 3028 cbidf2k - ok
14:50:34.0995 3028 cd20xrnt - ok
14:50:35.0026 3028 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINXP\system32\drivers\Cdaudio.sys
14:50:35.0088 3028 Cdaudio - ok
14:50:35.0135 3028 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINXP\system32\drivers\Cdfs.sys
14:50:35.0182 3028 Cdfs - ok
14:50:35.0213 3028 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINXP\system32\DRIVERS\cdrom.sys
14:50:35.0276 3028 Cdrom - ok
14:50:35.0291 3028 Changer - ok
14:50:35.0338 3028 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINXP\system32\cisvc.exe
14:50:35.0401 3028 CiSvc - ok
14:50:35.0416 3028 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINXP\system32\clipsrv.exe
14:50:35.0495 3028 ClipSrv - ok
14:50:35.0541 3028 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:50:35.0557 3028 clr_optimization_v2.0.50727_32 - ok
14:50:35.0557 3028 CmdIde - ok
14:50:35.0557 3028 COMSysApp - ok
14:50:35.0557 3028 Cpqarray - ok
14:50:35.0620 3028 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINXP\System32\cryptsvc.dll
14:50:35.0682 3028 CryptSvc - ok
14:50:35.0682 3028 dac2w2k - ok
14:50:35.0682 3028 dac960nt - ok
14:50:35.0791 3028 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINXP\system32\rpcss.dll
14:50:35.0901 3028 DcomLaunch - ok
14:50:35.0963 3028 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINXP\System32\dhcpcsvc.dll
14:50:36.0057 3028 Dhcp - ok
14:50:36.0088 3028 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINXP\system32\DRIVERS\disk.sys
14:50:36.0135 3028 Disk - ok
14:50:36.0151 3028 dmadmin - ok
14:50:36.0323 3028 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINXP\system32\drivers\dmboot.sys
14:50:36.0510 3028 dmboot - ok
14:50:36.0541 3028 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINXP\system32\DRIVERS\dmio.sys
14:50:36.0588 3028 dmio - ok
14:50:36.0620 3028 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINXP\system32\drivers\dmload.sys
14:50:36.0698 3028 dmload - ok
14:50:36.0745 3028 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINXP\System32\dmserver.dll
14:50:36.0807 3028 dmserver - ok
14:50:36.0838 3028 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINXP\system32\drivers\DMusic.sys
14:50:36.0901 3028 DMusic - ok
14:50:36.0963 3028 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINXP\System32\dnsrslvr.dll
14:50:36.0995 3028 Dnscache - ok
14:50:37.0041 3028 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINXP\System32\dot3svc.dll
14:50:37.0120 3028 Dot3svc - ok
14:50:37.0120 3028 dpti2o - ok
14:50:37.0135 3028 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINXP\system32\drivers\drmkaud.sys
14:50:37.0198 3028 drmkaud - ok
14:50:37.0198 3028 DWMRCS - ok
14:50:37.0213 3028 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINXP\System32\eapsvc.dll
14:50:37.0276 3028 EapHost - ok
14:50:37.0323 3028 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINXP\System32\ersvc.dll
14:50:37.0385 3028 ERSvc - ok
14:50:37.0448 3028 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINXP\system32\services.exe
14:50:37.0463 3028 Eventlog - ok
14:50:37.0541 3028 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINXP\System32\es.dll
14:50:37.0573 3028 EventSystem - ok
14:50:37.0635 3028 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINXP\system32\drivers\Fastfat.sys
14:50:37.0698 3028 Fastfat - ok
14:50:37.0760 3028 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINXP\System32\shsvcs.dll
14:50:37.0823 3028 FastUserSwitchingCompatibility - ok
14:50:37.0838 3028 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINXP\system32\DRIVERS\fdc.sys
14:50:37.0901 3028 Fdc - ok
14:50:37.0932 3028 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINXP\system32\drivers\Fips.sys
14:50:37.0995 3028 Fips - ok
14:50:38.0026 3028 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINXP\system32\DRIVERS\flpydisk.sys
14:50:38.0088 3028 Flpydisk - ok
14:50:38.0135 3028 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINXP\system32\drivers\fltmgr.sys
14:50:38.0198 3028 FltMgr - ok
14:50:38.0260 3028 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINXP\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:50:38.0276 3028 FontCache3.0.0.0 - ok
14:50:38.0307 3028 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINXP\system32\drivers\Fs_Rec.sys
14:50:38.0370 3028 Fs_Rec - ok
14:50:38.0416 3028 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINXP\system32\DRIVERS\ftdisk.sys
14:50:38.0479 3028 Ftdisk - ok
14:50:38.0510 3028 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINXP\system32\DRIVERS\msgpc.sys
14:50:38.0573 3028 Gpc - ok
14:50:38.0635 3028 [ 1C51E9DB4A24C4A6B7AD5BE4BC4B19A6 ] hcmon C:\WINXP\system32\drivers\hcmon.sys
14:50:38.0729 3028 hcmon - ok
14:50:38.0791 3028 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINXP\system32\DRIVERS\HDAudBus.sys
14:50:38.0870 3028 HDAudBus - ok
14:50:38.0948 3028 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:50:39.0026 3028 helpsvc - ok
14:50:39.0026 3028 HidServ - ok
14:50:39.0073 3028 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINXP\system32\DRIVERS\hidusb.sys
14:50:39.0151 3028 HidUsb - ok
14:50:39.0198 3028 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINXP\System32\kmsvc.dll
14:50:39.0260 3028 hkmsvc - ok
14:50:39.0260 3028 hpn - ok
14:50:39.0323 3028 [ 937031C085718C1C04A9C0864625EC6B ] HTTP C:\WINXP\system32\Drivers\HTTP.sys
14:50:39.0338 3028 HTTP ( UnsignedFile.Multi.Generic ) - warning
14:50:39.0338 3028 HTTP - detected UnsignedFile.Multi.Generic (1)
14:50:39.0370 3028 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINXP\System32\w3ssl.dll
14:50:39.0448 3028 HTTPFilter - ok
14:50:39.0448 3028 i2omgmt - ok
14:50:39.0448 3028 i2omp - ok
14:50:39.0495 3028 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINXP\system32\DRIVERS\i8042prt.sys
14:50:39.0557 3028 i8042prt - ok
14:50:39.0635 3028 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:50:39.0651 3028 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:50:39.0651 3028 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:50:39.0885 3028 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:50:40.0057 3028 idsvc - ok
14:50:40.0088 3028 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINXP\system32\DRIVERS\imapi.sys
14:50:40.0151 3028 Imapi - ok
14:50:40.0213 3028 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINXP\System32\imapi.exe
14:50:40.0291 3028 ImapiService - ok
14:50:40.0291 3028 ini910u - ok
14:50:41.0260 3028 [ EB5608FD4F2961517AC9F5CAC88B023B ] IntcAzAudAddService C:\WINXP\system32\drivers\RtkHDAud.sys
14:50:42.0307 3028 IntcAzAudAddService - ok
14:50:42.0307 3028 IntelIde - ok
14:50:42.0354 3028 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINXP\system32\DRIVERS\intelppm.sys
14:50:42.0416 3028 intelppm - ok
14:50:42.0448 3028 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINXP\system32\drivers\ip6fw.sys
14:50:42.0495 3028 Ip6Fw - ok
14:50:42.0510 3028 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINXP\system32\DRIVERS\ipfltdrv.sys
14:50:42.0588 3028 IpFilterDriver - ok
14:50:42.0604 3028 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINXP\system32\DRIVERS\ipinip.sys
14:50:42.0666 3028 IpInIp - ok
14:50:42.0713 3028 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINXP\system32\DRIVERS\ipnat.sys
14:50:42.0776 3028 IpNat - ok
14:50:42.0791 3028 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINXP\system32\DRIVERS\ipsec.sys
14:50:42.0854 3028 IPSec - ok
14:50:42.0870 3028 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINXP\system32\DRIVERS\irenum.sys
14:50:42.0948 3028 IRENUM - ok
14:50:42.0963 3028 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINXP\system32\drivers\isapnp.sys
14:50:43.0041 3028 isapnp - ok
14:50:43.0104 3028 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
14:50:43.0120 3028 JavaQuickStarterService - ok
14:50:43.0135 3028 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINXP\system32\DRIVERS\kbdclass.sys
14:50:43.0198 3028 Kbdclass - ok
14:50:43.0245 3028 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINXP\system32\drivers\kmixer.sys
14:50:43.0307 3028 kmixer - ok
14:50:43.0338 3028 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINXP\system32\drivers\KSecDD.sys
14:50:43.0416 3028 KSecDD - ok
14:50:43.0448 3028 [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer C:\WINXP\System32\srvsvc.dll
14:50:43.0479 3028 LanmanServer - ok
14:50:43.0541 3028 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINXP\System32\wkssvc.dll
14:50:43.0573 3028 lanmanworkstation - ok
14:50:43.0573 3028 lbrtfdc - ok
14:50:43.0620 3028 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINXP\System32\lmhsvc.dll
14:50:43.0682 3028 LmHosts - ok
14:50:43.0713 3028 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINXP\system32\drivers\mbam.sys
14:50:43.0713 3028 MBAMProtector - ok
14:50:43.0854 3028 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:50:43.0916 3028 MBAMScheduler - ok
14:50:44.0057 3028 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
14:50:44.0182 3028 MBAMService - ok
14:50:44.0323 3028 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
14:50:44.0338 3028 MDM - ok
14:50:44.0370 3028 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINXP\System32\msgsvc.dll
14:50:44.0432 3028 Messenger - ok
14:50:44.0479 3028 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINXP\system32\drivers\mnmdd.sys
14:50:44.0541 3028 mnmdd - ok
14:50:44.0588 3028 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINXP\System32\mnmsrvc.exe
14:50:44.0666 3028 mnmsrvc - ok
14:50:44.0698 3028 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINXP\system32\drivers\Modem.sys
14:50:44.0745 3028 Modem - ok
14:50:44.0776 3028 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINXP\system32\DRIVERS\mouclass.sys
14:50:44.0823 3028 Mouclass - ok
14:50:44.0854 3028 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINXP\system32\DRIVERS\mouhid.sys
14:50:44.0916 3028 mouhid - ok
14:50:44.0948 3028 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINXP\system32\drivers\MountMgr.sys
14:50:45.0010 3028 MountMgr - ok
14:50:45.0073 3028 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
14:50:45.0088 3028 MozillaMaintenance - ok
14:50:45.0088 3028 mraid35x - ok
14:50:45.0135 3028 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINXP\system32\DRIVERS\mrxdav.sys
14:50:45.0182 3028 MRxDAV - ok
14:50:45.0323 3028 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINXP\system32\DRIVERS\mrxsmb.sys
14:50:45.0463 3028 MRxSmb - ok
14:50:45.0463 3028 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINXP\system32\msdtc.exe
14:50:45.0526 3028 MSDTC - ok
14:50:45.0526 3028 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINXP\system32\drivers\Msfs.sys
14:50:45.0588 3028 Msfs - ok
14:50:45.0588 3028 MSIServer - ok
14:50:45.0604 3028 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINXP\system32\drivers\MSKSSRV.sys
14:50:45.0682 3028 MSKSSRV - ok
14:50:45.0682 3028 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINXP\system32\drivers\MSPCLOCK.sys
14:50:45.0745 3028 MSPCLOCK - ok
14:50:45.0745 3028 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINXP\system32\drivers\MSPQM.sys
14:50:45.0807 3028 MSPQM - ok
14:50:45.0854 3028 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINXP\system32\DRIVERS\mssmbios.sys
14:50:45.0916 3028 mssmbios - ok
14:50:45.0963 3028 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINXP\system32\DRIVERS\ASACPI.sys
14:50:45.0995 3028 MTsensor - ok
14:50:46.0057 3028 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINXP\system32\drivers\Mup.sys
14:50:46.0120 3028 Mup - ok
14:50:46.0198 3028 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINXP\System32\qagentrt.dll
14:50:46.0260 3028 napagent - ok
14:50:46.0338 3028 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINXP\system32\drivers\NDIS.sys
14:50:46.0401 3028 NDIS - ok
14:50:46.0416 3028 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINXP\system32\DRIVERS\ndistapi.sys
14:50:46.0448 3028 NdisTapi - ok
14:50:46.0463 3028 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINXP\system32\DRIVERS\ndisuio.sys
14:50:46.0526 3028 Ndisuio - ok
14:50:46.0557 3028 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINXP\system32\DRIVERS\ndiswan.sys
14:50:46.0620 3028 NdisWan - ok
14:50:46.0666 3028 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINXP\system32\drivers\NDProxy.sys
14:50:46.0698 3028 NDProxy - ok
14:50:46.0713 3028 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINXP\system32\DRIVERS\netbios.sys
14:50:46.0776 3028 NetBIOS - ok
14:50:46.0823 3028 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINXP\system32\DRIVERS\netbt.sys
14:50:46.0885 3028 NetBT - ok
14:50:46.0948 3028 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINXP\system32\netdde.exe
14:50:47.0026 3028 NetDDE - ok
14:50:47.0057 3028 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINXP\system32\netdde.exe
14:50:47.0104 3028 NetDDEdsdm - ok
14:50:47.0135 3028 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINXP\System32\lsass.exe
14:50:47.0198 3028 Netlogon - ok
14:50:47.0245 3028 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINXP\System32\netman.dll
14:50:47.0307 3028 Netman - ok
14:50:47.0370 3028 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:50:47.0370 3028 NetTcpPortSharing - ok
14:50:47.0416 3028 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINXP\system32\DRIVERS\nic1394.sys
14:50:47.0479 3028 NIC1394 - ok
14:50:47.0541 3028 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINXP\System32\mswsock.dll
14:50:47.0557 3028 Nla - ok
14:50:47.0557 3028 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINXP\system32\drivers\Npfs.sys
14:50:47.0635 3028 Npfs - ok
14:50:47.0745 3028 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINXP\system32\drivers\Ntfs.sys
14:50:47.0870 3028 Ntfs - ok
14:50:47.0885 3028 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINXP\System32\lsass.exe
14:50:47.0932 3028 NtLmSsp - ok
14:50:48.0073 3028 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINXP\system32\ntmssvc.dll
14:50:48.0198 3028 NtmsSvc - ok
14:50:48.0323 3028 [ CEC052D67B20F5BE1D46CB73AA169B38 ] ntrtscan C:\Programme\Trend Micro\OfficeScan Client\ntrtscan.exe
14:50:48.0385 3028 ntrtscan ( UnsignedFile.Multi.Generic ) - warning
14:50:48.0385 3028 ntrtscan - detected UnsignedFile.Multi.Generic (1)
14:50:48.0432 3028 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINXP\system32\drivers\Null.sys
14:50:48.0495 3028 Null - ok
14:50:50.0745 3028 [ 625F0E2467F6800E1D939CF22F2F6C99 ] nv C:\WINXP\system32\DRIVERS\nv4_mini.sys
14:50:53.0010 3028 nv - ok
14:50:53.0041 3028 [ CCD0C2A9A9C4C59441072564B011B546 ] NVENETFD C:\WINXP\system32\DRIVERS\NVENETFD.sys
14:50:53.0088 3028 NVENETFD - ok
14:50:53.0135 3028 [ FA740E97A0FE36E368C2299D9F3C01C1 ] nvgts C:\WINXP\system32\drivers\nvgts.sys
14:50:53.0151 3028 nvgts ( UnsignedFile.Multi.Generic ) - warning
14:50:53.0151 3028 nvgts - detected UnsignedFile.Multi.Generic (1)
14:50:53.0182 3028 [ A4931D96F111B5A8F3129507AE7BDF12 ] nvnetbus C:\WINXP\system32\DRIVERS\nvnetbus.sys
14:50:53.0229 3028 nvnetbus - ok
14:50:53.0276 3028 [ A05ED8F4EC71E2CE84BA3CFEF48E8C9A ] nvrd32 C:\WINXP\system32\drivers\nvrd32.sys
14:50:53.0291 3028 nvrd32 ( UnsignedFile.Multi.Generic ) - warning
14:50:53.0291 3028 nvrd32 - detected UnsignedFile.Multi.Generic (1)
14:50:53.0354 3028 [ E666A28CC51F04C7D972EF8AD4234BBA ] NVSvc C:\WINXP\system32\nvsvc32.exe
14:50:53.0370 3028 NVSvc - ok
14:50:53.0698 3028 [ E7973587C80CC49DAD8E88AD45D2A1CC ] nvUpdatusService C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:50:53.0932 3028 nvUpdatusService - ok
14:50:53.0948 3028 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINXP\system32\DRIVERS\nwlnkflt.sys
14:50:54.0026 3028 NwlnkFlt - ok
14:50:54.0041 3028 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINXP\system32\DRIVERS\nwlnkfwd.sys
14:50:54.0104 3028 NwlnkFwd - ok
14:50:54.0151 3028 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINXP\system32\DRIVERS\ohci1394.sys
14:50:54.0213 3028 ohci1394 - ok
14:50:54.0260 3028 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
14:50:54.0276 3028 ose - ok
14:50:54.0323 3028 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINXP\system32\DRIVERS\parport.sys
14:50:54.0370 3028 Parport - ok
14:50:54.0385 3028 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINXP\system32\drivers\PartMgr.sys
14:50:54.0448 3028 PartMgr - ok
14:50:54.0495 3028 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINXP\system32\drivers\ParVdm.sys
14:50:54.0557 3028 ParVdm - ok
14:50:54.0588 3028 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINXP\system32\drivers\pci.sys
14:50:54.0651 3028 PCI - ok
14:50:54.0651 3028 PCIDump - ok
14:50:54.0666 3028 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINXP\system32\drivers\pciide.sys
14:50:54.0729 3028 PCIIde - ok
14:50:54.0776 3028 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINXP\system32\drivers\Pcmcia.sys
14:50:54.0838 3028 Pcmcia - ok
14:50:54.0838 3028 PDCOMP - ok
14:50:54.0854 3028 PDFRAME - ok
14:50:54.0854 3028 PDRELI - ok
14:50:54.0854 3028 PDRFRAME - ok
14:50:54.0854 3028 perc2 - ok
14:50:54.0854 3028 perc2hib - ok
14:50:54.0885 3028 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINXP\system32\services.exe
14:50:54.0901 3028 PlugPlay - ok
14:50:54.0901 3028 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINXP\System32\lsass.exe
14:50:54.0963 3028 PolicyAgent - ok
14:50:54.0979 3028 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINXP\system32\DRIVERS\raspptp.sys
14:50:55.0026 3028 PptpMiniport - ok
14:50:55.0057 3028 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINXP\system32\drivers\processr.sys
14:50:55.0120 3028 Processor - ok
14:50:55.0120 3028 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINXP\system32\lsass.exe
14:50:55.0182 3028 ProtectedStorage - ok
14:50:55.0198 3028 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINXP\system32\DRIVERS\psched.sys
14:50:55.0260 3028 PSched - ok
14:50:55.0307 3028 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINXP\system32\DRIVERS\ptilink.sys
14:50:55.0370 3028 Ptilink - ok
14:50:55.0416 3028 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\WINXP\system32\Drivers\PxHelp20.sys
14:50:55.0448 3028 PxHelp20 - ok
14:50:55.0463 3028 ql1080 - ok
14:50:55.0463 3028 Ql10wnt - ok
14:50:55.0463 3028 ql12160 - ok
14:50:55.0463 3028 ql1240 - ok
14:50:55.0463 3028 ql1280 - ok
14:50:55.0495 3028 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINXP\system32\DRIVERS\rasacd.sys
14:50:55.0573 3028 RasAcd - ok
14:50:55.0635 3028 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINXP\System32\rasauto.dll
14:50:55.0713 3028 RasAuto - ok
14:50:55.0729 3028 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINXP\system32\DRIVERS\rasl2tp.sys
14:50:55.0791 3028 Rasl2tp - ok
14:50:55.0870 3028 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINXP\System32\rasmans.dll
14:50:55.0948 3028 RasMan - ok
14:50:55.0963 3028 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINXP\system32\DRIVERS\raspppoe.sys
14:50:56.0026 3028 RasPppoe - ok
14:50:56.0041 3028 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINXP\system32\DRIVERS\raspti.sys
14:50:56.0120 3028 Raspti - ok
14:50:56.0166 3028 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINXP\system32\DRIVERS\rdbss.sys
14:50:56.0213 3028 Rdbss - ok
14:50:56.0245 3028 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINXP\system32\DRIVERS\RDPCDD.sys
14:50:56.0307 3028 RDPCDD - ok
14:50:56.0354 3028 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINXP\system32\DRIVERS\rdpdr.sys
14:50:56.0401 3028 rdpdr - ok
14:50:56.0463 3028 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINXP\system32\drivers\RDPWD.sys
14:50:56.0510 3028 RDPWD - ok
14:50:56.0573 3028 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINXP\system32\sessmgr.exe
14:50:56.0635 3028 RDSessMgr - ok
14:50:56.0666 3028 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINXP\system32\DRIVERS\redbook.sys
14:50:56.0713 3028 redbook - ok
14:50:56.0760 3028 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINXP\System32\mprdim.dll
14:50:56.0838 3028 RemoteAccess - ok
14:50:56.0854 3028 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINXP\system32\regsvc.dll
14:50:56.0916 3028 RemoteRegistry - ok
14:50:56.0948 3028 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINXP\System32\locator.exe
14:50:57.0010 3028 RpcLocator - ok
14:50:57.0104 3028 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINXP\system32\rpcss.dll
14:50:57.0182 3028 RpcSs - ok
14:50:57.0213 3028 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINXP\System32\rsvp.exe
14:50:57.0291 3028 RSVP - ok
14:50:57.0307 3028 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINXP\system32\lsass.exe
14:50:57.0354 3028 SamSs - ok
14:50:57.0385 3028 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINXP\System32\SCardSvr.exe
14:50:57.0448 3028 SCardSvr - ok
14:50:57.0510 3028 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINXP\system32\schedsvc.dll
14:50:57.0573 3028 Schedule - ok
14:50:57.0604 3028 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINXP\system32\DRIVERS\secdrv.sys
14:50:57.0651 3028 Secdrv - ok
14:50:57.0682 3028 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINXP\System32\seclogon.dll
14:50:57.0745 3028 seclogon - ok
14:50:57.0760 3028 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINXP\system32\sens.dll
14:50:57.0823 3028 SENS - ok
14:50:57.0838 3028 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINXP\system32\DRIVERS\serenum.sys
14:50:57.0901 3028 serenum - ok
14:50:57.0916 3028 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINXP\system32\DRIVERS\serial.sys
14:50:57.0963 3028 Serial - ok
14:50:57.0979 3028 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINXP\system32\drivers\Sfloppy.sys
14:50:58.0057 3028 Sfloppy - ok
14:50:58.0120 3028 [ 5944ECBCF555DEDD7F48F9982D5DDFF4 ] SFUSVC C:\Programme\Kyocera\FileUtility\SFUSVC.exe
14:50:58.0120 3028 SFUSVC ( UnsignedFile.Multi.Generic ) - warning
14:50:58.0120 3028 SFUSVC - detected UnsignedFile.Multi.Generic (1)
14:50:58.0245 3028 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINXP\System32\ipnathlp.dll
14:50:58.0370 3028 SharedAccess - ok
14:50:58.0401 3028 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINXP\System32\shsvcs.dll
14:50:58.0416 3028 ShellHWDetection - ok
14:50:58.0416 3028 Simbad - ok
14:50:58.0495 3028 [ E3CF27C168A97018C9F9C7ECC335A761 ] SiS315 C:\WINXP\system32\DRIVERS\sisgrp.sys
14:50:58.0541 3028 SiS315 - ok
14:50:58.0573 3028 [ E14435CF5D555BDC2F35097E403B79C5 ] SiSkp C:\WINXP\system32\DRIVERS\srvkp.sys
14:50:58.0588 3028 SiSkp - ok
14:50:58.0620 3028 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINXP\system32\DRIVERS\SONYPVU1.SYS
14:50:58.0698 3028 SONYPVU1 - ok
14:50:58.0698 3028 Sparrow - ok
14:50:58.0729 3028 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINXP\system32\drivers\splitter.sys
14:50:58.0791 3028 splitter - ok
14:50:58.0854 3028 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINXP\system32\spoolsv.exe
14:50:58.0885 3028 Spooler - ok
14:50:58.0901 3028 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINXP\system32\DRIVERS\sr.sys
14:50:58.0963 3028 sr - ok
14:50:59.0041 3028 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINXP\System32\srsvc.dll
14:50:59.0135 3028 srservice - ok
14:50:59.0213 3028 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINXP\system32\DRIVERS\srv.sys
14:50:59.0276 3028 Srv - ok
14:50:59.0323 3028 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINXP\System32\ssdpsrv.dll
14:50:59.0370 3028 SSDPSRV - ok
14:50:59.0448 3028 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINXP\system32\wiaservc.dll
14:50:59.0573 3028 stisvc - ok
14:50:59.0620 3028 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINXP\system32\DRIVERS\swenum.sys
14:50:59.0682 3028 swenum - ok
14:50:59.0698 3028 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINXP\system32\drivers\swmidi.sys
14:50:59.0776 3028 swmidi - ok
14:50:59.0776 3028 SwPrv - ok
14:50:59.0776 3028 symc810 - ok
14:50:59.0776 3028 symc8xx - ok
14:50:59.0776 3028 sym_hi - ok
14:50:59.0776 3028 sym_u3 - ok
14:50:59.0807 3028 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINXP\system32\drivers\sysaudio.sys
14:50:59.0854 3028 sysaudio - ok
14:50:59.0932 3028 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINXP\system32\smlogsvc.exe
14:50:59.0979 3028 SysmonLog - ok
14:51:00.0041 3028 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINXP\System32\tapisrv.dll
14:51:00.0120 3028 TapiSrv - ok
14:51:00.0229 3028 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINXP\system32\DRIVERS\tcpip.sys
14:51:00.0307 3028 Tcpip - ok
14:51:00.0338 3028 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINXP\system32\drivers\TDPIPE.sys
14:51:00.0401 3028 TDPIPE - ok
14:51:00.0401 3028 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINXP\system32\drivers\TDTCP.sys
14:51:00.0479 3028 TDTCP - ok
14:51:01.0385 3028 [ 6B1B2F8D62D606B200C2072564090104 ] TeamViewer8 C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
14:51:02.0120 3028 TeamViewer8 - ok
14:51:02.0166 3028 [ 88155247177638048422893737429D9E ] TermDD C:\WINXP\system32\DRIVERS\termdd.sys
14:51:02.0245 3028 TermDD - ok
14:51:02.0323 3028 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINXP\System32\termsrv.dll
14:51:02.0401 3028 TermService - ok
14:51:02.0432 3028 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINXP\System32\shsvcs.dll
14:51:02.0448 3028 Themes - ok
14:51:02.0495 3028 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINXP\system32\tlntsvr.exe
14:51:02.0557 3028 TlntSvr - ok
14:51:02.0635 3028 [ AC940A15959BE57958B91CDB914AAA6C ] TmFilter C:\Programme\Trend Micro\OfficeScan Client\TmXPFlt.sys
14:51:02.0651 3028 TmFilter - ok
14:51:02.0745 3028 [ 74EFD08250CB5830E8ACBD6EEAE7418A ] tmlisten C:\Programme\Trend Micro\OfficeScan Client\tmlisten.exe
14:51:02.0823 3028 tmlisten ( UnsignedFile.Multi.Generic ) - warning
14:51:02.0823 3028 tmlisten - detected UnsignedFile.Multi.Generic (1)
14:51:02.0854 3028 [ 8651A867C78BD2B69F1D5F982138A074 ] TmPreFilter C:\Programme\Trend Micro\OfficeScan Client\TmPreFlt.sys
14:51:02.0854 3028 TmPreFilter - ok
14:51:02.0948 3028 [ EFEF22B9577E5051057FDE1AE381B50C ] TomTomHOMEService C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
14:51:02.0963 3028 TomTomHOMEService - ok
14:51:02.0963 3028 TosIde - ok
14:51:03.0010 3028 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINXP\system32\trkwks.dll
14:51:03.0104 3028 TrkWks - ok
14:51:03.0151 3028 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINXP\system32\DRIVERS\uagp35.sys
14:51:03.0213 3028 uagp35 - ok
14:51:03.0245 3028 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINXP\system32\drivers\Udfs.sys
14:51:03.0323 3028 Udfs - ok
14:51:03.0323 3028 ultra - ok
14:51:03.0432 3028 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINXP\system32\DRIVERS\update.sys
14:51:03.0557 3028 Update - ok
14:51:03.0604 3028 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINXP\System32\upnphost.dll
14:51:03.0682 3028 upnphost - ok
14:51:03.0698 3028 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINXP\System32\ups.exe
14:51:03.0776 3028 UPS - ok
14:51:03.0791 3028 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINXP\system32\DRIVERS\usbccgp.sys
14:51:03.0854 3028 usbccgp - ok
14:51:03.0885 3028 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINXP\system32\DRIVERS\usbehci.sys
14:51:03.0948 3028 usbehci - ok
14:51:03.0963 3028 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINXP\system32\DRIVERS\usbhub.sys
14:51:04.0041 3028 usbhub - ok
14:51:04.0041 3028 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINXP\system32\DRIVERS\usbohci.sys
14:51:04.0120 3028 usbohci - ok
14:51:04.0151 3028 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINXP\system32\DRIVERS\usbscan.sys
14:51:04.0198 3028 usbscan - ok
14:51:04.0245 3028 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINXP\system32\DRIVERS\USBSTOR.SYS
14:51:04.0307 3028 USBSTOR - ok
14:51:04.0323 3028 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINXP\System32\drivers\vga.sys
14:51:04.0385 3028 VgaSave - ok
14:51:04.0385 3028 ViaIde - ok
14:51:04.0557 3028 [ 6C551C8B0672C926B80FA8199C8682E7 ] VMUSBArbService C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
14:51:04.0666 3028 VMUSBArbService - ok
14:51:04.0698 3028 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINXP\system32\drivers\VolSnap.sys
14:51:04.0745 3028 VolSnap - ok
14:51:05.0041 3028 [ 71A53597BFB4BAD7218AD2BEABA5C564 ] VSApiNt C:\Programme\Trend Micro\OfficeScan Client\VSApiNt.sys
14:51:05.0276 3028 VSApiNt - ok
14:51:05.0370 3028 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINXP\System32\vssvc.exe
14:51:05.0432 3028 VSS - ok
14:51:05.0495 3028 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINXP\System32\w32time.dll
14:51:05.0541 3028 W32Time - ok
14:51:05.0573 3028 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINXP\system32\DRIVERS\wanarp.sys
14:51:05.0651 3028 Wanarp - ok
14:51:05.0651 3028 WDICA - ok
14:51:05.0698 3028 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINXP\system32\drivers\wdmaud.sys
14:51:05.0776 3028 wdmaud - ok
14:51:05.0791 3028 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINXP\System32\webclnt.dll
14:51:05.0870 3028 WebClient - ok
14:51:05.0963 3028 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINXP\system32\wbem\WMIsvc.dll
14:51:06.0041 3028 winmgmt - ok
14:51:06.0182 3028 [ F3EDC9909A02E6BCA863EB702D37B505 ] WinVNC4 C:\Programme\RealVNC\VNC4\WinVNC4.exe
14:51:06.0245 3028 WinVNC4 - ok
14:51:06.0276 3028 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINXP\system32\MsPMSNSv.dll
14:51:06.0307 3028 WmdmPmSN - ok
14:51:06.0463 3028 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINXP\System32\advapi32.dll
14:51:06.0588 3028 Wmi - ok
14:51:06.0635 3028 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINXP\System32\wbem\wmiapsrv.exe
14:51:06.0698 3028 WmiApSrv - ok
14:51:06.0745 3028 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINXP\system32\wscsvc.dll
14:51:06.0823 3028 wscsvc - ok
14:51:06.0854 3028 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINXP\system32\wuauserv.dll
14:51:06.0916 3028 wuauserv - ok
14:51:07.0057 3028 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINXP\System32\wzcsvc.dll
14:51:07.0198 3028 WZCSVC - ok
14:51:07.0229 3028 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINXP\System32\xmlprov.dll
14:51:07.0291 3028 xmlprov - ok
14:51:07.0291 3028 ================ Scan global ===============================
14:51:07.0338 3028 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINXP\system32\basesrv.dll
14:51:07.0416 3028 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINXP\system32\winsrv.dll
14:51:07.0479 3028 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINXP\system32\winsrv.dll
14:51:07.0526 3028 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINXP\system32\services.exe
14:51:07.0526 3028 [Global] - ok
14:51:07.0526 3028 ================ Scan MBR ==================================
14:51:07.0557 3028 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
14:51:07.0885 3028 \Device\Harddisk0\DR0 - ok
14:51:07.0885 3028 ================ Scan VBR ==================================
14:51:07.0885 3028 [ 9FA8B648524A893119144FA6A77FFE28 ] \Device\Harddisk0\DR0\Partition1
14:51:07.0885 3028 \Device\Harddisk0\DR0\Partition1 - ok
14:51:07.0901 3028 [ 870DA3DAA3DBD0B316F06626BAD75A22 ] \Device\Harddisk0\DR0\Partition2
14:51:07.0901 3028 \Device\Harddisk0\DR0\Partition2 - ok
14:51:07.0901 3028 ============================================================
14:51:07.0901 3028 Scan finished
14:51:07.0901 3028 ============================================================
14:51:08.0010 1856 Detected object count: 8
14:51:08.0010 1856 Actual detected object count: 8
14:52:37.0151 1856 AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:37.0151 1856 AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:37.0151 1856 HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:37.0151 1856 HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:37.0151 1856 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:37.0151 1856 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:37.0166 1856 ntrtscan ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:37.0166 1856 ntrtscan ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:37.0166 1856 nvgts ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:37.0166 1856 nvgts ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:37.0166 1856 nvrd32 ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:37.0166 1856 nvrd32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:37.0166 1856 SFUSVC ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:37.0166 1856 SFUSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:37.0166 1856 tmlisten ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:37.0166 1856 tmlisten ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:42.0666 0764 Deinitialize success
|
|
19.03.2013, 15:48
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hotel.de Trojaner Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.03.2013, 16:17
| #25 |
| | Hotel.de Trojaner Während des Scans von Combofix kam folgender Fehler Dumphire.3xe hat einen Fehler verursacht und muss beendet werden anbei die Log sieht doch nun ganz gut aus oder? Code:
ATTFilter Combofix Logfile: Geändert von stefgig12 (19.03.2013 um 16:19 Uhr) Grund: Nachtrag |
|
19.03.2013, 16:21
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hotel.de Trojaner JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.03.2013, 17:04
| #27 |
| | Hotel.de Trojaner Log file von JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Microsoft Windows XP x86
Ran by npc1 on Di 19.03.2013 at 16:32:07,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\mozilla\firefox\profiles\default.o23\user.js
Successfully deleted the following from C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\mozilla\firefox\profiles\default.o23\prefs.js
user_pref("browser.newtabpage.blocked", "{\"S8SgNR6yLBO2orW77GuCOg==\":1,\"FyVXGuJyDgQ5AVryQ1p6cQ==\":1,\"i52WwCKpydhtNbE2GX+G3A==\":1,\"+w1RhFwsEEcweV0IoEm7Nw==\":1,\"fxRM2HD
Emptied folder: C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\mozilla\firefox\profiles\default.o23\minidumps [8 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Di 19.03.2013 at 16:35:07,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
LOGFILE ADWCLEANER AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.115 - Datei am 19/03/2013 um 16:36:11 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : npc1 - NPC1
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\npc1\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Dokumente und Einstellungen\Stefan Gigante\Anwendungsdaten\Mozilla\Firefox\Profiles\k4jkgs6x.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\Mozilla\Firefox\Profiles\default.o23\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Dokumente und Einstellungen\administrator.GERBETHDOMAIN\Anwendungsdaten\Mozilla\Firefox\Profiles\6od2czh7.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1124 octets] - [19/03/2013 16:36:11]
########## EOF - C:\AdwCleaner[S1].txt - [1184 octets] ##########
[/CODE] OTL TXT OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.3.2013 16:51:46 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\npc1\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy 3,25 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 83,88% Memory free 4,17 Gb Paging File | 3,82 Gb Available in Paging File | 91,54% Paging File free Paging file location(s): c:\pagefile.sys 1104 2208 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme Drive C: | 244,16 Gb Total Space | 197,83 Gb Free Space | 81,03% Space Free | Partition Type: NTFS Drive D: | 221,60 Gb Total Space | 207,14 Gb Free Space | 93,47% Space Free | Partition Type: NTFS Drive M: | 30,51 Gb Total Space | 22,78 Gb Free Space | 74,65% Space Free | Partition Type: NTFS Drive U: | 30,51 Gb Total Space | 22,78 Gb Free Space | 74,65% Space Free | Partition Type: NTFS Drive V: | 69,99 Gb Total Space | 22,60 Gb Free Space | 32,29% Space Free | Partition Type: NTFS Drive X: | 30,51 Gb Total Space | 22,78 Gb Free Space | 74,65% Space Free | Partition Type: NTFS Drive Y: | 1,00 Gb Total Space | 1,00 Gb Free Space | 100,00% Space Free | Partition Type: NTFS Drive Z: | 69,99 Gb Total Space | 22,60 Gb Free Space | 32,29% Space Free | Partition Type: NTFS Computer Name: NPC1 | User Name: npc1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\npc1\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\Eraser\Eraser.exe (The Eraser Project) PRC - C:\WINXP\system32\DWRCST.EXE (DameWare Development) PRC - C:\WINXP\system32\DWRCS.EXE (DameWare Development LLC) PRC - C:\Programme\Kyocera\FileUtility\NsCatCom.exe (KYOCERA MITA Corporation) PRC - C:\Programme\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.) PRC - C:\WINXP\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () PRC - C:\WINXP\system32\sistray.exe (Silicon Integrated Systems Corporation) PRC - C:\Programme\Trend Micro\OfficeScan Client\PccNTMon.exe (Trend Micro Inc.) PRC - C:\Programme\Trend Micro\OfficeScan Client\OfcDog.exe (Trend Micro Inc.) PRC - C:\Programme\Trend Micro\OfficeScan Client\NTRtScan.exe (Trend Micro Inc.) PRC - C:\Programme\Trend Micro\OfficeScan Client\TmListen.exe (Trend Micro Inc.) PRC - C:\Programme\Kyocera\FileUtility\SFUSVC.exe (KYOCERA MITA CORPORATION) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\WINXP\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\024c898ad1ccfde466d033c0a08d0564\Microsoft.VisualBasic.ni.dll () MOD - C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll () MOD - C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll () MOD - C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll () MOD - C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Core\edbf4e4a55e63b9fbf0b0b40cba13063\System.Core.ni.dll () MOD - C:\WINXP\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll () MOD - C:\WINXP\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll () MOD - C:\Programme\TeraCopy\TeraCopy.dll () MOD - C:\WINXP\system32\msdmo.dll () MOD - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () MOD - C:\Programme\Trend Micro\OfficeScan Client\TimeString.dll () MOD - C:\WINXP\system32\ngprtserv.dll () MOD - C:\WINXP\system32\pdfcmnnt.dll () MOD - C:\Programme\Kyocera\FileUtility\HgTiff2Pdf.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (VMUSBArbService) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (DWMRCS) -- C:\WINXP\system32\DWRCS.EXE (DameWare Development LLC) SRV - (WinVNC4) -- C:\Programme\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.) SRV - (AdobeActiveFileMonitor5.0) -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ntrtscan) -- C:\Programme\Trend Micro\OfficeScan Client\NTRtScan.exe (Trend Micro Inc.) SRV - (tmlisten) -- C:\Programme\Trend Micro\OfficeScan Client\TmListen.exe (Trend Micro Inc.) SRV - (SFUSVC) -- C:\Programme\Kyocera\FileUtility\SFUSVC.exe (KYOCERA MITA CORPORATION) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOKUME~1\npc1\LOKALE~1\Temp\catchme.sys File not found DRV - (MBAMProtector) -- C:\WINXP\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (VSApiNt) -- C:\Programme\Trend Micro\OfficeScan Client\vsapint.sys (Trend Micro Inc.) DRV - (TmFilter) -- C:\Programme\Trend Micro\OfficeScan Client\tmxpflt.sys (Trend Micro Inc.) DRV - (TmPreFilter) -- C:\Programme\Trend Micro\OfficeScan Client\tmpreflt.sys (Trend Micro Inc.) DRV - (nvrd32) -- C:\WINXP\system32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (nvgts) -- C:\WINXP\system32\drivers\nvgts.sys (NVIDIA Corporation) DRV - (hcmon) -- C:\WINXP\system32\drivers\hcmon.sys (VMware, Inc.) DRV - (IntcAzAudAddService) -- C:\WINXP\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (nvnetbus) -- C:\WINXP\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINXP\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (SiSkp) -- C:\WINXP\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation) DRV - (SiS315) -- C:\WINXP\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation) DRV - (ALCXWDM) -- C:\WINXP\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (MTsensor) -- C:\WINXP\system32\drivers\ASACPI.sys () DRV - (AN983) -- C:\WINXP\system32\drivers\an983.sys (ADMtek Incorporated.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1409082233-492894223-1606980848-1008\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2489381260-1297608308-1549814956-1133\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm IE - HKU\S-1-5-21-2489381260-1297608308-1549814956-1133\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://portal.eurolog.com/webportal/ IE - HKU\S-1-5-21-2489381260-1297608308-1549814956-1133\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2489381260-1297608308-1549814956-1133\..\SearchScopes\{031ED8D3-7E1A-4148-B6DA-2406CD303965}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKU\S-1-5-21-2489381260-1297608308-1549814956-1133\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search IE - HKU\S-1-5-21-2489381260-1297608308-1549814956-1133\..\SearchScopes\{344C0CC3-E591-40B6-B5E8-1DA8339CEDA8}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-2489381260-1297608308-1549814956-1133\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2489381260-1297608308-1549814956-1133\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINXP\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.2: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@vmware.com/vmrc,version=2.5.0.00000: C:\Programme\Gemeinsame Dateien\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.03.08 09:05:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.03.19 12:01:07 | 000,000,000 | ---D | M] [2011.05.27 13:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\Mozilla\Extensions [2011.05.27 13:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2013.02.25 09:05:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\Mozilla\Firefox\Profiles\default.o23\extensions [2012.10.08 10:07:07 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\Mozilla\Firefox\Profiles\default.o23\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013.01.07 08:23:13 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\Mozilla\Firefox\Profiles\default.o23\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013.02.25 09:05:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\Mozilla\Firefox\Profiles\default.o23\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.10.15 07:53:58 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\Mozilla\Firefox\Profiles\default.o23\extensions\de-DE@dictionaries.addons.mozilla.org [2013.02.14 09:28:45 | 000,817,280 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\Mozilla\Firefox\Profiles\default.o23\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.08 09:05:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.08 09:05:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.03.08 09:05:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.03.08 09:05:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.03.08 09:05:43 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2013.02.25 05:55:08 | 000,171,584 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.08.25 03:49:52 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 03:49:52 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.08.25 03:49:52 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 03:49:52 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 03:49:52 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 03:49:52 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.03.19 16:09:09 | 000,000,027 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [DameWare MRC Agent] C:\WINXP\system32\DWRCST.EXE (DameWare Development) O4 - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project) O4 - HKLM..\Run: [NvCplDaemon] C:\WINXP\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINXP\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Programme\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [SiSPower] C:\WINXP\System32\SiSPower.dll (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Utility Tray.lnk = C:\WINXP\system32\sistray.exe (Silicon Integrated Systems Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1409082233-492894223-1606980848-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1409082233-492894223-1606980848-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2489381260-1297608308-1549814956-1133\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2489381260-1297608308-1549814956-1133\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2489381260-1297608308-1549814956-1133\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2489381260-1297608308-1549814956-1133\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} hxxp://my.vtl.de/Portal/Reserved.ReportViewerWebControl.axd?ReportSession=r5mu1iycil4y2m455xmzzke4&Culture=1031&CultureOverrides=True&UICulture=1031&UICultureOverrides=True&ReportStack=1&ControlID=585ae2a69d9c46ba84023610a67fa2df&OpType=PrintCab&Arch=X86 (RSClientPrint 2008 Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277385052357 (WUWebControl Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINXP\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINXP\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GerbethDomain.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B396355-7F53-4FB8-8B37-A9607D6AADCE}: NameServer = 101.0.0.9,101.0.0.250 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.06.21 11:35:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004.08.04 14:13:16 | 000,000,000 | ---D | M] - Y:\Autopcc.cfg -- [ NTFS ] O32 - AutoRun File - [2004.04.07 22:19:04 | 000,176,207 | ---- | M] () - Y:\AutoPcc.exe -- [ NTFS ] O32 - AutoRun File - [2004.01.14 21:17:52 | 000,003,217 | ---- | M] () - Y:\AUTOPCC.MSG -- [ NTFS ] O32 - AutoRun File - [2003.03.28 16:19:52 | 000,000,995 | ---- | M] () - Y:\AUTOPCC.PIF -- [ NTFS ] O32 - AutoRun File - [2004.04.07 22:19:04 | 000,176,207 | ---- | M] () - Y:\AutoPccP.exe -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.19 16:31:54 | 000,000,000 | ---D | C] -- C:\WINXP\ERUNT [2013.03.19 16:31:46 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.19 16:28:44 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\npc1\Desktop\JRT.exe [2013.03.19 16:01:32 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.03.19 16:00:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINXP\SWREG.exe [2013.03.19 16:00:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINXP\SWSC.exe [2013.03.19 16:00:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINXP\SWXCACLS.exe [2013.03.19 16:00:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINXP\NIRCMD.exe [2013.03.19 16:00:05 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.19 16:00:03 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\npc1\Startmenü\Programme\Verwaltung [2013.03.19 15:59:45 | 000,000,000 | ---D | C] -- C:\WINXP\erdnt [2013.03.19 15:56:13 | 005,041,561 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\npc1\Desktop\ComboFix.exe [2013.03.19 13:33:49 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\npc1\Desktop\tdsskiller.exe [2013.03.19 13:31:13 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\npc1\Desktop\aswMBR.exe [2013.03.19 11:57:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\npc1\Lokale Einstellungen\Anwendungsdaten\Tracker Software [2013.03.18 16:16:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\npc1\Desktop\mbar-1.01.0.1021 [2013.03.18 14:21:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\npc1\Desktop\OTL.exe [2013.03.18 13:54:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 8 [2013.03.18 11:02:47 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\npc1\Desktop\HiJackThis204.exe [2013.03.18 10:42:08 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\3C2FE8B7 [2013.03.18 10:42:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Identities [2013.03.18 10:41:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\Fyevpii [2013.03.18 10:41:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\Anyr [2013.03.08 09:05:34 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.03.07 16:08:32 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINXP\System32\javacpl.cpl [2013.03.07 16:08:31 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINXP\System32\javaws.exe [2013.03.07 16:08:27 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINXP\System32\javaw.exe [2013.03.07 16:08:27 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINXP\System32\java.exe [2013.03.07 16:08:27 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINXP\System32\WindowsAccessBridge.dll [2013.03.07 16:08:12 | 000,000,000 | ---D | C] -- C:\Programme\Java [2013.02.28 09:58:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\npc1\Eigene Dateien\test [2013.02.27 08:15:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\npc1\Lokale Einstellungen\Anwendungsdaten\Sun [2013.02.26 14:09:02 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\npc1\Recent [2013.02.26 08:20:49 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.19 16:52:20 | 000,001,890 | -H-- | M] () -- C:\Dokumente und Einstellungen\npc1\Eigene Dateien\Default.rdp [2013.03.19 16:44:00 | 000,000,880 | ---- | M] () -- C:\WINXP\tasks\Adobe Flash Player Updater.job [2013.03.19 16:41:44 | 000,012,620 | ---- | M] () -- C:\WINXP\System32\wpa.dbl [2013.03.19 16:39:26 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat [2013.03.19 16:29:14 | 000,609,993 | ---- | M] () -- C:\Dokumente und Einstellungen\npc1\Desktop\adwcleaner.exe [2013.03.19 16:28:44 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\npc1\Desktop\JRT.exe [2013.03.19 16:09:09 | 000,000,027 | ---- | M] () -- C:\WINXP\System32\drivers\etc\hosts [2013.03.19 16:01:40 | 000,000,323 | RHS- | M] () -- C:\boot.ini [2013.03.19 15:56:32 | 005,041,561 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\npc1\Desktop\ComboFix.exe [2013.03.19 14:48:27 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\npc1\Desktop\MBR.dat [2013.03.19 13:33:51 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\npc1\Desktop\tdsskiller.exe [2013.03.19 13:32:34 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\npc1\Desktop\aswMBR.exe [2013.03.19 12:01:02 | 000,000,838 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDF-Viewer.lnk [2013.03.19 09:11:18 | 1157,627,904 | ---- | M] () -- C:\WINXP\MEMORY.DMP [2013.03.18 16:39:22 | 000,141,240 | ---- | M] () -- C:\WINXP\System32\FNTCACHE.DAT [2013.03.18 15:56:11 | 013,786,977 | ---- | M] () -- C:\Dokumente und Einstellungen\npc1\Desktop\mbar-1.01.0.1021.zip [2013.03.18 15:53:43 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\npc1\Desktop\dzwn6hvw.exe [2013.03.18 14:21:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\npc1\Desktop\OTL.exe [2013.03.18 11:02:44 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\npc1\Desktop\HiJackThis204.exe [2013.03.18 10:46:46 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.15 11:38:55 | 000,046,516 | ---- | M] () -- C:\Dokumente und Einstellungen\npc1\Desktop\1.jpg [2013.03.13 11:45:30 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINXP\System32\FlashPlayerApp.exe [2013.03.13 11:45:30 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINXP\System32\FlashPlayerCPLApp.cpl [2013.03.12 12:16:50 | 015,120,907 | ---- | M] () -- C:\Dokumente und Einstellungen\npc1\Desktop\526012_Angebot_Knoll_Fichtestrasse.PDF [2013.03.07 16:08:18 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINXP\System32\WindowsAccessBridge.dll [2013.03.07 16:08:16 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINXP\System32\javaws.exe [2013.03.07 16:08:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINXP\System32\javaw.exe [2013.03.07 16:08:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINXP\System32\java.exe [2013.03.07 16:08:16 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINXP\System32\javacpl.cpl [2013.03.07 16:08:15 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINXP\System32\npdeployJava1.dll [2013.03.07 16:08:15 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINXP\System32\deployJava1.dll [2013.03.07 11:26:35 | 000,062,514 | ---- | M] () -- C:\Dokumente und Einstellungen\npc1\Desktop\g4260293.23004615.pdf [2013.03.01 03:26:59 | 006,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\mshtml.dll [2013.02.27 12:15:59 | 000,000,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLev.DAT [2013.02.26 13:37:03 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2013.02.21 08:19:41 | 000,000,779 | ---- | M] () -- C:\Dokumente und Einstellungen\npc1\Desktop\Content Manager 2.lnk [2013.02.20 09:11:15 | 000,000,281 | ---- | M] () -- C:\Dokumente und Einstellungen\npc1\Desktop\Verknüpfung mit _ge_fortras.lnk [2013.02.18 11:26:44 | 621,283,886 | ---- | M] () -- C:\Dokumente und Einstellungen\npc1\Desktop\Hirens.BootCD.15.2.zip [1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.19 16:29:15 | 000,609,993 | ---- | C] () -- C:\Dokumente und Einstellungen\npc1\Desktop\adwcleaner.exe [2013.03.19 16:01:40 | 000,000,207 | ---- | C] () -- C:\Boot.bak [2013.03.19 16:01:37 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.03.19 16:00:13 | 000,256,000 | ---- | C] () -- C:\WINXP\PEV.exe [2013.03.19 16:00:13 | 000,208,896 | ---- | C] () -- C:\WINXP\MBR.exe [2013.03.19 16:00:13 | 000,098,816 | ---- | C] () -- C:\WINXP\sed.exe [2013.03.19 16:00:13 | 000,080,412 | ---- | C] () -- C:\WINXP\grep.exe [2013.03.19 16:00:13 | 000,068,096 | ---- | C] () -- C:\WINXP\zip.exe [2013.03.19 14:48:27 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\npc1\Desktop\MBR.dat [2013.03.19 12:01:02 | 000,000,838 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDF-Viewer.lnk [2013.03.18 15:55:45 | 013,786,977 | ---- | C] () -- C:\Dokumente und Einstellungen\npc1\Desktop\mbar-1.01.0.1021.zip [2013.03.18 15:53:48 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\npc1\Desktop\dzwn6hvw.exe [2013.03.18 10:46:46 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.12 12:16:23 | 015,120,907 | ---- | C] () -- C:\Dokumente und Einstellungen\npc1\Desktop\526012_Angebot_Knoll_Fichtestrasse.PDF [2013.03.07 11:26:42 | 000,062,514 | ---- | C] () -- C:\Dokumente und Einstellungen\npc1\Desktop\g4260293.23004615.pdf [2013.02.26 13:37:03 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2013.02.21 08:19:41 | 000,000,779 | ---- | C] () -- C:\Dokumente und Einstellungen\npc1\Desktop\Content Manager 2.lnk [2013.02.20 09:11:15 | 000,000,281 | ---- | C] () -- C:\Dokumente und Einstellungen\npc1\Desktop\Verknüpfung mit _ge_fortras.lnk [2013.02.18 11:04:47 | 621,283,886 | ---- | C] () -- C:\Dokumente und Einstellungen\npc1\Desktop\Hirens.BootCD.15.2.zip [2012.02.15 01:13:19 | 000,003,072 | ---- | C] () -- C:\WINXP\System32\iacenc.dll [2011.12.05 17:12:10 | 000,002,559 | ---- | C] () -- C:\WINXP\cfgrt_ex.ini [2011.11.21 16:51:58 | 000,016,086 | ---- | C] () -- C:\WINXP\Ascd_log.ini [2011.11.21 16:49:11 | 000,016,048 | ---- | C] () -- C:\WINXP\Ascd_tmp.ini [2011.11.21 16:48:37 | 000,012,536 | ---- | C] () -- C:\WINXP\System32\drivers\ASUSHWIO.SYS [2011.11.08 10:05:56 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\Licenses [2011.11.08 10:05:55 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\Legacy [2011.11.08 10:05:37 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAS [2011.11.08 10:05:36 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Logs [2011.11.08 10:05:36 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\Libraries [2011.11.08 10:05:35 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Limiter [2011.10.17 12:39:06 | 001,074,560 | ---- | C] () -- C:\WINXP\System32\nvdrsdb1.bin [2011.10.17 12:39:06 | 001,074,560 | ---- | C] () -- C:\WINXP\System32\nvdrsdb0.bin [2011.10.17 12:39:06 | 000,000,001 | ---- | C] () -- C:\WINXP\System32\nvdrssel.bin [2011.10.17 12:38:54 | 002,284,064 | ---- | C] () -- C:\WINXP\System32\nvdata.data [2011.10.17 12:31:58 | 000,003,276 | R--- | C] () -- C:\WINXP\System32\drivers\nvphy.bin [2011.10.17 12:29:53 | 000,005,810 | R--- | C] () -- C:\WINXP\System32\drivers\ASACPI.sys [2011.10.04 12:15:12 | 000,003,209 | ---- | C] () -- C:\WINXP\cfgrs.ini [2011.08.16 19:14:43 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\npc1\Lokale Einstellungen\Anwendungsdaten\{B364E0FC-CF68-4568-8521-7F73B42AD260} [2011.07.25 14:06:17 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\npc1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.27 15:04:40 | 000,000,170 | ---- | C] () -- C:\WINXP\nscatch.ini [2011.03.15 08:55:42 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Instrument Library [2011.03.15 08:55:42 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installer Plugin [2011.03.15 08:55:42 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\Images [2011.03.15 08:55:42 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\Image Units [2011.03.15 08:55:42 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLev.DAT [2011.03.15 08:55:42 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLes.DAT [2011.03.15 08:55:41 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\Image Manipulation [2011.03.15 08:55:41 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLet.DAT [2011.03.15 08:55:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InkjetPrinter [2010.06.21 16:38:16 | 000,072,979 | ---- | C] () -- C:\Dokumente und Einstellungen\npc1\IM000881.jpg [2010.06.21 16:38:16 | 000,070,352 | ---- | C] () -- C:\Dokumente und Einstellungen\npc1\IM000880.jpg [2010.06.21 16:38:16 | 000,067,721 | ---- | C] () -- C:\Dokumente und Einstellungen\npc1\IM000879.jpg [2010.06.21 16:38:16 | 000,065,529 | ---- | C] () -- C:\Dokumente und Einstellungen\npc1\IM000882.jpg [2010.06.21 16:32:38 | 000,004,638 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol ========== ZeroAccess Check ========== [2010.11.30 15:44:58 | 000,000,227 | RHS- | M] () -- C:\WINXP\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010.04.16 17:06:44 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > [/CODE] OTL EXTRA OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.3.2013 16:51:46 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\npc1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy
3,25 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 83,88% Memory free
4,17 Gb Paging File | 3,82 Gb Available in Paging File | 91,54% Paging File free
Paging file location(s): c:\pagefile.sys 1104 2208 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme
Drive C: | 244,16 Gb Total Space | 197,83 Gb Free Space | 81,03% Space Free | Partition Type: NTFS
Drive D: | 221,60 Gb Total Space | 207,14 Gb Free Space | 93,47% Space Free | Partition Type: NTFS
Drive M: | 30,51 Gb Total Space | 22,78 Gb Free Space | 74,65% Space Free | Partition Type: NTFS
Drive U: | 30,51 Gb Total Space | 22,78 Gb Free Space | 74,65% Space Free | Partition Type: NTFS
Drive V: | 69,99 Gb Total Space | 22,60 Gb Free Space | 32,29% Space Free | Partition Type: NTFS
Drive X: | 30,51 Gb Total Space | 22,78 Gb Free Space | 74,65% Space Free | Partition Type: NTFS
Drive Y: | 1,00 Gb Total Space | 1,00 Gb Free Space | 100,00% Space Free | Partition Type: NTFS
Drive Z: | 69,99 Gb Total Space | 22,60 Gb Free Space | 32,29% Space Free | Partition Type: NTFS
Computer Name: NPC1 | User Name: npc1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-2489381260-1297608308-1549814956-1133\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"6129:TCP" = 6129:TCP:*:Enabled:DameWare Mini Remote Control Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
"C:\Programme\TeamViewer\Version8\TeamViewer.exe" = C:\Programme\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINXP\system32\msiexec.exe" = C:\WINXP\system32\msiexec.exe:*:Generic Host Process -- (Microsoft Corporation)
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04805AB6-F757-496A-8D56-37A0FC5FF6F3}" = VMware vSphere Client 5.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{256BE30C-2A7E-4F0D-9B3D-A9C4115A7A00}" = VMware Data Recovery
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{392A74D0-4DFE-49F7-87C3-8A61708F8856}" = Eraser 6.0.8.2273
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{61C79AE1-5403-4687-AC68-28BFA5EF3895}" = Kyocera Scanner File Utility
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90E00407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5945672-BA86-4095-865F-58E9C8A48205}" = Lotus Notes 6.0.3 de
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"CCleaner" = CCleaner
"Content Manager 2" = Content Manager 2
"FastImageResizer" = FastImageResizer (remove only)
"FileZilla Client" = FileZilla Client 3.6.0.2
"HD Tune_is1" = HD Tune 2.55
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NETGEAR Print Server Software" = NETGEAR Print Server Software
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OfficeScanNT" = Trend Micro OfficeScan Client
"PSPad editor_is1" = PSPad editor
"RealVNC_is1" = VNC Free Edition 4.1.3
"SiS VGA Driver" = SiS VGA Utilities
"TeamViewer 8" = TeamViewer 8
"TeraCopy_is1" = TeraCopy 2.27
"TomTom HOME" = TomTom HOME 2.8.2.2264
"VLC media player" = VLC media player 1.1.2
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2489381260-1297608308-1549814956-1133\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"6c91327b794145d3" = CTL Kalkulation
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.3.2013 08:10:54 | Computer Name = NPC1 | Source = Application Hang | ID = 1001
Description = Fehlerhafter Speicherbereich 54869149.
Error - 18.3.2013 09:25:11 | Computer Name = NPC1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.69.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 18.3.2013 11:10:28 | Computer Name = NPC1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung dzwn6hvw.exe, Version 2.1.19155.0, fehlgeschlagenes
Modul dzwn6hvw.exe, Version 2.1.19155.0, Fehleradresse 0x000723cc.
Error - 18.3.2013 11:39:30 | Computer Name = NPC1 | Source = Userenv | ID = 1054
Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt
werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung
hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen.
Error - 18.3.2013 11:39:33 | Computer Name = NPC1 | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne
ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung
wird nicht durchgeführt.
Error - 18.3.2013 11:42:08 | Computer Name = NPC1 | Source = Userenv | ID = 1054
Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt
werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung
hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen.
Error - 19.3.2013 04:11:33 | Computer Name = NPC1 | Source = Userenv | ID = 1054
Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt
werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung
hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen.
Error - 19.3.2013 04:11:40 | Computer Name = NPC1 | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne
ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung
wird nicht durchgeführt.
Error - 19.3.2013 04:11:50 | Computer Name = NPC1 | Source = Userenv | ID = 1054
Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt
werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung
hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen.
Error - 19.3.2013 11:10:51 | Computer Name = NPC1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung dumphive.3xe, Version 0.0.0.0, fehlgeschlagenes
Modul dumphive.3xe, Version 0.0.0.0, Fehleradresse 0x00005c0b.
[ System Events ]
Error - 19.3.2013 04:00:59 | Computer Name = NPC1 | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort3 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 19.3.2013 04:01:49 | Computer Name = NPC1 | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort3 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 19.3.2013 04:01:55 | Computer Name = NPC1 | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort3 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 19.3.2013 04:02:04 | Computer Name = NPC1 | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort3 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 19.3.2013 04:02:13 | Computer Name = NPC1 | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort3 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 19.3.2013 04:02:29 | Computer Name = NPC1 | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort3 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 19.3.2013 04:11:32 | Computer Name = NPC1 | Source = NETLOGON | ID = 5719
Description = Es steht kein Domänencontroller für die Domäne DOMAIN aus folgendem
Grund zur Verfügung: %%1311. Stellen Sie sicher, dass der Computer mit dem Netzwerk
verbunden ist, und versuchen Sie es erneut. Wenden Sie sich an den Domänenadministrator,
wenn das Problem weiterhin besteht.
Error - 19.3.2013 04:13:39 | Computer Name = NPC1 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "OfficeScanNT Echtzeitsuche" wurde nicht ordnungsgemäß
gestartet.
Error - 19.3.2013 04:15:18 | Computer Name = NPC1 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 19.3.2013 11:04:49 | Computer Name = NPC1 | Source = Service Control Manager | ID = 7034
Description = Dienst "Adobe Active File Monitor V5" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
< End of report >
[/CODE] |
|
19.03.2013, 23:00
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hotel.de TrojanerFixen mit OTL
Code:
ATTFilter :OTL
[2013.03.18 10:42:08 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\3C2FE8B7
[2013.03.18 10:41:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\Fyevpii
[2013.03.18 10:41:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\Anyr
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.03.2013, 17:46
| #29 |
| | Hotel.de TrojanerCode:
ATTFilter All processes killed
========== OTL ==========
C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\3C2FE8B7 folder moved successfully.
C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\Fyevpii folder moved successfully.
C:\Dokumente und Einstellungen\npc1\Anwendungsdaten\Anyr folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\npc1\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\npc1\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: administrator.GERBETHDOMAIN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 1489079 bytes
->Flash cache emptied: 456 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: npc1
->Temp folder emptied: 750935 bytes
->Temporary Internet Files folder emptied: 9004614 bytes
->Java cache emptied: 1888266 bytes
->FireFox cache emptied: 476034422 bytes
->Flash cache emptied: 819 bytes
User: XXXX
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 11928393 bytes
->Flash cache emptied: 456 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 125872588 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21222 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 598,00 mb
C:\WINXP\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 03202013_173647
Files\Folders moved on Reboot...
C:\WINXP\temp\vmware-SYSTEM-2908927488\vmware-usbarb-SYSTEM-2272.log moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
20.03.2013, 22:51
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hotel.de Trojaner Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Hotel.de Trojaner |
| adobe, bho, computer, desktop, einstellungen, excel, firefox, flash player, helper, hijack, hijackthis, home, internet, internet explorer, monitor, mozilla, photoshop, plug-in, remote control, rundll, server, software, system, trojaner, usb, windows, windows xp |
WARNUNG an die MITLESER: 
Textbox. 
Linear-Darstellung
