| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 2 Probleme: Automatisches Öffnen des IEs und Weiterleitung bei GoogleWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.07.2011, 19:20
| #1 |
 |  2 Probleme: Automatisches Öffnen des IEs und Weiterleitung bei Google Hey, ich habe 2 Probleme 1.) Es öffnet sich alle paar Minuten automatisch der Internet Explorer und es wird eine Fehlermeldung angezeigt,dass er nicht geöffnet werden kann. 2.) Wenn ich manche Seiten auf der Suchergebnisseite bei Google anklicke lande ich auf einer Spamseite bzw. werde zu einer weitergeleitet |
|
27.07.2011, 08:43
| #2 | ||||
| /// Helfer-Team    | 2 Probleme: Automatisches Öffnen des IEs und Weiterleitung bei Google Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! Zitat:
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 2. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
3. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
3. → Lade Dir HJTscanlist.zip herunter → entpacke die Datei auf deinem Desktop → Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren → per Doppelklick starten → Wähle dein Betriebsystem aus - bei Win7 wähle Vista → Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen → Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren → Bitte kopiere den Inhalt hier in Deinen Thread. ** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten 4. Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken: System-Dateien und -Ordner unter XP und Vista sichtbar machen Am Ende unserer Arbeit, kannst wieder rückgängig machen! 5. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool Ccleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
27.07.2011, 16:10
| #3 |
| | 2 Probleme: Automatisches Öffnen des IEs und Weiterleitung bei Google DER OTL-Scan:
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.07.2011 16:56:33 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Rapho\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,42 Gb Available Physical Memory | 21,33% Memory free 4,21 Gb Paging File | 1,40 Gb Available in Paging File | 33,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 143,95 Gb Total Space | 48,04 Gb Free Space | 33,37% Space Free | Partition Type: NTFS Computer Name: RAPHO-PC | User Name: Rapho | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Rapho\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Tobit Radio.fx\Client\rfx-client.exe (Tobit.Software) PRC - C:\Programme\Tobit Radio.fx\Server\rfx-server.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) PRC - C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) PRC - C:\Programme\Lenovo\Message Center Plus\MCPLaunch.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) PRC - C:\Programme\M-Audio\Xponent\MAUSBXPInst.exe (Avid Technology, Inc.) PRC - C:\Programme\Lenovo\Client Security Solution\tvtpwm_tray.exe (Lenovo Group Limited) PRC - C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo) PRC - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo) PRC - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo) PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo) PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo) PRC - C:\Programme\Lenovo\PM Driver\PMHandler.exe (Lenovo) PRC - C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.) PRC - C:\Programme\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Lenovo\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Lenovo\PM Driver\PMSveH.exe (Lenovo) PRC - C:\Programme\Pure Networks\Network Magic\nmsrvc.exe (Pure Networks, Inc.) PRC - C:\Programme\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe () PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited) PRC - C:\Programme\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe (Cyberlink Corp.) PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) PRC - C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Rapho\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Mindjet\MindManager 9\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (Radio.fx) -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MAudioXponentService) -- C:\Programme\M-Audio\Xponent\MAUSBXPInst.exe (Avid Technology, Inc.) SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo) SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo) SRV - (FNF5SVC) -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.) SRV - (PMSveH) -- C:\Programme\Lenovo\PM Driver\PMSveH.exe (Lenovo) SRV - (nmservice) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe (Pure Networks, Inc.) SRV - (nmraapache) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe () SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (IPSSVC) -- C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited) SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (MADFUXPONENT) -- C:\Windows\System32\drivers\MAudioXponent_DFU.sys (M-Audio) DRV - (MAUSBXPONENT) -- C:\Windows\System32\drivers\MAudioXponent.sys (Avid Technology, Inc.) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (PROCDD) -- C:\Windows\System32\drivers\PROCDD.SYS (Lenovo Group Limited) DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/3000notebook [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/3000notebook [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.23 13:27:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.14 15:29:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2011.04.09 15:53:18 | 000,000,000 | ---D | M] [2011.04.09 18:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rapho\AppData\Roaming\mozilla\Extensions [2011.07.18 00:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rapho\AppData\Roaming\mozilla\Firefox\Profiles\6wmvbu2m.default\extensions [2011.06.22 19:43:50 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Rapho\AppData\Roaming\mozilla\Firefox\Profiles\6wmvbu2m.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66} [2011.07.06 18:52:42 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Users\Rapho\AppData\Roaming\mozilla\Firefox\Profiles\6wmvbu2m.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack [2011.06.14 15:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.04.09 19:06:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.04.09 18:55:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.14 15:29:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- [2011.04.09 18:55:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.14 15:29:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} () (No name found) -- C:\USERS\RAPHO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6WMVBU2M.DEFAULT\EXTENSIONS\{1F91CDE0-C040-11DA-A94D-0800200C9A66}.XPI () (No name found) -- C:\USERS\RAPHO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6WMVBU2M.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI [2011.04.12 13:30:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.06.23 13:27:13 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo) O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Lenovo Multimedia Center\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (lenovo) O4 - HKLM..\Run: [LPManager] C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe () O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.) O4 - HKLM..\Run: [PMHandler] C:\Programme\Lenovo\PM Driver\PMHandler.exe (Lenovo) O4 - HKLM..\Run: [RemoteControl] C:\Program Files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPWAUDAP] C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [{A528D4C2-8D70-CF99-9E74-C495DA3E6BA0}] File not found O4 - HKCU..\Run: [4Y3Y0C3AZF7XXHYWMAFFXA] File not found O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [rfxsrvtray] C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rapho\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Programme\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Rapho\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Rapho\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk /p \??\C:) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.07.26 19:35:51 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011.07.26 19:35:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011.07.21 14:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.07.21 14:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.07.21 14:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.07.21 13:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2011.07.18 19:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon [2011.07.18 19:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\No23 Recorder [2011.07.18 19:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No23 Recorder [2011.07.18 18:51:12 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Simfy [2011.07.18 18:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy [2011.07.18 18:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\simfy [2011.07.16 13:44:07 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Ovvy [2011.07.16 13:44:07 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Aguhi [2011.07.13 22:23:33 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.07.13 22:23:30 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.07.13 22:23:30 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2011.07.12 11:20:54 | 000,178,536 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll [2011.07.12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe [2011.07.12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll [2011.07.12 11:20:54 | 000,050,536 | ---- | C] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll [2011.07.09 17:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tobit.Software [2011.07.09 17:17:33 | 001,844,488 | ---- | C] (Tobit.Software) -- C:\Windows\RXSUnins.exe [2011.07.09 17:17:33 | 001,844,488 | ---- | C] (Tobit.Software) -- C:\Windows\RXCUnins.exe [2011.07.07 19:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2011.07.07 19:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2011.07.07 19:01:07 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2011.07.07 19:01:07 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2011.07.01 19:37:30 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Ugab [2011.07.01 19:37:30 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Ucef [2011.06.30 13:57:57 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Veavna [2011.06.30 13:57:57 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Acurpo [2011.06.29 19:54:41 | 020,535,942 | ---- | C] (MatchWare A/S) -- C:\Users\Rapho\Desktop\reco11.exe [2011.04.09 15:23:53 | 000,167,936 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2011.04.09 15:23:53 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll ========== Files - Modified Within 30 Days ========== [2011.07.27 16:39:19 | 013,540,959 | ---- | M] () -- C:\Users\Rapho\Desktop\Justin Vito & CJ Stone feat. Emine Bahar - On & On (Orginal Mix).mp3 [2011.07.27 15:23:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.27 15:23:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.27 15:23:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.26 20:37:46 | 011,725,897 | ---- | M] () -- C:\Users\Rapho\Desktop\sash_ft_jeanpearl_mirrormirror_ClubExtended.mp3 [2011.07.26 20:10:17 | 000,322,022 | ---- | M] () -- C:\Users\Rapho\AppData\Local\census.cache [2011.07.26 20:09:34 | 000,221,743 | ---- | M] () -- C:\Users\Rapho\AppData\Local\ars.cache [2011.07.26 19:53:14 | 000,000,036 | ---- | M] () -- C:\Users\Rapho\AppData\Local\housecall.guid.cache [2011.07.26 19:46:21 | 000,025,181 | ---- | M] () -- C:\Windows\System32\PROCDB.INI [2011.07.26 19:45:43 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI [2011.07.26 19:45:18 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys [2011.07.26 19:45:16 | 192,014,980 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.07.26 19:42:50 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll [2011.07.26 19:42:21 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe [2011.07.26 19:35:51 | 000,001,948 | ---- | M] () -- C:\Users\Rapho\Desktop\HiJackThis.lnk [2011.07.26 19:02:14 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe [2011.07.23 18:12:30 | 013,165,864 | ---- | M] () -- C:\Users\Rapho\Desktop\Set-Fire-to-the-Rain-A-Stupid-Hole-Bootleg.mp3 [2011.07.23 14:25:00 | 000,042,083 | ---- | M] () -- C:\Users\Rapho\Desktop\IMG_0513.jpg [2011.07.22 19:04:24 | 013,030,003 | ---- | M] () -- C:\Users\Rapho\Desktop\ricobernasconi_and_beenieman_ft_akon_Girls_ClubMix.mp3 [2011.07.22 18:30:15 | 013,203,330 | ---- | M] () -- C:\Users\Rapho\Desktop\saknoel_LocaPeople_MaxFarenthideRemix.mp3 [2011.07.22 18:30:14 | 013,541,877 | ---- | M] () -- C:\Users\Rapho\Desktop\saknoel_LocaPeople_RicoBernasconiRemix.mp3 [2011.07.22 18:30:05 | 013,602,481 | ---- | M] () -- C:\Users\Rapho\Desktop\saknoel_LocaPeople_ExtendedMix_ExplicitVersion.mp3 [2011.07.22 17:33:41 | 013,639,594 | ---- | M] () -- C:\Users\Rapho\Desktop\taylordayne_flooronfire_TheThinRedMenClubMix.mp3 [2011.07.22 17:33:03 | 009,744,970 | ---- | M] () -- C:\Users\Rapho\Desktop\leonalewis-collide-cln.mp3 [2011.07.22 17:26:30 | 003,523,810 | ---- | M] () -- C:\Users\Rapho\Desktop\Seeed-Molotov.mp3 [2011.07.22 17:26:03 | 014,687,745 | ---- | M] () -- C:\Users\Rapho\Desktop\denizkoyu_tung_OriginalMix.mp3 [2011.07.22 17:23:13 | 000,720,173 | ---- | M] () -- C:\Users\Rapho\Desktop\110721_song_sommer.mp3 [2011.07.22 17:23:01 | 018,978,781 | ---- | M] () -- C:\Users\Rapho\Desktop\arnocost_lise_OriginalMix.mp3 [2011.07.22 17:17:04 | 016,986,626 | ---- | M] () -- C:\Users\Rapho\Desktop\jaykay_ft_florida_smokey_and_gitfresh_WhatTheGirlsLike_DimaroRemix.mp3 [2011.07.22 17:16:47 | 012,429,249 | ---- | M] () -- C:\Users\Rapho\Desktop\jaykay_ft_florida_smokey_and_gitfresh_WhatTheGirlsLike_DavidMayRemixExtended.mp3 [2011.07.22 17:16:30 | 011,224,390 | ---- | M] () -- C:\Users\Rapho\Desktop\jaykay_ft_florida_smokey_and_gitfresh_WhatTheGirlsLike_KylianMashRemix.mp3 [2011.07.22 16:17:35 | 017,041,161 | ---- | M] () -- C:\Users\Rapho\Desktop\scotty_sundown_SeanFinnRemix.mp3 [2011.07.22 16:17:17 | 015,101,815 | ---- | M] () -- C:\Users\Rapho\Desktop\scotty_sundown_ClubMix.mp3 [2011.07.22 13:27:55 | 021,073,936 | ---- | M] () -- C:\Users\Rapho\Documents\vlc-1.1.11-win32.exe [2011.07.21 19:06:28 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.07.21 19:06:28 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.07.21 19:06:28 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.07.21 19:06:27 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.07.21 18:58:45 | 015,236,702 | ---- | M] () -- C:\Users\Rapho\Desktop\taylordayne_flooronfire_JoeMartonExtendedVersion.mp3 [2011.07.21 15:40:12 | 001,148,795 | ---- | M] () -- C:\Users\Rapho\Desktop\Perso.jpg [2011.07.21 15:06:44 | 000,340,539 | ---- | M] () -- C:\Users\Rapho\Desktop\IMG_0513.PNG [2011.07.21 15:06:33 | 000,337,927 | ---- | M] () -- C:\Users\Rapho\Desktop\IMG_0512.PNG [2011.07.21 15:06:03 | 000,355,689 | ---- | M] () -- C:\Users\Rapho\Desktop\IMG_0511.PNG [2011.07.21 14:18:27 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2011.07.21 14:13:09 | 000,001,674 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.07.21 13:52:24 | 000,001,356 | ---- | M] () -- C:\Users\Rapho\AppData\Local\d3d9caps.dat [2011.07.19 15:58:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.07.18 19:18:44 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\No23 Recorder.lnk [2011.07.18 18:51:06 | 000,000,724 | ---- | M] () -- C:\Users\Public\Desktop\simfy.lnk [2011.07.15 20:37:54 | 059,434,010 | ---- | M] () -- C:\Users\Rapho\Desktop\monogamie.mp3 [2011.07.14 14:19:03 | 003,611,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.07.13 19:35:52 | 000,002,061 | ---- | M] () -- C:\Users\Rapho\Documents\Firefox Sync Key.html [2011.07.13 19:34:30 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.07.12 22:40:33 | 002,206,823 | ---- | M] () -- C:\Users\Rapho\Desktop\MTiIVzC8NsMF.128.mp3 [2011.07.12 22:38:13 | 004,832,861 | ---- | M] () -- C:\Users\Rapho\Desktop\EnERrJnhXFDu.128.mp3 [2011.07.12 22:36:36 | 005,038,497 | ---- | M] () -- C:\Users\Rapho\Desktop\nmRfKRu2NYrw.128.mp3 [2011.07.12 11:20:54 | 000,178,536 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll [2011.07.12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe [2011.07.12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll [2011.07.12 11:20:54 | 000,050,536 | ---- | M] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll [2011.07.07 19:11:34 | 000,000,917 | ---- | M] () -- C:\Users\Rapho\Desktop\EVEREST Home Edition.lnk [2011.07.07 19:02:11 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.07.01 18:52:58 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.07.01 18:52:58 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.06.30 11:54:02 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2011.06.30 11:46:46 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2011.06.30 11:46:40 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll ========== Files Created - No Company Name ========== [2011.07.27 16:39:02 | 013,540,959 | ---- | C] () -- C:\Users\Rapho\Desktop\Justin Vito & CJ Stone feat. Emine Bahar - On & On (Orginal Mix).mp3 [2011.07.26 20:37:33 | 011,725,897 | ---- | C] () -- C:\Users\Rapho\Desktop\sash_ft_jeanpearl_mirrormirror_ClubExtended.mp3 [2011.07.26 20:10:17 | 000,322,022 | ---- | C] () -- C:\Users\Rapho\AppData\Local\census.cache [2011.07.26 20:09:34 | 000,221,743 | ---- | C] () -- C:\Users\Rapho\AppData\Local\ars.cache [2011.07.26 19:53:14 | 000,000,036 | ---- | C] () -- C:\Users\Rapho\AppData\Local\housecall.guid.cache [2011.07.26 19:42:50 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll [2011.07.26 19:42:20 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe [2011.07.26 19:35:51 | 000,001,948 | ---- | C] () -- C:\Users\Rapho\Desktop\HiJackThis.lnk [2011.07.23 18:12:13 | 013,165,864 | ---- | C] () -- C:\Users\Rapho\Desktop\Set-Fire-to-the-Rain-A-Stupid-Hole-Bootleg.mp3 [2011.07.23 14:24:54 | 000,042,083 | ---- | C] () -- C:\Users\Rapho\Desktop\IMG_0513.jpg [2011.07.22 18:29:53 | 013,541,877 | ---- | C] () -- C:\Users\Rapho\Desktop\saknoel_LocaPeople_RicoBernasconiRemix.mp3 [2011.07.22 18:29:49 | 013,203,330 | ---- | C] () -- C:\Users\Rapho\Desktop\saknoel_LocaPeople_MaxFarenthideRemix.mp3 [2011.07.22 18:29:44 | 013,602,481 | ---- | C] () -- C:\Users\Rapho\Desktop\saknoel_LocaPeople_ExtendedMix_ExplicitVersion.mp3 [2011.07.22 18:22:27 | 013,030,003 | ---- | C] () -- C:\Users\Rapho\Desktop\ricobernasconi_and_beenieman_ft_akon_Girls_ClubMix.mp3 [2011.07.22 16:52:57 | 014,687,745 | ---- | C] () -- C:\Users\Rapho\Desktop\denizkoyu_tung_OriginalMix.mp3 [2011.07.22 16:16:24 | 017,041,161 | ---- | C] () -- C:\Users\Rapho\Desktop\scotty_sundown_SeanFinnRemix.mp3 [2011.07.22 16:16:13 | 015,101,815 | ---- | C] () -- C:\Users\Rapho\Desktop\scotty_sundown_ClubMix.mp3 [2011.07.22 14:14:07 | 000,720,173 | ---- | C] () -- C:\Users\Rapho\Desktop\110721_song_sommer.mp3 [2011.07.22 13:27:25 | 021,073,936 | ---- | C] () -- C:\Users\Rapho\Documents\vlc-1.1.11-win32.exe [2011.07.22 12:46:17 | 009,744,970 | ---- | C] () -- C:\Users\Rapho\Desktop\leonalewis-collide-cln.mp3 [2011.07.22 11:34:46 | 016,986,626 | ---- | C] () -- C:\Users\Rapho\Desktop\jaykay_ft_florida_smokey_and_gitfresh_WhatTheGirlsLike_DimaroRemix.mp3 [2011.07.22 11:33:55 | 011,224,390 | ---- | C] () -- C:\Users\Rapho\Desktop\jaykay_ft_florida_smokey_and_gitfresh_WhatTheGirlsLike_KylianMashRemix.mp3 [2011.07.22 11:33:43 | 012,429,249 | ---- | C] () -- C:\Users\Rapho\Desktop\jaykay_ft_florida_smokey_and_gitfresh_WhatTheGirlsLike_DavidMayRemixExtended.mp3 [2011.07.21 20:08:40 | 018,978,781 | ---- | C] () -- C:\Users\Rapho\Desktop\arnocost_lise_OriginalMix.mp3 [2011.07.21 19:35:59 | 192,014,980 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.07.21 19:16:19 | 000,337,927 | ---- | C] () -- C:\Users\Rapho\Desktop\IMG_0512.PNG [2011.07.21 19:16:15 | 000,355,689 | ---- | C] () -- C:\Users\Rapho\Desktop\IMG_0511.PNG [2011.07.21 19:16:13 | 000,340,539 | ---- | C] () -- C:\Users\Rapho\Desktop\IMG_0513.PNG [2011.07.21 19:04:34 | 001,148,795 | ---- | C] () -- C:\Users\Rapho\Desktop\Perso.jpg [2011.07.21 18:58:22 | 013,639,594 | ---- | C] () -- C:\Users\Rapho\Desktop\taylordayne_flooronfire_TheThinRedMenClubMix.mp3 [2011.07.21 18:58:16 | 015,236,702 | ---- | C] () -- C:\Users\Rapho\Desktop\taylordayne_flooronfire_JoeMartonExtendedVersion.mp3 [2011.07.21 14:18:27 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2011.07.21 14:13:09 | 000,001,674 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.07.18 19:18:44 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\No23 Recorder.lnk [2011.07.18 18:51:06 | 000,000,724 | ---- | C] () -- C:\Users\Public\Desktop\simfy.lnk [2011.07.15 20:30:44 | 059,434,010 | ---- | C] () -- C:\Users\Rapho\Desktop\monogamie.mp3 [2011.07.13 19:35:51 | 000,002,061 | ---- | C] () -- C:\Users\Rapho\Documents\Firefox Sync Key.html [2011.07.12 22:40:31 | 002,206,823 | ---- | C] () -- C:\Users\Rapho\Desktop\MTiIVzC8NsMF.128.mp3 [2011.07.12 22:38:09 | 004,832,861 | ---- | C] () -- C:\Users\Rapho\Desktop\EnERrJnhXFDu.128.mp3 [2011.07.12 22:36:29 | 005,038,497 | ---- | C] () -- C:\Users\Rapho\Desktop\nmRfKRu2NYrw.128.mp3 [2011.07.08 20:07:38 | 003,523,810 | ---- | C] () -- C:\Users\Rapho\Desktop\Seeed-Molotov.mp3 [2011.07.07 19:11:34 | 000,000,917 | ---- | C] () -- C:\Users\Rapho\Desktop\EVEREST Home Edition.lnk [2011.05.30 19:50:10 | 000,003,584 | ---- | C] () -- C:\Users\Rapho\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.16 22:32:34 | 000,000,136 | ---- | C] () -- C:\ProgramData\~32694008r [2011.05.16 22:32:34 | 000,000,112 | ---- | C] () -- C:\ProgramData\~32694008 [2011.05.16 22:32:18 | 000,000,384 | ---- | C] () -- C:\ProgramData\32694008 [2011.05.10 19:15:34 | 002,681,344 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2011.04.11 13:54:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.04.11 13:54:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.04.11 13:53:35 | 000,643,072 | ---- | C] () -- C:\Windows\System32\autochk.exe [2011.04.11 12:04:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.04.10 01:06:41 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.04.10 01:06:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.04.10 01:06:41 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.04.10 01:06:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2011.04.09 18:46:52 | 000,001,356 | ---- | C] () -- C:\Users\Rapho\AppData\Local\d3d9caps.dat [2011.04.09 15:39:25 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2011.04.09 15:32:11 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2011.04.09 15:32:11 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2011.04.09 15:32:11 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1268.dll [2011.04.09 15:30:05 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat [2011.04.09 15:28:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2011.04.09 15:23:53 | 009,598,080 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2011.04.09 15:23:53 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2011.04.09 15:20:06 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.08.16 12:28:38 | 000,025,181 | ---- | C] () -- C:\Windows\System32\PROCDB.INI [2007.08.16 12:28:27 | 000,000,380 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI [2007.03.29 12:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.12.05 07:26:43 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:44:53 | 003,611,600 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll < End of report > |
|
27.07.2011, 16:13
| #4 |
| | 2 Probleme: Automatisches Öffnen des IEs und Weiterleitung bei Google VON HJT-Scanlist Code:
ATTFilter
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
º º
hjtscanlist v2.0
º º
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Microsoft Windows [Version 6.0.6002]
C:
27.07.2011 15:58 C:\installer_service_log.txt --------- 637407
26.07.2011 22:36 C:\System Volume Information --------- 32768
C:\hiberfil.sys ---------
C:\pagefile.sys ---------
26.07.2011 19:45 C:\Windows --------- 49152
26.07.2011 19:35 C:\Program Files --------- 24576
25.07.2011 18:31 C:\Washer2.rar --------- 0
18.07.2011 19:24 C:\$Recycle.Bin --------- 0
18.07.2011 19:18 C:\ProgramData --------- 12288
17.05.2011 19:30 C:\rkill.log --------- 5079
14.04.2011 00:00 C:\Boot --------- 0
13.04.2011 03:05 C:\f95823599bd0fa9d83d7 --------- 0
12.04.2011 13:36 C:\293014b7f5066e81c6aa --------- 0
10.04.2011 00:59 C:\syslevel.lgl --------- 59
10.04.2011 00:59 C:\DRIVERS --------- 0
09.04.2011 19:03 C:\SWTOOLS --------- 8192
09.04.2011 18:48 C:\SWSHARE --------- 0
09.04.2011 18:46 C:\Users --------- 4096
09.04.2011 18:21 C:\Programme --------- 0
09.04.2011 18:21 C:\Dokumente und Einstellungen --------- 0
09.04.2011 15:40 C:\MyWorks --------- 0
09.04.2011 15:37 C:\Icons --------- 0
09.04.2011 15:30 C:\RHDSetup.log --------- 420
09.04.2011 15:28 C:\Intel --------- 0
09.04.2011 15:28 C:\setup.log --------- 86
15.10.2010 15:48 C:\Recycle.Bin --------- 0
11.04.2009 08:36 C:\bootmgr --------- 333257
06.02.2008 18:51 C:\BOOTSECT.BAK --------- 8192
21.01.2008 04:43 C:\PerfLogs --------- 0
02.11.2006 14:59 C:\Documents and Settings --------- 0
18.09.2006 23:43 C:\config.sys --------- 10
18.09.2006 23:43 C:\autoexec.bat --------- 24
----------------------------------------
C:\Windows
27.07.2011 15:23 C:\Windows\bootstat.dat --------- 67584
26.07.2011 22:37 C:\Windows\WindowsUpdate.log --------- 1655112
26.07.2011 19:45 C:\Windows\MEMORY.DMP --------- 192014980
22.07.2011 13:51 C:\Windows\wmsetup.log --------- 1007
19.07.2011 15:58 C:\Windows\bthservsdp.dat --------- 12
10.04.2011 01:12 C:\Windows\KB948881.LOG.bootstrap.perf --------- 65536
10.04.2011 01:12 C:\Windows\KB948881.LOG.bootstrap.dpx --------- 65536
10.04.2011 01:12 C:\Windows\KB948881.LOG.bootstrap --------- 196608
10.04.2011 01:12 C:\Windows\KB948881.LOG.perf --------- 196608
10.04.2011 01:12 C:\Windows\KB948881.LOG.dpx --------- 196608
10.04.2011 01:12 C:\Windows\KB948590.LOG.bootstrap.perf --------- 65536
10.04.2011 01:12 C:\Windows\KB948590.LOG.bootstrap.dpx --------- 65536
10.04.2011 01:12 C:\Windows\KB948590.LOG.bootstrap --------- 196608
10.04.2011 01:12 C:\Windows\KB948590.LOG.perf --------- 196608
10.04.2011 01:12 C:\Windows\KB948590.LOG.dpx --------- 196608
10.04.2011 01:11 C:\Windows\KB947864.LOG.bootstrap.perf --------- 65536
10.04.2011 01:11 C:\Windows\KB947864.LOG.bootstrap.dpx --------- 65536
10.04.2011 01:11 C:\Windows\KB947864.LOG.bootstrap --------- 196608
10.04.2011 01:11 C:\Windows\KB947864.LOG.perf --------- 196608
10.04.2011 01:11 C:\Windows\KB947864.LOG.dpx --------- 196608
10.04.2011 01:10 C:\Windows\KB941693.LOG.bootstrap.perf --------- 65536
10.04.2011 01:10 C:\Windows\KB941693.LOG.bootstrap.dpx --------- 65536
10.04.2011 01:10 C:\Windows\KB941693.LOG.bootstrap --------- 196608
10.04.2011 01:10 C:\Windows\KB941693.LOG.perf --------- 196608
10.04.2011 01:10 C:\Windows\KB941693.LOG.dpx --------- 196608
10.04.2011 01:10 C:\Windows\KB938371.LOG.bootstrap.perf --------- 65536
10.04.2011 01:10 C:\Windows\KB938371.LOG.bootstrap.dpx --------- 65536
10.04.2011 01:10 C:\Windows\KB938371.LOG.bootstrap --------- 196608
10.04.2011 01:10 C:\Windows\KB938371.LOG.perf --------- 196608
10.04.2011 01:10 C:\Windows\KB938371.LOG.dpx --------- 196608
10.04.2011 01:08 C:\Windows\KB937286de-de.LOG.bootstrap.perf --------- 65536
10.04.2011 01:08 C:\Windows\KB937286de-de.LOG.bootstrap.dpx --------- 65536
10.04.2011 01:08 C:\Windows\KB937286de-de.LOG.bootstrap --------- 196608
10.04.2011 01:08 C:\Windows\KB937286de-de.LOG.perf --------- 196608
10.04.2011 01:08 C:\Windows\KB937286de-de.LOG.dpx --------- 196608
10.04.2011 01:07 C:\Windows\KB905866.LOG.bootstrap.perf --------- 65536
10.04.2011 01:07 C:\Windows\KB905866.LOG.bootstrap.dpx --------- 65536
10.04.2011 01:07 C:\Windows\KB905866.LOG.bootstrap --------- 196608
10.04.2011 01:07 C:\Windows\KB905866.LOG.perf --------- 196608
10.04.2011 01:07 C:\Windows\KB905866.LOG.dpx --------- 196608
10.04.2011 01:07 C:\Windows\GRLP.LOG.bootstrap.perf --------- 65536
10.04.2011 01:07 C:\Windows\GRLP.LOG.bootstrap.dpx --------- 65536
10.04.2011 01:07 C:\Windows\GRLP.LOG.bootstrap --------- 196608
10.04.2011 01:07 C:\Windows\GRLP.LOG.perf --------- 196608
10.04.2011 01:07 C:\Windows\GRLP.LOG.dpx --------- 131072
09.04.2011 15:46 C:\Windows\ocsetup_install_OEMHelpCustomization.etl --------- 26083328
09.04.2011 15:46 C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.perf --------- 196608
09.04.2011 15:46 C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.dpx --------- 65536
09.04.2011 15:30 C:\Windows\DIFxAPI.dll --------- 319456
09.04.2011 15:30 C:\Windows\HideWin.exe --------- 315392
09.04.2011 15:23 C:\Windows\win.ini --------- 202
09.12.2009 10:41 C:\Windows\RXSUnins.exe --------- 1844488
09.12.2009 10:41 C:\Windows\RXCUnins.exe --------- 1844488
11.04.2009 08:27 C:\Windows\explorer.exe --------- 2926592
21.01.2008 04:57 C:\Windows\WindowsShell.Manifest --------- 749
21.01.2008 04:34 C:\Windows\regedit.exe --------- 134656
21.01.2008 04:34 C:\Windows\bfsvc.exe --------- 58880
21.01.2008 04:34 C:\Windows\fveupdate.exe --------- 13312
21.01.2008 04:33 C:\Windows\HelpPane.exe --------- 498176
21.01.2008 04:33 C:\Windows\notepad.exe --------- 151040
29.03.2007 13:11 C:\Windows\BtwIEProxy.exe --------- 285488
23.03.2007 13:04 C:\Windows\RtHDVCpl.exe --------- 4423680
16.03.2007 09:06 C:\Windows\SkyTel.exe --------- 1822720
16.01.2007 04:39 C:\Windows\RtlUpd.exe --------- 1191936
12.01.2007 10:54 C:\Windows\RtlExUpd.dll --------- 520192
28.12.2006 19:48 C:\Windows\vsnp2uvc.exe --------- 569344
02.11.2006 14:34 C:\Windows\WMSysPr9.prx --------- 316640
02.11.2006 14:33 C:\Windows\twunk_16.exe --------- 49680
02.11.2006 14:33 C:\Windows\twain_32.dll --------- 50688
02.11.2006 14:33 C:\Windows\twunk_32.exe --------- 31232
02.11.2006 14:33 C:\Windows\twain.dll --------- 94784
02.11.2006 11:45 C:\Windows\winhlp32.exe --------- 9216
02.11.2006 11:45 C:\Windows\hh.exe --------- 14848
02.11.2006 09:46 C:\Windows\mib.bin --------- 43131
26.10.2006 06:08 C:\Windows\agrsmdel.exe --------- 50752
19.09.2006 13:41 C:\Windows\HomeBasic.xml --------- 8286
18.09.2006 23:46 C:\Windows\system.ini --------- 219
18.09.2006 23:43 C:\Windows\_default.pif --------- 707
18.09.2006 23:43 C:\Windows\winhelp.exe --------- 256192
18.09.2006 23:30 C:\Windows\msdfmap.ini --------- 1405
19.05.2006 11:53 C:\Windows\snp2uvc.src --------- 13022
19.05.2006 11:39 C:\Windows\snp2uvc.ini --------- 15497
11.12.2002 20:11 C:\Windows\WMPrfDEU.prx --------- 33820
----------------------------------------
C:\Windows\System
02.11.2006 14:33 C:\Windows\System\mciseq.drv --------- 25264
02.11.2006 14:33 C:\Windows\System\mciwave.drv --------- 28160
02.11.2006 14:33 C:\Windows\System\avifile.dll --------- 109456
02.11.2006 14:33 C:\Windows\System\mciavi.drv --------- 73376
02.11.2006 14:33 C:\Windows\System\avicap.dll --------- 69584
02.11.2006 14:33 C:\Windows\System\msvideo.dll --------- 126912
02.11.2006 09:10 C:\Windows\System\OLESVR.DLL --------- 24064
02.11.2006 09:10 C:\Windows\System\WFWNET.DRV --------- 12704
02.11.2006 09:10 C:\Windows\System\COMMDLG.DLL --------- 32816
02.11.2006 09:10 C:\Windows\System\TIMER.DRV --------- 4048
02.11.2006 09:10 C:\Windows\System\MMSYSTEM.DLL --------- 68992
02.11.2006 09:10 C:\Windows\System\mmtask.tsk --------- 1152
02.11.2006 09:10 C:\Windows\System\mouse.drv --------- 2032
02.11.2006 09:10 C:\Windows\System\vga.drv --------- 2176
02.11.2006 09:10 C:\Windows\System\sound.drv --------- 1744
02.11.2006 09:10 C:\Windows\System\keyboard.drv --------- 2000
02.11.2006 09:10 C:\Windows\System\SHELL.DLL --------- 5120
02.11.2006 09:10 C:\Windows\System\system.drv --------- 3360
18.09.2006 23:43 C:\Windows\System\ver.dll --------- 9008
18.09.2006 23:43 C:\Windows\System\olecli.dll --------- 82944
18.09.2006 23:43 C:\Windows\System\lzexpand.dll --------- 9936
18.09.2006 23:35 C:\Windows\System\stdole.tlb --------- 5532
----------------------------------------
C:\Windows\System32
27.07.2011 15:23 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3616
27.07.2011 15:23 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3616
26.07.2011 20:20 C:\Windows\system32\drivers --------- 65536
26.07.2011 19:46 C:\Windows\system32\PROCDB.INI --------- 25181
26.07.2011 19:45 C:\Windows\system32\IPSCtrl.INI --------- 380
26.07.2011 19:42 C:\Windows\system32\rpcnetp.dll --------- 17408
26.07.2011 19:42 C:\Windows\system32\rpcnetp.exe --------- 17408
26.07.2011 19:02 C:\Windows\system32\agremove.exe --------- 44544
22.07.2011 13:50 C:\Windows\system32\Tasks --------- 0
21.07.2011 19:06 C:\Windows\system32\perfh009.dat --------- 595996
21.07.2011 19:06 C:\Windows\system32\perfc009.dat --------- 104070
21.07.2011 19:06 C:\Windows\system32\perfh007.dat --------- 628742
21.07.2011 19:06 C:\Windows\system32\perfc007.dat --------- 126454
21.07.2011 19:06 C:\Windows\system32\PerfStringBackup.INI --------- 1445310
14.07.2011 14:19 C:\Windows\system32\catroot --------- 4096
14.07.2011 14:19 C:\Windows\system32\FNTCACHE.DAT --------- 3611600
14.07.2011 14:15 C:\Windows\system32\catroot2 --------- 4096
14.07.2011 03:02 C:\Windows\system32\mrt.exe --------- 49089992
13.07.2011 19:34 C:\Windows\system32\FlashPlayerCPLApp.cpl --------- 404640
12.07.2011 11:20 C:\Windows\system32\jdns_sd.dll --------- 50536
12.07.2011 11:20 C:\Windows\system32\dnssd.dll --------- 73064
12.07.2011 11:20 C:\Windows\system32\dnssdX.dll --------- 178536
12.07.2011 11:20 C:\Windows\system32\dns-sd.exe --------- 83816
01.07.2011 18:20 C:\Windows\system32\LogFiles --------- 0
30.06.2011 11:54 C:\Windows\system32\TURegOpt.exe --------- 31552
30.06.2011 11:46 C:\Windows\system32\authuitu.dll --------- 21312
30.06.2011 11:46 C:\Windows\system32\uxtuneup.dll --------- 29504
16.06.2011 18:31 C:\Windows\system32\WDI --------- 4096
15.06.2011 15:42 C:\Windows\system32\gdiplus.dll --------- 1700352
14.06.2011 15:29 C:\Windows\system32\jupdate-1.6.0_26-b03.log --------- 3886
02.06.2011 15:34 C:\Windows\system32\win32k.sys --------- 2043392
24.05.2011 19:14 C:\Windows\system32\MpSigStub.exe --------- 222080
22.05.2011 23:40 C:\Windows\system32\de-DE --------- 196608
22.05.2011 23:40 C:\Windows\system32\migration --------- 0
22.05.2011 23:40 C:\Windows\system32\wbem --------- 61440
22.05.2011 23:40 C:\Windows\system32\en-US --------- 221184
21.05.2011 18:09 C:\Windows\system32\icrav03.rat --------- 8798
21.05.2011 18:09 C:\Windows\system32\ticrf.rat --------- 1988
21.05.2011 18:09 C:\Windows\system32\msls31.dll --------- 161792
21.05.2011 18:09 C:\Windows\system32\wininet.dll --------- 1126912
21.05.2011 18:09 C:\Windows\system32\jsproxy.dll --------- 65024
21.05.2011 18:09 C:\Windows\system32\msrating.dll --------- 162304
21.05.2011 18:09 C:\Windows\system32\RegisterIEPKEYs.exe --------- 74752
21.05.2011 18:09 C:\Windows\system32\SetIEInstalledDate.exe --------- 76800
21.05.2011 18:09 C:\Windows\system32\mshtmler.dll --------- 48640
21.05.2011 18:09 C:\Windows\system32\iesysprep.dll --------- 86528
21.05.2011 18:09 C:\Windows\system32\tdc.ocx --------- 63488
21.05.2011 18:09 C:\Windows\system32\html.iec --------- 367104
21.05.2011 18:09 C:\Windows\system32\dxtrans.dll --------- 223232
21.05.2011 18:09 C:\Windows\system32\dxtmsft.dll --------- 353792
21.05.2011 18:09 C:\Windows\system32\ieapfltr.dat --------- 3695416
21.05.2011 18:09 C:\Windows\system32\ieapfltr.dll --------- 434176
21.05.2011 18:09 C:\Windows\system32\icardie.dll --------- 66048
21.05.2011 18:09 C:\Windows\system32\ie4uinit.exe --------- 74240
21.05.2011 18:09 C:\Windows\system32\iernonce.dll --------- 31744
21.05.2011 18:09 C:\Windows\system32\ieuinit.inf --------- 72822
21.05.2011 18:09 C:\Windows\system32\iesetup.dll --------- 74752
21.05.2011 18:09 C:\Windows\system32\url.dll --------- 231936
21.05.2011 18:09 C:\Windows\system32\iedkcs32.dll --------- 353584
21.05.2011 18:09 C:\Windows\system32\inetcpl.cpl --------- 1427456
21.05.2011 18:09 C:\Windows\system32\webcheck.dll --------- 203776
21.05.2011 18:09 C:\Windows\system32\licmgr10.dll --------- 23552
21.05.2011 18:09 C:\Windows\system32\inseng.dll --------- 78848
21.05.2011 18:09 C:\Windows\system32\wextract.exe --------- 152064
21.05.2011 18:09 C:\Windows\system32\iexpress.exe --------- 150528
21.05.2011 18:09 C:\Windows\system32\msfeeds.dll --------- 580608
21.05.2011 18:09 C:\Windows\system32\vbscript.dll --------- 420864
21.05.2011 18:09 C:\Windows\system32\ieUnatt.exe --------- 142848
21.05.2011 18:09 C:\Windows\system32\occache.dll --------- 123392
21.05.2011 18:09 C:\Windows\system32\pngfilt.dll --------- 54272
21.05.2011 18:09 C:\Windows\system32\mshta.exe --------- 11776
21.05.2011 18:09 C:\Windows\system32\admparse.dll --------- 101888
21.05.2011 18:09 C:\Windows\system32\ieaksie.dll --------- 227840
21.05.2011 18:09 C:\Windows\system32\ieakui.dll --------- 163840
21.05.2011 18:09 C:\Windows\system32\imgutil.dll --------- 35840
21.05.2011 18:09 C:\Windows\system32\advpack.dll --------- 114176
21.05.2011 18:09 C:\Windows\system32\iepeers.dll --------- 118784
21.05.2011 18:09 C:\Windows\system32\msfeedsbs.dll --------- 41472
21.05.2011 18:09 C:\Windows\system32\msfeedssync.exe --------- 10752
21.05.2011 18:09 C:\Windows\system32\IEAdvpack.dll --------- 110592
21.05.2011 18:09 C:\Windows\system32\ieakeng.dll --------- 130560
12.05.2011 21:16 C:\Windows\system32\NDF --------- 0
10.05.2011 08:06 C:\Windows\system32\usbaaplrc.dll --------- 4517664
04.05.2011 04:52 C:\Windows\system32\javaws.exe --------- 157472
04.05.2011 04:52 C:\Windows\system32\javaw.exe --------- 145184
04.05.2011 04:52 C:\Windows\system32\java.exe --------- 145184
04.05.2011 04:52 C:\Windows\system32\deployJava1.dll --------- 472808
02.05.2011 19:16 C:\Windows\system32\inetcomm.dll --------- 739328
29.04.2011 17:59 C:\Windows\system32\schannel.dll --------- 276992
23.04.2011 01:36 C:\Windows\system32\mshtml.dll --------- 12269056
23.04.2011 01:35 C:\Windows\system32\jscript9.dll --------- 1797632
23.04.2011 01:32 C:\Windows\system32\ieframe.dll --------- 9703936
23.04.2011 01:30 C:\Windows\system32\urlmon.dll --------- 1102336
23.04.2011 01:26 C:\Windows\system32\jscript.dll --------- 716800
23.04.2011 01:26 C:\Windows\system32\iertutil.dll --------- 1785344
23.04.2011 01:26 C:\Windows\system32\mshtmled.dll --------- 72704
23.04.2011 01:25 C:\Windows\system32\mshtml.tlb --------- 2382848
23.04.2011 01:24 C:\Windows\system32\ieui.dll --------- 176640
20.04.2011 17:55 C:\Windows\system32\winsrv.dll --------- 375808
20.04.2011 17:50 C:\Windows\system32\csrsrv.dll --------- 49152
----------------------------------------
C:\Windows\Prefetch
----------------------------------------
C:\Windows\Tasks
26.07.2011 19:45 C:\Windows\Tasks\SA.DAT --------- 6
19.07.2011 15:58 C:\Windows\Tasks\SCHEDLGU.TXT --------- 32614
08.06.2011 13:24 C:\Windows\Tasks\At1.job --------- 508
----------------------------------------
C:\Windows\Temp
----------------------------------------
C:\Users\Rapho\AppData\Local\Temp
27.07.2011 17:06 C:\Users\Rapho\AppData\Local\Temp\~DF4527.tmp --------- 16384
27.07.2011 17:06 C:\Users\Rapho\AppData\Local\Temp\~DF3492.tmp --------- 16384
27.07.2011 16:57 C:\Users\Rapho\AppData\Local\Temp\plugtmp-4 --------- 0
27.07.2011 16:54 C:\Users\Rapho\AppData\Local\Temp\~DFC7F8.tmp --------- 16384
27.07.2011 15:59 C:\Users\Rapho\AppData\Local\Temp\etilqs_46uTYJ4Z51K926ATndSg-journal --------- 0
27.07.2011 15:59 C:\Users\Rapho\AppData\Local\Temp\etilqs_46uTYJ4Z51K926ATndSg --------- 1024
27.07.2011 15:59 C:\Users\Rapho\AppData\Local\Temp\wmplog01.sqm --------- 1646
26.07.2011 21:56 C:\Users\Rapho\AppData\Local\Temp\xprt4c68.ico --------- 4286
26.07.2011 21:56 C:\Users\Rapho\AppData\Local\Temp\xprt6bed.ico --------- 4286
26.07.2011 21:19 C:\Users\Rapho\AppData\Local\Temp\hsperfdata_Rapho --------- 0
26.07.2011 21:19 C:\Users\Rapho\AppData\Local\Temp\jusched.log --------- 4547
26.07.2011 20:10 C:\Users\Rapho\AppData\Local\Temp\HouseCall --------- 0
26.07.2011 19:54 C:\Users\Rapho\AppData\Local\Temp\HCLauncher.log --------- 8820
26.07.2011 19:54 C:\Users\Rapho\AppData\Local\Temp\HCBackup --------- 0
26.07.2011 19:47 C:\Users\Rapho\AppData\Local\Temp\WPDNSE --------- 0
26.07.2011 19:40 C:\Users\Rapho\AppData\Local\Temp\2aJhAPQf.exe.part --------- 1572864
26.07.2011 19:40 C:\Users\Rapho\AppData\Local\Temp\plugtmp-3 --------- 0
26.07.2011 19:39 C:\Users\Rapho\AppData\Local\Temp\fla36F5.tmp --------- 2134070
26.07.2011 19:37 C:\Users\Rapho\AppData\Local\Temp\~DF243D.tmp --------- 114688
25.07.2011 23:23 C:\Users\Rapho\AppData\Local\Temp\wmplog00.sqm --------- 1702
25.07.2011 18:44 C:\Users\Rapho\AppData\Local\Temp\plugtmp-2 --------- 0
25.07.2011 17:12 C:\Users\Rapho\AppData\Local\Temp\tmpcda44975 --------- 0
24.07.2011 19:52 C:\Users\Rapho\AppData\Local\Temp\svk1e.tmp --------- 0
23.07.2011 18:19 C:\Users\Rapho\AppData\Local\Temp\MPSampleSubmit --------- 0
23.07.2011 15:34 C:\Users\Rapho\AppData\Local\Temp\fla5C56.tmp --------- 3113771
23.07.2011 15:34 C:\Users\Rapho\AppData\Local\Temp\~DF9504.tmp --------- 0
23.07.2011 15:33 C:\Users\Rapho\AppData\Local\Temp\~DF7346.tmp --------- 16384
23.07.2011 15:30 C:\Users\Rapho\AppData\Local\Temp\fla3AC0.tmp --------- 12884138
23.07.2011 15:23 C:\Users\Rapho\AppData\Local\Temp\fla1BC7.tmp --------- 22726335
23.07.2011 14:05 C:\Users\Rapho\AppData\Local\Temp\flaAF40.tmp --------- 2050617
23.07.2011 12:05 C:\Users\Rapho\AppData\Local\Temp\plugtmp-1 --------- 0
22.07.2011 19:51 C:\Users\Rapho\AppData\Local\Temp\~DF1E07.tmp --------- 0
22.07.2011 19:49 C:\Users\Rapho\AppData\Local\Temp\~DF21A3.tmp --------- 0
22.07.2011 19:41 C:\Users\Rapho\AppData\Local\Temp\~DF6A18.tmp --------- 0
22.07.2011 19:04 C:\Users\Rapho\AppData\Local\Temp\tmp3B83.tmp --------- 0
22.07.2011 13:50 C:\Users\Rapho\AppData\Local\Temp\{2c4004ca-0ca2-4b16-96f1-a9fecebc305f} --------- 0
21.07.2011 20:15 C:\Users\Rapho\AppData\Local\Temp\BTN%Copy%1 --------- 0
21.07.2011 19:43 C:\Users\Rapho\AppData\Local\Temp\etilqs_DP2ECaEnvtXeqJ2vB8W7-journal --------- 0
21.07.2011 19:43 C:\Users\Rapho\AppData\Local\Temp\etilqs_DP2ECaEnvtXeqJ2vB8W7 --------- 1024
21.07.2011 19:34 C:\Users\Rapho\AppData\Local\Temp\xprt3040.ico --------- 4286
21.07.2011 19:34 C:\Users\Rapho\AppData\Local\Temp\xprt5ae8.ico --------- 4286
21.07.2011 19:33 C:\Users\Rapho\AppData\Local\Temp\xprt113d.ico --------- 4286
21.07.2011 19:33 C:\Users\Rapho\AppData\Local\Temp\xprt79f3.ico --------- 4286
21.07.2011 19:33 C:\Users\Rapho\AppData\Local\Temp\xprt501b.ico --------- 4286
21.07.2011 19:33 C:\Users\Rapho\AppData\Local\Temp\xprt7a70.ico --------- 4286
21.07.2011 19:32 C:\Users\Rapho\AppData\Local\Temp\xprt2575.ico --------- 4286
21.07.2011 19:32 C:\Users\Rapho\AppData\Local\Temp\xprt0fc5.ico --------- 4286
21.07.2011 19:32 C:\Users\Rapho\AppData\Local\Temp\xprt35af.ico --------- 4286
21.07.2011 19:32 C:\Users\Rapho\AppData\Local\Temp\xprt5257.ico --------- 4286
21.07.2011 19:32 C:\Users\Rapho\AppData\Local\Temp\xprt44d9.ico --------- 4286
21.07.2011 19:32 C:\Users\Rapho\AppData\Local\Temp\xprt080d.ico --------- 4286
21.07.2011 19:30 C:\Users\Rapho\AppData\Local\Temp\xprt0e11.ico --------- 4286
21.07.2011 19:28 C:\Users\Rapho\AppData\Local\Temp\xprt539a.ico --------- 4286
21.07.2011 19:27 C:\Users\Rapho\AppData\Local\Temp\~DFFDB2.tmp --------- 0
21.07.2011 19:15 C:\Users\Rapho\AppData\Local\Temp\xprt4f42.ico --------- 4286
21.07.2011 18:34 C:\Users\Rapho\AppData\Local\Temp\plugtmp --------- 0
21.07.2011 14:17 C:\Users\Rapho\AppData\Local\Temp\etilqs_UQxD8kl9vDfqNKC7BFKI-journal --------- 0
21.07.2011 14:17 C:\Users\Rapho\AppData\Local\Temp\etilqs_UQxD8kl9vDfqNKC7BFKI --------- 1024
21.07.2011 14:17 C:\Users\Rapho\AppData\Local\Temp\SetupAdmin16A0.log --------- 85
21.07.2011 14:07 C:\Users\Rapho\AppData\Local\Temp\QTInstallCode.log --------- 1875
21.07.2011 14:03 C:\Users\Rapho\AppData\Local\Temp\SetupAdmin1FF4.log --------- 85
21.07.2011 13:22 C:\Users\Rapho\AppData\Local\Temp\CC9379.tmp --------- 20570
21.07.2011 13:21 C:\Users\Rapho\AppData\Local\Temp\Low --------- 0
20.07.2011 23:44 C:\Users\Rapho\AppData\Local\Temp\~DF1667.tmp --------- 0
20.07.2011 23:42 C:\Users\Rapho\AppData\Local\Temp\~DFD876.tmp --------- 0
----------------------------------------
C:\Program Files
26.07.2011 19:35 C:\Program Files\Trend Micro --------- 0
21.07.2011 14:18 C:\Program Files\Safari --------- 4096
21.07.2011 14:13 C:\Program Files\iTunes --------- 8192
21.07.2011 14:11 C:\Program Files\iPod --------- 0
21.07.2011 14:03 C:\Program Files\Bonjour --------- 4096
21.07.2011 13:53 C:\Program Files\Apple Software Update --------- 0
20.07.2011 22:45 C:\Program Files\No23 Recorder --------- 0
18.07.2011 18:51 C:\Program Files\simfy --------- 4096
09.07.2011 17:17 C:\Program Files\Tobit Radio.fx --------- 4096
07.07.2011 19:11 C:\Program Files\Lavalys --------- 0
07.07.2011 19:02 C:\Program Files\CCleaner --------- 0
07.07.2011 19:00 C:\Program Files\TuneUp Utilities 2011 --------- 65536
01.07.2011 15:15 C:\Program Files\Lenovo --------- 4096
30.06.2011 18:44 C:\Program Files\ICQ7.5 --------- 16384
24.06.2011 18:21 C:\Program Files\Adobe --------- 4096
24.06.2011 18:14 C:\Program Files\Common Files --------- 4096
23.06.2011 13:27 C:\Program Files\Mozilla Firefox --------- 32768
19.06.2011 14:58 C:\Program Files\Spybot - Search & Destroy --------- 8192
17.06.2011 03:26 C:\Program Files\Microsoft Silverlight --------- 4096
17.06.2011 03:24 C:\Program Files\Internet Explorer --------- 4096
17.06.2011 03:02 C:\Program Files\Windows Mail --------- 4096
15.06.2011 15:51 C:\Program Files\ASIO4ALL v2 --------- 0
15.06.2011 15:51 C:\Program Files\VstPlugins --------- 0
15.06.2011 15:51 C:\Program Files\Image-Line --------- 4096
15.06.2011 15:50 C:\Program Files\Outsim --------- 0
14.06.2011 15:29 C:\Program Files\Java --------- 4096
04.06.2011 05:13 C:\Program Files\FileZilla FTP Client --------- 4096
02.06.2011 15:26 C:\Program Files\InstallShield Installation Information --------- 12288
31.05.2011 22:39 C:\Program Files\Windows Live Toolbar --------- 0
31.05.2011 22:37 C:\Program Files\DVDVideoSoft --------- 0
24.05.2011 14:49 C:\Program Files\Free M4a to MP3 Converter --------- 0
18.05.2011 17:16 C:\Program Files\GoldWave --------- 0
17.05.2011 22:11 C:\Program Files\Malwarebytes' Anti-Malware --------- 4096
13.05.2011 20:29 C:\Program Files\VideoLAN --------- 0
04.05.2011 21:32 C:\Program Files\Mindjet --------- 0
23.04.2011 03:01 C:\Program Files\Microsoft CAPICOM 2.1.0.2 --------- 0
17.04.2011 20:56 C:\Program Files\PokerStars.NET --------- 8192
16.04.2011 03:40 C:\Program Files\Windows Portable Devices --------- 0
14.04.2011 03:02 C:\Program Files\Microsoft.NET --------- 0
13.04.2011 23:53 C:\Program Files\Windows Calendar --------- 0
13.04.2011 23:53 C:\Program Files\Movie Maker --------- 0
13.04.2011 23:53 C:\Program Files\Windows Sidebar --------- 4096
13.04.2011 23:53 C:\Program Files\Windows Media Player --------- 4096
13.04.2011 23:53 C:\Program Files\Windows Collaboration --------- 4096
13.04.2011 23:53 C:\Program Files\Windows Photo Gallery --------- 4096
13.04.2011 23:53 C:\Program Files\Windows Defender --------- 4096
11.04.2011 10:31 C:\Program Files\MSXML 4.0 --------- 0
10.04.2011 15:18 C:\Program Files\QuickTime --------- 4096
09.04.2011 21:12 C:\Program Files\Audacity --------- 0
09.04.2011 20:14 C:\Program Files\Native Instruments --------- 0
09.04.2011 19:49 C:\Program Files\M-Audio --------- 0
09.04.2011 19:07 C:\Program Files\OpenOffice.org 3 --------- 4096
09.04.2011 19:02 C:\Program Files\Avira --------- 0
09.04.2011 19:01 C:\Program Files\WinRAR --------- 4096
09.04.2011 18:21 C:\Program Files\Gemeinsame Dateien --------- 0
09.04.2011 18:21 C:\Program Files\Windows NT --------- 4096
09.04.2011 15:52 C:\Program Files\Google --------- 0
09.04.2011 15:52 C:\Program Files\ThinkPad --------- 0
09.04.2011 15:52 C:\Program Files\PCDR5 --------- 0
09.04.2011 15:48 C:\Program Files\Pure Networks --------- 0
09.04.2011 15:47 C:\Program Files\ThinkVantage --------- 0
09.04.2011 15:42 C:\Program Files\Lenovo Multimedia Center --------- 4096
09.04.2011 15:42 C:\Program Files\CyberLink --------- 0
09.04.2011 15:39 C:\Program Files\Lenovo Registration --------- 0
09.04.2011 15:39 C:\Program Files\Diskeeper Corporation --------- 0
09.04.2011 15:31 C:\Program Files\Broadcom --------- 0
09.04.2011 15:30 C:\Program Files\Realtek --------- 0
09.04.2011 15:29 C:\Program Files\Intel --------- 0
09.04.2011 15:27 C:\Program Files\Synaptics --------- 0
21.01.2008 04:57 C:\Program Files\desktop.ini --------- 174
02.11.2006 14:58 C:\Program Files\Uninstall Information --------- 0
02.11.2006 14:35 C:\Program Files\Microsoft Games --------- 4096
02.11.2006 14:35 C:\Program Files\Reference Assemblies --------- 0
02.11.2006 14:35 C:\Program Files\MSBuild --------- 0
----------------------------------------
C:\ProgramData\..
Rapho
Default
desktop.ini
Default User
All Users
Public
----------------------------------------
C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
----------------------------------------
Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process 0 Services 0 12 K
System 4 Services 0 14.528 K
smss.exe 572 Services 0 524 K
csrss.exe 640 Services 0 3.876 K
csrss.exe 696 Console 1 8.444 K
wininit.exe 704 Services 0 3.076 K
services.exe 748 Services 0 6.824 K
lsass.exe 784 Services 0 2.232 K
lsm.exe 792 Services 0 3.148 K
winlogon.exe 880 Console 1 4.356 K
svchost.exe 980 Services 0 5.628 K
svchost.exe 1048 Services 0 5.620 K
svchost.exe 1088 Services 0 26.600 K
svchost.exe 1196 Services 0 11.072 K
svchost.exe 1276 Services 0 79.308 K
svchost.exe 1296 Services 0 58.920 K
audiodg.exe 1356 Services 0 16.148 K
svchost.exe 1380 Services 0 3.600 K
SLsvc.exe 1408 Services 0 3.632 K
svchost.exe 1456 Services 0 10.860 K
svchost.exe 1640 Services 0 12.324 K
spoolsv.exe 1832 Services 0 6.476 K
taskeng.exe 1840 Services 0 4.320 K
sched.exe 1864 Services 0 772 K
svchost.exe 1892 Services 0 12.848 K
IPSSVC.EXE 388 Services 0 2.684 K
AcPrfMgrSvc.exe 432 Services 0 4.948 K
agrsmsvc.exe 516 Services 0 2.008 K
avguard.exe 600 Services 0 22.124 K
AppleMobileDeviceService. 612 Services 0 6.296 K
avshadow.exe 656 Services 0 3.036 K
mDNSResponder.exe 1032 Services 0 3.304 K
svchost.exe 1344 Services 0 3.120 K
DkService.exe 1512 Services 0 11.956 K
FnF5svc.exe 1636 Services 0 1.316 K
IAANTmon.exe 220 Services 0 4.156 K
MAUSBXPInst.exe 2068 Services 0 3.300 K
PMSveH.exe 2196 Services 0 1.888 K
svchost.exe 2240 Services 0 4.632 K
rfx-server.exe 2260 Services 0 12.764 K
RichVideo.exe 2304 Services 0 3.084 K
svchost.exe 2324 Services 0 4.332 K
tvt_reg_monitor_svc.exe 2356 Services 0 2.776 K
TPHKSVC.exe 2368 Services 0 2.576 K
tvttcsd.exe 2428 Services 0 2.144 K
TuneUpUtilitiesService32. 2448 Services 0 13.204 K
tvtsched.exe 2464 Services 0 3.792 K
svchost.exe 2520 Services 0 2.640 K
SearchIndexer.exe 2544 Services 0 26.176 K
AcSvc.exe 2612 Services 0 6.820 K
nmsrvc.exe 2680 Services 0 5.328 K
SUService.exe 2780 Services 0 5.932 K
taskeng.exe 3860 Console 1 9.984 K
dwm.exe 3888 Console 1 58.104 K
SDWinSec.exe 3896 Services 0 7.024 K
TuneUpUtilitiesApp32.exe 3928 Console 1 7.960 K
explorer.exe 3972 Console 1 34.512 K
DkIcon.exe 788 Console 1 4.524 K
WmiPrvSE.exe 3132 Services 0 8.736 K
SvcGuiHlpr.exe 3536 Services 0 4.444 K
MSASCui.exe 3844 Console 1 9.404 K
tpfnf7sp.exe 4012 Console 1 4.876 K
SynTPEnh.exe 3228 Console 1 6.060 K
PMHandler.exe 4248 Console 1 4.960 K
TpWAudAp.exe 4460 Console 1 4.116 K
IAAnotif.exe 4468 Console 1 5.232 K
RtHDVCpl.exe 4512 Console 1 6.128 K
hkcmd.exe 4564 Console 1 5.188 K
igfxsrvc.exe 4572 Console 1 4.640 K
igfxpers.exe 4688 Console 1 4.992 K
LPMGR.EXE 4772 Console 1 6.200 K
AwaySch.EXE 4812 Console 1 4.752 K
PDVDServ.exe 4836 Console 1 4.716 K
wmpnscfg.exe 4856 Console 1 5.252 K
nmapp.exe 4892 Console 1 16.220 K
ACTray.exe 4900 Console 1 5.092 K
ACWLIcon.exe 4916 Console 1 5.288 K
cssauth.exe 4924 Console 1 5.696 K
avgnt.exe 4956 Console 1 2.164 K
M-AudioTaskBarIcon.exe 4964 Console 1 5.012 K
MCPLaunch.exe 4984 Console 1 2.476 K
jusched.exe 4996 Console 1 2.940 K
scheduler_proxy.exe 5032 Console 1 3.024 K
iTunesHelper.exe 5040 Console 1 7.848 K
TeaTimer.exe 5048 Console 1 50.696 K
ICQ.exe 5272 Console 1 90.368 K
rfx-tray.exe 5292 Console 1 7.980 K
BTTray.exe 5316 Console 1 8.492 K
firefox.exe 6048 Console 1 446.176 K
svchost.exe 1120 Services 0 6.856 K
wmpnetwk.exe 956 Services 0 13.184 K
tvtpwm_tray.exe 2792 Console 1 13.224 K
BTStackServer.exe 5736 Console 1 8.636 K
iPodService.exe 4848 Services 0 3.964 K
plugin-container.exe 5664 Console 1 42.656 K
rfx-client.exe 5492 Console 1 52.800 K
WUDFHost.exe 8000 Services 0 2.888 K
iTunes.exe 4244 Console 1 37.484 K
mobsync.exe 7924 Console 1 6.156 K
AppleMobileDeviceHelper.e 6820 Console 1 5.048 K
distnoted.exe 7544 Console 1 3.272 K
iexplore.exe 7356 Console 1 30.844 K
iexplore.exe 1424 Console 1 43.660 K
explorer.exe 6884 Console 1 41.672 K
OTL.exe 5704 Console 1 26.964 K
notepad.exe 6272 Console 1 4.840 K
notepad.exe 7320 Console 1 7.104 K
SearchProtocolHost.exe 6240 Services 0 8.328 K
SearchFilterHost.exe 6416 Services 0 5.128 K
cmd.exe 7292 Console 1 3.000 K
conime.exe 5104 Console 1 11.476 K
dllhost.exe 944 Console 1 11.356 K
tasklist.exe 7052 Console 1 4.708 K
***** Ende des Scans 27.07.2011 um 17:12:22,59 ***
|
|
27.07.2011, 16:15
| #5 |
| | 2 Probleme: Automatisches Öffnen des IEs und Weiterleitung bei Google Meine Programme: Code:
ATTFilter Access Help 08.04.2011 1,64MB 2.00
Adobe AIR Adobe Systems Incorporated 17.07.2011 30,1MB 2.7.0.19530
Adobe Community Help Adobe Systems Incorporated. 23.06.2011 5,70MB 3.4.980
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 12.07.2011 10.3.181.34
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 18.06.2011 10.3.181.26
Adobe Reader 8 - Deutsch Adobe Systems Incorporated 08.04.2011 90,9MB 8.0.0
Agere Systems HDA Modem Agere Systems 08.04.2011
Anzeige am Bildschirm 08.04.2011 5.03
Apple Application Support Apple Inc. 20.07.2011 60,2MB 2.0.1
Apple Mobile Device Support Apple Inc. 17.06.2011 22,1MB 3.4.1.2
Apple Software Update Apple Inc. 20.07.2011 2,38MB 2.1.3.127
ASIO4ALL Michael Tippach 14.06.2011 0,52MB 2.10
Audacity 1.2.6 08.04.2011 8,43MB
Avira AntiVir Personal - Free Antivirus Avira GmbH 30.06.2011 114,1MB 10.2.0.696
Bonjour Apple Inc. 20.07.2011 1,06MB 3.0.0.2
Broadcom Gigabit Integrated Controller Broadcom Corporation 08.04.2011 0,74MB 10.15.06
CCleaner Piriform 06.07.2011 3,60MB 3.08
Client Security Solution Lenovo Group Limited 08.04.2011 100,4MB 8.0.0311.00
Diskeeper Home Diskeeper Corporation 09.04.2011 12,1MB 9.0.545
Ergänzung zu Lenovo Care 08.04.2011 1,88MB 2.00
EVEREST Home Edition v2.20 Lavalys Inc 06.07.2011 6,58MB 2.20
FileZilla Client 3.5.0 30.05.2011 17,6MB 3.5.0
Free M4a to MP3 Converter 6.2 ManiacTools.com 23.05.2011 3,84MB
Free YouTube to MP3 Converter version 3.9.35.324 DVDVideoSoft Limited. 23.04.2011 3,72MB
GoldWave v5.58 17.05.2011 7,77MB
Help Center 08.04.2011 2,05MB 2.00c
HiJackThis Trend Micro 25.07.2011 0,36MB 1.0.0
ICQ7.5 ICQ 22.04.2011 50,3MB 7.5
IL Download Manager Image-Line 14.06.2011 4,91MB
Integrated Camera Sonix 08.04.2011 3,61MB 5.8.8.012
Intel(R) Graphics Media Accelerator Driver 08.04.2011
Intel(R) Matrix Storage Manager 08.04.2011 3,77MB
iTunes Apple Inc. 20.07.2011 141,9MB 10.4.0.80
Java(TM) 6 Update 2 Sun Microsystems, Inc. 08.04.2011 168,1MB 1.6.0.20
Java(TM) 6 Update 22 Oracle 08.04.2011 97,1MB 6.0.220
Java(TM) 6 Update 26 Oracle 08.04.2011 94,8MB 6.0.260
Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.4900 Lenovo. 09.04.2011 40,8MB 6.0.1.4900
Lenovo Care 08.04.2011 1,93MB 2.10
Lenovo Care System Update Lenovo 01.07.2011 27,4MB 3.14.0034
Lenovo Multimedia Center 08.04.2011 3,23MB
Lenovo Registration Lenovo - Leader Technologies 08.04.2011 0,81MB
Lenovo System Interface Driver 08.04.2011 4,00KB 1.00
M-Audio Xponent Driver 6.0.1 (x86) M-Audio 08.04.2011 3,52MB 6.0.1
Maintenance Manager 08.04.2011 6,57MB 3.0.5.0
Malwarebytes' Anti-Malware Malwarebytes Corporation 16.05.2011 4,82MB
Message Center 08.04.2011 2,02MB 2.01b
Message Center Plus Lenovo Group Limited 11.06.2011 1,70MB 2.0.0012.00
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 11.04.2011 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 10.04.2011 27,8MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 13.04.2011 120,3MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 13.04.2011 24,5MB 4.0.30319
Microsoft Silverlight Microsoft Corporation 17.06.2011 40,3MB 4.0.60531.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 05.05.2011 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation a17.06.2011 0,29MB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 30.04.2011 0,58MB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 04.05.2011 0,23MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 09.04.2011 0,58MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 0,58MB 9.0.30729.6161
Mindjet MindManager 9 Mindjet 04.05.2011 100,6MB 9.0.246
Mozilla Firefox 5.0 (x86 de) Mozilla 22.06.2011 32,3MB 5.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 11.04.2011 1,28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 11.04.2011 1,34MB 4.20.9876.0
Native Instruments Traktor Native Instruments 08.04.2011 64,8MB
Network Magic Pure Networks 09.04.2011 28,1MB 4.1.7082.0
No23 Recorder No23 17.07.2011 3,18MB 2.1.0.3
OpenOffice.org 3.3 OpenOffice.org 09.04.2011 413MB 3.3.9567
PC-Doctor 5 für Windows PC-Doctor, Inc. 08.04.2011 144,6MB 5.00.4565.08
PDF-XChange 3 Tracker Software 03.05.2011 15,5MB
PM Driver Lenovo 08.04.2011 0,37MB 0.63.1.6
PokerStars.net PokerStars.net 16.04.2011 62,2MB
Präsentationsdirektor 08.04.2011 1,93MB 3.04
QuickTime Apple Inc. 10.04.2011 73,7MB 7.69.80.9
Radio.fx Tobit.Software 08.07.2011 1.968MB
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 08.04.2011 14,2MB 6.0.1.5391
Registry patch for Windows Vista USB S3 PM Enablement 08.04.2011 4,00KB 1.00
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33 08.04.2011 1,67MB 3.33.01
Safari Apple Inc. 20.07.2011 43,4MB 5.34.50.0
simfy simfy GmbH 17.07.2011 3,14MB 1.4.9
Spybot - Search & Destroy Safer Networking Limited 18.06.2011 63,7MB 1.6.2
Synaptics Pointing Device Driver Synaptics 08.04.2011 12,8MB 9.0.3.0
ThinkVantage Access Connections 08.04.2011 2,68MB 4.42
TuneUp Utilities 2011 TuneUp Software 06.07.2011 64,5MB 10.0.4300.9
Uninstall 1.0.0.1 23.04.2011 29,7MB
VLC media player 1.1.9 VideoLAN 12.05.2011 80,1MB 1.1.9
Windows Media Player Firefox Plugin Microsoft Corp 05.06.2011 0,29MB 1.0.0.8
WinRAR 4.00 (32-Bit) win.rar GmbH 08.04.2011 4,04MB 4.00.0
Xponent M-Audio 01.06.2011 2,18MB 5.10.00.5112v2
|
|
27.07.2011, 16:39
| #6 |
| | 2 Probleme: Automatisches Öffnen des IEs und Weiterleitung bei Google Und der Log vom Malware-Programm: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7296
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
27.07.2011 17:37:32
mbam-log-2011-07-27 (17-37-32).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 163156
Laufzeit: 14 Minute(n), 16 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4Y3Y0C3AZF7XXHYWMAFFXA (Trojan.SpyEyes) -> Value: 4Y3Y0C3AZF7XXHYWMAFFXA -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{A528D4C2-8D70-CF99-9E74-C495DA3E6BA0} (Trojan.ZbotR.Gen) -> Value: {A528D4C2-8D70-CF99-9E74-C495DA3E6BA0} -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
c:\Recycle.Bin\dde2f571a4d0c65 (Trojan.Spyeyes) -> Quarantined and deleted successfully.
|
|
28.07.2011, 06:40
| #7 |
| /// Helfer-Team | 2 Probleme: Automatisches Öffnen des IEs und Weiterleitung bei Google zu Punkt 1. - übersprungen warum? Du hast ja 32Bit System zu Punkt 2. - ich meinte bitte "Komplett Scan durchführen", nicht Quick-Scan!!! also MBAM updaten und erneut einen Scan durchführen, Protokoll posten! zu Punkt 3. - Extras.txt von OTL fehlt, bitte nachreichen!
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (28.07.2011 um 06:46 Uhr) |
|
30.07.2011, 13:17
| #8 |
| | 2 Probleme: Automatisches Öffnen des IEs und Weiterleitung bei Google Schonmal zu 2: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7296
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
29.07.2011 17:49:29
mbam-log-2011-07-29 (17-49-29).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 316466
Laufzeit: 1 Stunde(n), 27 Minute(n), 51 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.07.2011 16:56:34 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Rapho\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,42 Gb Available Physical Memory | 21,33% Memory free
4,21 Gb Paging File | 1,40 Gb Available in Paging File | 33,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,95 Gb Total Space | 48,04 Gb Free Space | 33,37% Space Free | Partition Type: NTFS
Computer Name: RAPHO-PC | User Name: Rapho | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D9E4C1E-E761-4385-80D1-B51DF939FFD5}" = lport=139 | protocol=6 | dir=in | app=system |
"{242194F3-CA12-4FE2-BC80-B8B66CCCF350}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{38C2E15A-997D-4F20-8214-F8E5210018C0}" = lport=445 | protocol=6 | dir=in | app=system |
"{399AE03E-EED5-4351-B3DD-DAECE9C02FEE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3E5FA714-0EAC-45FA-A1A1-13177A182074}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{51A168E2-A2E9-4078-B70C-D41CABAB659A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{761385AF-BAD8-4C36-974C-5B5802CFDE52}" = rport=137 | protocol=17 | dir=out | app=system |
"{877E0AAD-A9E3-434E-B2D8-8733ACE61EB1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{913F7A6D-E9DD-4CD0-BC84-4FD3E1DAAC53}" = rport=445 | protocol=6 | dir=out | app=system |
"{B4A3A8B9-A1E8-4EA8-97A1-79E0228CE811}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B5D9E229-33AA-40B8-BBA0-D5DB76ADB41E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D52A2267-5406-495F-91F7-BE62A035B7AF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D53AFB55-095C-4940-89BC-930E82FA5D80}" = rport=139 | protocol=6 | dir=out | app=system |
"{D5EB17CB-A667-43BF-BF3F-EFC607259404}" = lport=137 | protocol=17 | dir=in | app=system |
"{E810E2A1-7DA1-4934-BB48-BD545655B6D6}" = rport=138 | protocol=17 | dir=out | app=system |
"{EDCBF1BC-9EE8-4936-B52A-A339D1D48CB4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F8B58541-25D9-46AE-8BF6-D6CC91CA24AA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F99374A4-EA6A-4C07-AE32-1DA1E0ABD640}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FCDEE1B8-F460-416D-9E80-C36ACB611D0B}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0789E2C9-C433-418A-800E-5BA66DC11096}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{0D96D3C3-8A74-4CED-AF8C-FC2E23A10AFA}" = dir=in | app=c:\program files\lenovo multimedia center\powerdirector express\pdx.exe |
"{1A0A5B74-61EE-4743-965C-E21D3F4BE66F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{3BE7ACBC-53A6-442E-AF6C-D9504237DF11}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{528FD07A-318F-4EDD-9741-DB2B218C23B4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{535FC8E8-500C-48A6-B53F-91FA15DD2FE5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5C42E2BF-F0B4-443A-BDD4-76CD8211454C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6151902F-83F6-4D5C-BBAF-6B98C2D013D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{68656724-2BF0-4ED5-9CB5-5E387693CDEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7022C311-83EB-4595-9D83-8750CCEE4F43}" = protocol=6 | dir=out | app=system |
"{795D2918-1CD7-4102-BDC5-4BDEE8459E76}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7C541091-81E4-4F49-996E-22651DB84FD8}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{7EA2D9C5-D54F-4D7D-8BAC-7F6DA22EC8A6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{80A9F8FA-4B13-481F-9D1E-B07038B30531}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{8D7C9D09-E37C-4F75-9761-058FA26CDAF2}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{A7D62927-8BA5-43C0-9A7B-A2E51A04C7F1}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{AEA74DE2-C45A-40E7-B819-B0E753792790}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{B6BA0155-0D16-4681-ADBD-549D8BB4F37F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B94CFCF1-6766-48B5-A22D-327E1F72085A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BEEBEF2A-77D2-4B71-841C-3137FD181134}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{BF99B6CA-2496-4A52-A009-77280BE2C165}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0F411D0-36F8-4C58-B14F-7B86B9EE3F37}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C8806126-FF94-4090-8E4E-108AA64AB516}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{CABC47A6-CEE3-46A5-BEB0-5D6F73BDD099}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CF205327-0DF6-4107-A478-FE68CC83BCA8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7567DAF-7962-471B-89BC-E3B7AD776E9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D8404B62-C8AF-4E58-9717-F570DAB54FDC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1B24D1B-3F6B-4CD9-B9BD-978BC87D7B2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8FD4B6A-01C8-48DB-AD32-9D6182283F30}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{F4747D9C-8304-4F4D-9913-1E771F5A2EC4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F94A45FB-1F41-4700-9F4D-779BBA0EE4DA}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{F9AADB00-D9A0-4F0C-99A3-BFCC895FA0AA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FCC91798-CA66-4AEF-9FBF-CCA6132A094D}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"TCP Query User{1699ECD7-9FDC-4E0E-A6E5-8E0644AB2F9F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{27ACF68D-7FFB-42ED-8432-E6939D8A987F}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{43A76B9E-5E26-4788-946C-A754F46A335F}C:\users\rapho\appdata\local\xenocode\sandbox\adobe after effects cs3\8.0x247\2010.02.14t17.17\native\stubexe\8.0.1135\@programfiles@\bonjour\mdnsresponder.exe" = protocol=6 | dir=in | app=c:\users\rapho\appdata\local\xenocode\sandbox\adobe after effects cs3\8.0x247\2010.02.14t17.17\native\stubexe\8.0.1135\@programfiles@\bonjour\mdnsresponder.exe |
"TCP Query User{87B022A5-1106-4B05-ADE9-454CD95AA02F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{944572FB-EF4C-4C4B-BAD3-89778814F412}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{9ED59534-7785-4A09-A847-536AD86B23EA}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{0DD36079-7355-49B9-B701-F531511F59B9}C:\users\rapho\appdata\local\xenocode\sandbox\adobe after effects cs3\8.0x247\2010.02.14t17.17\native\stubexe\8.0.1135\@programfiles@\bonjour\mdnsresponder.exe" = protocol=17 | dir=in | app=c:\users\rapho\appdata\local\xenocode\sandbox\adobe after effects cs3\8.0x247\2010.02.14t17.17\native\stubexe\8.0.1135\@programfiles@\bonjour\mdnsresponder.exe |
"UDP Query User{1B2B28CC-77D1-4DC4-BF42-33576C6DB470}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{21004A17-ED18-4D08-B6D9-D08BA359F179}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{4AFB86D5-3DD8-4D72-B25F-ED5646F6E187}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{4DD39CDD-2C81-46BE-8E42-6EAF301A4F56}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{BB27A5F9-C3AB-46EF-B9BE-80A38303DCD5}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.4900
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1772DBCE-B61D-4A4D-B881-F717EBE74998}" = Xponent
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Lenovo Multimedia Center
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35AC562E-F11A-060C-CD06-70FB80113769}" = simfy
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Ergänzung zu Lenovo Care
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{800C6CC9-8EEB-4A6A-ABD4-C05EAE279606}" = Network Magic
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A52A504E-18BE-4821-9A2A-BFB4542DA0BD}" = Lenovo PM Driver
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{B1F625EB-9691-4889-A864-DA085739F3F0}" = Power Ux Customization
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB44F479-789A-4D76-A31E-663C5658F576}" = Mindjet MindManager 9
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCB739A2-D7C9-4F69-B992-21196057803E}" = M-Audio Xponent Driver 6.0.1 (x86)
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AwayTask" = Maintenance Manager
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.5.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GoldWave v5.58" = GoldWave v5.58
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IL Download Manager" = IL Download Manager
"InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"Lenovo Registration" = Lenovo Registration
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Native Instruments Traktor" = Native Instruments Traktor
"No23 Recorder" = No23 Recorder
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"PDF-XChange 3_is1" = PDF-XChange 3
"PokerStars.net" = PokerStars.net
"Simfy" = simfy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tobit Radio.fx Server" = Radio.fx
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Uninstall_is1" = Uninstall 1.0.0.1
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"VLC media player" = VLC media player 1.1.9
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
30.07.2011, 13:48
| #9 |
| | 2 Probleme: Automatisches Öffnen des IEs und Weiterleitung bei Google Und zu 1: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit quick scan 2011-07-30 14:45:06
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.08.0
Running: n48vj8s9.exe; Driver: C:\Users\Rapho\AppData\Local\Temp\fwdorpog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:284] 86531E7A
Thread System [4:288] 86534008
---- EOF - GMER 1.0.15 ----
|
|
30.07.2011, 23:12
| #10 | ||
| /// Helfer-Team | 2 Probleme: Automatisches Öffnen des IEs und Weiterleitung bei Google 1. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKCU..\Run: [{A528D4C2-8D70-CF99-9E74-C495DA3E6BA0}] File not found
O4 - HKCU..\Run: [4Y3Y0C3AZF7XXHYWMAFFXA] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
[2011.05.16 22:32:34 | 000,000,136 | ---- | C] () -- C:\ProgramData\~32694008r
[2011.05.16 22:32:34 | 000,000,112 | ---- | C] () -- C:\ProgramData\~32694008
[2011.05.16 22:32:18 | 000,000,384 | ---- | C] () -- C:\ProgramData\32694008
:Files
C:\Windows\Tasks\At1.job
:Commands
[purity]
[emptytemp]
3. erneut einen Scan mit OTL:
4. Musikdateien speicherst Du auf dem Desktop? - Folgende Einträge/Namen sagen Dir etwas?: Zitat:
Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
31.07.2011, 14:08
| #11 |
| | 2 Probleme: Automatisches Öffnen des IEs und Weiterleitung bei Google Zu 1: Code:
ATTFilter Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD16 rev.08.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8652D1ED]<<
1 nt!IofCallDriver[0x8208811B] -> \Device\Harddisk0\DR0[0x85E3B828]
3 CLASSPNP[0x885A38B3] -> nt!IofCallDriver[0x8208811B] -> [0x84E04118]
5 acpi[0x82E556BC] -> nt!IofCallDriver[0x8208811B] -> \Device\Ide\IAAStorageDevice-0[0x8530A030]
\Driver\iaStor[0x84E04030] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8652D1ED
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\iaStor -> 0x8652d1ed
user & kernel MBR OK
Warning: possible MBR rootkit infection !
Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{A528D4C2-8D70-CF99-9E74-C495DA3E6BA0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A528D4C2-8D70-CF99-9E74-C495DA3E6BA0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\4Y3Y0C3AZF7XXHYWMAFFXA not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
C:\ProgramData\~32694008r moved successfully.
C:\ProgramData\~32694008 moved successfully.
C:\ProgramData\32694008 moved successfully.
========== FILES ==========
C:\Windows\Tasks\At1.job moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Rapho
->Temp folder emptied: 483218 bytes
->Temporary Internet Files folder emptied: 52294496 bytes
->Java cache emptied: 1131829 bytes
->FireFox cache emptied: 317507507 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 77854 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 165470 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 355,00 mb
OTL by OldTimer - Version 3.2.26.1 log created on 07312011_135848
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
31.07.2011, 14:09
| #12 |
| | 2 Probleme: Automatisches Öffnen des IEs und Weiterleitung bei Google Zu 3: Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.07.2011 14:12:09 - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Rapho\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,74 Gb Available Physical Memory | 37,23% Memory free
4,21 Gb Paging File | 2,68 Gb Available in Paging File | 63,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,95 Gb Total Space | 48,27 Gb Free Space | 33,53% Space Free | Partition Type: NTFS
Computer Name: RAPHO-PC | User Name: Rapho | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D9E4C1E-E761-4385-80D1-B51DF939FFD5}" = lport=139 | protocol=6 | dir=in | app=system |
"{242194F3-CA12-4FE2-BC80-B8B66CCCF350}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{38C2E15A-997D-4F20-8214-F8E5210018C0}" = lport=445 | protocol=6 | dir=in | app=system |
"{399AE03E-EED5-4351-B3DD-DAECE9C02FEE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3E5FA714-0EAC-45FA-A1A1-13177A182074}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{51A168E2-A2E9-4078-B70C-D41CABAB659A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{761385AF-BAD8-4C36-974C-5B5802CFDE52}" = rport=137 | protocol=17 | dir=out | app=system |
"{877E0AAD-A9E3-434E-B2D8-8733ACE61EB1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{913F7A6D-E9DD-4CD0-BC84-4FD3E1DAAC53}" = rport=445 | protocol=6 | dir=out | app=system |
"{B4A3A8B9-A1E8-4EA8-97A1-79E0228CE811}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B5D9E229-33AA-40B8-BBA0-D5DB76ADB41E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D52A2267-5406-495F-91F7-BE62A035B7AF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D53AFB55-095C-4940-89BC-930E82FA5D80}" = rport=139 | protocol=6 | dir=out | app=system |
"{D5EB17CB-A667-43BF-BF3F-EFC607259404}" = lport=137 | protocol=17 | dir=in | app=system |
"{E810E2A1-7DA1-4934-BB48-BD545655B6D6}" = rport=138 | protocol=17 | dir=out | app=system |
"{EDCBF1BC-9EE8-4936-B52A-A339D1D48CB4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F8B58541-25D9-46AE-8BF6-D6CC91CA24AA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F99374A4-EA6A-4C07-AE32-1DA1E0ABD640}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FCDEE1B8-F460-416D-9E80-C36ACB611D0B}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0789E2C9-C433-418A-800E-5BA66DC11096}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{0D96D3C3-8A74-4CED-AF8C-FC2E23A10AFA}" = dir=in | app=c:\program files\lenovo multimedia center\powerdirector express\pdx.exe |
"{1A0A5B74-61EE-4743-965C-E21D3F4BE66F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{3BE7ACBC-53A6-442E-AF6C-D9504237DF11}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{528FD07A-318F-4EDD-9741-DB2B218C23B4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{535FC8E8-500C-48A6-B53F-91FA15DD2FE5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5C42E2BF-F0B4-443A-BDD4-76CD8211454C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6151902F-83F6-4D5C-BBAF-6B98C2D013D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{68656724-2BF0-4ED5-9CB5-5E387693CDEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7022C311-83EB-4595-9D83-8750CCEE4F43}" = protocol=6 | dir=out | app=system |
"{795D2918-1CD7-4102-BDC5-4BDEE8459E76}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7C541091-81E4-4F49-996E-22651DB84FD8}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{7EA2D9C5-D54F-4D7D-8BAC-7F6DA22EC8A6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{80A9F8FA-4B13-481F-9D1E-B07038B30531}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{8D7C9D09-E37C-4F75-9761-058FA26CDAF2}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{A7D62927-8BA5-43C0-9A7B-A2E51A04C7F1}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{AEA74DE2-C45A-40E7-B819-B0E753792790}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{B6BA0155-0D16-4681-ADBD-549D8BB4F37F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B94CFCF1-6766-48B5-A22D-327E1F72085A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BEEBEF2A-77D2-4B71-841C-3137FD181134}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{BF99B6CA-2496-4A52-A009-77280BE2C165}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0F411D0-36F8-4C58-B14F-7B86B9EE3F37}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C8806126-FF94-4090-8E4E-108AA64AB516}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{CABC47A6-CEE3-46A5-BEB0-5D6F73BDD099}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CF205327-0DF6-4107-A478-FE68CC83BCA8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7567DAF-7962-471B-89BC-E3B7AD776E9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D8404B62-C8AF-4E58-9717-F570DAB54FDC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1B24D1B-3F6B-4CD9-B9BD-978BC87D7B2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8FD4B6A-01C8-48DB-AD32-9D6182283F30}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{F4747D9C-8304-4F4D-9913-1E771F5A2EC4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F94A45FB-1F41-4700-9F4D-779BBA0EE4DA}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{F9AADB00-D9A0-4F0C-99A3-BFCC895FA0AA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FCC91798-CA66-4AEF-9FBF-CCA6132A094D}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"TCP Query User{1699ECD7-9FDC-4E0E-A6E5-8E0644AB2F9F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{27ACF68D-7FFB-42ED-8432-E6939D8A987F}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{43A76B9E-5E26-4788-946C-A754F46A335F}C:\users\rapho\appdata\local\xenocode\sandbox\adobe after effects cs3\8.0x247\2010.02.14t17.17\native\stubexe\8.0.1135\@programfiles@\bonjour\mdnsresponder.exe" = protocol=6 | dir=in | app=c:\users\rapho\appdata\local\xenocode\sandbox\adobe after effects cs3\8.0x247\2010.02.14t17.17\native\stubexe\8.0.1135\@programfiles@\bonjour\mdnsresponder.exe |
"TCP Query User{87B022A5-1106-4B05-ADE9-454CD95AA02F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{944572FB-EF4C-4C4B-BAD3-89778814F412}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{9ED59534-7785-4A09-A847-536AD86B23EA}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{0DD36079-7355-49B9-B701-F531511F59B9}C:\users\rapho\appdata\local\xenocode\sandbox\adobe after effects cs3\8.0x247\2010.02.14t17.17\native\stubexe\8.0.1135\@programfiles@\bonjour\mdnsresponder.exe" = protocol=17 | dir=in | app=c:\users\rapho\appdata\local\xenocode\sandbox\adobe after effects cs3\8.0x247\2010.02.14t17.17\native\stubexe\8.0.1135\@programfiles@\bonjour\mdnsresponder.exe |
"UDP Query User{1B2B28CC-77D1-4DC4-BF42-33576C6DB470}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{21004A17-ED18-4D08-B6D9-D08BA359F179}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{4AFB86D5-3DD8-4D72-B25F-ED5646F6E187}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{4DD39CDD-2C81-46BE-8E42-6EAF301A4F56}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{BB27A5F9-C3AB-46EF-B9BE-80A38303DCD5}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.4900
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1772DBCE-B61D-4A4D-B881-F717EBE74998}" = Xponent
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Lenovo Multimedia Center
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35AC562E-F11A-060C-CD06-70FB80113769}" = simfy
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33
"{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Ergänzung zu Lenovo Care
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{800C6CC9-8EEB-4A6A-ABD4-C05EAE279606}" = Network Magic
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A52A504E-18BE-4821-9A2A-BFB4542DA0BD}" = Lenovo PM Driver
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{B1F625EB-9691-4889-A864-DA085739F3F0}" = Power Ux Customization
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB44F479-789A-4D76-A31E-663C5658F576}" = Mindjet MindManager 9
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCB739A2-D7C9-4F69-B992-21196057803E}" = M-Audio Xponent Driver 6.0.1 (x86)
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AwayTask" = Maintenance Manager
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.5.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GoldWave v5.58" = GoldWave v5.58
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IL Download Manager" = IL Download Manager
"InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"Lenovo Registration" = Lenovo Registration
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Native Instruments Traktor" = Native Instruments Traktor
"No23 Recorder" = No23 Recorder
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"PDF-XChange 3_is1" = PDF-XChange 3
"PokerStars.net" = PokerStars.net
"Simfy" = simfy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tobit Radio.fx Server" = Radio.fx
"Uninstall_is1" = Uninstall 1.0.0.1
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"VLC media player" = VLC media player 1.1.9
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.07.2011 14:12:09 - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Rapho\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,74 Gb Available Physical Memory | 37,23% Memory free
4,21 Gb Paging File | 2,68 Gb Available in Paging File | 63,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,95 Gb Total Space | 48,27 Gb Free Space | 33,53% Space Free | Partition Type: NTFS
Computer Name: RAPHO-PC | User Name: Rapho | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.07.31 14:02:39 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
PRC - [2011.07.30 14:06:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Rapho\Desktop\OTL(1).exe
PRC - [2011.07.01 18:52:54 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 16:19:11 | 003,627,352 | ---- | M] () -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe
PRC - [2011.06.23 13:27:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.05.21 18:09:35 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2011.04.27 20:27:18 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.18 14:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe
PRC - [2011.03.04 14:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.10.02 12:45:36 | 000,643,592 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe
PRC - [2009.05.27 22:09:36 | 000,049,976 | ---- | M] () -- C:\Programme\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.01.21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:35:20 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.11.29 20:04:00 | 000,059,168 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007.09.11 10:54:48 | 000,163,840 | ---- | M] (Avid Technology, Inc.) -- C:\Programme\M-Audio\Xponent\MAUSBXPInst.exe
PRC - [2007.08.09 11:11:06 | 000,927,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\tvtpwm_tray.exe
PRC - [2007.08.09 10:36:36 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007.07.05 15:49:18 | 000,128,296 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007.07.05 15:49:06 | 000,124,200 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007.07.05 15:48:58 | 000,419,112 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007.07.05 15:48:54 | 000,206,120 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007.07.05 15:48:50 | 000,091,432 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007.06.05 17:11:28 | 000,034,352 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\PM Driver\PMHandler.exe
PRC - [2007.04.26 19:10:00 | 000,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\LenovoCare\LPMGR.EXE
PRC - [2007.04.09 03:24:32 | 000,054,832 | ---- | M] (Lenovo.) -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe
PRC - [2007.03.29 13:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2007.03.29 13:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BTStackServer.exe
PRC - [2007.03.23 13:04:54 | 004,423,680 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.03.16 05:26:22 | 000,057,344 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\PM Driver\PMSveH.exe
PRC - [2007.03.14 15:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Programme\Pure Networks\Network Magic\nmsrvc.exe
PRC - [2007.03.14 15:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Programme\Pure Networks\Network Magic\nmapp.exe
PRC - [2007.03.02 07:07:28 | 000,055,936 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2007.02.12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.02.12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.01.30 05:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE
PRC - [2006.11.23 15:10:42 | 000,056,928 | ---- | M] (Cyberlink Corp.) -- C:\Programme\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe
PRC - [2006.11.15 16:21:56 | 000,217,176 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006.11.15 16:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006.11.07 12:51:20 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006.10.05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.09.06 09:38:44 | 000,054,824 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe
========== Modules (SafeList) ==========
MOD - [2011.07.30 14:06:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Rapho\Desktop\OTL(1).exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010.07.30 13:01:38 | 000,107,856 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mindjet\MindManager 9\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2011.07.31 14:03:26 | 000,017,408 | ---- | M] () [Unknown | Running] -- C:\Windows\System32\rpcnetp.dll -- (rpcnetp)
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.01 18:52:54 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.24 16:19:11 | 003,627,352 | ---- | M] () [Auto | Running] -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2011.04.27 20:27:18 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.18 14:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 10:54:48 | 000,163,840 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Programme\M-Audio\Xponent\MAUSBXPInst.exe -- (MAudioXponentService)
SRV - [2007.08.09 10:36:36 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007.07.05 15:48:54 | 000,206,120 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007.07.05 15:48:50 | 000,091,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007.04.09 03:24:32 | 000,054,832 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC)
SRV - [2007.03.16 05:26:22 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\PM Driver\PMSveH.exe -- (PMSveH)
SRV - [2007.03.14 15:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)
SRV - [2007.03.14 15:42:22 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2007.03.02 07:07:28 | 000,055,936 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2007.02.12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.01.30 05:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006.11.15 16:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2006.10.05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
========== Driver Services (SafeList) ==========
DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.07.01 18:52:58 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 18:52:58 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.06.11 13:49:12 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.02 12:45:28 | 000,042,248 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioXponent_DFU.sys -- (MADFUXPONENT)
DRV - [2009.10.02 12:45:24 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioXponent.sys -- (MAUSBXPONENT)
DRV - [2008.01.21 04:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008.01.21 04:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.05.22 15:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007.03.21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.19 02:12:22 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.09 14:34:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2006.11.08 09:29:44 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.06 10:23:24 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006.08.30 12:04:04 | 000,013,744 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/3000notebook [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/3000notebook [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.23 13:27:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.14 15:29:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2011.04.09 15:53:18 | 000,000,000 | ---D | M]
[2011.04.09 18:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rapho\AppData\Roaming\mozilla\Extensions
[2011.07.31 14:07:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rapho\AppData\Roaming\mozilla\Firefox\Profiles\6wmvbu2m.default\extensions
[2011.06.22 19:43:50 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Rapho\AppData\Roaming\mozilla\Firefox\Profiles\6wmvbu2m.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011.07.06 18:52:42 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Users\Rapho\AppData\Roaming\mozilla\Firefox\Profiles\6wmvbu2m.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2011.06.14 15:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.04.09 19:06:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.09 18:55:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.14 15:29:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011.04.09 18:55:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.14 15:29:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\RAPHO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6WMVBU2M.DEFAULT\EXTENSIONS\{1F91CDE0-C040-11DA-A94D-0800200C9A66}.XPI
[2011.04.12 13:30:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.06.23 13:27:13 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Lenovo Multimedia Center\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (lenovo)
O4 - HKLM..\Run: [LPManager] C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [PMHandler] C:\Programme\Lenovo\PM Driver\PMHandler.exe (Lenovo)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPWAUDAP] C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [rfxsrvtray] C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rapho\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Programme\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rapho\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rapho\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.07.31 13:58:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.07.30 15:36:56 | 000,000,000 | ---D | C] -- C:\Users\Rapho\Desktop\SciLor's Grooveshark.com Downloader
[2011.07.30 14:36:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.07.30 14:06:51 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Rapho\Desktop\OTL(1).exe
[2011.07.26 19:35:51 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.07.26 19:35:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011.07.21 14:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.07.21 14:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.07.21 14:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.07.21 13:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011.07.18 19:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2011.07.18 19:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\No23 Recorder
[2011.07.18 19:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No23 Recorder
[2011.07.18 18:51:12 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Simfy
[2011.07.18 18:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
[2011.07.18 18:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\simfy
[2011.07.16 13:44:07 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Ovvy
[2011.07.16 13:44:07 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Aguhi
[2011.07.13 22:23:33 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.07.13 22:23:30 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.07.13 22:23:30 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.07.12 11:20:54 | 000,178,536 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll
[2011.07.12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011.07.12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2011.07.12 11:20:54 | 000,050,536 | ---- | C] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll
[2011.07.09 17:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tobit.Software
[2011.07.09 17:17:33 | 001,844,488 | ---- | C] (Tobit.Software) -- C:\Windows\RXSUnins.exe
[2011.07.09 17:17:33 | 001,844,488 | ---- | C] (Tobit.Software) -- C:\Windows\RXCUnins.exe
[2011.07.07 19:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2011.07.07 19:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2011.07.01 19:37:30 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Ugab
[2011.07.01 19:37:30 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Ucef
[2011.04.09 15:23:53 | 000,167,936 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2011.04.09 15:23:53 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
========== Files - Modified Within 30 Days ==========
[2011.07.31 14:04:12 | 000,025,181 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2011.07.31 14:03:26 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2011.07.31 14:02:59 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2011.07.31 14:02:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.31 14:02:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.31 14:02:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.31 14:02:42 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.31 14:02:39 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2011.07.31 14:01:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.07.31 13:50:46 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2011.07.30 15:50:53 | 008,390,239 | ---- | M] () -- C:\Users\Rapho\Desktop\01 - Pitbull feat. Rapho - Took my love.mp3
[2011.07.30 15:04:39 | 006,151,650 | ---- | M] () -- C:\Users\Rapho\Desktop\01 - Tim Bendzko - Nur noch kurz die Welt retten.mp3
[2011.07.30 14:58:28 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2011.07.30 14:31:32 | 000,302,592 | ---- | M] () -- C:\Users\Rapho\Desktop\n48vj8s9.exe
[2011.07.30 14:06:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Rapho\Desktop\OTL(1).exe
[2011.07.29 01:12:12 | 195,127,952 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.07.26 20:10:17 | 000,322,022 | ---- | M] () -- C:\Users\Rapho\AppData\Local\census.cache
[2011.07.26 20:09:34 | 000,221,743 | ---- | M] () -- C:\Users\Rapho\AppData\Local\ars.cache
[2011.07.26 19:53:14 | 000,000,036 | ---- | M] () -- C:\Users\Rapho\AppData\Local\housecall.guid.cache
[2011.07.26 19:35:51 | 000,001,948 | ---- | M] () -- C:\Users\Rapho\Desktop\HiJackThis.lnk
[2011.07.23 18:12:30 | 013,165,864 | ---- | M] () -- C:\Users\Rapho\Desktop\Set-Fire-to-the-Rain-A-Stupid-Hole-Bootleg.mp3
[2011.07.22 17:26:30 | 003,523,810 | ---- | M] () -- C:\Users\Rapho\Desktop\Seeed-Molotov.mp3
[2011.07.22 13:27:55 | 021,073,936 | ---- | M] () -- C:\Users\Rapho\Documents\vlc-1.1.11-win32.exe
[2011.07.21 19:06:28 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.21 19:06:28 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.21 19:06:28 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.21 19:06:27 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.21 14:18:27 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011.07.21 14:13:09 | 000,001,674 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.07.21 13:52:24 | 000,001,356 | ---- | M] () -- C:\Users\Rapho\AppData\Local\d3d9caps.dat
[2011.07.18 19:18:44 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\No23 Recorder.lnk
[2011.07.18 18:51:06 | 000,000,724 | ---- | M] () -- C:\Users\Public\Desktop\simfy.lnk
[2011.07.14 14:19:03 | 003,611,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.13 19:35:52 | 000,002,061 | ---- | M] () -- C:\Users\Rapho\Documents\Firefox Sync Key.html
[2011.07.13 19:34:30 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.07.12 11:20:54 | 000,178,536 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll
[2011.07.12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011.07.12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2011.07.12 11:20:54 | 000,050,536 | ---- | M] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll
[2011.07.07 19:11:34 | 000,000,917 | ---- | M] () -- C:\Users\Rapho\Desktop\EVEREST Home Edition.lnk
[2011.07.07 19:02:11 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.07.01 18:52:58 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.07.01 18:52:58 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
========== Files Created - No Company Name ==========
[2011.07.31 14:03:26 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2011.07.31 14:02:39 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2011.07.31 13:50:29 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2011.07.30 15:46:23 | 008,390,239 | ---- | C] () -- C:\Users\Rapho\Desktop\01 - Pitbull feat. Rapho - Took my love.mp3
[2011.07.30 15:01:25 | 006,151,650 | ---- | C] () -- C:\Users\Rapho\Desktop\01 - Tim Bendzko - Nur noch kurz die Welt retten.mp3
[2011.07.30 14:31:25 | 000,302,592 | ---- | C] () -- C:\Users\Rapho\Desktop\n48vj8s9.exe
[2011.07.29 01:12:12 | 195,127,952 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.07.27 17:11:45 | 000,030,259 | ---- | C] () -- C:\Users\Rapho\Desktop\hjtscanlist.bat
[2011.07.26 20:10:17 | 000,322,022 | ---- | C] () -- C:\Users\Rapho\AppData\Local\census.cache
[2011.07.26 20:09:34 | 000,221,743 | ---- | C] () -- C:\Users\Rapho\AppData\Local\ars.cache
[2011.07.26 19:53:14 | 000,000,036 | ---- | C] () -- C:\Users\Rapho\AppData\Local\housecall.guid.cache
[2011.07.26 19:35:51 | 000,001,948 | ---- | C] () -- C:\Users\Rapho\Desktop\HiJackThis.lnk
[2011.07.23 18:12:13 | 013,165,864 | ---- | C] () -- C:\Users\Rapho\Desktop\Set-Fire-to-the-Rain-A-Stupid-Hole-Bootleg.mp3
[2011.07.22 13:27:25 | 021,073,936 | ---- | C] () -- C:\Users\Rapho\Documents\vlc-1.1.11-win32.exe
[2011.07.21 14:18:27 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011.07.21 14:13:09 | 000,001,674 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.07.18 19:18:44 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\No23 Recorder.lnk
[2011.07.18 18:51:06 | 000,000,724 | ---- | C] () -- C:\Users\Public\Desktop\simfy.lnk
[2011.07.13 19:35:51 | 000,002,061 | ---- | C] () -- C:\Users\Rapho\Documents\Firefox Sync Key.html
[2011.07.08 20:07:38 | 003,523,810 | ---- | C] () -- C:\Users\Rapho\Desktop\Seeed-Molotov.mp3
[2011.07.07 19:11:34 | 000,000,917 | ---- | C] () -- C:\Users\Rapho\Desktop\EVEREST Home Edition.lnk
[2011.05.30 19:50:10 | 000,003,584 | ---- | C] () -- C:\Users\Rapho\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.10 19:15:34 | 002,681,344 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2011.04.11 13:54:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.04.11 13:54:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.04.11 13:53:35 | 000,643,072 | ---- | C] () -- C:\Windows\System32\autochk.exe
[2011.04.11 12:04:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.04.10 01:06:41 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.10 01:06:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.10 01:06:41 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.10 01:06:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011.04.09 18:46:52 | 000,001,356 | ---- | C] () -- C:\Users\Rapho\AppData\Local\d3d9caps.dat
[2011.04.09 15:39:25 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2011.04.09 15:32:11 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2011.04.09 15:32:11 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2011.04.09 15:32:11 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1268.dll
[2011.04.09 15:30:05 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2011.04.09 15:28:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2011.04.09 15:23:53 | 009,598,080 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2011.04.09 15:23:53 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011.04.09 15:20:06 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.08.16 12:28:38 | 000,025,181 | ---- | C] () -- C:\Windows\System32\PROCDB.INI
[2007.08.16 12:28:27 | 000,000,380 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI
[2007.03.29 12:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.12.05 07:26:43 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 003,611,600 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
========== LOP Check ==========
[2011.07.26 18:57:45 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\Acurpo
[2011.07.19 14:49:16 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\Aguhi
[2011.06.11 13:49:10 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\Downloaded Installations
[2011.04.24 22:17:51 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.21 13:22:41 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\FileZilla
[2011.07.31 13:43:41 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\ICQ
[2011.06.15 16:39:33 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\Image-Line
[2011.04.09 18:48:32 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\Lenovo
[2011.04.09 19:10:23 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\OpenOffice.org
[2011.07.19 14:30:56 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\Ovvy
[2011.06.11 13:54:38 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\PCDr
[2011.07.18 18:51:12 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\Simfy
[2011.06.17 15:59:03 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\SynthMaker
[2011.07.09 17:18:11 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\Tobit
[2011.04.11 13:27:44 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\TuneUp Software
[2011.07.01 19:37:30 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\Ucef
[2011.07.01 19:37:30 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\Ugab
[2011.07.26 19:57:34 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\Veavna
[2011.07.31 14:01:26 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
[/code] |
|
31.07.2011, 14:11
| #13 |
| | 2 Probleme: Automatisches Öffnen des IEs und Weiterleitung bei Google Und zu 4: Die Musik sagt mir was ,aber die AppDatas sagen mir nichts |
|
31.07.2011, 17:04
| #14 |
| /// Helfer-Team | 2 Probleme: Automatisches Öffnen des IEs und Weiterleitung bei Google Der Prüfung ergeben, dass das bösartige MBR-Rootkit hat sich im MBR festgesetzt... Der Master Boot Record (MBR) der ersten Festplatte wird beim Start des Rechners geladen, noch vor dem Betriebssystem. Code, der Dort residiert, kann im Prinzip das Betriebssystem kontrollieren. wenn Du statt Format C:\ für Systemreinigung entscheidest, dann so geht`s weiter: TDSSKiller von Kaspersky
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
31.07.2011, 18:28
| #15 |
| | 2 Probleme: Automatisches Öffnen des IEs und Weiterleitung bei GoogleCode:
ATTFilter 2011/07/31 18:55:48.0595 1952 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/07/31 18:55:48.0655 1952 ================================================================================
2011/07/31 18:55:48.0655 1952 SystemInfo:
2011/07/31 18:55:48.0655 1952
2011/07/31 18:55:48.0655 1952 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/31 18:55:48.0655 1952 Product type: Workstation
2011/07/31 18:55:48.0656 1952 ComputerName: RAPHO-PC
2011/07/31 18:55:48.0656 1952 UserName: Rapho
2011/07/31 18:55:48.0656 1952 Windows directory: C:\Windows
2011/07/31 18:55:48.0656 1952 System windows directory: C:\Windows
2011/07/31 18:55:48.0656 1952 Processor architecture: Intel x86
2011/07/31 18:55:48.0656 1952 Number of processors: 2
2011/07/31 18:55:48.0656 1952 Page size: 0x1000
2011/07/31 18:55:48.0656 1952 Boot type: Normal boot
2011/07/31 18:55:48.0656 1952 ================================================================================
2011/07/31 18:55:49.0388 1952 Initialize success
2011/07/31 18:55:57.0098 5596 ================================================================================
2011/07/31 18:55:57.0098 5596 Scan started
2011/07/31 18:55:57.0098 5596 Mode: Manual;
2011/07/31 18:55:57.0098 5596 ================================================================================
2011/07/31 18:55:59.0253 5596 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/31 18:55:59.0427 5596 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/07/31 18:55:59.0531 5596 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/07/31 18:55:59.0625 5596 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/07/31 18:55:59.0696 5596 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/07/31 18:55:59.0853 5596 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/31 18:56:00.0021 5596 AgereSoftModem (a19871ae65a769c65034b4dc44c29023) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/07/31 18:56:00.0180 5596 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/07/31 18:56:00.0251 5596 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/31 18:56:00.0286 5596 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/07/31 18:56:00.0337 5596 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/07/31 18:56:00.0368 5596 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/07/31 18:56:00.0398 5596 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/07/31 18:56:00.0445 5596 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/07/31 18:56:00.0536 5596 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/07/31 18:56:00.0575 5596 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/07/31 18:56:00.0630 5596 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/31 18:56:00.0687 5596 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/31 18:56:00.0768 5596 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/31 18:56:00.0811 5596 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/31 18:56:00.0899 5596 b57nd60x (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/31 18:56:00.0978 5596 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/31 18:56:01.0034 5596 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/07/31 18:56:01.0127 5596 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/31 18:56:01.0172 5596 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/31 18:56:01.0202 5596 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/31 18:56:01.0259 5596 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/31 18:56:01.0297 5596 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/31 18:56:01.0329 5596 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/31 18:56:01.0362 5596 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/31 18:56:01.0406 5596 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/07/31 18:56:01.0434 5596 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/31 18:56:01.0506 5596 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/07/31 18:56:01.0612 5596 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
2011/07/31 18:56:01.0689 5596 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
2011/07/31 18:56:01.0776 5596 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
2011/07/31 18:56:01.0848 5596 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
2011/07/31 18:56:01.0902 5596 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/07/31 18:56:01.0963 5596 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/31 18:56:02.0040 5596 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/31 18:56:02.0119 5596 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/07/31 18:56:02.0183 5596 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/31 18:56:02.0277 5596 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/31 18:56:02.0304 5596 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/07/31 18:56:02.0337 5596 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/31 18:56:02.0377 5596 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/07/31 18:56:02.0408 5596 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/07/31 18:56:02.0530 5596 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/31 18:56:02.0643 5596 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/31 18:56:02.0770 5596 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/31 18:56:02.0845 5596 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/31 18:56:02.0933 5596 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/07/31 18:56:02.0983 5596 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/31 18:56:03.0073 5596 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/31 18:56:03.0162 5596 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/07/31 18:56:03.0215 5596 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/07/31 18:56:03.0322 5596 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/31 18:56:03.0380 5596 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/31 18:56:03.0427 5596 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/31 18:56:03.0508 5596 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/31 18:56:03.0537 5596 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/31 18:56:03.0567 5596 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/31 18:56:03.0626 5596 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/31 18:56:03.0728 5596 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/31 18:56:03.0754 5596 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/31 18:56:03.0841 5596 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/31 18:56:03.0909 5596 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/07/31 18:56:03.0982 5596 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/31 18:56:04.0012 5596 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/31 18:56:04.0056 5596 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/31 18:56:04.0146 5596 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/31 18:56:04.0181 5596 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/07/31 18:56:04.0248 5596 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/07/31 18:56:04.0305 5596 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/07/31 18:56:04.0352 5596 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/31 18:56:04.0429 5596 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/31 18:56:04.0471 5596 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/07/31 18:56:04.0637 5596 igfx (a03b37dbc601c35de9591b6aa1a20c22) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/31 18:56:04.0741 5596 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/31 18:56:04.0883 5596 IntcAzAudAddService (2bd6633db50a98534aa3262e0f9f5a14) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/31 18:56:05.0152 5596 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/07/31 18:56:05.0225 5596 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/31 18:56:05.0314 5596 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/31 18:56:05.0353 5596 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/31 18:56:05.0411 5596 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/31 18:56:05.0441 5596 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/07/31 18:56:05.0503 5596 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/31 18:56:05.0526 5596 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/31 18:56:05.0590 5596 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/31 18:56:05.0621 5596 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/31 18:56:05.0673 5596 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/31 18:56:05.0740 5596 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/31 18:56:05.0867 5596 lenovo.smi (63de2c8974f5d528fbc3d6978fd8ad6a) C:\Windows\system32\DRIVERS\smiif32.sys
2011/07/31 18:56:05.0912 5596 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/31 18:56:06.0008 5596 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
2011/07/31 18:56:06.0058 5596 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/31 18:56:06.0091 5596 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/31 18:56:06.0136 5596 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/31 18:56:06.0185 5596 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/31 18:56:06.0258 5596 MADFUXPONENT (697de5e62fb4672de48111d6997d6e09) C:\Windows\system32\DRIVERS\MAudioXponent_DFU.sys
2011/07/31 18:56:06.0344 5596 MAUSBXPONENT (9629d9e6b66989742f705a849aa193cb) C:\Windows\system32\DRIVERS\MAudioXponent.sys
2011/07/31 18:56:06.0472 5596 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/07/31 18:56:06.0541 5596 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/07/31 18:56:06.0611 5596 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/07/31 18:56:06.0675 5596 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/31 18:56:06.0730 5596 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/31 18:56:06.0760 5596 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/31 18:56:06.0791 5596 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/31 18:56:06.0864 5596 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/31 18:56:06.0897 5596 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/07/31 18:56:06.0959 5596 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/31 18:56:07.0030 5596 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/31 18:56:07.0087 5596 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/31 18:56:07.0150 5596 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/31 18:56:07.0216 5596 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/31 18:56:07.0269 5596 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/31 18:56:07.0356 5596 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/07/31 18:56:07.0394 5596 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/07/31 18:56:07.0458 5596 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/31 18:56:07.0519 5596 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/31 18:56:07.0595 5596 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/31 18:56:07.0638 5596 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/31 18:56:07.0692 5596 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/31 18:56:07.0759 5596 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/31 18:56:07.0823 5596 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/31 18:56:07.0845 5596 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/31 18:56:07.0891 5596 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/31 18:56:07.0954 5596 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/31 18:56:08.0051 5596 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/31 18:56:08.0118 5596 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/31 18:56:08.0158 5596 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/31 18:56:08.0196 5596 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/31 18:56:08.0230 5596 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/31 18:56:08.0298 5596 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/31 18:56:08.0358 5596 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/31 18:56:08.0539 5596 NETw3v32 (ea30bd026a7d1b745a37516880c4ac1b) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/07/31 18:56:08.0635 5596 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/31 18:56:08.0719 5596 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/31 18:56:08.0755 5596 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/31 18:56:08.0847 5596 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/31 18:56:08.0926 5596 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/31 18:56:08.0963 5596 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/31 18:56:08.0993 5596 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/07/31 18:56:09.0026 5596 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/07/31 18:56:09.0065 5596 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/07/31 18:56:09.0196 5596 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/31 18:56:09.0244 5596 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/07/31 18:56:09.0322 5596 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/31 18:56:09.0352 5596 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/31 18:56:09.0421 5596 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/31 18:56:09.0491 5596 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/07/31 18:56:09.0523 5596 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/31 18:56:09.0634 5596 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/31 18:56:09.0820 5596 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/31 18:56:09.0878 5596 PROCDD (c9ca089787aa4ca892f2173a8e15c1b0) C:\Windows\system32\DRIVERS\PROCDD.SYS
2011/07/31 18:56:09.0905 5596 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/07/31 18:56:10.0010 5596 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\Windows\system32\DRIVERS\psadd.sys
2011/07/31 18:56:10.0078 5596 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/31 18:56:10.0172 5596 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/07/31 18:56:10.0231 5596 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/31 18:56:10.0303 5596 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/31 18:56:10.0358 5596 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/31 18:56:10.0397 5596 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/31 18:56:10.0470 5596 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/31 18:56:10.0516 5596 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/31 18:56:10.0589 5596 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/31 18:56:10.0644 5596 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/31 18:56:10.0698 5596 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/07/31 18:56:10.0741 5596 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/31 18:56:10.0809 5596 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/31 18:56:10.0882 5596 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/07/31 18:56:10.0993 5596 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/07/31 18:56:11.0041 5596 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/07/31 18:56:11.0082 5596 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/07/31 18:56:11.0172 5596 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/31 18:56:11.0219 5596 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/31 18:56:11.0333 5596 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/07/31 18:56:11.0373 5596 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/31 18:56:11.0415 5596 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/31 18:56:11.0457 5596 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/07/31 18:56:11.0487 5596 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/31 18:56:11.0544 5596 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/07/31 18:56:11.0575 5596 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/31 18:56:11.0605 5596 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/31 18:56:11.0634 5596 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/31 18:56:11.0679 5596 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/07/31 18:56:11.0734 5596 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/07/31 18:56:11.0762 5596 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/07/31 18:56:11.0840 5596 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/31 18:56:11.0916 5596 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/31 18:56:11.0982 5596 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/31 18:56:12.0067 5596 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/31 18:56:12.0132 5596 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/31 18:56:12.0204 5596 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/07/31 18:56:12.0307 5596 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/31 18:56:12.0372 5596 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/31 18:56:12.0404 5596 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/31 18:56:12.0451 5596 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/31 18:56:12.0534 5596 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/31 18:56:12.0668 5596 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/31 18:56:12.0759 5596 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/31 18:56:12.0815 5596 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/31 18:56:12.0861 5596 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/31 18:56:12.0888 5596 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/31 18:56:12.0936 5596 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/31 18:56:12.0996 5596 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/31 18:56:13.0116 5596 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
2011/07/31 18:56:13.0194 5596 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/31 18:56:13.0221 5596 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/31 18:56:13.0251 5596 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/31 18:56:13.0332 5596 TVTI2C (8ab24d4b7da715c2c80455137910e792) C:\Windows\system32\DRIVERS\Tvti2c.sys
2011/07/31 18:56:13.0384 5596 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/07/31 18:56:13.0449 5596 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/31 18:56:13.0522 5596 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/31 18:56:13.0606 5596 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/07/31 18:56:13.0653 5596 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/31 18:56:13.0688 5596 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/31 18:56:13.0731 5596 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/31 18:56:13.0801 5596 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/31 18:56:13.0882 5596 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/07/31 18:56:13.0916 5596 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/31 18:56:13.0949 5596 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/31 18:56:14.0021 5596 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/31 18:56:14.0061 5596 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/31 18:56:14.0107 5596 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/07/31 18:56:14.0143 5596 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/07/31 18:56:14.0180 5596 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/31 18:56:14.0210 5596 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/31 18:56:14.0288 5596 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/31 18:56:14.0331 5596 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/31 18:56:14.0377 5596 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/07/31 18:56:14.0409 5596 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/07/31 18:56:14.0443 5596 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/07/31 18:56:14.0479 5596 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/31 18:56:14.0546 5596 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/31 18:56:14.0643 5596 volsnap (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys
2011/07/31 18:56:14.0678 5596 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: e269bb33062f9a6b4115c86781d767aa, Fake md5: 147281c01fcb1df9252de2a10d5e7093
2011/07/31 18:56:14.0688 5596 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/07/31 18:56:14.0745 5596 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/07/31 18:56:14.0802 5596 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/31 18:56:14.0848 5596 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/31 18:56:14.0872 5596 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/31 18:56:14.0914 5596 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/07/31 18:56:14.0974 5596 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/31 18:56:15.0211 5596 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/31 18:56:15.0289 5596 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/31 18:56:15.0352 5596 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/31 18:56:15.0457 5596 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/31 18:56:15.0569 5596 MBR (0x1B8) (08acaa2c3cdddaca484b76c636b4edc2) \Device\Harddisk0\DR0
2011/07/31 18:56:15.0612 5596 Boot (0x1200) (8f9861fbbd526a1b2db78b1a983f03b9) \Device\Harddisk0\DR0\Partition0
2011/07/31 18:56:15.0620 5596 ================================================================================
2011/07/31 18:56:15.0620 5596 Scan finished
2011/07/31 18:56:15.0620 5596 ================================================================================
2011/07/31 18:56:15.0638 4692 Detected object count: 1
2011/07/31 18:56:15.0638 4692 Actual detected object count: 1
2011/07/31 18:56:25.0019 4692 volsnap (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys
2011/07/31 18:56:25.0022 4692 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: e269bb33062f9a6b4115c86781d767aa, Fake md5: 147281c01fcb1df9252de2a10d5e7093
2011/07/31 18:56:28.0698 4692 Backup copy found, using it..
2011/07/31 18:56:28.0732 4692 C:\Windows\system32\drivers\volsnap.sys - will be cured after reboot
2011/07/31 18:56:28.0732 4692 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure
2011/07/31 18:56:32.0940 4312 Deinitialize success
|
|
| Themen zu 2 Probleme: Automatisches Öffnen des IEs und Weiterleitung bei Google |
| angezeigt, automatisch, automatisches, explorer, fehlermeldung, google, inter, interne, internet, internet explorer, klicke, minute, minuten, probleme, seite, seiten, trojan.spyeyes, trojan.zbotr.gen, weitergeleitet, weiterleitung, öffnet |
.
Linear-Darstellung
