Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GoogleSuche endet immer auf einer 95p.com Seite

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.01.2012, 21:33   #1
jen_
 
GoogleSuche endet immer auf einer 95p.com Seite - Standard

GoogleSuche endet immer auf einer 95p.com Seite



Hallo,
auch ich habe mir nun wahrscheinlich eine "Rootkit-Infektion" eingefangen.
Bemerkt habe ich dies eher zufällig, da ich die Google-Suchergebnisse nicht mehr wie gewohnt aufrufen kann, sondern auf eine "hxxp://95p.com/?search=....." Seite weiter geleitet werde. Wie ich mir dies eingefangen habe, weiß ich nicht, denn eigentlich war ich nur auf meinen normalen Hauptseiten, die ich regelmäßig nutze.
Zudem kommt bei einigen Seiten nun auch, dass Windows dies geblockt hat aus Sicherheitsgründen.
AntiVir findet zudem nichts. CCleaner benutze ich auch regelmäßig. Auch von Kaspersky habe ich den TSDD-Killer schon benutzt, aber auch ohne Erfolg.
Cookies ect. habe ich alles gelöscht und AntiVir ebenfalls, da es nicht mehr möglich war aus dem Internet Updates zu machen. (Nun habe ich jedoch AntiVir erneut heruntergeladen und es scheint nun wieder zu funktionieren,jedoch ohne negative Suchergebnisse.)

Leider kenne ich mich sonst nicht mehr mit PC/Laptops aus und weiß nun leider nicht was ich den dagegen tun könnte.


Die beschriebenen Schritte zum Überblick habe ich schon durchgeführt:
1.Schritt: war nicht möglich "[...] Defogger.exe ist keine zulässige Win32-Anwendung.

2.Schritt: war hier leider zu schnell und habe erst beim zweiten Scan die benutzerdefinierte Suche gestartet

OTL logfile created on: 01.01.2012 17:47:36 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Jen\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,87 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 63,26% Memory free
3,73 Gb Paging File | 3,22 Gb Available in Paging File | 86,48% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 104,67 Gb Total Space | 39,22 Gb Free Space | 37,47% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Jen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Dokumente und Einstellungen\Jen\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a0915061\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_d1c06882\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_4117bb91\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_06dc7666\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_514d4566\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\ICQ7.2\MDb.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms.resources\1.0.5000.0_de_b77a5c561934e089\system.windows.forms.resources.dll ()
MOD - c:\windows\assembly\gac\system.resources\1.0.5000.0_de_b77a5c561934e089\system.resources.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()


Extras.Txt steckt im Anhang

3.Schritt:Im Anhang



Ich hoffe ihr könnt mir hier helfen . Vielen Dank schonmal

Grüße j
Angehängte Dateien
Dateityp: txt Extras.Txt (26,5 KB, 177x aufgerufen)
Dateityp: zip gmer.zip (50,0 KB, 43x aufgerufen)

Alt 02.01.2012, 16:47   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GoogleSuche endet immer auf einer 95p.com Seite - Standard

GoogleSuche endet immer auf einer 95p.com Seite



- Log ist unvollständig
- bitte alles nach Möglichkeit hier in CODE-Tags posten!
- Log vom TDSS-Killer fehlt (Die Angabe "ohne Erfolg" hilft hier keinem weiter)
- in Zukunft keine Tools mehr ohne Anweisung ausführen!!
__________________

__________________

Alt 02.01.2012, 20:13   #3
jen_
 
GoogleSuche endet immer auf einer 95p.com Seite - Standard

GoogleSuche endet immer auf einer 95p.com Seite



Hallo, sorry. Danke aber für die Antwort =)

Hier ist der hoffentlich vollständige Log.
OTL.Txt OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.01.2012 17:47:36 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Jen\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 63,26% Memory free
3,73 Gb Paging File | 3,22 Gb Available in Paging File | 86,48% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 104,67 Gb Total Space | 39,22 Gb Free Space | 37,47% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Jen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Dokumente und Einstellungen\Jen\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a0915061\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_d1c06882\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_4117bb91\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_06dc7666\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_514d4566\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\ICQ7.2\MDb.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms.resources\1.0.5000.0_de_b77a5c561934e089\system.windows.forms.resources.dll ()
MOD - c:\windows\assembly\gac\system.resources\1.0.5000.0_de_b77a5c561934e089\system.resources.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (WDSmartWareBackgroundService) --  File not found
SRV - (HidServ) --  File not found
SRV - (AppMgmt) --  File not found
SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (HssDrv) -- C:\WINDOWS\system32\drivers\HssDrv.sys (AnchorFree Inc.)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (DNSeFilter) -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS (Samsung Electronics,.LTD)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&ilc=12&p="
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.01.05 19:36:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.11.23 20:26:33 | 000,000,000 | ---D | M]
 
[2010.08.30 22:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Extensions
[2011.11.07 17:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions
[2010.10.30 09:29:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.07 17:35:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.01.05 19:38:58 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\searchplugins\icqplugin.xml
[2011.10.22 10:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.07.04 09:39:56 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.08.25 20:14:19 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\JEN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\C41204GV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.01.05 19:36:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2011.10.03 10:19:02 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.03 10:19:01 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.03 10:19:01 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.03 10:18:58 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.03 10:18:57 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.03 10:18:56 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe ()
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WDDMStatus.lnk = C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WDSmartWare.lnk = C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Dokumente und Einstellungen\Jen\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - mswsock.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63040C9C-CA16-45EC-8085-76C302D55716}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.30 19:51:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c2fad044-a0be-11e0-9e0e-001377074099}\Shell - "" = AutoRun
O33 - MountPoints2\{c2fad044-a0be-11e0-9e0e-001377074099}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c2fad044-a0be-11e0-9e0e-001377074099}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e953605e-982a-11e0-9e04-001377074099}\Shell - "" = AutoRun
O33 - MountPoints2\{e953605e-982a-11e0-9e04-001377074099}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e953605e-982a-11e0-9e04-001377074099}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e9536062-982a-11e0-9e04-001377074099}\Shell - "" = AutoRun
O33 - MountPoints2\{e9536062-982a-11e0-9e04-001377074099}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e9536062-982a-11e0-9e04-001377074099}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\WINDOWS\System32\
[2012.01.01 17:22:19 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Jen\Recent
[2012.01.01 17:03:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jen\Desktop\tdsskiller_2.5.5.0
[2011.12.31 16:10:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Sun
[2011.12.31 13:56:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2011.12.30 22:06:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2011.12.30 22:00:53 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Jen\Lokale Einstellungen\Anwendungsdaten\99422f31
[2011.12.22 17:37:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jen\Eigene Dateien\engel
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\WINDOWS\System32\
[2012.01.07 20:30:08 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Jen\Desktop\Microsoft Office Word 2003.lnk
[2012.01.01 17:48:17 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.01 17:27:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.01 17:03:34 | 001,309,375 | ---- | M] () -- C:\Dokumente und Einstellungen\Jen\Desktop\tdsskiller_2.5.5.0.zip
[2011.12.31 16:10:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.12.27 23:33:28 | 000,096,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Jen\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.22 18:10:59 | 000,030,017 | ---- | M] () -- C:\Dokumente und Einstellungen\Jen\.recently-used.xbel
[2011.12.18 18:48:23 | 002,274,361 | ---- | M] () -- C:\Dokumente und Einstellungen\Jen\Eigene Dateien\CIMG0955.JPG
[2011.12.17 17:35:29 | 000,139,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.14 21:12:22 | 000,280,762 | ---- | M] () -- C:\Dokumente und Einstellungen\Jen\Eigene Dateien\22096.01.xcf
[2011.12.05 19:10:03 | 000,000,070 | ---- | M] () -- C:\Dokumente und Einstellungen\Jen\.gtk-bookmarks
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.01 17:03:31 | 001,309,375 | ---- | C] () -- C:\Dokumente und Einstellungen\Jen\Desktop\tdsskiller_2.5.5.0.zip
[2011.12.22 18:10:59 | 000,030,017 | ---- | C] () -- C:\Dokumente und Einstellungen\Jen\.recently-used.xbel
[2011.12.18 19:23:12 | 000,397,371 | ---- | C] () -- C:\Dokumente und Einstellungen\Jen\Eigene Dateien\mela +schatz.JPG
[2011.12.18 18:50:02 | 002,274,361 | ---- | C] () -- C:\Dokumente und Einstellungen\Jen\Eigene Dateien\CIMG0955.JPG
[2011.12.14 21:12:22 | 000,280,762 | ---- | C] () -- C:\Dokumente und Einstellungen\Jen\Eigene Dateien\22096.01.xcf
[2011.12.14 20:25:10 | 005,192,260 | ---- | C] () -- C:\Dokumente und Einstellungen\Jen\Eigene Dateien\SAM_9446.JPG
[2011.12.14 20:18:08 | 005,002,038 | ---- | C] () -- C:\Dokumente und Einstellungen\Jen\Eigene Dateien\SAM_9400.JPG
[2011.12.05 19:10:03 | 000,000,070 | ---- | C] () -- C:\Dokumente und Einstellungen\Jen\.gtk-bookmarks
[2010.10.13 16:24:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.09.01 13:29:56 | 000,096,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Jen\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.01 12:15:31 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.09.01 11:09:38 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.08.30 22:10:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.08.30 22:02:40 | 000,000,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat
[2010.08.30 21:46:47 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Jen\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.08.30 21:19:15 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2010.08.30 20:36:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.08.30 20:34:41 | 000,139,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.30 19:57:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.08.30 19:55:27 | 000,001,082 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010.08.30 19:48:40 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.02.13 15:29:26 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004.08.04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 13:00:00 | 000,459,844 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.04 13:00:00 | 000,441,906 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 13:00:00 | 000,247,296 | ---- | C] () -- C:\WINDOWS\System32\mswsock.dll
[2004.08.04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 13:00:00 | 000,085,170 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.04 13:00:00 | 000,071,842 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003.07.30 10:48:28 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003.07.30 09:49:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011.12.31 14:06:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService
[2011.08.25 20:21:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hssff
[2010.09.01 11:57:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2011.04.19 15:53:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2010.09.02 12:26:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WD_SmartWareCommon
[2010.09.02 12:07:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Western Digital
[2010.08.30 21:21:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLAN
[2011.12.22 18:10:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\gtk-2.0
[2011.09.11 13:35:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\ICQ
[2010.09.01 13:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\OpenOffice.org
[2010.09.01 12:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\pdfforge
[2011.10.22 10:37:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Search Settings
[2011.04.19 15:53:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Sony
[2011.04.19 14:50:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Sony Setup
[2010.09.02 12:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Western Digital
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.08.30 19:55:31 | 000,000,000 | ---D | M] -- C:\AddOn
[2011.11.24 16:57:29 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2010.09.03 21:04:59 | 000,000,000 | ---D | M] -- C:\d22047a1b05e99b137e693
[2010.08.30 20:00:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.06.27 13:59:35 | 000,000,000 | -HSD | M] -- C:\found.000
[2011.08.25 20:15:40 | 000,000,000 | ---D | M] -- C:\Hotspot Shield
[2010.09.01 11:04:35 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.12.24 13:49:38 | 000,000,000 | ---D | M] -- C:\output
[2011.11.23 20:25:09 | 000,000,000 | R--D | M] -- C:\Programme
[2010.08.30 20:01:18 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.12.31 14:06:01 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.01.01 17:28:27 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
< MD5 for: AFD.SYS  >
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.04.13 23:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008.04.13 23:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2004.08.04 13:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011.02.16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: IPSEC.SYS  >
[2008.04.13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008.04.13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2004.08.04 13:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
 
< MD5 for: REGEDIT.EXE  >
[2004.08.04 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.11.23 15:40:13 | 001,859,712 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-17 14:41:23
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB18828$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
         
--- --- ---


Der TDSS-Killer hat beim ersten Durchlauf keine Log geöffnet, bzw. ich weiß nicht wo dies abgespeichert wurde.
Hab ihn nun erneut laufen gelassen und den Report hier kopiert.

Code:
ATTFilter
20:02:35.0984 3884	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
20:02:36.0156 3884	============================================================
20:02:36.0156 3884	Current date / time: 2012/01/02 20:02:36.0156
20:02:36.0156 3884	SystemInfo:
20:02:36.0156 3884	
20:02:36.0156 3884	OS Version: 5.1.2600 ServicePack: 3.0
20:02:36.0156 3884	Product type: Workstation
20:02:36.0156 3884	ComputerName: LAPTOP
20:02:36.0156 3884	UserName: Jen
20:02:36.0156 3884	Windows directory: C:\WINDOWS
20:02:36.0156 3884	System windows directory: C:\WINDOWS
20:02:36.0156 3884	Processor architecture: Intel x86
20:02:36.0156 3884	Number of processors: 2
20:02:36.0156 3884	Page size: 0x1000
20:02:36.0156 3884	Boot type: Normal boot
20:02:36.0156 3884	============================================================
20:02:38.0140 3884	Initialize success
20:02:44.0187 3272	============================================================
20:02:44.0187 3272	Scan started
20:02:44.0187 3272	Mode: Manual; 
20:02:44.0187 3272	============================================================
20:02:44.0703 3272	Abiosdsk - ok
20:02:44.0750 3272	abp480n5 - ok
20:02:44.0843 3272	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:02:44.0843 3272	ACPI - ok
20:02:44.0890 3272	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:02:44.0890 3272	ACPIEC - ok
20:02:44.0906 3272	adpu160m - ok
20:02:44.0968 3272	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:02:44.0968 3272	aec - ok
20:02:45.0031 3272	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:02:45.0031 3272	AFD - ok
20:02:45.0125 3272	AgereSoftModem  (90456051c422e09bc36e6340dd891f0c) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
20:02:45.0203 3272	AgereSoftModem - ok
20:02:45.0281 3272	Aha154x - ok
20:02:45.0328 3272	aic78u2 - ok
20:02:45.0375 3272	aic78xx - ok
20:02:45.0421 3272	AliIde - ok
20:02:45.0578 3272	Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
20:02:45.0781 3272	Ambfilt - ok
20:02:45.0859 3272	amsint - ok
20:02:46.0000 3272	AR5211          (89873aebbf0309393f0737e26d891209) C:\WINDOWS\system32\DRIVERS\ar5211.sys
20:02:46.0015 3272	AR5211 - ok
20:02:46.0062 3272	asc - ok
20:02:46.0093 3272	asc3350p - ok
20:02:46.0140 3272	asc3550 - ok
20:02:46.0265 3272	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:02:46.0281 3272	AsyncMac - ok
20:02:46.0343 3272	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:02:46.0343 3272	atapi - ok
20:02:46.0359 3272	Atdisk - ok
20:02:46.0515 3272	ati2mtag        (d371d3f40051a1f602c85cef5c787d76) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:02:46.0531 3272	ati2mtag - ok
20:02:46.0578 3272	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:02:46.0593 3272	Atmarpc - ok
20:02:46.0750 3272	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:02:46.0750 3272	audstub - ok
20:02:46.0828 3272	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:02:46.0828 3272	avgntflt - ok
20:02:46.0890 3272	avipbb          (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:02:46.0890 3272	avipbb - ok
20:02:46.0953 3272	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
20:02:46.0953 3272	avkmgr - ok
20:02:46.0984 3272	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:02:46.0984 3272	Beep - ok
20:02:47.0046 3272	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:02:47.0062 3272	cbidf2k - ok
20:02:47.0140 3272	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:02:47.0140 3272	CCDECODE - ok
20:02:47.0218 3272	cd20xrnt - ok
20:02:47.0265 3272	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:02:47.0265 3272	Cdaudio - ok
20:02:47.0375 3272	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:02:47.0375 3272	Cdfs - ok
20:02:47.0390 3272	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:02:47.0390 3272	Cdrom - ok
20:02:47.0406 3272	Changer - ok
20:02:47.0437 3272	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:02:47.0437 3272	CmBatt - ok
20:02:47.0453 3272	CmdIde - ok
20:02:47.0468 3272	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:02:47.0484 3272	Compbatt - ok
20:02:47.0500 3272	Cpqarray - ok
20:02:47.0515 3272	dac2w2k - ok
20:02:47.0531 3272	dac960nt - ok
20:02:47.0562 3272	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:02:47.0562 3272	Disk - ok
20:02:47.0671 3272	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
20:02:47.0718 3272	dmboot - ok
20:02:47.0765 3272	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
20:02:47.0781 3272	dmio - ok
20:02:47.0812 3272	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:02:47.0812 3272	dmload - ok
20:02:47.0875 3272	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:02:47.0875 3272	DMusic - ok
20:02:47.0984 3272	DNSeFilter      (459a946c0766aa3d342d0f0ded90cf8d) C:\WINDOWS\system32\drivers\SamsungEDS.sys
20:02:48.0000 3272	DNSeFilter - ok
20:02:48.0046 3272	dpti2o - ok
20:02:48.0093 3272	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:02:48.0093 3272	drmkaud - ok
20:02:48.0203 3272	ewusbnet        (4fd02e31eac2cbc81eb08a1ce81e73a2) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
20:02:48.0203 3272	ewusbnet - ok
20:02:48.0265 3272	ew_hwusbdev     (e98a64c7f106740a38fb2b78197816f8) C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
20:02:48.0265 3272	ew_hwusbdev - ok
20:02:48.0343 3272	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:02:48.0359 3272	Fastfat - ok
20:02:48.0390 3272	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:02:48.0390 3272	Fdc - ok
20:02:48.0421 3272	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
20:02:48.0421 3272	Fips - ok
20:02:48.0453 3272	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:02:48.0453 3272	Flpydisk - ok
20:02:48.0484 3272	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:02:48.0500 3272	FltMgr - ok
20:02:48.0515 3272	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:02:48.0515 3272	Fs_Rec - ok
20:02:48.0562 3272	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:02:48.0578 3272	Ftdisk - ok
20:02:48.0625 3272	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:02:48.0625 3272	Gpc - ok
20:02:48.0671 3272	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:02:48.0671 3272	HDAudBus - ok
20:02:48.0750 3272	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:02:48.0750 3272	HidUsb - ok
20:02:48.0796 3272	hpn - ok
20:02:48.0859 3272	HssDrv          (4f28652ec514fa1ba473bc1a695a5c98) C:\WINDOWS\system32\DRIVERS\HssDrv.sys
20:02:48.0859 3272	HssDrv - ok
20:02:48.0953 3272	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:02:48.0953 3272	HTTP - ok
20:02:49.0015 3272	huawei_enumerator (22a4b14530194fc57c1c849fb5afee17) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
20:02:49.0015 3272	huawei_enumerator - ok
20:02:49.0093 3272	hwdatacard      (3e3bfe85b9fe3720bf4c108f57c945fb) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
20:02:49.0093 3272	hwdatacard - ok
20:02:49.0156 3272	i2omgmt - ok
20:02:49.0218 3272	i2omp - ok
20:02:49.0296 3272	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:02:49.0296 3272	i8042prt - ok
20:02:49.0312 3272	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:02:49.0328 3272	Imapi - ok
20:02:49.0343 3272	ini910u - ok
20:02:49.0812 3272	IntcAzAudAddService (85ab23f3e4ba6696fae8beb9d434edd6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:02:49.0875 3272	IntcAzAudAddService - ok
20:02:49.0921 3272	IntelIde - ok
20:02:49.0953 3272	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:02:49.0953 3272	intelppm - ok
20:02:50.0000 3272	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:02:50.0000 3272	Ip6Fw - ok
20:02:50.0046 3272	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:02:50.0046 3272	IpFilterDriver - ok
20:02:50.0062 3272	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:02:50.0078 3272	IpInIp - ok
20:02:50.0109 3272	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:02:50.0109 3272	IpNat - ok
20:02:50.0250 3272	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:02:50.0250 3272	IPSec - ok
20:02:50.0281 3272	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:02:50.0296 3272	IRENUM - ok
20:02:50.0328 3272	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:02:50.0343 3272	isapnp - ok
20:02:50.0359 3272	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:02:50.0359 3272	Kbdclass - ok
20:02:50.0437 3272	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:02:50.0437 3272	kmixer - ok
20:02:50.0484 3272	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:02:50.0484 3272	KSecDD - ok
20:02:50.0531 3272	lbrtfdc - ok
20:02:50.0593 3272	MBAMSwissArmy   (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
20:02:50.0609 3272	MBAMSwissArmy - ok
20:02:50.0671 3272	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:02:50.0671 3272	mnmdd - ok
20:02:50.0828 3272	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
20:02:50.0828 3272	Modem - ok
20:02:50.0968 3272	Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
20:02:51.0078 3272	Monfilt - ok
20:02:51.0125 3272	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:02:51.0125 3272	Mouclass - ok
20:02:51.0203 3272	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:02:51.0203 3272	mouhid - ok
20:02:51.0296 3272	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:02:51.0296 3272	MountMgr - ok
20:02:51.0312 3272	mraid35x - ok
20:02:51.0328 3272	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:02:51.0328 3272	MRxDAV - ok
20:02:51.0390 3272	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:02:51.0406 3272	MRxSmb - ok
20:02:51.0421 3272	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:02:51.0421 3272	Msfs - ok
20:02:51.0500 3272	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:02:51.0500 3272	MSKSSRV - ok
20:02:51.0515 3272	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:02:51.0531 3272	MSPCLOCK - ok
20:02:51.0531 3272	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:02:51.0546 3272	MSPQM - ok
20:02:51.0562 3272	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:02:51.0562 3272	mssmbios - ok
20:02:51.0609 3272	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:02:51.0625 3272	MSTEE - ok
20:02:51.0671 3272	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:02:51.0671 3272	Mup - ok
20:02:51.0734 3272	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:02:51.0750 3272	NABTSFEC - ok
20:02:51.0875 3272	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:02:51.0890 3272	NDIS - ok
20:02:51.0937 3272	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:02:51.0937 3272	NdisIP - ok
20:02:52.0000 3272	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:02:52.0000 3272	NdisTapi - ok
20:02:52.0015 3272	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:02:52.0015 3272	Ndisuio - ok
20:02:52.0031 3272	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:02:52.0031 3272	NdisWan - ok
20:02:52.0093 3272	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:02:52.0093 3272	NDProxy - ok
20:02:52.0187 3272	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:02:52.0187 3272	NetBIOS - ok
20:02:52.0250 3272	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:02:52.0250 3272	NetBT - ok
20:02:52.0343 3272	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:02:52.0343 3272	Npfs - ok
20:02:52.0406 3272	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:02:52.0437 3272	Ntfs - ok
20:02:52.0468 3272	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:02:52.0468 3272	Null - ok
20:02:52.0531 3272	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:02:52.0531 3272	NwlnkFlt - ok
20:02:52.0625 3272	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:02:52.0640 3272	NwlnkFwd - ok
20:02:52.0765 3272	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
20:02:52.0781 3272	Parport - ok
20:02:52.0828 3272	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:02:52.0828 3272	PartMgr - ok
20:02:52.0906 3272	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
20:02:52.0921 3272	ParVdm - ok
20:02:53.0015 3272	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
20:02:53.0031 3272	PCI - ok
20:02:53.0046 3272	PCIDump - ok
20:02:53.0062 3272	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:02:53.0078 3272	PCIIde - ok
20:02:53.0109 3272	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:02:53.0125 3272	Pcmcia - ok
20:02:53.0125 3272	PDCOMP - ok
20:02:53.0140 3272	PDFRAME - ok
20:02:53.0156 3272	PDRELI - ok
20:02:53.0171 3272	PDRFRAME - ok
20:02:53.0187 3272	perc2 - ok
20:02:53.0203 3272	perc2hib - ok
20:02:53.0281 3272	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:02:53.0281 3272	PptpMiniport - ok
20:02:53.0296 3272	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:02:53.0296 3272	PSched - ok
20:02:53.0343 3272	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:02:53.0343 3272	Ptilink - ok
20:02:53.0359 3272	PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:02:53.0375 3272	PxHelp20 - ok
20:02:53.0390 3272	ql1080 - ok
20:02:53.0406 3272	Ql10wnt - ok
20:02:53.0406 3272	ql12160 - ok
20:02:53.0421 3272	ql1240 - ok
20:02:53.0437 3272	ql1280 - ok
20:02:53.0484 3272	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:02:53.0484 3272	RasAcd - ok
20:02:53.0515 3272	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:02:53.0515 3272	Rasl2tp - ok
20:02:53.0531 3272	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:02:53.0531 3272	RasPppoe - ok
20:02:53.0546 3272	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:02:53.0546 3272	Raspti - ok
20:02:53.0593 3272	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:02:53.0593 3272	Rdbss - ok
20:02:53.0609 3272	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:02:53.0609 3272	RDPCDD - ok
20:02:53.0656 3272	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:02:53.0656 3272	RDPWD - ok
20:02:53.0796 3272	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:02:53.0796 3272	redbook - ok
20:02:53.0843 3272	rimmptsk        (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
20:02:53.0843 3272	rimmptsk - ok
20:02:53.0890 3272	rimsptsk        (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
20:02:53.0890 3272	rimsptsk - ok
20:02:53.0937 3272	rismxdp         (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
20:02:53.0937 3272	rismxdp - ok
20:02:54.0031 3272	rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:02:54.0031 3272	rtl8139 - ok
20:02:54.0109 3272	sdbus           (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:02:54.0125 3272	sdbus - ok
20:02:54.0171 3272	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:02:54.0171 3272	Secdrv - ok
20:02:54.0234 3272	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
20:02:54.0234 3272	Serial - ok
20:02:54.0312 3272	sffdisk         (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
20:02:54.0312 3272	sffdisk - ok
20:02:54.0328 3272	sffp_sd         (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
20:02:54.0343 3272	sffp_sd - ok
20:02:54.0359 3272	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:02:54.0359 3272	Sfloppy - ok
20:02:54.0390 3272	Simbad - ok
20:02:54.0453 3272	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:02:54.0453 3272	SLIP - ok
20:02:54.0468 3272	Sparrow - ok
20:02:54.0531 3272	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:02:54.0531 3272	splitter - ok
20:02:54.0656 3272	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
20:02:54.0671 3272	sr - ok
20:02:54.0781 3272	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:02:54.0781 3272	Srv - ok
20:02:54.0859 3272	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:02:54.0859 3272	ssmdrv - ok
20:02:54.0906 3272	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:02:54.0921 3272	streamip - ok
20:02:55.0031 3272	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:02:55.0031 3272	swenum - ok
20:02:55.0109 3272	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:02:55.0109 3272	swmidi - ok
20:02:55.0125 3272	symc810 - ok
20:02:55.0140 3272	symc8xx - ok
20:02:55.0156 3272	sym_hi - ok
20:02:55.0171 3272	sym_u3 - ok
20:02:55.0250 3272	SynTP           (91ce9afbbd011ff6b0ae15ee3a62edcc) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:02:55.0250 3272	SynTP - ok
20:02:55.0328 3272	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:02:55.0328 3272	sysaudio - ok
20:02:55.0390 3272	taphss          (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
20:02:55.0390 3272	taphss - ok
20:02:55.0484 3272	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:02:55.0484 3272	Tcpip - ok
20:02:55.0531 3272	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:02:55.0531 3272	TDPIPE - ok
20:02:55.0562 3272	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:02:55.0578 3272	TDTCP - ok
20:02:55.0640 3272	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:02:55.0640 3272	TermDD - ok
20:02:55.0687 3272	TosIde - ok
20:02:55.0796 3272	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:02:55.0812 3272	Udfs - ok
20:02:55.0812 3272	ultra - ok
20:02:55.0875 3272	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:02:55.0875 3272	Update - ok
20:02:55.0921 3272	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:02:55.0937 3272	usbaudio - ok
20:02:56.0031 3272	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:02:56.0031 3272	usbccgp - ok
20:02:56.0062 3272	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:02:56.0062 3272	usbehci - ok
20:02:56.0078 3272	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:02:56.0078 3272	usbhub - ok
20:02:56.0109 3272	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:02:56.0109 3272	usbohci - ok
20:02:56.0156 3272	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:02:56.0171 3272	usbscan - ok
20:02:56.0281 3272	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:02:56.0281 3272	USBSTOR - ok
20:02:56.0390 3272	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
20:02:56.0390 3272	usbvideo - ok
20:02:56.0453 3272	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:02:56.0453 3272	VgaSave - ok
20:02:56.0468 3272	ViaIde - ok
20:02:56.0484 3272	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
20:02:56.0500 3272	VolSnap - ok
20:02:56.0578 3272	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:02:56.0578 3272	Wanarp - ok
20:02:56.0609 3272	WDC_SAM         (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
20:02:56.0625 3272	WDC_SAM - ok
20:02:56.0703 3272	Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:02:56.0703 3272	Wdf01000 - ok
20:02:56.0718 3272	WDICA - ok
20:02:56.0781 3272	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:02:56.0781 3272	wdmaud - ok
20:02:56.0906 3272	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
20:02:56.0906 3272	WpdUsb - ok
20:02:56.0984 3272	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:02:57.0000 3272	WSTCODEC - ok
20:02:57.0062 3272	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:02:57.0078 3272	WudfPf - ok
20:02:57.0125 3272	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:02:57.0140 3272	WudfRd - ok
20:02:57.0187 3272	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
20:02:57.0359 3272	\Device\Harddisk0\DR0 - ok
20:02:57.0359 3272	Boot (0x1200)   (5adf4f77d49c85b94c031ae8ac5894ac) \Device\Harddisk0\DR0\Partition0
20:02:57.0375 3272	\Device\Harddisk0\DR0\Partition0 - ok
20:02:57.0375 3272	============================================================
20:02:57.0375 3272	Scan finished
20:02:57.0375 3272	============================================================
20:02:57.0390 0576	Detected object count: 0
20:02:57.0390 0576	Actual detected object count: 0
         

Grüße
__________________

Alt 02.01.2012, 21:33   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GoogleSuche endet immer auf einer 95p.com Seite - Standard

GoogleSuche endet immer auf einer 95p.com Seite



Die Logs vom TDSS-Killer liegen direkt auf C:
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.01.2012, 21:49   #5
jen_
 
GoogleSuche endet immer auf einer 95p.com Seite - Standard

GoogleSuche endet immer auf einer 95p.com Seite



Okay.

Log von gestern :
Code:
ATTFilter
2012/01/01 17:03:54.0187 1656	TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2012/01/01 17:04:00.0218 1656	================================================================================
2012/01/01 17:04:00.0218 1656	SystemInfo:
2012/01/01 17:04:00.0218 1656	
2012/01/01 17:04:00.0218 1656	OS Version: 5.1.2600 ServicePack: 3.0
2012/01/01 17:04:00.0218 1656	Product type: Workstation
2012/01/01 17:04:00.0218 1656	ComputerName: LAPTOP
2012/01/01 17:04:00.0218 1656	UserName: Jen
2012/01/01 17:04:00.0218 1656	Windows directory: C:\WINDOWS
2012/01/01 17:04:00.0218 1656	System windows directory: C:\WINDOWS
2012/01/01 17:04:00.0218 1656	Processor architecture: Intel x86
2012/01/01 17:04:00.0218 1656	Number of processors: 2
2012/01/01 17:04:00.0218 1656	Page size: 0x1000
2012/01/01 17:04:00.0218 1656	Boot type: Normal boot
2012/01/01 17:04:00.0218 1656	================================================================================
2012/01/01 17:04:03.0734 1656	Initialize success
2012/01/01 17:04:07.0187 1044	================================================================================
2012/01/01 17:04:07.0187 1044	Scan started
2012/01/01 17:04:07.0187 1044	Mode: Manual; 
2012/01/01 17:04:07.0187 1044	================================================================================
2012/01/01 17:04:12.0546 1044	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2012/01/01 17:04:12.0953 1044	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2012/01/01 17:04:13.0234 1044	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2012/01/01 17:04:13.0328 1044	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
2012/01/01 17:04:13.0468 1044	AgereSoftModem  (90456051c422e09bc36e6340dd891f0c) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2012/01/01 17:04:13.0796 1044	Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2012/01/01 17:04:14.0078 1044	AR5211          (89873aebbf0309393f0737e26d891209) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2012/01/01 17:04:14.0281 1044	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2012/01/01 17:04:14.0312 1044	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2012/01/01 17:04:14.0484 1044	ati2mtag        (d371d3f40051a1f602c85cef5c787d76) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2012/01/01 17:04:14.0640 1044	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2012/01/01 17:04:14.0718 1044	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2012/01/01 17:04:14.0843 1044	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2012/01/01 17:04:14.0906 1044	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2012/01/01 17:04:14.0937 1044	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2012/01/01 17:04:14.0968 1044	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2012/01/01 17:04:15.0031 1044	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2012/01/01 17:04:15.0187 1044	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2012/01/01 17:04:15.0265 1044	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2012/01/01 17:04:15.0312 1044	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2012/01/01 17:04:15.0375 1044	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2012/01/01 17:04:15.0421 1044	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2012/01/01 17:04:15.0468 1044	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2012/01/01 17:04:15.0578 1044	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2012/01/01 17:04:15.0656 1044	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2012/01/01 17:04:15.0718 1044	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2012/01/01 17:04:15.0765 1044	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2012/01/01 17:04:15.0828 1044	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2012/01/01 17:04:15.0906 1044	DNSeFilter      (459a946c0766aa3d342d0f0ded90cf8d) C:\WINDOWS\system32\drivers\SamsungEDS.sys
2012/01/01 17:04:16.0000 1044	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2012/01/01 17:04:16.0125 1044	ewusbnet        (4fd02e31eac2cbc81eb08a1ce81e73a2) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
2012/01/01 17:04:16.0187 1044	ew_hwusbdev     (e98a64c7f106740a38fb2b78197816f8) C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
2012/01/01 17:04:16.0265 1044	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2012/01/01 17:04:16.0328 1044	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2012/01/01 17:04:16.0343 1044	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2012/01/01 17:04:16.0375 1044	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2012/01/01 17:04:16.0421 1044	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2012/01/01 17:04:16.0453 1044	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2012/01/01 17:04:16.0500 1044	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2012/01/01 17:04:16.0531 1044	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2012/01/01 17:04:16.0562 1044	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2012/01/01 17:04:16.0640 1044	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2012/01/01 17:04:16.0781 1044	HssDrv          (4f28652ec514fa1ba473bc1a695a5c98) C:\WINDOWS\system32\DRIVERS\HssDrv.sys
2012/01/01 17:04:16.0859 1044	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2012/01/01 17:04:16.0906 1044	huawei_enumerator (22a4b14530194fc57c1c849fb5afee17) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
2012/01/01 17:04:16.0953 1044	hwdatacard      (3e3bfe85b9fe3720bf4c108f57c945fb) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2012/01/01 17:04:17.0046 1044	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2012/01/01 17:04:17.0109 1044	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2012/01/01 17:04:17.0578 1044	IntcAzAudAddService (85ab23f3e4ba6696fae8beb9d434edd6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2012/01/01 17:04:17.0703 1044	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2012/01/01 17:04:17.0750 1044	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2012/01/01 17:04:17.0843 1044	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2012/01/01 17:04:17.0906 1044	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2012/01/01 17:04:17.0968 1044	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2012/01/01 17:04:18.0000 1044	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2012/01/01 17:04:18.0046 1044	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2012/01/01 17:04:18.0109 1044	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2012/01/01 17:04:18.0140 1044	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2012/01/01 17:04:18.0218 1044	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2012/01/01 17:04:18.0343 1044	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2012/01/01 17:04:18.0468 1044	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2012/01/01 17:04:18.0515 1044	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2012/01/01 17:04:18.0687 1044	Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2012/01/01 17:04:18.0875 1044	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2012/01/01 17:04:18.0968 1044	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2012/01/01 17:04:19.0000 1044	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2012/01/01 17:04:19.0046 1044	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2012/01/01 17:04:19.0109 1044	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2012/01/01 17:04:19.0171 1044	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2012/01/01 17:04:19.0250 1044	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2012/01/01 17:04:19.0328 1044	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2012/01/01 17:04:19.0359 1044	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2012/01/01 17:04:19.0406 1044	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2012/01/01 17:04:19.0484 1044	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2012/01/01 17:04:19.0546 1044	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2012/01/01 17:04:19.0593 1044	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2012/01/01 17:04:19.0625 1044	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2012/01/01 17:04:19.0656 1044	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2012/01/01 17:04:19.0718 1044	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2012/01/01 17:04:19.0796 1044	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2012/01/01 17:04:20.0640 1044	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2012/01/01 17:04:20.0875 1044	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2012/01/01 17:04:20.0921 1044	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2012/01/01 17:04:20.0984 1044	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2012/01/01 17:04:21.0078 1044	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2012/01/01 17:04:21.0125 1044	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2012/01/01 17:04:21.0218 1044	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2012/01/01 17:04:21.0250 1044	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2012/01/01 17:04:21.0296 1044	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2012/01/01 17:04:21.0328 1044	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2012/01/01 17:04:21.0375 1044	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2012/01/01 17:04:21.0406 1044	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2012/01/01 17:04:21.0453 1044	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2012/01/01 17:04:21.0531 1044	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2012/01/01 17:04:21.0546 1044	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2012/01/01 17:04:21.0718 1044	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2012/01/01 17:04:21.0750 1044	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2012/01/01 17:04:21.0812 1044	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2012/01/01 17:04:21.0906 1044	PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2012/01/01 17:04:22.0031 1044	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2012/01/01 17:04:22.0062 1044	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2012/01/01 17:04:22.0078 1044	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2012/01/01 17:04:22.0125 1044	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2012/01/01 17:04:22.0171 1044	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2012/01/01 17:04:22.0203 1044	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2012/01/01 17:04:22.0343 1044	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2012/01/01 17:04:22.0453 1044	redbook         (ae807e85c653c9a1167d8cd552de7a1e) C:\WINDOWS\system32\DRIVERS\redbook.sys
2012/01/01 17:04:22.0453 1044	Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: ae807e85c653c9a1167d8cd552de7a1e, Fake md5: ed761d453856f795a7fe056e42c36365
2012/01/01 17:04:22.0468 1044	redbook - detected ForgedFile.Multi.Generic (1)
2012/01/01 17:04:22.0546 1044	rimmptsk        (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2012/01/01 17:04:22.0593 1044	rimsptsk        (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2012/01/01 17:04:22.0656 1044	rismxdp         (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2012/01/01 17:04:22.0750 1044	rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2012/01/01 17:04:22.0906 1044	sdbus           (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2012/01/01 17:04:23.0000 1044	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2012/01/01 17:04:23.0078 1044	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
2012/01/01 17:04:23.0171 1044	sffdisk         (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2012/01/01 17:04:23.0234 1044	sffp_sd         (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2012/01/01 17:04:23.0328 1044	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2012/01/01 17:04:23.0484 1044	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2012/01/01 17:04:23.0640 1044	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2012/01/01 17:04:23.0750 1044	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2012/01/01 17:04:23.0906 1044	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2012/01/01 17:04:24.0015 1044	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2012/01/01 17:04:24.0109 1044	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2012/01/01 17:04:24.0234 1044	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2012/01/01 17:04:24.0578 1044	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2012/01/01 17:04:24.0859 1044	SynTP           (91ce9afbbd011ff6b0ae15ee3a62edcc) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2012/01/01 17:04:24.0906 1044	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2012/01/01 17:04:24.0953 1044	taphss          (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
2012/01/01 17:04:25.0046 1044	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2012/01/01 17:04:25.0156 1044	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2012/01/01 17:04:25.0234 1044	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2012/01/01 17:04:25.0265 1044	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2012/01/01 17:04:25.0343 1044	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2012/01/01 17:04:25.0406 1044	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2012/01/01 17:04:25.0468 1044	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2012/01/01 17:04:25.0562 1044	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2012/01/01 17:04:25.0593 1044	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2012/01/01 17:04:25.0625 1044	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2012/01/01 17:04:25.0640 1044	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2012/01/01 17:04:25.0750 1044	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2012/01/01 17:04:25.0765 1044	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2012/01/01 17:04:25.0859 1044	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2012/01/01 17:04:25.0906 1044	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2012/01/01 17:04:26.0015 1044	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2012/01/01 17:04:26.0062 1044	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2012/01/01 17:04:26.0125 1044	WDC_SAM         (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2012/01/01 17:04:26.0203 1044	Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2012/01/01 17:04:26.0296 1044	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2012/01/01 17:04:26.0421 1044	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2012/01/01 17:04:26.0500 1044	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2012/01/01 17:04:26.0546 1044	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2012/01/01 17:04:26.0578 1044	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2012/01/01 17:04:26.0640 1044	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
2012/01/01 17:04:26.0812 1044	================================================================================
2012/01/01 17:04:26.0812 1044	Scan finished
2012/01/01 17:04:26.0812 1044	================================================================================
2012/01/01 17:04:26.0843 2616	Detected object count: 1
2012/01/01 17:04:26.0843 2616	Actual detected object count: 1
2012/01/01 17:04:32.0453 2616	ForgedFile.Multi.Generic(redbook) - User select action: Skip 
2012/01/01 17:04:40.0359 1532	================================================================================
2012/01/01 17:04:40.0359 1532	Scan started
2012/01/01 17:04:40.0359 1532	Mode: Manual; 
2012/01/01 17:04:40.0359 1532	================================================================================
2012/01/01 17:04:42.0015 1532	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2012/01/01 17:04:42.0078 1532	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2012/01/01 17:04:42.0156 1532	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2012/01/01 17:04:42.0203 1532	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
2012/01/01 17:04:42.0312 1532	AgereSoftModem  (90456051c422e09bc36e6340dd891f0c) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2012/01/01 17:04:42.0515 1532	Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2012/01/01 17:04:42.0640 1532	AR5211          (89873aebbf0309393f0737e26d891209) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2012/01/01 17:04:42.0906 1532	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2012/01/01 17:04:42.0968 1532	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2012/01/01 17:04:43.0156 1532	ati2mtag        (d371d3f40051a1f602c85cef5c787d76) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2012/01/01 17:04:43.0203 1532	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2012/01/01 17:04:43.0250 1532	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2012/01/01 17:04:43.0406 1532	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2012/01/01 17:04:43.0484 1532	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2012/01/01 17:04:43.0546 1532	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2012/01/01 17:04:43.0578 1532	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2012/01/01 17:04:43.0625 1532	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2012/01/01 17:04:43.0765 1532	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2012/01/01 17:04:43.0828 1532	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2012/01/01 17:04:43.0906 1532	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2012/01/01 17:04:43.0953 1532	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2012/01/01 17:04:44.0046 1532	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2012/01/01 17:04:44.0140 1532	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2012/01/01 17:04:44.0421 1532	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2012/01/01 17:04:44.0531 1532	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2012/01/01 17:04:44.0593 1532	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2012/01/01 17:04:44.0656 1532	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2012/01/01 17:04:44.0765 1532	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2012/01/01 17:04:44.0890 1532	DNSeFilter      (459a946c0766aa3d342d0f0ded90cf8d) C:\WINDOWS\system32\drivers\SamsungEDS.sys
2012/01/01 17:04:44.0953 1532	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2012/01/01 17:04:45.0031 1532	ewusbnet        (4fd02e31eac2cbc81eb08a1ce81e73a2) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
2012/01/01 17:04:45.0062 1532	ew_hwusbdev     (e98a64c7f106740a38fb2b78197816f8) C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
2012/01/01 17:04:45.0140 1532	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2012/01/01 17:04:45.0187 1532	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2012/01/01 17:04:45.0203 1532	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2012/01/01 17:04:45.0250 1532	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2012/01/01 17:04:45.0312 1532	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2012/01/01 17:04:45.0421 1532	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2012/01/01 17:04:45.0437 1532	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2012/01/01 17:04:45.0468 1532	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2012/01/01 17:04:45.0500 1532	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2012/01/01 17:04:45.0578 1532	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2012/01/01 17:04:45.0656 1532	HssDrv          (4f28652ec514fa1ba473bc1a695a5c98) C:\WINDOWS\system32\DRIVERS\HssDrv.sys
2012/01/01 17:04:45.0750 1532	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2012/01/01 17:04:45.0781 1532	huawei_enumerator (22a4b14530194fc57c1c849fb5afee17) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
2012/01/01 17:04:45.0843 1532	hwdatacard      (3e3bfe85b9fe3720bf4c108f57c945fb) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2012/01/01 17:04:46.0046 1532	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2012/01/01 17:04:46.0078 1532	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2012/01/01 17:04:46.0562 1532	IntcAzAudAddService (85ab23f3e4ba6696fae8beb9d434edd6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2012/01/01 17:04:46.0656 1532	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2012/01/01 17:04:46.0687 1532	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2012/01/01 17:04:46.0734 1532	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2012/01/01 17:04:46.0765 1532	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2012/01/01 17:04:46.0828 1532	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2012/01/01 17:04:46.0843 1532	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2012/01/01 17:04:46.0890 1532	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2012/01/01 17:04:46.0937 1532	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2012/01/01 17:04:46.0968 1532	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2012/01/01 17:04:47.0046 1532	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2012/01/01 17:04:47.0109 1532	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2012/01/01 17:04:47.0328 1532	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2012/01/01 17:04:47.0390 1532	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2012/01/01 17:04:47.0531 1532	Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2012/01/01 17:04:47.0562 1532	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2012/01/01 17:04:47.0640 1532	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2012/01/01 17:04:47.0671 1532	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2012/01/01 17:04:47.0718 1532	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2012/01/01 17:04:47.0781 1532	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2012/01/01 17:04:47.0812 1532	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2012/01/01 17:04:47.0890 1532	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2012/01/01 17:04:47.0984 1532	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2012/01/01 17:04:48.0015 1532	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2012/01/01 17:04:48.0093 1532	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2012/01/01 17:04:48.0156 1532	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2012/01/01 17:04:48.0203 1532	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2012/01/01 17:04:48.0265 1532	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2012/01/01 17:04:48.0343 1532	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2012/01/01 17:04:48.0375 1532	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2012/01/01 17:04:48.0437 1532	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2012/01/01 17:04:48.0468 1532	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2012/01/01 17:04:48.0515 1532	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2012/01/01 17:04:48.0578 1532	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2012/01/01 17:04:48.0625 1532	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2012/01/01 17:04:48.0656 1532	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2012/01/01 17:04:48.0703 1532	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2012/01/01 17:04:48.0781 1532	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2012/01/01 17:04:48.0828 1532	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2012/01/01 17:04:48.0875 1532	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2012/01/01 17:04:48.0921 1532	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2012/01/01 17:04:49.0015 1532	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2012/01/01 17:04:49.0031 1532	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2012/01/01 17:04:49.0093 1532	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2012/01/01 17:04:49.0125 1532	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2012/01/01 17:04:49.0281 1532	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2012/01/01 17:04:49.0328 1532	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2012/01/01 17:04:49.0578 1532	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2012/01/01 17:04:49.0593 1532	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2012/01/01 17:04:49.0625 1532	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2012/01/01 17:04:49.0703 1532	PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2012/01/01 17:04:49.0937 1532	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2012/01/01 17:04:50.0015 1532	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2012/01/01 17:04:50.0078 1532	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2012/01/01 17:04:50.0125 1532	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2012/01/01 17:04:50.0218 1532	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2012/01/01 17:04:50.0281 1532	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2012/01/01 17:04:50.0359 1532	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2012/01/01 17:04:50.0390 1532	redbook         (ae807e85c653c9a1167d8cd552de7a1e) C:\WINDOWS\system32\DRIVERS\redbook.sys
2012/01/01 17:04:50.0390 1532	Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: ae807e85c653c9a1167d8cd552de7a1e, Fake md5: ed761d453856f795a7fe056e42c36365
2012/01/01 17:04:50.0390 1532	redbook - detected ForgedFile.Multi.Generic (1)
2012/01/01 17:04:50.0484 1532	rimmptsk        (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2012/01/01 17:04:50.0500 1532	rimsptsk        (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2012/01/01 17:04:50.0546 1532	rismxdp         (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2012/01/01 17:04:50.0625 1532	rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2012/01/01 17:04:50.0750 1532	sdbus           (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2012/01/01 17:04:50.0812 1532	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2012/01/01 17:04:50.0906 1532	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
2012/01/01 17:04:50.0968 1532	sffdisk         (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2012/01/01 17:04:51.0000 1532	sffp_sd         (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2012/01/01 17:04:51.0015 1532	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2012/01/01 17:04:51.0140 1532	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2012/01/01 17:04:51.0250 1532	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2012/01/01 17:04:51.0343 1532	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2012/01/01 17:04:51.0437 1532	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2012/01/01 17:04:51.0468 1532	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2012/01/01 17:04:51.0562 1532	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2012/01/01 17:04:51.0687 1532	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2012/01/01 17:04:51.0750 1532	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2012/01/01 17:04:51.0953 1532	SynTP           (91ce9afbbd011ff6b0ae15ee3a62edcc) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2012/01/01 17:04:51.0984 1532	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2012/01/01 17:04:52.0031 1532	taphss          (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
2012/01/01 17:04:52.0125 1532	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2012/01/01 17:04:52.0203 1532	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2012/01/01 17:04:52.0484 1532	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2012/01/01 17:04:52.0546 1532	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2012/01/01 17:04:52.0640 1532	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2012/01/01 17:04:52.0781 1532	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2012/01/01 17:04:52.0875 1532	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2012/01/01 17:04:52.0937 1532	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2012/01/01 17:04:53.0015 1532	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2012/01/01 17:04:53.0046 1532	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2012/01/01 17:04:53.0078 1532	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2012/01/01 17:04:53.0140 1532	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2012/01/01 17:04:53.0187 1532	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2012/01/01 17:04:53.0234 1532	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2012/01/01 17:04:53.0328 1532	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2012/01/01 17:04:53.0406 1532	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2012/01/01 17:04:53.0500 1532	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2012/01/01 17:04:53.0562 1532	WDC_SAM         (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2012/01/01 17:04:53.0687 1532	Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2012/01/01 17:04:53.0796 1532	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2012/01/01 17:04:53.0921 1532	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2012/01/01 17:04:53.0984 1532	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2012/01/01 17:04:54.0062 1532	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2012/01/01 17:04:54.0109 1532	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2012/01/01 17:04:54.0156 1532	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
2012/01/01 17:04:54.0328 1532	================================================================================
2012/01/01 17:04:54.0328 1532	Scan finished
2012/01/01 17:04:54.0328 1532	================================================================================
2012/01/01 17:04:54.0343 2324	Detected object count: 1
2012/01/01 17:04:54.0343 2324	Actual detected object count: 1
2012/01/01 17:04:57.0484 2324	ForgedFile.Multi.Generic(redbook) - User select action: Skip 
2012/01/01 17:06:26.0218 3204	Deinitialize success
         
Log von heute:
Code:
ATTFilter
20:02:35.0984 3884	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
20:02:36.0156 3884	============================================================
20:02:36.0156 3884	Current date / time: 2012/01/02 20:02:36.0156
20:02:36.0156 3884	SystemInfo:
20:02:36.0156 3884	
20:02:36.0156 3884	OS Version: 5.1.2600 ServicePack: 3.0
20:02:36.0156 3884	Product type: Workstation
20:02:36.0156 3884	ComputerName: LAPTOP
20:02:36.0156 3884	UserName: Jen
20:02:36.0156 3884	Windows directory: C:\WINDOWS
20:02:36.0156 3884	System windows directory: C:\WINDOWS
20:02:36.0156 3884	Processor architecture: Intel x86
20:02:36.0156 3884	Number of processors: 2
20:02:36.0156 3884	Page size: 0x1000
20:02:36.0156 3884	Boot type: Normal boot
20:02:36.0156 3884	============================================================
20:02:38.0140 3884	Initialize success
20:02:44.0187 3272	============================================================
20:02:44.0187 3272	Scan started
20:02:44.0187 3272	Mode: Manual; 
20:02:44.0187 3272	============================================================
20:02:44.0703 3272	Abiosdsk - ok
20:02:44.0750 3272	abp480n5 - ok
20:02:44.0843 3272	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:02:44.0843 3272	ACPI - ok
20:02:44.0890 3272	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:02:44.0890 3272	ACPIEC - ok
20:02:44.0906 3272	adpu160m - ok
20:02:44.0968 3272	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:02:44.0968 3272	aec - ok
20:02:45.0031 3272	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:02:45.0031 3272	AFD - ok
20:02:45.0125 3272	AgereSoftModem  (90456051c422e09bc36e6340dd891f0c) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
20:02:45.0203 3272	AgereSoftModem - ok
20:02:45.0281 3272	Aha154x - ok
20:02:45.0328 3272	aic78u2 - ok
20:02:45.0375 3272	aic78xx - ok
20:02:45.0421 3272	AliIde - ok
20:02:45.0578 3272	Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
20:02:45.0781 3272	Ambfilt - ok
20:02:45.0859 3272	amsint - ok
20:02:46.0000 3272	AR5211          (89873aebbf0309393f0737e26d891209) C:\WINDOWS\system32\DRIVERS\ar5211.sys
20:02:46.0015 3272	AR5211 - ok
20:02:46.0062 3272	asc - ok
20:02:46.0093 3272	asc3350p - ok
20:02:46.0140 3272	asc3550 - ok
20:02:46.0265 3272	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:02:46.0281 3272	AsyncMac - ok
20:02:46.0343 3272	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:02:46.0343 3272	atapi - ok
20:02:46.0359 3272	Atdisk - ok
20:02:46.0515 3272	ati2mtag        (d371d3f40051a1f602c85cef5c787d76) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:02:46.0531 3272	ati2mtag - ok
20:02:46.0578 3272	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:02:46.0593 3272	Atmarpc - ok
20:02:46.0750 3272	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:02:46.0750 3272	audstub - ok
20:02:46.0828 3272	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:02:46.0828 3272	avgntflt - ok
20:02:46.0890 3272	avipbb          (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:02:46.0890 3272	avipbb - ok
20:02:46.0953 3272	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
20:02:46.0953 3272	avkmgr - ok
20:02:46.0984 3272	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:02:46.0984 3272	Beep - ok
20:02:47.0046 3272	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:02:47.0062 3272	cbidf2k - ok
20:02:47.0140 3272	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:02:47.0140 3272	CCDECODE - ok
20:02:47.0218 3272	cd20xrnt - ok
20:02:47.0265 3272	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:02:47.0265 3272	Cdaudio - ok
20:02:47.0375 3272	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:02:47.0375 3272	Cdfs - ok
20:02:47.0390 3272	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:02:47.0390 3272	Cdrom - ok
20:02:47.0406 3272	Changer - ok
20:02:47.0437 3272	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:02:47.0437 3272	CmBatt - ok
20:02:47.0453 3272	CmdIde - ok
20:02:47.0468 3272	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:02:47.0484 3272	Compbatt - ok
20:02:47.0500 3272	Cpqarray - ok
20:02:47.0515 3272	dac2w2k - ok
20:02:47.0531 3272	dac960nt - ok
20:02:47.0562 3272	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:02:47.0562 3272	Disk - ok
20:02:47.0671 3272	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
20:02:47.0718 3272	dmboot - ok
20:02:47.0765 3272	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
20:02:47.0781 3272	dmio - ok
20:02:47.0812 3272	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:02:47.0812 3272	dmload - ok
20:02:47.0875 3272	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:02:47.0875 3272	DMusic - ok
20:02:47.0984 3272	DNSeFilter      (459a946c0766aa3d342d0f0ded90cf8d) C:\WINDOWS\system32\drivers\SamsungEDS.sys
20:02:48.0000 3272	DNSeFilter - ok
20:02:48.0046 3272	dpti2o - ok
20:02:48.0093 3272	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:02:48.0093 3272	drmkaud - ok
20:02:48.0203 3272	ewusbnet        (4fd02e31eac2cbc81eb08a1ce81e73a2) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
20:02:48.0203 3272	ewusbnet - ok
20:02:48.0265 3272	ew_hwusbdev     (e98a64c7f106740a38fb2b78197816f8) C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
20:02:48.0265 3272	ew_hwusbdev - ok
20:02:48.0343 3272	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:02:48.0359 3272	Fastfat - ok
20:02:48.0390 3272	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:02:48.0390 3272	Fdc - ok
20:02:48.0421 3272	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
20:02:48.0421 3272	Fips - ok
20:02:48.0453 3272	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:02:48.0453 3272	Flpydisk - ok
20:02:48.0484 3272	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:02:48.0500 3272	FltMgr - ok
20:02:48.0515 3272	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:02:48.0515 3272	Fs_Rec - ok
20:02:48.0562 3272	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:02:48.0578 3272	Ftdisk - ok
20:02:48.0625 3272	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:02:48.0625 3272	Gpc - ok
20:02:48.0671 3272	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:02:48.0671 3272	HDAudBus - ok
20:02:48.0750 3272	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:02:48.0750 3272	HidUsb - ok
20:02:48.0796 3272	hpn - ok
20:02:48.0859 3272	HssDrv          (4f28652ec514fa1ba473bc1a695a5c98) C:\WINDOWS\system32\DRIVERS\HssDrv.sys
20:02:48.0859 3272	HssDrv - ok
20:02:48.0953 3272	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:02:48.0953 3272	HTTP - ok
20:02:49.0015 3272	huawei_enumerator (22a4b14530194fc57c1c849fb5afee17) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
20:02:49.0015 3272	huawei_enumerator - ok
20:02:49.0093 3272	hwdatacard      (3e3bfe85b9fe3720bf4c108f57c945fb) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
20:02:49.0093 3272	hwdatacard - ok
20:02:49.0156 3272	i2omgmt - ok
20:02:49.0218 3272	i2omp - ok
20:02:49.0296 3272	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:02:49.0296 3272	i8042prt - ok
20:02:49.0312 3272	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:02:49.0328 3272	Imapi - ok
20:02:49.0343 3272	ini910u - ok
20:02:49.0812 3272	IntcAzAudAddService (85ab23f3e4ba6696fae8beb9d434edd6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:02:49.0875 3272	IntcAzAudAddService - ok
20:02:49.0921 3272	IntelIde - ok
20:02:49.0953 3272	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:02:49.0953 3272	intelppm - ok
20:02:50.0000 3272	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:02:50.0000 3272	Ip6Fw - ok
20:02:50.0046 3272	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:02:50.0046 3272	IpFilterDriver - ok
20:02:50.0062 3272	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:02:50.0078 3272	IpInIp - ok
20:02:50.0109 3272	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:02:50.0109 3272	IpNat - ok
20:02:50.0250 3272	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:02:50.0250 3272	IPSec - ok
20:02:50.0281 3272	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:02:50.0296 3272	IRENUM - ok
20:02:50.0328 3272	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:02:50.0343 3272	isapnp - ok
20:02:50.0359 3272	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:02:50.0359 3272	Kbdclass - ok
20:02:50.0437 3272	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:02:50.0437 3272	kmixer - ok
20:02:50.0484 3272	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:02:50.0484 3272	KSecDD - ok
20:02:50.0531 3272	lbrtfdc - ok
20:02:50.0593 3272	MBAMSwissArmy   (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
20:02:50.0609 3272	MBAMSwissArmy - ok
20:02:50.0671 3272	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:02:50.0671 3272	mnmdd - ok
20:02:50.0828 3272	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
20:02:50.0828 3272	Modem - ok
20:02:50.0968 3272	Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
20:02:51.0078 3272	Monfilt - ok
20:02:51.0125 3272	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:02:51.0125 3272	Mouclass - ok
20:02:51.0203 3272	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:02:51.0203 3272	mouhid - ok
20:02:51.0296 3272	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:02:51.0296 3272	MountMgr - ok
20:02:51.0312 3272	mraid35x - ok
20:02:51.0328 3272	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:02:51.0328 3272	MRxDAV - ok
20:02:51.0390 3272	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:02:51.0406 3272	MRxSmb - ok
20:02:51.0421 3272	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:02:51.0421 3272	Msfs - ok
20:02:51.0500 3272	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:02:51.0500 3272	MSKSSRV - ok
20:02:51.0515 3272	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:02:51.0531 3272	MSPCLOCK - ok
20:02:51.0531 3272	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:02:51.0546 3272	MSPQM - ok
20:02:51.0562 3272	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:02:51.0562 3272	mssmbios - ok
20:02:51.0609 3272	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:02:51.0625 3272	MSTEE - ok
20:02:51.0671 3272	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:02:51.0671 3272	Mup - ok
20:02:51.0734 3272	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:02:51.0750 3272	NABTSFEC - ok
20:02:51.0875 3272	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:02:51.0890 3272	NDIS - ok
20:02:51.0937 3272	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:02:51.0937 3272	NdisIP - ok
20:02:52.0000 3272	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:02:52.0000 3272	NdisTapi - ok
20:02:52.0015 3272	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:02:52.0015 3272	Ndisuio - ok
20:02:52.0031 3272	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:02:52.0031 3272	NdisWan - ok
20:02:52.0093 3272	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:02:52.0093 3272	NDProxy - ok
20:02:52.0187 3272	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:02:52.0187 3272	NetBIOS - ok
20:02:52.0250 3272	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:02:52.0250 3272	NetBT - ok
20:02:52.0343 3272	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:02:52.0343 3272	Npfs - ok
20:02:52.0406 3272	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:02:52.0437 3272	Ntfs - ok
20:02:52.0468 3272	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:02:52.0468 3272	Null - ok
20:02:52.0531 3272	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:02:52.0531 3272	NwlnkFlt - ok
20:02:52.0625 3272	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:02:52.0640 3272	NwlnkFwd - ok
20:02:52.0765 3272	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
20:02:52.0781 3272	Parport - ok
20:02:52.0828 3272	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:02:52.0828 3272	PartMgr - ok
20:02:52.0906 3272	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
20:02:52.0921 3272	ParVdm - ok
20:02:53.0015 3272	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
20:02:53.0031 3272	PCI - ok
20:02:53.0046 3272	PCIDump - ok
20:02:53.0062 3272	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:02:53.0078 3272	PCIIde - ok
20:02:53.0109 3272	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:02:53.0125 3272	Pcmcia - ok
20:02:53.0125 3272	PDCOMP - ok
20:02:53.0140 3272	PDFRAME - ok
20:02:53.0156 3272	PDRELI - ok
20:02:53.0171 3272	PDRFRAME - ok
20:02:53.0187 3272	perc2 - ok
20:02:53.0203 3272	perc2hib - ok
20:02:53.0281 3272	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:02:53.0281 3272	PptpMiniport - ok
20:02:53.0296 3272	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:02:53.0296 3272	PSched - ok
20:02:53.0343 3272	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:02:53.0343 3272	Ptilink - ok
20:02:53.0359 3272	PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:02:53.0375 3272	PxHelp20 - ok
20:02:53.0390 3272	ql1080 - ok
20:02:53.0406 3272	Ql10wnt - ok
20:02:53.0406 3272	ql12160 - ok
20:02:53.0421 3272	ql1240 - ok
20:02:53.0437 3272	ql1280 - ok
20:02:53.0484 3272	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:02:53.0484 3272	RasAcd - ok
20:02:53.0515 3272	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:02:53.0515 3272	Rasl2tp - ok
20:02:53.0531 3272	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:02:53.0531 3272	RasPppoe - ok
20:02:53.0546 3272	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:02:53.0546 3272	Raspti - ok
20:02:53.0593 3272	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:02:53.0593 3272	Rdbss - ok
20:02:53.0609 3272	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:02:53.0609 3272	RDPCDD - ok
20:02:53.0656 3272	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:02:53.0656 3272	RDPWD - ok
20:02:53.0796 3272	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:02:53.0796 3272	redbook - ok
20:02:53.0843 3272	rimmptsk        (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
20:02:53.0843 3272	rimmptsk - ok
20:02:53.0890 3272	rimsptsk        (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
20:02:53.0890 3272	rimsptsk - ok
20:02:53.0937 3272	rismxdp         (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
20:02:53.0937 3272	rismxdp - ok
20:02:54.0031 3272	rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:02:54.0031 3272	rtl8139 - ok
20:02:54.0109 3272	sdbus           (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:02:54.0125 3272	sdbus - ok
20:02:54.0171 3272	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:02:54.0171 3272	Secdrv - ok
20:02:54.0234 3272	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
20:02:54.0234 3272	Serial - ok
20:02:54.0312 3272	sffdisk         (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
20:02:54.0312 3272	sffdisk - ok
20:02:54.0328 3272	sffp_sd         (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
20:02:54.0343 3272	sffp_sd - ok
20:02:54.0359 3272	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:02:54.0359 3272	Sfloppy - ok
20:02:54.0390 3272	Simbad - ok
20:02:54.0453 3272	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:02:54.0453 3272	SLIP - ok
20:02:54.0468 3272	Sparrow - ok
20:02:54.0531 3272	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:02:54.0531 3272	splitter - ok
20:02:54.0656 3272	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
20:02:54.0671 3272	sr - ok
20:02:54.0781 3272	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:02:54.0781 3272	Srv - ok
20:02:54.0859 3272	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:02:54.0859 3272	ssmdrv - ok
20:02:54.0906 3272	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:02:54.0921 3272	streamip - ok
20:02:55.0031 3272	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:02:55.0031 3272	swenum - ok
20:02:55.0109 3272	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:02:55.0109 3272	swmidi - ok
20:02:55.0125 3272	symc810 - ok
20:02:55.0140 3272	symc8xx - ok
20:02:55.0156 3272	sym_hi - ok
20:02:55.0171 3272	sym_u3 - ok
20:02:55.0250 3272	SynTP           (91ce9afbbd011ff6b0ae15ee3a62edcc) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:02:55.0250 3272	SynTP - ok
20:02:55.0328 3272	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:02:55.0328 3272	sysaudio - ok
20:02:55.0390 3272	taphss          (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
20:02:55.0390 3272	taphss - ok
20:02:55.0484 3272	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:02:55.0484 3272	Tcpip - ok
20:02:55.0531 3272	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:02:55.0531 3272	TDPIPE - ok
20:02:55.0562 3272	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:02:55.0578 3272	TDTCP - ok
20:02:55.0640 3272	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:02:55.0640 3272	TermDD - ok
20:02:55.0687 3272	TosIde - ok
20:02:55.0796 3272	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:02:55.0812 3272	Udfs - ok
20:02:55.0812 3272	ultra - ok
20:02:55.0875 3272	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:02:55.0875 3272	Update - ok
20:02:55.0921 3272	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:02:55.0937 3272	usbaudio - ok
20:02:56.0031 3272	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:02:56.0031 3272	usbccgp - ok
20:02:56.0062 3272	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:02:56.0062 3272	usbehci - ok
20:02:56.0078 3272	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:02:56.0078 3272	usbhub - ok
20:02:56.0109 3272	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:02:56.0109 3272	usbohci - ok
20:02:56.0156 3272	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:02:56.0171 3272	usbscan - ok
20:02:56.0281 3272	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:02:56.0281 3272	USBSTOR - ok
20:02:56.0390 3272	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
20:02:56.0390 3272	usbvideo - ok
20:02:56.0453 3272	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:02:56.0453 3272	VgaSave - ok
20:02:56.0468 3272	ViaIde - ok
20:02:56.0484 3272	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
20:02:56.0500 3272	VolSnap - ok
20:02:56.0578 3272	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:02:56.0578 3272	Wanarp - ok
20:02:56.0609 3272	WDC_SAM         (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
20:02:56.0625 3272	WDC_SAM - ok
20:02:56.0703 3272	Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:02:56.0703 3272	Wdf01000 - ok
20:02:56.0718 3272	WDICA - ok
20:02:56.0781 3272	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:02:56.0781 3272	wdmaud - ok
20:02:56.0906 3272	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
20:02:56.0906 3272	WpdUsb - ok
20:02:56.0984 3272	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:02:57.0000 3272	WSTCODEC - ok
20:02:57.0062 3272	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:02:57.0078 3272	WudfPf - ok
20:02:57.0125 3272	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:02:57.0140 3272	WudfRd - ok
20:02:57.0187 3272	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
20:02:57.0359 3272	\Device\Harddisk0\DR0 - ok
20:02:57.0359 3272	Boot (0x1200)   (5adf4f77d49c85b94c031ae8ac5894ac) \Device\Harddisk0\DR0\Partition0
20:02:57.0375 3272	\Device\Harddisk0\DR0\Partition0 - ok
20:02:57.0375 3272	============================================================
20:02:57.0375 3272	Scan finished
20:02:57.0375 3272	============================================================
20:02:57.0390 0576	Detected object count: 0
20:02:57.0390 0576	Actual detected object count: 0
         


Alt 02.01.2012, 22:25   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GoogleSuche endet immer auf einer 95p.com Seite - Standard

GoogleSuche endet immer auf einer 95p.com Seite



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
--> GoogleSuche endet immer auf einer 95p.com Seite

Alt 03.01.2012, 00:42   #7
jen_
 
GoogleSuche endet immer auf einer 95p.com Seite - Standard

GoogleSuche endet immer auf einer 95p.com Seite



Hier schonmal der Log von Malewarebytes.
Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.02.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jen :: LAPTOP [Administrator]

02.01.2012 22:51:39
mbam-log-2012-01-02 (22-51-39).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 250119
Laufzeit: 1 Stunde(n), 29 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Dokumente und Einstellungen\Jen\Eigene Dateien\Downloads\SoftonicDownloader_fuer_kaspersky-tdsskiller.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Jen\Lokale Einstellungen\Anwendungsdaten\99422f31\X (Rootkit.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
ESET werde ich nun über die Nacht laufen lassen.

Alt 03.01.2012, 12:05   #8
jen_
 
GoogleSuche endet immer auf einer 95p.com Seite - Standard

GoogleSuche endet immer auf einer 95p.com Seite



Eset:
Code:
ATTFilter
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=063b207768f63445bb0eb311b11fbf9d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-03 06:58:58
# local_time=2012-01-03 07:58:58 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777215 100 0 42251120 42251120 0 0
# compatibility_mode=8192 67108863 100 0 25676 25676 0 0
# scanned=86447
# found=10
# cleaned=0
# scan_time=4040
C:\Dokumente und Einstellungen\Jen\Eigene Dateien\Downloads\SoftonicDownloader12536.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\Jen\Eigene Dateien\Downloads\SoftonicDownloader30100.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Programme\Application Updater\ 	probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
${Memory}	a variant of Win32/Adware.Toolbar.Dealio application	00000000000000000000000000000000	I
         

Alt 03.01.2012, 19:53   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GoogleSuche endet immer auf einer 95p.com Seite - Standard

GoogleSuche endet immer auf einer 95p.com Seite



Irgendwie hab ich den Eindruck es ist ein Volkssport geworden sich sämtlichen Kram von Softonic zu laden. Lass die Finger von dieser Seite. Da ist immer irgendein Müll wie Toolbars oder der sinnlose Softonic Downloader drin. Warum lädst du die Software nicht von der Seite des Herstellers oder notfalls bei chip.de?


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.01.2012, 21:41   #10
jen_
 
GoogleSuche endet immer auf einer 95p.com Seite - Standard

GoogleSuche endet immer auf einer 95p.com Seite



Ähmm ja gute Frage....
Mir fällt aber gerade noch ein ich habe noch eine Lizenz für Kaspersky Antivirensystem, diese aber nicht mehr genutzt, weil das mein Laptop so langsam macht.
Wäre es sinnvoller das hinzunehemen, aber einen besser geschützten Laptop zuhaben??


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.01.2012 21:08:36 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Jen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 67,05% Memory free
3,73 Gb Paging File | 3,23 Gb Available in Paging File | 86,67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 104,67 Gb Total Space | 40,56 Gb Free Space | 38,75% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Jen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Jen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a0915061\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_d1c06882\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_4117bb91\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_06dc7666\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_514d4566\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\ICQ7.2\MDb.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms.resources\1.0.5000.0_de_b77a5c561934e089\system.windows.forms.resources.dll ()
MOD - c:\windows\assembly\gac\system.resources\1.0.5000.0_de_b77a5c561934e089\system.resources.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (WDSmartWareBackgroundService) --  File not found
SRV - (HidServ) --  File not found
SRV - (AppMgmt) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HssDrv) -- C:\WINDOWS\system32\drivers\HssDrv.sys (AnchorFree Inc.)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (DNSeFilter) -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS (Samsung Electronics,.LTD)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&ilc=12&p="
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.01.05 19:36:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.11.23 20:26:33 | 000,000,000 | ---D | M]
 
[2010.08.30 22:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Extensions
[2011.11.07 17:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions
[2010.10.30 09:29:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.07 17:35:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.01.05 19:38:58 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\searchplugins\icqplugin.xml
[2011.10.22 10:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.07.04 09:39:56 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.08.25 20:14:19 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\JEN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\C41204GV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.01.05 19:36:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2011.10.03 10:19:02 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.03 10:19:01 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.03 10:19:01 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.03 10:18:58 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.03 10:18:57 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.03 10:18:56 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe ()
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WDDMStatus.lnk = C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WDSmartWare.lnk = C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Dokumente und Einstellungen\Jen\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - mswsock.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A92051AD-E01B-4327-BA0C-998C53923ABD}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.30 19:51:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c2fad044-a0be-11e0-9e0e-001377074099}\Shell - "" = AutoRun
O33 - MountPoints2\{c2fad044-a0be-11e0-9e0e-001377074099}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c2fad044-a0be-11e0-9e0e-001377074099}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e953605e-982a-11e0-9e04-001377074099}\Shell - "" = AutoRun
O33 - MountPoints2\{e953605e-982a-11e0-9e04-001377074099}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e953605e-982a-11e0-9e04-001377074099}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e9536062-982a-11e0-9e04-001377074099}\Shell - "" = AutoRun
O33 - MountPoints2\{e9536062-982a-11e0-9e04-001377074099}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e9536062-982a-11e0-9e04-001377074099}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\WINDOWS\System32\
[2012.01.03 06:48:04 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Jen\Recent
[2012.01.03 00:43:44 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.01.03 00:42:40 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Jen\Desktop\esetsmartinstaller_enu.exe
[2012.01.01 21:47:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Malwarebytes
[2012.01.01 21:45:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.01.01 21:45:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.01.01 21:45:02 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.01 21:45:01 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.01.01 21:27:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2012.01.01 21:27:05 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2012.01.01 21:08:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Avira
[2012.01.01 21:02:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2012.01.01 21:02:23 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012.01.01 21:02:18 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.01.01 21:02:18 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012.01.01 21:02:18 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012.01.01 21:02:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2012.01.01 17:07:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jen\Desktop\OTL.exe
[2012.01.01 17:03:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jen\Desktop\tdsskiller_2.5.5.0
[2011.12.31 16:10:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Sun
[2011.12.31 13:56:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2011.12.30 22:06:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2011.12.30 22:00:53 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Jen\Lokale Einstellungen\Anwendungsdaten\99422f31
[2011.12.22 17:37:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jen\Eigene Dateien\engel
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\WINDOWS\System32\
[2012.01.07 20:30:08 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Jen\Desktop\Microsoft Office Word 2003.lnk
[2012.01.03 00:42:40 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Jen\Desktop\esetsmartinstaller_enu.exe
[2012.01.03 00:37:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.01 21:45:08 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.01 21:30:43 | 000,051,218 | ---- | M] () -- C:\Dokumente und Einstellungen\Jen\Desktop\gmer.zip
[2012.01.01 21:28:05 | 000,033,378 | ---- | M] () -- C:\Dokumente und Einstellungen\Jen\Desktop\gmer.7z
[2012.01.01 21:02:50 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2012.01.01 17:48:17 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.01 17:07:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jen\Desktop\OTL.exe
[2012.01.01 17:03:34 | 001,309,375 | ---- | M] () -- C:\Dokumente und Einstellungen\Jen\Desktop\tdsskiller_2.5.5.0.zip
[2011.12.31 16:10:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.12.27 23:33:28 | 000,096,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Jen\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.22 18:10:59 | 000,030,017 | ---- | M] () -- C:\Dokumente und Einstellungen\Jen\.recently-used.xbel
[2011.12.18 18:48:23 | 002,274,361 | ---- | M] () -- C:\Dokumente und Einstellungen\Jen\Eigene Dateien\CIMG0955.JPG
[2011.12.17 17:35:29 | 000,139,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011.12.14 21:12:22 | 000,280,762 | ---- | M] () -- C:\Dokumente und Einstellungen\Jen\Eigene Dateien\22096.01.xcf
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.05 19:10:03 | 000,000,070 | ---- | M] () -- C:\Dokumente und Einstellungen\Jen\.gtk-bookmarks
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.01 21:45:08 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.01 21:30:43 | 000,051,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Jen\Desktop\gmer.zip
[2012.01.01 21:28:04 | 000,033,378 | ---- | C] () -- C:\Dokumente und Einstellungen\Jen\Desktop\gmer.7z
[2012.01.01 21:02:50 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2012.01.01 17:03:31 | 001,309,375 | ---- | C] () -- C:\Dokumente und Einstellungen\Jen\Desktop\tdsskiller_2.5.5.0.zip
[2011.12.22 18:10:59 | 000,030,017 | ---- | C] () -- C:\Dokumente und Einstellungen\Jen\.recently-used.xbel
[2011.12.18 19:23:12 | 000,397,371 | ---- | C] () -- C:\Dokumente und Einstellungen\Jen\Eigene Dateien\mela +schatz.JPG
[2011.12.18 18:50:02 | 002,274,361 | ---- | C] () -- C:\Dokumente und Einstellungen\Jen\Eigene Dateien\CIMG0955.JPG
[2011.12.14 21:12:22 | 000,280,762 | ---- | C] () -- C:\Dokumente und Einstellungen\Jen\Eigene Dateien\22096.01.xcf
[2011.12.14 20:25:10 | 005,192,260 | ---- | C] () -- C:\Dokumente und Einstellungen\Jen\Eigene Dateien\SAM_9446.JPG
[2011.12.14 20:18:08 | 005,002,038 | ---- | C] () -- C:\Dokumente und Einstellungen\Jen\Eigene Dateien\SAM_9400.JPG
[2011.12.05 19:10:03 | 000,000,070 | ---- | C] () -- C:\Dokumente und Einstellungen\Jen\.gtk-bookmarks
[2010.10.13 16:24:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.09.01 13:29:56 | 000,096,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Jen\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.01 12:15:31 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.09.01 11:09:38 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.08.30 22:10:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.08.30 22:02:40 | 000,000,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat
[2010.08.30 21:46:47 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Jen\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.08.30 21:19:15 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2010.08.30 20:36:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.08.30 20:34:41 | 000,139,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.30 19:57:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.08.30 19:55:27 | 000,001,082 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010.08.30 19:48:40 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.02.13 15:29:26 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004.08.04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 13:00:00 | 000,459,844 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.04 13:00:00 | 000,441,906 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 13:00:00 | 000,085,170 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.04 13:00:00 | 000,071,842 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003.07.30 10:48:28 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003.07.30 09:49:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011.12.31 14:06:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService
[2011.08.25 20:21:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hssff
[2010.09.01 11:57:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2011.04.19 15:53:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2010.09.02 12:26:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WD_SmartWareCommon
[2010.09.02 12:07:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Western Digital
[2010.08.30 21:21:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLAN
[2011.12.22 18:10:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\gtk-2.0
[2011.09.11 13:35:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\ICQ
[2010.09.01 13:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\OpenOffice.org
[2010.09.01 12:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\pdfforge
[2011.10.22 10:37:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Search Settings
[2011.04.19 15:53:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Sony
[2011.04.19 14:50:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Sony Setup
[2010.09.02 12:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Western Digital
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.23 20:27:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Adobe
[2011.06.16 19:09:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Apple Computer
[2010.08.30 21:46:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\ATI
[2012.01.01 21:08:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Avira
[2011.12.22 18:10:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\gtk-2.0
[2011.09.11 13:35:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\ICQ
[2010.08.30 20:00:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Identities
[2010.08.30 22:00:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\InstallShield
[2010.08.30 23:18:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Macromedia
[2012.01.01 21:47:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Malwarebytes
[2011.11.23 20:27:10 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Microsoft
[2010.08.30 22:10:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla
[2010.09.01 13:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\OpenOffice.org
[2010.09.01 12:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\pdfforge
[2011.10.22 10:37:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Search Settings
[2011.08.06 12:40:54 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\SecuROM
[2011.11.07 20:27:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Skype
[2011.04.19 15:53:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Sony
[2011.04.19 15:52:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Sony Corporation
[2011.04.19 14:50:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Sony Setup
[2010.08.30 21:49:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Sun
[2010.11.07 17:13:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\vlc
[2010.09.02 12:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Western Digital
[2010.09.01 21:42:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Winamp
[2010.09.01 13:50:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.04.19 14:50:08 | 001,885,888 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Sony Setup\46221573-1FC8-4EC3-B60C-85E1B8FBE4C6\langpack.exe
[2011.04.19 14:51:54 | 034,452,784 | ---- | M] (Apple Inc.) -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Sony Setup\A189E68E-2253-4C3B-86B7-D77E36F13C55\QuickTimeInstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2004.09.26 14:24:54 | 000,477,952 | ---- | M] (Intel Corporation) MD5=DD19FDD8BB262F64A11C50CC23FC6F70 -- C:\WINDOWS\OEM\iaStor\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVATABUS.SYS  >
[2004.09.02 08:24:38 | 000,082,816 | ---- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\WINDOWS\OEM\nvatabus\nvatabus.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2004.05.18 14:55:26 | 000,074,112 | ---- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\WINDOWS\OEM\viapdsk\viamraid.sys
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2010.08.30 21:33:47 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.08.30 21:33:47 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.08.30 21:33:47 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB18828$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
         
--- --- ---

Alt 03.01.2012, 22:02   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GoogleSuche endet immer auf einer 95p.com Seite - Standard

GoogleSuche endet immer auf einer 95p.com Seite



Nein, installier jetzt bitte nicht irgendwelche Programme.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
PRC - C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.de"
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&ilc=12&p="
[2011.11.07 17:35:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.01.05 19:38:58 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\searchplugins\icqplugin.xml
[2011.08.25 20:14:19 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.30 19:51:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c2fad044-a0be-11e0-9e0e-001377074099}\Shell - "" = AutoRun
O33 - MountPoints2\{c2fad044-a0be-11e0-9e0e-001377074099}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c2fad044-a0be-11e0-9e0e-001377074099}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e953605e-982a-11e0-9e04-001377074099}\Shell - "" = AutoRun
O33 - MountPoints2\{e953605e-982a-11e0-9e04-001377074099}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e953605e-982a-11e0-9e04-001377074099}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e9536062-982a-11e0-9e04-001377074099}\Shell - "" = AutoRun
O33 - MountPoints2\{e9536062-982a-11e0-9e04-001377074099}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e9536062-982a-11e0-9e04-001377074099}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
:Files
C:\Dokumente und Einstellungen\Jen\Lokale Einstellungen\Anwendungsdaten\99422f31
C:\WINDOWS\$NtUninstallKB18828$
C:\Programme\Gemeinsame Dateien\Spigot
C:\Programme\pdfforge Toolbar
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.01.2012, 22:17   #12
jen_
 
GoogleSuche endet immer auf einer 95p.com Seite - Standard

GoogleSuche endet immer auf einer 95p.com Seite



Okay. Kann man an den Daten auch ablesen wo und wann ich mir das eingefangen hab???

Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named SearchSettings.exe was found!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll moved successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "chr-greentree_ff&type=302398&ilc=12" removed from browser.search.param.yahoo-fr
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.google.de" removed from browser.startup.homepage
Prefs.js: wtxpcom@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: "hxxp://de.search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&ilc=12&p=" removed from keyword.URL
Folder move failed. C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} scheduled to be moved on reboot.
C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\searchplugins\icqplugin.xml moved successfully.
Folder move failed. C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\skin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\locale\en-US scheduled to be moved on reboot.
Folder move failed. C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\locale scheduled to be moved on reboot.
Folder move failed. C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\defaults scheduled to be moved on reboot.
Folder move failed. C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components scheduled to be moved on reboot.
Folder move failed. C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\chrome\content scheduled to be moved on reboot.
Folder move failed. C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\chrome scheduled to be moved on reboot.
Folder move failed. C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com scheduled to be moved on reboot.
C:\Programme\Mozilla Firefox\plugins\npwachk.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
C:\Programme\Hotspot Shield\HssIE\HssIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2fad044-a0be-11e0-9e0e-001377074099}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2fad044-a0be-11e0-9e0e-001377074099}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2fad044-a0be-11e0-9e0e-001377074099}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2fad044-a0be-11e0-9e0e-001377074099}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2fad044-a0be-11e0-9e0e-001377074099}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2fad044-a0be-11e0-9e0e-001377074099}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e953605e-982a-11e0-9e04-001377074099}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e953605e-982a-11e0-9e04-001377074099}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e953605e-982a-11e0-9e04-001377074099}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e953605e-982a-11e0-9e04-001377074099}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e953605e-982a-11e0-9e04-001377074099}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e953605e-982a-11e0-9e04-001377074099}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9536062-982a-11e0-9e04-001377074099}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9536062-982a-11e0-9e04-001377074099}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9536062-982a-11e0-9e04-001377074099}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9536062-982a-11e0-9e04-001377074099}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9536062-982a-11e0-9e04-001377074099}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9536062-982a-11e0-9e04-001377074099}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
========== FILES ==========
C:\Dokumente und Einstellungen\Jen\Lokale Einstellungen\Anwendungsdaten\99422f31\U folder moved successfully.
C:\Dokumente und Einstellungen\Jen\Lokale Einstellungen\Anwendungsdaten\99422f31 folder moved successfully.
Folder move failed. C:\WINDOWS\$NtUninstallKB18828$ scheduled to be moved on reboot.
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\Res folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\Lang folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot folder moved successfully.
C:\Programme\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Programme\pdfforge Toolbar\Res folder moved successfully.
C:\Programme\pdfforge Toolbar\IE\4.7 folder moved successfully.
C:\Programme\pdfforge Toolbar\IE folder moved successfully.
C:\Programme\pdfforge Toolbar\FF\chrome\skin folder moved successfully.
C:\Programme\pdfforge Toolbar\FF\chrome\locale\EN-US folder moved successfully.
C:\Programme\pdfforge Toolbar\FF\chrome\locale folder moved successfully.
C:\Programme\pdfforge Toolbar\FF\chrome\content folder moved successfully.
C:\Programme\pdfforge Toolbar\FF\chrome folder moved successfully.
C:\Programme\pdfforge Toolbar\FF folder moved successfully.
C:\Programme\pdfforge Toolbar folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Jen
->Temp folder emptied: 5108236 bytes
->Temporary Internet Files folder emptied: 33166 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 101406841 bytes
->Flash cache emptied: 517 bytes
 
User: LocalService
->Temp folder emptied: 3596 bytes
->Temporary Internet Files folder emptied: 98737378 bytes
->Java cache emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 3596 bytes
->Temporary Internet Files folder emptied: 35053092 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2195157 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3596 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 231,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01032012_220927

Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Jen\Anwendungsdaten\Mozilla\Firefox\Profiles\c41204gv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\skin folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\locale\en-US folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\locale folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\chrome\content folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com folder moved successfully.
Folder move failed. C:\WINDOWS\$NtUninstallKB18828$ scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         

Alt 04.01.2012, 17:23   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GoogleSuche endet immer auf einer 95p.com Seite - Standard

GoogleSuche endet immer auf einer 95p.com Seite



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.01.2012, 22:22   #14
jen_
 
GoogleSuche endet immer auf einer 95p.com Seite - Standard

GoogleSuche endet immer auf einer 95p.com Seite



Ist das das gesuchte Log?? Es kam zusätzlich noch ein Fenster zwischendrin als ein Objekt gefunden wurde, mit continue hab ich den Scan weiterlaufen lassen, am der Einstellung des geoffneten Fensters habe ich jedoch nichts geändert hoffe dass ich somit nicht was versehentlich gelöscht hab ....

TDSS Killer
Code:
ATTFilter
22:15:37.0687 3152	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
22:15:37.0812 3152	============================================================
22:15:37.0812 3152	Current date / time: 2012/01/04 22:15:37.0812
22:15:37.0812 3152	SystemInfo:
22:15:37.0812 3152	
22:15:37.0812 3152	OS Version: 5.1.2600 ServicePack: 3.0
22:15:37.0812 3152	Product type: Workstation
22:15:37.0812 3152	ComputerName: LAPTOP
22:15:37.0812 3152	UserName: Jen
22:15:37.0812 3152	Windows directory: C:\WINDOWS
22:15:37.0812 3152	System windows directory: C:\WINDOWS
22:15:37.0812 3152	Processor architecture: Intel x86
22:15:37.0812 3152	Number of processors: 2
22:15:37.0812 3152	Page size: 0x1000
22:15:37.0812 3152	Boot type: Normal boot
22:15:37.0812 3152	============================================================
22:15:39.0531 3152	Initialize success
22:16:33.0781 3576	============================================================
22:16:33.0781 3576	Scan started
22:16:33.0781 3576	Mode: Manual; SigCheck; TDLFS; 
22:16:33.0781 3576	============================================================
22:16:34.0062 3576	Abiosdsk - ok
22:16:34.0093 3576	abp480n5 - ok
22:16:34.0203 3576	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:16:36.0015 3576	ACPI - ok
22:16:36.0140 3576	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:16:36.0312 3576	ACPIEC - ok
22:16:36.0328 3576	adpu160m - ok
22:16:36.0406 3576	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:16:36.0546 3576	aec - ok
22:16:36.0593 3576	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:16:36.0640 3576	AFD - ok
22:16:36.0750 3576	AgereSoftModem  (90456051c422e09bc36e6340dd891f0c) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
22:16:36.0921 3576	AgereSoftModem - ok
22:16:37.0015 3576	Aha154x - ok
22:16:37.0062 3576	aic78u2 - ok
22:16:37.0093 3576	aic78xx - ok
22:16:37.0140 3576	AliIde - ok
22:16:37.0312 3576	Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
22:16:37.0921 3576	Ambfilt - ok
22:16:38.0015 3576	amsint - ok
22:16:38.0156 3576	AR5211          (89873aebbf0309393f0737e26d891209) C:\WINDOWS\system32\DRIVERS\ar5211.sys
22:16:38.0250 3576	AR5211 - ok
22:16:38.0312 3576	asc - ok
22:16:38.0359 3576	asc3350p - ok
22:16:38.0390 3576	asc3550 - ok
22:16:38.0515 3576	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:16:38.0640 3576	AsyncMac - ok
22:16:38.0734 3576	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:16:38.0859 3576	atapi - ok
22:16:38.0906 3576	Atdisk - ok
22:16:39.0093 3576	ati2mtag        (d371d3f40051a1f602c85cef5c787d76) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:16:39.0265 3576	ati2mtag - ok
22:16:39.0328 3576	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:16:39.0453 3576	Atmarpc - ok
22:16:39.0578 3576	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:16:39.0718 3576	audstub - ok
22:16:39.0828 3576	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:16:39.0843 3576	avgntflt - ok
22:16:39.0921 3576	avipbb          (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:16:39.0921 3576	avipbb - ok
22:16:39.0968 3576	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
22:16:39.0984 3576	avkmgr - ok
22:16:40.0046 3576	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:16:40.0187 3576	Beep - ok
22:16:40.0218 3576	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:16:40.0375 3576	cbidf2k - ok
22:16:40.0437 3576	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:16:40.0593 3576	CCDECODE - ok
22:16:40.0593 3576	cd20xrnt - ok
22:16:40.0625 3576	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:16:40.0765 3576	Cdaudio - ok
22:16:40.0828 3576	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:16:40.0968 3576	Cdfs - ok
22:16:40.0984 3576	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:16:41.0109 3576	Cdrom - ok
22:16:41.0171 3576	Changer - ok
22:16:41.0234 3576	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:16:41.0375 3576	CmBatt - ok
22:16:41.0453 3576	CmdIde - ok
22:16:41.0468 3576	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:16:41.0593 3576	Compbatt - ok
22:16:41.0609 3576	Cpqarray - ok
22:16:41.0625 3576	dac2w2k - ok
22:16:41.0640 3576	dac960nt - ok
22:16:41.0656 3576	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:16:41.0781 3576	Disk - ok
22:16:41.0843 3576	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
22:16:42.0062 3576	dmboot - ok
22:16:42.0078 3576	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
22:16:42.0218 3576	dmio - ok
22:16:42.0406 3576	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:16:42.0531 3576	dmload - ok
22:16:42.0656 3576	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:16:42.0781 3576	DMusic - ok
22:16:42.0875 3576	DNSeFilter      (459a946c0766aa3d342d0f0ded90cf8d) C:\WINDOWS\system32\drivers\SamsungEDS.sys
22:16:42.0906 3576	DNSeFilter ( UnsignedFile.Multi.Generic ) - warning
22:16:42.0906 3576	DNSeFilter - detected UnsignedFile.Multi.Generic (1)
22:16:42.0968 3576	dpti2o - ok
22:16:43.0015 3576	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:16:43.0156 3576	drmkaud - ok
22:16:43.0250 3576	ewusbnet        (4fd02e31eac2cbc81eb08a1ce81e73a2) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
22:16:43.0328 3576	ewusbnet - ok
22:16:43.0406 3576	ew_hwusbdev     (e98a64c7f106740a38fb2b78197816f8) C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
22:16:43.0468 3576	ew_hwusbdev - ok
22:16:43.0531 3576	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:16:43.0687 3576	Fastfat - ok
22:16:43.0734 3576	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:16:43.0859 3576	Fdc - ok
22:16:43.0890 3576	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
22:16:44.0015 3576	Fips - ok
22:16:44.0046 3576	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:16:44.0171 3576	Flpydisk - ok
22:16:44.0187 3576	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:16:44.0328 3576	FltMgr - ok
22:16:44.0421 3576	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:16:44.0562 3576	Fs_Rec - ok
22:16:44.0656 3576	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:16:44.0812 3576	Ftdisk - ok
22:16:44.0859 3576	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:16:44.0968 3576	Gpc - ok
22:16:45.0031 3576	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:16:45.0140 3576	HDAudBus - ok
22:16:45.0218 3576	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:16:45.0343 3576	HidUsb - ok
22:16:45.0359 3576	hpn - ok
22:16:45.0421 3576	HssDrv          (4f28652ec514fa1ba473bc1a695a5c98) C:\WINDOWS\system32\DRIVERS\HssDrv.sys
22:16:45.0437 3576	HssDrv - ok
22:16:45.0531 3576	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:16:45.0609 3576	HTTP - ok
22:16:45.0734 3576	huawei_enumerator (22a4b14530194fc57c1c849fb5afee17) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
22:16:45.0843 3576	huawei_enumerator - ok
22:16:45.0906 3576	hwdatacard      (3e3bfe85b9fe3720bf4c108f57c945fb) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
22:16:45.0968 3576	hwdatacard - ok
22:16:45.0984 3576	i2omgmt - ok
22:16:46.0000 3576	i2omp - ok
22:16:46.0062 3576	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:16:46.0203 3576	i8042prt - ok
22:16:46.0250 3576	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:16:46.0375 3576	Imapi - ok
22:16:46.0390 3576	ini910u - ok
22:16:46.0843 3576	IntcAzAudAddService (85ab23f3e4ba6696fae8beb9d434edd6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:16:47.0250 3576	IntcAzAudAddService - ok
22:16:47.0359 3576	IntelIde - ok
22:16:47.0437 3576	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:16:47.0546 3576	intelppm - ok
22:16:47.0609 3576	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:16:47.0750 3576	Ip6Fw - ok
22:16:47.0796 3576	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:16:47.0937 3576	IpFilterDriver - ok
22:16:47.0968 3576	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:16:48.0109 3576	IpInIp - ok
22:16:48.0140 3576	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:16:48.0281 3576	IpNat - ok
22:16:48.0328 3576	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:16:48.0453 3576	IPSec - ok
22:16:48.0484 3576	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:16:48.0609 3576	IRENUM - ok
22:16:48.0656 3576	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:16:48.0781 3576	isapnp - ok
22:16:48.0859 3576	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:16:49.0000 3576	Kbdclass - ok
22:16:49.0125 3576	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:16:49.0234 3576	kmixer - ok
22:16:49.0265 3576	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:16:49.0359 3576	KSecDD - ok
22:16:49.0375 3576	lbrtfdc - ok
22:16:49.0453 3576	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:16:49.0578 3576	mnmdd - ok
22:16:49.0640 3576	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
22:16:49.0765 3576	Modem - ok
22:16:49.0875 3576	Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
22:16:50.0078 3576	Monfilt - ok
22:16:50.0171 3576	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:16:50.0312 3576	Mouclass - ok
22:16:50.0421 3576	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:16:50.0562 3576	mouhid - ok
22:16:50.0656 3576	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:16:50.0781 3576	MountMgr - ok
22:16:50.0781 3576	mraid35x - ok
22:16:50.0796 3576	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:16:50.0937 3576	MRxDAV - ok
22:16:51.0000 3576	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:16:51.0125 3576	MRxSmb - ok
22:16:51.0140 3576	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:16:51.0265 3576	Msfs - ok
22:16:51.0328 3576	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:16:51.0453 3576	MSKSSRV - ok
22:16:51.0500 3576	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:16:51.0640 3576	MSPCLOCK - ok
22:16:51.0671 3576	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:16:51.0796 3576	MSPQM - ok
22:16:51.0906 3576	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:16:52.0015 3576	mssmbios - ok
22:16:52.0062 3576	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:16:52.0203 3576	MSTEE - ok
22:16:52.0234 3576	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:16:52.0265 3576	Mup - ok
22:16:52.0390 3576	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:16:52.0531 3576	NABTSFEC - ok
22:16:52.0640 3576	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:16:52.0781 3576	NDIS - ok
22:16:52.0812 3576	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:16:52.0937 3576	NdisIP - ok
22:16:52.0968 3576	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:16:53.0000 3576	NdisTapi - ok
22:16:53.0062 3576	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:16:53.0187 3576	Ndisuio - ok
22:16:53.0203 3576	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:16:53.0328 3576	NdisWan - ok
22:16:53.0375 3576	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:16:53.0421 3576	NDProxy - ok
22:16:53.0437 3576	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:16:53.0562 3576	NetBIOS - ok
22:16:53.0625 3576	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:16:53.0750 3576	NetBT - ok
22:16:53.0843 3576	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:16:53.0968 3576	Npfs - ok
22:16:54.0109 3576	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:16:54.0312 3576	Ntfs - ok
22:16:54.0390 3576	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:16:54.0531 3576	Null - ok
22:16:54.0578 3576	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:16:54.0718 3576	NwlnkFlt - ok
22:16:54.0765 3576	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:16:54.0921 3576	NwlnkFwd - ok
22:16:54.0953 3576	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
22:16:55.0093 3576	Parport - ok
22:16:55.0125 3576	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:16:55.0250 3576	PartMgr - ok
22:16:55.0296 3576	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
22:16:55.0453 3576	ParVdm - ok
22:16:55.0531 3576	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
22:16:55.0656 3576	PCI - ok
22:16:55.0703 3576	PCIDump - ok
22:16:55.0765 3576	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:16:55.0921 3576	PCIIde - ok
22:16:55.0937 3576	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:16:56.0062 3576	Pcmcia - ok
22:16:56.0078 3576	PDCOMP - ok
22:16:56.0093 3576	PDFRAME - ok
22:16:56.0093 3576	PDRELI - ok
22:16:56.0109 3576	PDRFRAME - ok
22:16:56.0125 3576	perc2 - ok
22:16:56.0140 3576	perc2hib - ok
22:16:56.0187 3576	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:16:56.0296 3576	PptpMiniport - ok
22:16:56.0375 3576	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:16:56.0484 3576	PSched - ok
22:16:56.0531 3576	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:16:56.0671 3576	Ptilink - ok
22:16:56.0718 3576	PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:16:56.0734 3576	PxHelp20 - ok
22:16:56.0750 3576	ql1080 - ok
22:16:56.0765 3576	Ql10wnt - ok
22:16:56.0781 3576	ql12160 - ok
22:16:56.0796 3576	ql1240 - ok
22:16:56.0796 3576	ql1280 - ok
22:16:56.0828 3576	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:16:56.0953 3576	RasAcd - ok
22:16:56.0968 3576	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:16:57.0078 3576	Rasl2tp - ok
22:16:57.0093 3576	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:16:57.0218 3576	RasPppoe - ok
22:16:57.0234 3576	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:16:57.0406 3576	Raspti - ok
22:16:57.0468 3576	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:16:57.0609 3576	Rdbss - ok
22:16:57.0656 3576	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:16:57.0796 3576	RDPCDD - ok
22:16:57.0875 3576	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:16:57.0921 3576	RDPWD - ok
22:16:58.0046 3576	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:16:58.0187 3576	redbook - ok
22:16:58.0265 3576	rimmptsk        (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
22:16:58.0296 3576	rimmptsk - ok
22:16:58.0343 3576	rimsptsk        (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
22:16:58.0390 3576	rimsptsk - ok
22:16:58.0437 3576	rismxdp         (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
22:16:58.0484 3576	rismxdp - ok
22:16:58.0593 3576	rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:16:58.0703 3576	rtl8139 - ok
22:16:58.0828 3576	sdbus           (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
22:16:58.0953 3576	sdbus - ok
22:16:59.0015 3576	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:16:59.0156 3576	Secdrv - ok
22:16:59.0218 3576	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
22:16:59.0343 3576	Serial - ok
22:16:59.0390 3576	sffdisk         (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
22:16:59.0531 3576	sffdisk - ok
22:16:59.0562 3576	sffp_sd         (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
22:16:59.0687 3576	sffp_sd - ok
22:16:59.0734 3576	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:16:59.0859 3576	Sfloppy - ok
22:16:59.0906 3576	Simbad - ok
22:17:00.0000 3576	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:17:00.0109 3576	SLIP - ok
22:17:00.0140 3576	Sparrow - ok
22:17:00.0203 3576	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:17:00.0328 3576	splitter - ok
22:17:00.0390 3576	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
22:17:00.0515 3576	sr - ok
22:17:00.0625 3576	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:17:00.0718 3576	Srv - ok
22:17:00.0796 3576	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:17:00.0796 3576	ssmdrv - ok
22:17:00.0843 3576	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:17:00.0984 3576	streamip - ok
22:17:01.0015 3576	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:17:01.0140 3576	swenum - ok
22:17:01.0218 3576	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:17:01.0359 3576	swmidi - ok
22:17:01.0375 3576	symc810 - ok
22:17:01.0390 3576	symc8xx - ok
22:17:01.0406 3576	sym_hi - ok
22:17:01.0406 3576	sym_u3 - ok
22:17:01.0484 3576	SynTP           (91ce9afbbd011ff6b0ae15ee3a62edcc) C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:17:01.0531 3576	SynTP - ok
22:17:01.0578 3576	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:17:01.0718 3576	sysaudio - ok
22:17:01.0750 3576	taphss          (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
22:17:01.0750 3576	taphss - ok
22:17:01.0875 3576	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:17:01.0968 3576	Tcpip - ok
22:17:02.0031 3576	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:17:02.0171 3576	TDPIPE - ok
22:17:02.0203 3576	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:17:02.0328 3576	TDTCP - ok
22:17:02.0390 3576	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:17:02.0500 3576	TermDD - ok
22:17:02.0546 3576	TosIde - ok
22:17:02.0578 3576	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:17:02.0718 3576	Udfs - ok
22:17:02.0765 3576	ultra - ok
22:17:02.0843 3576	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:17:03.0031 3576	Update - ok
22:17:03.0109 3576	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:17:03.0265 3576	usbaudio - ok
22:17:03.0375 3576	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:17:03.0515 3576	usbccgp - ok
22:17:03.0671 3576	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:17:03.0796 3576	usbehci - ok
22:17:03.0859 3576	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:17:03.0968 3576	usbhub - ok
22:17:03.0984 3576	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:17:04.0109 3576	usbohci - ok
22:17:04.0171 3576	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:17:04.0312 3576	usbscan - ok
22:17:04.0359 3576	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:17:04.0484 3576	USBSTOR - ok
22:17:04.0562 3576	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
22:17:04.0718 3576	usbvideo - ok
22:17:04.0828 3576	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:17:04.0937 3576	VgaSave - ok
22:17:04.0968 3576	ViaIde - ok
22:17:04.0984 3576	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
22:17:05.0109 3576	VolSnap - ok
22:17:05.0140 3576	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:17:05.0265 3576	Wanarp - ok
22:17:05.0281 3576	WDC_SAM         (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
22:17:05.0343 3576	WDC_SAM - ok
22:17:05.0421 3576	Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
22:17:05.0437 3576	Wdf01000 - ok
22:17:05.0453 3576	WDICA - ok
22:17:05.0515 3576	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:17:05.0640 3576	wdmaud - ok
22:17:05.0750 3576	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
22:17:05.0812 3576	WpdUsb - ok
22:17:05.0937 3576	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:17:06.0078 3576	WSTCODEC - ok
22:17:06.0156 3576	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:17:06.0218 3576	WudfPf - ok
22:17:06.0250 3576	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:17:06.0296 3576	WudfRd - ok
22:17:06.0359 3576	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
22:17:06.0625 3576	\Device\Harddisk0\DR0 - ok
22:17:06.0625 3576	Boot (0x1200)   (5adf4f77d49c85b94c031ae8ac5894ac) \Device\Harddisk0\DR0\Partition0
22:17:06.0625 3576	\Device\Harddisk0\DR0\Partition0 - ok
22:17:06.0625 3576	============================================================
22:17:06.0625 3576	Scan finished
22:17:06.0625 3576	============================================================
22:17:06.0750 1644	Detected object count: 1
22:17:06.0750 1644	Actual detected object count: 1
22:17:23.0046 1644	DNSeFilter ( UnsignedFile.Multi.Generic ) - skipped by user
22:17:23.0046 1644	DNSeFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Vielen Dank für die Hilfe!!!!

Alt 04.01.2012, 22:23   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GoogleSuche endet immer auf einer 95p.com Seite - Standard

GoogleSuche endet immer auf einer 95p.com Seite



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu GoogleSuche endet immer auf einer 95p.com Seite
95p.com, adobe, aufrufe, avg, avira, dateien, desktop, einstellungen, explorer, explorer.exe, firefox, format, gelöscht, home, icq, internet, kaspersky, logfile, microsoft, mozilla, nicht möglich, scan, seite, seiten, system32, updates, windows, zufällig



Ähnliche Themen: GoogleSuche endet immer auf einer 95p.com Seite


  1. Nachricht beim Öffnen einer Seite auf dem iPhone 5 - Virus?
    Smartphone, Tablet & Handy Security - 07.04.2015 (5)
  2. An meiner Googlesuche wird immer ?trackid=sp-006 angehängt.
    Log-Analyse und Auswertung - 19.03.2015 (22)
  3. Adware, allerdings nur auf einer Seite. (meines Wissens.)
    Plagegeister aller Art und deren Bekämpfung - 08.02.2015 (15)
  4. Verdächtige aktivität nach aufruf einer Spam seite
    Plagegeister aller Art und deren Bekämpfung - 04.09.2014 (1)
  5. Weiterleitung bei erstmaligen besuch einer Seite
    Log-Analyse und Auswertung - 02.08.2013 (10)
  6. Win7 beim hochfahren ist der desktop blockiert mir einer seite, diese seite kann nicht angezeigt werden
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (1)
  7. Weisse seite erscheint nach einer Suchangabe.
    Plagegeister aller Art und deren Bekämpfung - 21.09.2011 (3)
  8. Firefox und IE stürzen ab sobald login auf einer Seite versucht wird
    Plagegeister aller Art und deren Bekämpfung - 02.08.2011 (13)
  9. Mein Rechner braucht unednlich lange zum laden einer Seite e.t.c.
    Log-Analyse und Auswertung - 08.12.2010 (8)
  10. Computer infiziert durch Besuch einer verdächtigen Seite?
    Log-Analyse und Auswertung - 30.09.2010 (4)
  11. svchost.exe versucht eine Verbindung mit einer schädlichen Seite herzustellen
    Plagegeister aller Art und deren Bekämpfung - 20.08.2010 (52)
  12. Bin auf einer komischen Seite gelandet und weiss nicht ob sie gefährlich ist...
    Plagegeister aller Art und deren Bekämpfung - 16.11.2009 (4)
  13. Googlesuche führt nur zu einer Seite: bediddle
    Mülltonne - 18.11.2008 (0)
  14. Problem mit einer Inet Seite
    Plagegeister aller Art und deren Bekämpfung - 23.10.2008 (1)
  15. iexplore.exe beendet sich nach einer bestimmten zeit auf einer seite
    Plagegeister aller Art und deren Bekämpfung - 08.01.2008 (47)
  16. Werbung IN einer Seite
    Mülltonne - 31.03.2007 (1)

Zum Thema GoogleSuche endet immer auf einer 95p.com Seite - Hallo, auch ich habe mir nun wahrscheinlich eine "Rootkit-Infektion" eingefangen. Bemerkt habe ich dies eher zufällig, da ich die Google-Suchergebnisse nicht mehr wie gewohnt aufrufen kann, sondern auf eine "hxxp://95p.com/?search=....." - GoogleSuche endet immer auf einer 95p.com Seite...
Archiv
Du betrachtest: GoogleSuche endet immer auf einer 95p.com Seite auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.