| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verschlüsselungstrojaner unter Windows XPWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.05.2012, 17:43
| #1 |
 |  Verschlüsselungstrojaner unter Windows XP Guten Abend, ebenso wie Hiltrud habe ich mir diesen Trojaner auf meinem Laptop eingefangen. Die Schritte, die in dem folgendem Thema erklärt wurden, habe ich bereits ausgeführt. Leider öffnete mein Laptop auch nur die Datei "OTL.Txt" nach dem Klick auf "Run Scan". Aber ich werde sie als Anhang hinzufügen. Code:
ATTFilter OTL logfile created on: 5/28/2012 5:15:01 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
446.00 Mb Total Physical Memory | 259.00 Mb Available Physical Memory | 58.00% Memory free
366.00 Mb Paging File | 280.00 Mb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 35.70 Gb Total Space | 19.63 Gb Free Space | 54.99% Space Free | Partition Type: FAT32
Drive D: | 35.87 Gb Total Space | 35.73 Gb Free Space | 99.60% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (NPFMntor)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/15 00:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/15 07:45:38 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/10/30 14:31:24 | 001,021,256 | ---- | M] (TuneUp Software) [Auto] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009/10/30 14:27:34 | 000,030,024 | ---- | M] (TuneUp Software) [Auto] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007/08/08 19:27:52 | 000,073,728 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/05/08 17:00:48 | 002,179,072 | ---- | M] (UASSOFT.COM) [Auto] -- C:\Programme\Multimedia Keyboard & Mouse Driver\V5\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2005/11/15 13:02:04 | 000,061,440 | ---- | M] (T-Online International AG, Marmiko IT-Solutions GmbH) [Auto] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)
SRV - [2004/08/16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) [Auto] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2009/10/25 14:43:54 | 000,032,800 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2009/10/25 14:43:52 | 000,093,344 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2009/10/14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/04/13 06:53:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 06:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/01/31 08:41:32 | 000,081,408 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\SSHDRV86.sys -- (SSHDRV86)
DRV - [2005/11/24 12:36:42 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)
DRV - [2005/04/21 13:33:12 | 000,112,384 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2005/03/02 00:09:02 | 000,240,640 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/02/25 19:45:32 | 000,013,312 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand] -- C:\Programme\acer\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/12/21 10:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/05 01:43:58 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2004/10/07 19:51:08 | 001,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/12/05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/18 09:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002/10/02 08:57:12 | 000,013,532 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SjyPkt.sys -- (SjyPkt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Hans-Peter_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Hans-Peter_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Hans-Peter_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Hans-Peter_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=110810&babsrc=HP_ss&mntrId=320d180e000000000000000fb5d0df74
IE - HKU\Hans-Peter_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Hans-Peter_ON_C\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKU\Hans-Peter_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "NCH DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "NCH DE Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/03/19 08:05:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010/02/23 07:03:04 | 000,000,000 | ---D | M]
[2008/07/19 21:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\mozilla\Extensions
[2008/07/19 21:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\mozilla\Extensions\home2@tomtom.com
[2010/02/23 07:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\mozilla\Firefox\Profiles\hvay6vxb.default\extensions
[2012/05/22 04:57:54 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\mozilla\Firefox\Profiles\hvay6vxb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/05/02 05:29:58 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\mozilla\Firefox\Profiles\hvay6vxb.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
[2012/03/20 08:20:16 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\mozilla\Firefox\Profiles\hvay6vxb.default\extensions\ffxtlbr@babylon.com
[2012/03/06 17:29:04 | 000,000,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\hvay6vxb.default\searchplugins\conduit.xml
[2012/03/19 08:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/03/19 08:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012/03/19 08:05:58 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
File not found (No name found) --
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\HANS-PETER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\HVAY6VXB.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012/03/12 16:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012/03/12 17:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/12 17:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/03/12 17:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/12 17:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/12 17:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/12 17:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
[2012/03/20 08:17:48 | 000,002,310 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\Hans-Peter_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Hans-Peter_ON_C\..\Toolbar\ShellBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\Hans-Peter_ON_C\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\Hans-Peter_ON_C\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [KMConfig] File not found
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\Hans-Peter_ON_C..\Run: [320D180E] C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe ()
O4 - HKU\Hans-Peter_ON_C..\Run: [EPSON Stylus S20 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Hans-Peter_ON_C..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe (T-Online International AG, Marmiko IT-Solutions GmbH)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Remote Control.lnk = C:\Programme\Conceptronic Multimedia\CTVDIGUSB2 Device Utilities\RTLRCtl.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TMMonitor.lnk = C:\Programme\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe) - C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe ()
O24 - Desktop Components:0 () - hxxp://www.actionbikes.de/actionbikes/images1/Bashan%20200%20seite1.jpg
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/15 05:47:50 | 000,000,150 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/12/24 20:50:46 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4a0f77aa-5640-11dd-a068-00038a000015}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/05/27 05:49:24 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2012/05/22 05:46:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Pvyflpkjhgc
[2012/05/22 05:45:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/28 03:28:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/28 03:28:48 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Automatische Problemsuche.job
[2012/05/28 03:28:36 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/28 03:28:04 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/27 05:57:12 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/27 05:50:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/22 05:46:04 | 000,048,128 | -H-- | M] () -- C:\WINDOWS\System32\BE4C77A5320D180E0B3C.exe
[2012/05/21 05:17:36 | 000,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/15 07:32:22 | 000,461,330 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/05/15 07:32:22 | 000,443,222 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/15 07:32:22 | 000,086,016 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/05/15 07:32:22 | 000,072,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/15 07:29:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/11 21:50:50 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323
[2012/05/11 21:50:40 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322
[2012/05/11 21:50:32 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321
[2012/05/11 21:50:22 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320
[2012/05/09 08:00:02 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\HPpromotions journeysoftware.job
[2012/05/09 07:18:32 | 000,070,198 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans-Peter\Desktop\Mietvertrag.pdf
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/22 06:14:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325
[2012/05/22 06:14:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324
[2012/05/22 06:14:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323
[2012/05/22 06:14:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322
[2012/05/22 06:14:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321
[2012/05/22 06:14:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320
[2012/05/22 05:46:02 | 000,048,128 | -H-- | C] () -- C:\WINDOWS\System32\BE4C77A5320D180E0B3C.exe
[2012/05/09 07:18:28 | 000,070,198 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Peter\Desktop\Mietvertrag.pdf
[2012/02/15 06:02:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/11/15 06:37:01 | 000,294,974 | R--- | C] () -- C:\WINDOWS\System32\RTL283XACCESS.dll
[2010/11/15 06:36:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/01/09 06:26:35 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/01/09 06:26:35 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/01/09 06:26:35 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/01/09 06:26:35 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/01/09 06:26:35 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/01/09 06:26:35 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/01/09 06:26:35 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/01/09 06:26:35 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/01/09 06:26:35 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/01/09 06:26:35 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/01/09 06:26:35 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/01/09 06:26:35 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/01/09 06:26:35 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/01/09 06:26:35 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/01/09 06:26:35 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/01/09 06:26:35 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/01/09 06:26:35 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/01/09 06:26:34 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/01/09 06:26:34 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/01/09 06:25:21 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CSES20.ini
[2009/04/14 07:45:09 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/04/14 07:41:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\blib.dll
[2009/04/13 07:38:17 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\Hlduinst.exe
[2009/04/13 07:38:17 | 000,006,855 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2009/04/13 07:38:16 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2009/04/13 07:29:04 | 000,594,018 | ---- | C] () -- C:\WINDOWS\ETKEU.EXE
[2009/04/13 07:20:35 | 000,000,107 | ---- | C] () -- C:\WINDOWS\ETKVE.INI
[2009/01/09 01:44:09 | 000,001,055 | ---- | C] () -- C:\WINDOWS\_ISENV31.INI
[2008/09/01 02:02:14 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2008/08/09 05:29:08 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/03/08 02:28:44 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2008/03/08 02:00:06 | 000,000,147 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2007/12/15 07:00:36 | 000,000,284 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\ViewerApp.dat
[2007/12/15 05:44:44 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/09/19 20:19:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/05/29 06:52:52 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2007/02/27 01:52:24 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/12/28 04:27:39 | 000,038,400 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/09 07:04:43 | 000,000,211 | ---- | C] () -- C:\WINDOWS\uno.ini
[2006/12/09 07:04:35 | 000,287,744 | ---- | C] () -- C:\WINDOWS\uno364mi.dll
[2006/12/09 07:04:35 | 000,109,568 | ---- | C] () -- C:\WINDOWS\vos364mi.dll
[2006/12/09 07:04:35 | 000,091,648 | ---- | C] () -- C:\WINDOWS\osl364mi.dll
[2006/10/19 22:57:01 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2006/10/19 22:45:14 | 000,070,408 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2006/10/19 22:45:14 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2006/07/08 00:28:22 | 000,000,143 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/03/07 06:49:20 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\EnumDevLib.dll
[2006/02/24 03:40:01 | 000,001,278 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2006/02/01 08:55:52 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/01/31 08:41:31 | 000,081,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV86.sys
[2006/01/11 18:55:15 | 000,000,196 | ---- | C] () -- C:\WINDOWS\LWRegWiz.ini
[2005/12/21 20:05:13 | 000,000,884 | ---- | C] () -- C:\WINDOWS\wo4_m.ini
[2005/12/21 19:35:50 | 000,002,584 | ---- | C] () -- C:\WINDOWS\WO4_R.INI
[2005/12/21 19:35:38 | 000,004,433 | ---- | C] () -- C:\WINDOWS\WO4.INI
[2005/12/16 13:51:41 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/12/16 06:32:45 | 000,000,692 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2005/03/09 10:30:25 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/03/08 10:51:03 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/03/08 10:31:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/08 10:28:01 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/03/08 10:28:00 | 000,000,321 | ---- | C] () -- C:\WINDOWS\uninstall.ini
[2005/03/08 10:28:00 | 000,000,235 | ---- | C] () -- C:\WINDOWS\FlashSaver.dat
[2005/03/07 23:55:30 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/03/07 23:54:45 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/03/07 23:54:45 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/03/07 23:54:45 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/03/07 23:46:28 | 000,083,997 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/03/07 23:46:25 | 000,032,768 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
[2005/03/07 23:46:15 | 000,201,556 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/03/07 23:41:16 | 000,001,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/03/07 23:36:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2005/03/07 23:36:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2005/03/07 23:36:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2005/03/07 23:34:44 | 000,037,776 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/03/07 23:34:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMOVE.EXE
[2005/03/07 23:33:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/03/07 23:28:54 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/03/07 23:27:45 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/03/07 23:23:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/03/07 23:22:44 | 000,185,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1980/01/01 00:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[1980/01/01 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 00:00:00 | 000,589,824 | ---- | C] () -- C:\WINDOWS\ANTIV.EXE
[1980/01/01 00:00:00 | 000,461,330 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[1980/01/01 00:00:00 | 000,443,222 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 00:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[1980/01/01 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 00:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[1980/01/01 00:00:00 | 000,072,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 00:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[1980/01/01 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1980/01/01 00:00:00 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1980/01/01 00:00:00 | 000,002,790 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[1980/01/01 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[1980/01/01 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1980/01/01 00:00:00 | 000,000,091 | ---- | C] () -- C:\WINDOWS\ALAUNCH.INI
========== LOP Check ==========
[2009/06/03 05:51:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SACore
[2009/12/15 08:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software
[2006/01/23 17:55:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\T-DSL SpeedManager
[2006/12/09 07:05:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\T-Online
[2007/05/05 04:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Zylom
[2007/06/20 06:34:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Opera
[2007/09/19 20:20:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Atari
[2007/12/11 05:53:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\BayWatcher Pro
[2007/12/11 06:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Ashampoo
[2008/03/08 02:16:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Ulead Systems
[2008/03/24 07:58:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\BOM
[2008/03/30 03:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\ICQ Toolbar
[2008/04/11 23:49:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Babylon
[2008/07/19 21:46:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\TomTom
[2008/12/07 03:51:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Friday's games
[2009/03/08 04:13:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Kingston
[2009/04/08 06:10:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Ascentive
[2009/07/21 07:11:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\MSNInstaller
[2009/12/15 07:45:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\TuneUp Software
[2012/05/22 05:46:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Pvyflpkjhgc
[2006/01/23 18:00:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager
[2007/02/27 21:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2007/05/05 04:33:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2007/05/30 07:53:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData
[2007/12/11 05:58:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ebay
[2007/12/11 05:58:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2008/03/08 01:56:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2008/04/11 23:49:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2008/07/19 21:48:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2008/12/07 03:51:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009/04/08 06:11:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ascentive
[2009/12/15 07:44:02 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2009/12/15 07:44:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010/01/09 06:25:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2010/01/09 06:29:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2012/03/20 08:02:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz
[2012/05/28 03:28:48 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\Automatische Problemsuche.job
========== Purity Check ==========
< End of report >
Vielen Dank schon einmal im voraus. Viele Grüße Benjamin S. |
|
30.05.2012, 14:06
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Verschlüsselungstrojaner unter Windows XP Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?
__________________Abgesicherter Modus zur Bereinigung
__________________ |
|
30.05.2012, 14:31
| #3 |
| | Verschlüsselungstrojaner unter Windows XP Nein, funktioniert leider auch nicht mehr.
__________________Nachdem ich das ausgewählt und mit Enter bestätigt habe, schaltet er sich aus und startet neu. |
|
30.05.2012, 14:50
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner unter Windows XP Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKU\Hans-Peter_ON_C..\Run: [320D180E] C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe) - C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe ()
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/15 05:47:50 | 000,000,150 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/12/24 20:50:46 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4a0f77aa-5640-11dd-a068-00038a000015}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
[2012/05/27 05:49:24 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2012/05/22 05:46:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Pvyflpkjhgc
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.05.2012, 16:01
| #5 |
| | Verschlüsselungstrojaner unter Windows XP Durchgeführt. Die Datei mit dem Namen "05302012_044646" (nach dem Neustart automatisch geöffnet worden) enthält folgenden Text: Code:
ATTFilter ========== OTL ==========
Registry value HKEY_USERS\Hans-Peter_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\320D180E deleted successfully.
C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegedit deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_USERS\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegedit deleted successfully.
Registry value HKEY_USERS\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe deleted successfully.
File C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
D:\AUTORUN.INF moved successfully.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a0f77aa-5640-11dd-a068-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a0f77aa-5640-11dd-a068-00038a000015}\ not found.
File F:\InstallTomTomHOME.exe not found.
C:\FOUND.001 folder moved successfully.
C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Pvyflpkjhgc folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: All Users
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34706 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 17276966 bytes
User: Hans-Peter
->Temp folder emptied: 72673112 bytes
->Temporary Internet Files folder emptied: 11169492 bytes
->FireFox cache emptied: 315003821 bytes
->Flash cache emptied: 41661 bytes
User: Besitzer
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 927204 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 59005489 bytes
Total Files Cleaned = 454.00 mb
[EMPTYFLASH]
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Hans-Peter
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Besitzer
Total Flash Files Cleaned = 0.00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTLPE by OldTimer - Version 3.1.48.0 log created on 05302012_044646
Files\Folders moved on Reboot...
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
File\Folder C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Temp\TEMPOR~1.SH!\Content.SH!\ODO8NPKN.SH!\&special=rectangle&adsize=310x120¶ms[1].styles=hp_promobox_html%2Chp_promobox_img&pageview=ng_outer&pageview=vi_first_time&tile=17202187384382628012345678910a not found!
File\Folder C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Temp\TEMPOR~1.SH!\Content.SH!\ODO8NPKN.SH!\AKWS2FXCAQGIK4PCAXD2DGTCAYXE6SLCAUD2NSVCA5LF1D8CA5JGY3KCA5NO9YSCAB0G8MFCA11H7WJCAXIII98CA8ALBA9CAMNKVOGCAVSK2RACAWVYYHGCALM1LC8CAGJTB23CA4DBLZKCAXXZIW0[1].jpg not found!
File\Folder C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Temp\TEMPOR~1.SH!\Content.SH!\ODO8NPKN.SH!\NCAGA32WICAQ7FOU3CAJ0LIMGCAO3UU32CA600YKTCA9O85BWCAHT3PHQCARWFGEOCAI8VGOICAIGS3C0CAM1QK06CAOZNLT8CA3TXBOGCAC42AOWCAB69ZN9CANW1UNPCA0GTINRCA74UW71CASF0HAQ[1].jpg not found!
File\Folder C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Temp\TEMPOR~1.SH!\Content.SH!\3PWDSK31.SH!\NCAGA32WICAQ7FOU3CAJ0LIMGCAO3UU32CA600YKTCA9O85BWCAHT3PHQCARWFGEOCAI8VGOICAIGS3C0CAM1QK06CAOZNLT8CA3TXBOGCAC42AOWCAB69ZN9CANW1UNPCA0GTINRCA74UW71CASF0HAQ[1].jpg not found!
File\Folder C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Temp\TEMPOR~1.SH!\Content.SH!\HTP8EAVA.SH!\section=homepage&site=freemail&special=rectangle&category=homepage&adsize=300x250&adsize=310x170&pageview=loggedin&pageview=no_tprof&pg=m&pa=39&pp=D__95671&Params[1].htm not found!
File\Folder C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Temp\TEMPOR~1.SH!\Content.SH!\HTP8EAVA.SH!\section=content&site=freemail&category=content&special=top&adsize=468x60&content=webde&pageview=ng_outer&adsize=728x90&pageview=loggedin&pageview=no_tprof&pg=m&pa=39&pp=[1] not found!
Registry entries deleted on Reboot...
|
|
30.05.2012, 16:02
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner unter Windows XP Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> Verschlüsselungstrojaner unter Windows XP |
|
30.05.2012, 16:28
| #7 |
| | Verschlüsselungstrojaner unter Windows XP Nachdem ich den Scan gestartet habe und wenige Minuten gewartet habe, zeigt er mir eine Liste gefundener Objekte auf:  Nach langem suchen habe selbst ich den Button "Report" gefunden.  Ich wusste nicht, was ich bei Aktion auswählen sollte, deswegen habe ich alles bei der Standard-Einstellung gelassen. Report von TDSSKiller: Code:
ATTFilter 06:16:55.0781 3908 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
06:16:56.0046 3908 ============================================================
06:16:56.0046 3908 Current date / time: 2012/05/30 06:16:56.0046
06:16:56.0046 3908 SystemInfo:
06:16:56.0046 3908
06:16:56.0078 3908 OS Version: 5.1.2600 ServicePack: 3.0
06:16:56.0078 3908 Product type: Workstation
06:16:56.0078 3908 ComputerName: ACER-9C5CBFE9EE
06:16:56.0078 3908 UserName: Hans-Peter
06:16:56.0078 3908 Windows directory: C:\WINDOWS
06:16:56.0078 3908 System windows directory: C:\WINDOWS
06:16:56.0078 3908 Processor architecture: Intel x86
06:16:56.0078 3908 Number of processors: 1
06:16:56.0078 3908 Page size: 0x1000
06:16:56.0078 3908 Boot type: Normal boot
06:16:56.0078 3908 ============================================================
06:16:58.0828 3908 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
06:16:58.0843 3908 Drive \Device\Harddisk1\DR4 - Size: 0x7840FE00 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
06:16:58.0843 3908 ============================================================
06:16:58.0843 3908 \Device\Harddisk0\DR0:
06:16:58.0843 3908 MBR partitions:
06:16:58.0843 3908 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x5DE2BF, BlocksNum 0x476CEB6
06:16:58.0906 3908 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x4D4B1B4, BlocksNum 0x47C330D
06:16:58.0906 3908 \Device\Harddisk1\DR4:
06:16:58.0906 3908 MBR partitions:
06:16:58.0906 3908 \Device\Harddisk1\DR4\Partition0: MBR, Type 0x6, StartLBA 0x81, BlocksNum 0x3B9D3F
06:16:58.0906 3908 ============================================================
06:16:58.0937 3908 C: <-> \Device\Harddisk0\DR0\Partition0
06:16:58.0937 3908 D: <-> \Device\Harddisk0\DR0\Partition1
06:16:58.0937 3908 ============================================================
06:16:58.0937 3908 Initialize success
06:16:58.0937 3908 ============================================================
06:17:38.0953 2148 ============================================================
06:17:38.0953 2148 Scan started
06:17:38.0953 2148 Mode: Manual; SigCheck; TDLFS;
06:17:38.0953 2148 ============================================================
06:17:41.0000 2148 Abiosdsk - ok
06:17:41.0046 2148 abp480n5 - ok
06:17:41.0312 2148 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
06:17:41.0796 2148 ACDaemon - ok
06:17:41.0937 2148 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:17:49.0234 2148 ACPI - ok
06:17:49.0281 2148 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
06:17:49.0671 2148 ACPIEC - ok
06:17:49.0687 2148 adpu160m - ok
06:17:49.0781 2148 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:17:50.0156 2148 aec - ok
06:17:50.0187 2148 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
06:17:50.0218 2148 Afc - ok
06:17:50.0281 2148 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
06:17:50.0515 2148 AFD - ok
06:17:50.0937 2148 AgereSoftModem (ceffa3db1657293322e0bdea7d99e754) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
06:17:51.0187 2148 AgereSoftModem - ok
06:17:51.0187 2148 Aha154x - ok
06:17:51.0234 2148 aic78u2 - ok
06:17:51.0265 2148 aic78xx - ok
06:17:51.0281 2148 ALCXWDM - ok
06:17:51.0375 2148 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
06:17:51.0718 2148 Alerter - ok
06:17:51.0750 2148 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
06:17:51.0953 2148 ALG - ok
06:17:51.0968 2148 AliIde - ok
06:17:52.0078 2148 AmdK8 (9ba1213aab7ff12af30ae9df2e0b4701) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
06:17:52.0156 2148 AmdK8 - ok
06:17:52.0187 2148 amsint - ok
06:17:52.0203 2148 anbmService - ok
06:17:52.0343 2148 AppMgmt - ok
06:17:52.0359 2148 asc - ok
06:17:52.0375 2148 asc3350p - ok
06:17:52.0406 2148 asc3550 - ok
06:17:52.0578 2148 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
06:17:52.0593 2148 aspnet_state - ok
06:17:52.0625 2148 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:17:52.0906 2148 AsyncMac - ok
06:17:53.0000 2148 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:17:53.0250 2148 atapi - ok
06:17:53.0265 2148 Atdisk - ok
06:17:53.0328 2148 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:17:53.0531 2148 Atmarpc - ok
06:17:53.0703 2148 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
06:17:53.0953 2148 AudioSrv - ok
06:17:53.0968 2148 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:17:54.0265 2148 audstub - ok
06:17:54.0453 2148 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
06:17:54.0625 2148 BCM43XX - ok
06:17:54.0671 2148 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:17:55.0015 2148 Beep - ok
06:17:55.0281 2148 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
06:17:55.0593 2148 BITS - ok
06:17:55.0687 2148 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
06:17:55.0968 2148 Bridge - ok
06:17:55.0984 2148 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
06:17:56.0171 2148 BridgeMP - ok
06:17:56.0234 2148 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
06:17:56.0500 2148 Browser - ok
06:17:56.0562 2148 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:17:56.0796 2148 cbidf2k - ok
06:17:56.0812 2148 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
06:17:57.0078 2148 CCDECODE - ok
06:17:57.0125 2148 cd20xrnt - ok
06:17:57.0171 2148 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:17:57.0453 2148 Cdaudio - ok
06:17:57.0593 2148 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:17:57.0875 2148 Cdfs - ok
06:17:57.0968 2148 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
06:17:57.0984 2148 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
06:17:57.0984 2148 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
06:17:58.0031 2148 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:17:58.0343 2148 Cdrom - ok
06:17:58.0343 2148 Changer - ok
06:17:58.0453 2148 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
06:17:58.0781 2148 CiSvc - ok
06:17:59.0031 2148 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
06:17:59.0203 2148 ClipSrv - ok
06:17:59.0281 2148 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:17:59.0296 2148 clr_optimization_v2.0.50727_32 - ok
06:17:59.0343 2148 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
06:17:59.0515 2148 CmBatt - ok
06:17:59.0531 2148 CmdIde - ok
06:17:59.0578 2148 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
06:17:59.0734 2148 Compbatt - ok
06:17:59.0781 2148 COMSysApp - ok
06:17:59.0812 2148 Cpqarray - ok
06:17:59.0906 2148 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
06:18:00.0062 2148 CryptSvc - ok
06:18:00.0078 2148 dac2w2k - ok
06:18:00.0093 2148 dac960nt - ok
06:18:00.0312 2148 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
06:18:00.0578 2148 DcomLaunch - ok
06:18:00.0640 2148 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
06:18:00.0984 2148 Dhcp - ok
06:18:01.0000 2148 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:18:01.0796 2148 Disk - ok
06:18:01.0859 2148 dmadmin - ok
06:18:02.0234 2148 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
06:18:02.0687 2148 dmboot - ok
06:18:02.0734 2148 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
06:18:03.0140 2148 dmio - ok
06:18:03.0187 2148 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:18:03.0515 2148 dmload - ok
06:18:03.0578 2148 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
06:18:03.0890 2148 dmserver - ok
06:18:03.0921 2148 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:18:04.0281 2148 DMusic - ok
06:18:04.0328 2148 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
06:18:04.0609 2148 Dnscache - ok
06:18:04.0828 2148 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
06:18:05.0109 2148 Dot3svc - ok
06:18:05.0109 2148 dpti2o - ok
06:18:05.0187 2148 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:18:05.0468 2148 drmkaud - ok
06:18:05.0531 2148 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
06:18:05.0875 2148 EapHost - ok
06:18:05.0890 2148 EAPPkt (efacd8d57a42a93e244a0dbd357e8cb8) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
06:18:06.0046 2148 EAPPkt ( UnsignedFile.Multi.Generic ) - warning
06:18:06.0046 2148 EAPPkt - detected UnsignedFile.Multi.Generic (1)
06:18:06.0109 2148 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
06:18:06.0359 2148 ERSvc - ok
06:18:06.0546 2148 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
06:18:06.0750 2148 Eventlog - ok
06:18:06.0921 2148 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
06:18:07.0093 2148 EventSystem - ok
06:18:07.0203 2148 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:18:07.0546 2148 Fastfat - ok
06:18:07.0593 2148 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:18:07.0781 2148 FastUserSwitchingCompatibility - ok
06:18:07.0937 2148 Fax (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe
06:18:08.0265 2148 Fax - ok
06:18:08.0312 2148 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
06:18:08.0562 2148 Fdc - ok
06:18:08.0609 2148 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
06:18:08.0953 2148 Fips - ok
06:18:08.0953 2148 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
06:18:09.0250 2148 Flpydisk - ok
06:18:09.0328 2148 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
06:18:09.0562 2148 FltMgr - ok
06:18:09.0781 2148 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
06:18:09.0812 2148 FontCache3.0.0.0 - ok
06:18:09.0828 2148 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:18:10.0109 2148 Fs_Rec - ok
06:18:10.0171 2148 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:18:10.0515 2148 Ftdisk - ok
06:18:10.0562 2148 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
06:18:10.0875 2148 gagp30kx - ok
06:18:10.0921 2148 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:18:11.0265 2148 Gpc - ok
06:18:11.0421 2148 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
06:18:11.0437 2148 gupdate - ok
06:18:11.0468 2148 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
06:18:11.0468 2148 gupdatem - ok
06:18:11.0546 2148 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
06:18:11.0562 2148 gusvc - ok
06:18:11.0625 2148 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
06:18:11.0890 2148 helpsvc - ok
06:18:12.0031 2148 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
06:18:12.0359 2148 HidServ - ok
06:18:12.0390 2148 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:18:12.0703 2148 HidUsb - ok
06:18:12.0781 2148 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
06:18:12.0937 2148 hkmsvc - ok
06:18:12.0968 2148 hpn - ok
06:18:13.0218 2148 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
06:18:13.0609 2148 HPZid412 - ok
06:18:13.0625 2148 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
06:18:13.0859 2148 HPZipr12 - ok
06:18:13.0890 2148 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
06:18:13.0953 2148 HPZius12 - ok
06:18:14.0015 2148 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:18:14.0046 2148 HTTP - ok
06:18:14.0109 2148 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
06:18:14.0281 2148 HTTPFilter - ok
06:18:14.0296 2148 i2omgmt - ok
06:18:14.0312 2148 i2omp - ok
06:18:14.0406 2148 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:18:14.0562 2148 i8042prt - ok
06:18:14.0671 2148 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:18:14.0750 2148 idsvc - ok
06:18:14.0796 2148 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:18:14.0984 2148 Imapi - ok
06:18:15.0234 2148 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
06:18:15.0484 2148 ImapiService - ok
06:18:15.0500 2148 ini910u - ok
06:18:15.0734 2148 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Programme\acer\eRecovery\int15.sys
06:18:15.0812 2148 int15.sys ( UnsignedFile.Multi.Generic ) - warning
06:18:15.0812 2148 int15.sys - detected UnsignedFile.Multi.Generic (1)
06:18:15.0828 2148 IntelIde - ok
06:18:15.0890 2148 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
06:18:16.0093 2148 Ip6Fw - ok
06:18:16.0171 2148 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:18:16.0390 2148 IpFilterDriver - ok
06:18:16.0468 2148 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:18:16.0656 2148 IpInIp - ok
06:18:16.0718 2148 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:18:16.0937 2148 IpNat - ok
06:18:16.0968 2148 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:18:17.0234 2148 IPSec - ok
06:18:17.0312 2148 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:18:17.0500 2148 IRENUM - ok
06:18:17.0765 2148 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:18:17.0953 2148 isapnp - ok
06:18:18.0000 2148 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:18:18.0156 2148 Kbdclass - ok
06:18:18.0187 2148 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:18:18.0375 2148 kbdhid - ok
06:18:18.0453 2148 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:18:18.0703 2148 kmixer - ok
06:18:19.0750 2148 KMWDSERVICE (257cab50360a7d21ea237f2d8eee8478) C:\Programme\Multimedia Keyboard & Mouse Driver\V5\KMWDSrv.exe
06:18:20.0000 2148 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - warning
06:18:20.0000 2148 KMWDSERVICE - detected UnsignedFile.Multi.Generic (1)
06:18:20.0484 2148 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:18:20.0765 2148 KSecDD - ok
06:18:20.0953 2148 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
06:18:21.0062 2148 lanmanserver - ok
06:18:21.0531 2148 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
06:18:21.0578 2148 lanmanworkstation - ok
06:18:21.0593 2148 lbrtfdc - ok
06:18:21.0671 2148 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
06:18:21.0828 2148 LmHosts - ok
06:18:21.0921 2148 MACNDIS5 (20098f89e7638892ec22a69af5287844) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
06:18:22.0031 2148 MACNDIS5 ( UnsignedFile.Multi.Generic ) - warning
06:18:22.0031 2148 MACNDIS5 - detected UnsignedFile.Multi.Generic (1)
06:18:22.0500 2148 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
06:18:22.0515 2148 McComponentHostService - ok
06:18:22.0578 2148 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
06:18:22.0750 2148 Messenger - ok
06:18:22.0781 2148 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:18:23.0031 2148 mnmdd - ok
06:18:23.0078 2148 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
06:18:23.0312 2148 mnmsrvc - ok
06:18:23.0468 2148 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
06:18:23.0625 2148 Modem - ok
06:18:23.0656 2148 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:18:23.0843 2148 Mouclass - ok
06:18:23.0875 2148 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:18:24.0140 2148 mouhid - ok
06:18:24.0171 2148 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:18:24.0406 2148 MountMgr - ok
06:18:24.0484 2148 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
06:18:24.0671 2148 MPE - ok
06:18:24.0687 2148 mraid35x - ok
06:18:24.0765 2148 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:18:24.0968 2148 MRxDAV - ok
06:18:25.0109 2148 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:18:25.0250 2148 MRxSmb - ok
06:18:25.0406 2148 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
06:18:25.0734 2148 MSDTC - ok
06:18:25.0796 2148 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:18:25.0984 2148 Msfs - ok
06:18:26.0031 2148 MSIServer - ok
06:18:26.0078 2148 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:18:26.0265 2148 MSKSSRV - ok
06:18:26.0296 2148 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:18:26.0468 2148 MSPCLOCK - ok
06:18:26.0484 2148 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:18:26.0640 2148 MSPQM - ok
06:18:26.0734 2148 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:18:26.0921 2148 mssmbios - ok
06:18:26.0937 2148 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
06:18:27.0078 2148 MSTEE - ok
06:18:27.0109 2148 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:18:27.0156 2148 Mup - ok
06:18:27.0203 2148 MZCCntrl (1c36625bb3ab79e1ad11e808033a80f5) C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
06:18:27.0218 2148 MZCCntrl ( UnsignedFile.Multi.Generic ) - warning
06:18:27.0218 2148 MZCCntrl - detected UnsignedFile.Multi.Generic (1)
06:18:27.0250 2148 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
06:18:27.0406 2148 NABTSFEC - ok
06:18:27.0562 2148 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
06:18:27.0734 2148 napagent - ok
06:18:27.0859 2148 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:18:28.0078 2148 NDIS - ok
06:18:28.0109 2148 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
06:18:28.0281 2148 NdisIP - ok
06:18:28.0296 2148 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:18:28.0453 2148 NdisTapi - ok
06:18:28.0515 2148 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:18:28.0671 2148 Ndisuio - ok
06:18:28.0734 2148 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:18:28.0937 2148 NdisWan - ok
06:18:29.0046 2148 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:18:29.0093 2148 NDProxy - ok
06:18:29.0140 2148 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:18:29.0328 2148 NetBIOS - ok
06:18:29.0437 2148 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:18:29.0609 2148 NetBT - ok
06:18:29.0812 2148 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
06:18:29.0984 2148 NetDDE - ok
06:18:30.0000 2148 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
06:18:30.0140 2148 NetDDEdsdm - ok
06:18:30.0234 2148 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:18:30.0390 2148 Netlogon - ok
06:18:30.0468 2148 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
06:18:30.0625 2148 Netman - ok
06:18:30.0796 2148 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:18:30.0812 2148 NetTcpPortSharing - ok
06:18:30.0875 2148 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
06:18:30.0921 2148 Nla - ok
06:18:30.0968 2148 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
06:18:31.0109 2148 nm - ok
06:18:31.0171 2148 NPFMntor - ok
06:18:31.0218 2148 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:18:31.0343 2148 Npfs - ok
06:18:31.0406 2148 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:18:31.0593 2148 Ntfs - ok
06:18:31.0625 2148 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
06:18:31.0625 2148 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
06:18:31.0625 2148 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
06:18:31.0656 2148 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:18:31.0796 2148 NtLmSsp - ok
06:18:31.0921 2148 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
06:18:32.0125 2148 NtmsSvc - ok
06:18:32.0156 2148 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:18:32.0343 2148 Null - ok
06:18:32.0390 2148 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:18:32.0578 2148 NwlnkFlt - ok
06:18:32.0593 2148 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:18:32.0796 2148 NwlnkFwd - ok
06:18:32.0828 2148 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
06:18:32.0984 2148 Parport - ok
06:18:33.0031 2148 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:18:33.0187 2148 PartMgr - ok
06:18:33.0234 2148 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
06:18:33.0421 2148 ParVdm - ok
06:18:33.0453 2148 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
06:18:33.0609 2148 PCI - ok
06:18:33.0625 2148 PCIDump - ok
06:18:33.0640 2148 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:18:33.0828 2148 PCIIde - ok
06:18:33.0859 2148 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
06:18:34.0031 2148 Pcmcia - ok
06:18:34.0046 2148 PDCOMP - ok
06:18:34.0062 2148 PDFRAME - ok
06:18:34.0093 2148 PDRELI - ok
06:18:34.0109 2148 PDRFRAME - ok
06:18:34.0125 2148 perc2 - ok
06:18:34.0156 2148 perc2hib - ok
06:18:34.0218 2148 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
06:18:34.0218 2148 pfc ( UnsignedFile.Multi.Generic ) - warning
06:18:34.0218 2148 pfc - detected UnsignedFile.Multi.Generic (1)
06:18:34.0296 2148 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
06:18:34.0359 2148 PlugPlay - ok
06:18:34.0437 2148 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
06:18:34.0437 2148 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
06:18:34.0437 2148 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
06:18:34.0500 2148 Point32 (5c71f7cdd1b4ba5f00b87ca05e414aea) C:\WINDOWS\system32\DRIVERS\point32.sys
06:18:34.0500 2148 Point32 ( UnsignedFile.Multi.Generic ) - warning
06:18:34.0500 2148 Point32 - detected UnsignedFile.Multi.Generic (1)
06:18:34.0531 2148 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:18:34.0671 2148 PolicyAgent - ok
06:18:34.0703 2148 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:18:35.0265 2148 PptpMiniport - ok
06:18:35.0296 2148 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:18:35.0437 2148 ProtectedStorage - ok
06:18:35.0468 2148 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:18:35.0640 2148 PSched - ok
06:18:35.0671 2148 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:18:35.0843 2148 Ptilink - ok
06:18:35.0875 2148 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
06:18:35.0890 2148 PxHelp20 - ok
06:18:35.0906 2148 ql1080 - ok
06:18:35.0921 2148 Ql10wnt - ok
06:18:35.0953 2148 ql12160 - ok
06:18:35.0984 2148 ql1240 - ok
06:18:36.0015 2148 ql1280 - ok
06:18:36.0062 2148 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:18:36.0281 2148 RasAcd - ok
06:18:36.0343 2148 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
06:18:36.0500 2148 RasAuto - ok
06:18:36.0515 2148 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:18:36.0718 2148 Rasl2tp - ok
06:18:36.0781 2148 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
06:18:36.0937 2148 RasMan - ok
06:18:36.0953 2148 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:18:37.0109 2148 RasPppoe - ok
06:18:37.0125 2148 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:18:37.0312 2148 Raspti - ok
06:18:37.0375 2148 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:18:37.0515 2148 Rdbss - ok
06:18:37.0531 2148 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:18:37.0718 2148 RDPCDD - ok
06:18:37.0781 2148 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
06:18:37.0812 2148 RDPWD - ok
06:18:37.0859 2148 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
06:18:38.0000 2148 RDSessMgr - ok
06:18:38.0046 2148 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:18:38.0203 2148 redbook - ok
06:18:38.0265 2148 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
06:18:38.0406 2148 RemoteAccess - ok
06:18:38.0437 2148 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
06:18:38.0593 2148 RpcLocator - ok
06:18:38.0687 2148 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
06:18:38.0734 2148 RpcSs - ok
06:18:38.0796 2148 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
06:18:38.0984 2148 RSVP - ok
06:18:39.0046 2148 RTL2832UBDA (9f9acc7e0c86d7f2e29fcb6f949173e1) C:\WINDOWS\system32\drivers\RTL2832UBDA.sys
06:18:39.0062 2148 RTL2832UBDA - ok
06:18:39.0093 2148 RTL2832UUSB (ad5774a01bd623b4e2ef42b82b13a3f0) C:\WINDOWS\system32\Drivers\RTL2832UUSB.sys
06:18:39.0109 2148 RTL2832UUSB - ok
06:18:39.0140 2148 RTLWUSB (f564f1c5813b47a86903d42cd778311c) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
06:18:39.0171 2148 RTLWUSB ( UnsignedFile.Multi.Generic ) - warning
06:18:39.0171 2148 RTLWUSB - detected UnsignedFile.Multi.Generic (1)
06:18:39.0234 2148 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:18:39.0359 2148 SamSs - ok
06:18:39.0406 2148 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
06:18:39.0578 2148 SCardSvr - ok
06:18:39.0640 2148 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
06:18:39.0781 2148 Schedule - ok
06:18:39.0843 2148 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:18:39.0984 2148 Secdrv - ok
06:18:40.0062 2148 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
06:18:40.0234 2148 seclogon - ok
06:18:40.0281 2148 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
06:18:40.0453 2148 SENS - ok
06:18:40.0500 2148 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
06:18:40.0656 2148 Serial - ok
06:18:40.0703 2148 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:18:40.0859 2148 Sfloppy - ok
06:18:40.0953 2148 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
06:18:41.0281 2148 SharedAccess - ok
06:18:41.0343 2148 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:18:41.0359 2148 ShellHWDetection - ok
06:18:41.0375 2148 Simbad - ok
06:18:41.0421 2148 SiS315 (8b3cdb4b1453b3a2e6e7300aabe50d0e) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
06:18:41.0500 2148 SiS315 - ok
06:18:41.0531 2148 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
06:18:41.0562 2148 SISAGP - ok
06:18:41.0593 2148 SiSkp (87a5176a3762b1341619ce63152c1da9) C:\WINDOWS\system32\DRIVERS\srvkp.sys
06:18:41.0625 2148 SiSkp - ok
06:18:41.0671 2148 SISNICXP (47f39481bc8941e0d51601a85691448d) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
06:18:41.0734 2148 SISNICXP - ok
06:18:41.0796 2148 SjyPkt (3d7ef286e806f9bd9339aa52e28dcd67) C:\WINDOWS\System32\Drivers\SjyPkt.sys
06:18:41.0828 2148 SjyPkt ( UnsignedFile.Multi.Generic ) - warning
06:18:41.0828 2148 SjyPkt - detected UnsignedFile.Multi.Generic (1)
06:18:41.0875 2148 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
06:18:42.0031 2148 SLIP - ok
06:18:42.0093 2148 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
06:18:42.0109 2148 sonypvs1 ( UnsignedFile.Multi.Generic ) - warning
06:18:42.0109 2148 sonypvs1 - detected UnsignedFile.Multi.Generic (1)
06:18:42.0125 2148 Sparrow - ok
06:18:42.0156 2148 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:18:42.0312 2148 splitter - ok
06:18:42.0359 2148 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
06:18:42.0390 2148 Spooler - ok
06:18:42.0421 2148 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
06:18:42.0578 2148 sr - ok
06:18:42.0640 2148 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
06:18:42.0812 2148 srservice - ok
06:18:42.0875 2148 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:18:42.0968 2148 Srv - ok
06:18:43.0031 2148 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
06:18:43.0171 2148 SSDPSRV - ok
06:18:43.0250 2148 SSHDRV86 (b9e31f2a3640403b0ea3a867bb73b9f4) C:\WINDOWS\system32\drivers\SSHDRV86.sys
06:18:43.0265 2148 SSHDRV86 ( UnsignedFile.Multi.Generic ) - warning
06:18:43.0265 2148 SSHDRV86 - detected UnsignedFile.Multi.Generic (1)
06:18:43.0343 2148 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
06:18:43.0578 2148 stisvc - ok
06:18:43.0593 2148 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
06:18:43.0734 2148 streamip - ok
06:18:43.0765 2148 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:18:43.0937 2148 swenum - ok
06:18:43.0968 2148 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:18:44.0156 2148 swmidi - ok
06:18:44.0234 2148 SwPrv - ok
06:18:44.0265 2148 symc810 - ok
06:18:44.0281 2148 symc8xx - ok
06:18:44.0312 2148 sym_hi - ok
06:18:44.0328 2148 sym_u3 - ok
06:18:44.0390 2148 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
06:18:44.0437 2148 SynTP - ok
06:18:44.0468 2148 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:18:44.0609 2148 sysaudio - ok
06:18:44.0687 2148 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
06:18:44.0859 2148 SysmonLog - ok
06:18:44.0937 2148 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
06:18:45.0109 2148 TapiSrv - ok
06:18:45.0156 2148 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:18:45.0187 2148 Tcpip - ok
06:18:45.0265 2148 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:18:45.0421 2148 TDPIPE - ok
06:18:45.0453 2148 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:18:45.0578 2148 TDTCP - ok
06:18:45.0625 2148 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:18:45.0765 2148 TermDD - ok
06:18:45.0843 2148 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
06:18:46.0031 2148 TermService - ok
06:18:46.0093 2148 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:18:46.0125 2148 Themes - ok
06:18:46.0140 2148 TosIde - ok
06:18:46.0203 2148 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
06:18:46.0343 2148 TrkWks - ok
06:18:46.0484 2148 TuneUp.Defrag (5d1ccc2692851213065bd23701ab27f4) C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
06:18:46.0531 2148 TuneUp.Defrag - ok
06:18:46.0875 2148 TuneUp.UtilitiesSvc (6358390595647e745d7cbb00bdf44c6d) C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
06:18:46.0937 2148 TuneUp.UtilitiesSvc - ok
06:18:47.0015 2148 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
06:18:47.0015 2148 TuneUpUtilitiesDrv - ok
06:18:47.0062 2148 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
06:18:47.0109 2148 UBHelper ( UnsignedFile.Multi.Generic ) - warning
06:18:47.0109 2148 UBHelper - detected UnsignedFile.Multi.Generic (1)
06:18:47.0218 2148 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:18:47.0375 2148 Udfs - ok
06:18:47.0390 2148 ultra - ok
06:18:47.0453 2148 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
06:18:47.0515 2148 UMWdf - ok
06:18:47.0609 2148 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:18:47.0812 2148 Update - ok
06:18:47.0921 2148 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
06:18:48.0093 2148 upnphost - ok
06:18:48.0156 2148 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
06:18:48.0296 2148 UPS - ok
06:18:48.0359 2148 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
06:18:48.0500 2148 usbaudio - ok
06:18:48.0562 2148 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:18:48.0750 2148 usbccgp - ok
06:18:48.0781 2148 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:18:48.0937 2148 usbehci - ok
06:18:48.0984 2148 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:18:49.0125 2148 usbhub - ok
06:18:49.0156 2148 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
06:18:49.0296 2148 usbohci - ok
06:18:49.0343 2148 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:18:49.0500 2148 usbprint - ok
06:18:49.0515 2148 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:18:49.0656 2148 usbscan - ok
06:18:49.0687 2148 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:18:49.0843 2148 USBSTOR - ok
06:18:49.0906 2148 UxTuneUp (69d0e8ca1a30335029b3c5609ecdb654) C:\WINDOWS\System32\uxtuneup.dll
06:18:49.0921 2148 UxTuneUp - ok
06:18:49.0953 2148 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:18:50.0078 2148 VgaSave - ok
06:18:50.0093 2148 ViaIde - ok
06:18:50.0125 2148 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
06:18:50.0281 2148 VolSnap - ok
06:18:50.0375 2148 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
06:18:50.0546 2148 VSS - ok
06:18:50.0593 2148 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
06:18:50.0781 2148 W32Time - ok
06:18:50.0828 2148 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:18:50.0984 2148 Wanarp - ok
06:18:51.0031 2148 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
06:18:51.0093 2148 wanatw - ok
06:18:51.0109 2148 WDICA - ok
06:18:51.0156 2148 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:18:51.0312 2148 wdmaud - ok
06:18:51.0421 2148 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
06:18:51.0625 2148 WebClient - ok
06:18:51.0671 2148 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
06:18:51.0890 2148 winmgmt - ok
06:18:52.0000 2148 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
06:18:52.0062 2148 WmdmPmSN - ok
06:18:52.0125 2148 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
06:18:52.0281 2148 WmiApSrv - ok
06:18:52.0328 2148 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
06:18:52.0359 2148 WpdUsb - ok
06:18:52.0421 2148 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
06:18:52.0578 2148 wscsvc - ok
06:18:52.0609 2148 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
06:18:52.0765 2148 WSTCODEC - ok
06:18:52.0812 2148 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
06:18:52.0953 2148 wuauserv - ok
06:18:53.0062 2148 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
06:18:53.0250 2148 WZCSVC - ok
06:18:53.0328 2148 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
06:18:53.0468 2148 xmlprov - ok
06:18:53.0531 2148 MBR (0x1B8) (67d07fa51dcd5a4397248f397bb779ae) \Device\Harddisk0\DR0
06:18:57.0296 2148 \Device\Harddisk0\DR0 - ok
06:18:57.0312 2148 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk1\DR4
06:18:57.0421 2148 \Device\Harddisk1\DR4 - ok
06:18:57.0468 2148 Boot (0x1200) (3a2a001b2e7d5f54bd00acbe8b7d7016) \Device\Harddisk0\DR0\Partition0
06:18:57.0468 2148 \Device\Harddisk0\DR0\Partition0 - ok
06:18:57.0484 2148 Boot (0x1200) (8a8265b0a2f8ddc5517aca81f067b166) \Device\Harddisk0\DR0\Partition1
06:18:57.0484 2148 \Device\Harddisk0\DR0\Partition1 - ok
06:18:57.0500 2148 Boot (0x1200) (8ad49433727e46a48aaf2f89bfaff2da) \Device\Harddisk1\DR4\Partition0
06:18:57.0500 2148 \Device\Harddisk1\DR4\Partition0 - ok
06:18:57.0515 2148 ============================================================
06:18:57.0515 2148 Scan finished
06:18:57.0515 2148 ============================================================
06:18:57.0656 2612 Detected object count: 15
06:18:57.0656 2612 Actual detected object count: 15
06:19:16.0859 2612 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0859 2612 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:19:16.0859 2612 EAPPkt ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0859 2612 EAPPkt ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:19:16.0875 2612 int15.sys ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0875 2612 int15.sys ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:19:16.0875 2612 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0875 2612 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:19:16.0875 2612 MACNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0875 2612 MACNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:19:16.0875 2612 MZCCntrl ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0875 2612 MZCCntrl ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:19:16.0890 2612 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0890 2612 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:19:16.0890 2612 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0890 2612 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:19:16.0906 2612 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0906 2612 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:19:16.0921 2612 Point32 ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0921 2612 Point32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:19:16.0921 2612 RTLWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0921 2612 RTLWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:19:16.0921 2612 SjyPkt ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0921 2612 SjyPkt ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:19:16.0921 2612 sonypvs1 ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0921 2612 sonypvs1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:19:16.0921 2612 SSHDRV86 ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0921 2612 SSHDRV86 ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:19:16.0921 2612 UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user
06:19:16.0921 2612 UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:19:25.0328 3912 ============================================================
06:19:25.0328 3912 Scan started
06:19:25.0328 3912 Mode: Manual; SigCheck; TDLFS;
06:19:25.0328 3912 ============================================================
06:19:26.0609 3912 Abiosdsk - ok
06:19:26.0640 3912 abp480n5 - ok
06:19:27.0640 3912 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
06:19:27.0671 3912 ACDaemon - ok
06:19:27.0906 3912 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:19:28.0062 3912 ACPI - ok
06:19:28.0093 3912 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
06:19:28.0312 3912 ACPIEC - ok
06:19:28.0343 3912 adpu160m - ok
06:19:28.0484 3912 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:19:28.0656 3912 aec - ok
06:19:28.0687 3912 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
06:19:28.0703 3912 Afc - ok
06:19:28.0843 3912 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
06:19:28.0890 3912 AFD - ok
06:19:29.0812 3912 AgereSoftModem (ceffa3db1657293322e0bdea7d99e754) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
06:19:29.0937 3912 AgereSoftModem - ok
06:19:29.0953 3912 Aha154x - ok
06:19:29.0984 3912 aic78u2 - ok
06:19:30.0031 3912 aic78xx - ok
06:19:30.0046 3912 ALCXWDM - ok
06:19:30.0281 3912 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
06:19:30.0500 3912 Alerter - ok
06:19:30.0593 3912 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
06:19:30.0765 3912 ALG - ok
06:19:30.0781 3912 AliIde - ok
06:19:30.0812 3912 AmdK8 (9ba1213aab7ff12af30ae9df2e0b4701) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
06:19:30.0859 3912 AmdK8 - ok
06:19:30.0875 3912 amsint - ok
06:19:30.0906 3912 anbmService - ok
06:19:31.0015 3912 AppMgmt - ok
06:19:31.0031 3912 asc - ok
06:19:31.0062 3912 asc3350p - ok
06:19:31.0078 3912 asc3550 - ok
06:19:31.0250 3912 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
06:19:31.0265 3912 aspnet_state - ok
06:19:31.0281 3912 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:19:31.0437 3912 AsyncMac - ok
06:19:31.0484 3912 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:19:31.0640 3912 atapi - ok
06:19:31.0656 3912 Atdisk - ok
06:19:31.0703 3912 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:19:31.0859 3912 Atmarpc - ok
06:19:31.0937 3912 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
06:19:32.0093 3912 AudioSrv - ok
06:19:32.0109 3912 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:19:32.0265 3912 audstub - ok
06:19:32.0343 3912 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
06:19:32.0406 3912 BCM43XX - ok
06:19:32.0437 3912 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:19:32.0609 3912 Beep - ok
06:19:32.0687 3912 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
06:19:32.0875 3912 BITS - ok
06:19:32.0921 3912 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
06:19:33.0062 3912 Bridge - ok
06:19:33.0062 3912 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
06:19:33.0234 3912 BridgeMP - ok
06:19:33.0312 3912 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
06:19:33.0437 3912 Browser - ok
06:19:33.0500 3912 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:19:33.0671 3912 cbidf2k - ok
06:19:33.0687 3912 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
06:19:33.0812 3912 CCDECODE - ok
06:19:33.0828 3912 cd20xrnt - ok
06:19:33.0859 3912 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:19:34.0046 3912 Cdaudio - ok
06:19:34.0062 3912 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:19:34.0203 3912 Cdfs - ok
06:19:34.0234 3912 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
06:19:34.0250 3912 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
06:19:34.0250 3912 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
06:19:34.0265 3912 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:19:34.0406 3912 Cdrom - ok
06:19:34.0421 3912 Changer - ok
06:19:34.0484 3912 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
06:19:34.0625 3912 CiSvc - ok
06:19:34.0718 3912 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
06:19:34.0859 3912 ClipSrv - ok
06:19:34.0921 3912 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:19:34.0937 3912 clr_optimization_v2.0.50727_32 - ok
06:19:34.0968 3912 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
06:19:35.0109 3912 CmBatt - ok
06:19:35.0125 3912 CmdIde - ok
06:19:35.0140 3912 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
06:19:35.0281 3912 Compbatt - ok
06:19:35.0343 3912 COMSysApp - ok
06:19:35.0390 3912 Cpqarray - ok
06:19:35.0500 3912 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
06:19:35.0625 3912 CryptSvc - ok
06:19:35.0640 3912 dac2w2k - ok
06:19:35.0656 3912 dac960nt - ok
06:19:35.0734 3912 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
06:19:36.0109 3912 DcomLaunch - ok
06:19:36.0171 3912 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
06:19:36.0312 3912 Dhcp - ok
06:19:36.0328 3912 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:19:36.0484 3912 Disk - ok
06:19:36.0546 3912 dmadmin - ok
06:19:36.0703 3912 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
06:19:36.0953 3912 dmboot - ok
06:19:36.0984 3912 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
06:19:37.0125 3912 dmio - ok
06:19:37.0156 3912 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:19:37.0343 3912 dmload - ok
06:19:37.0406 3912 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
06:19:37.0546 3912 dmserver - ok
06:19:37.0578 3912 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:19:37.0718 3912 DMusic - ok
06:19:37.0765 3912 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
06:19:37.0796 3912 Dnscache - ok
06:19:37.0906 3912 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
06:19:38.0031 3912 Dot3svc - ok
06:19:38.0046 3912 dpti2o - ok
06:19:38.0078 3912 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:19:38.0218 3912 drmkaud - ok
06:19:38.0265 3912 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
06:19:38.0421 3912 EapHost - ok
06:19:38.0484 3912 EAPPkt (efacd8d57a42a93e244a0dbd357e8cb8) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
06:19:38.0500 3912 EAPPkt ( UnsignedFile.Multi.Generic ) - warning
06:19:38.0500 3912 EAPPkt - detected UnsignedFile.Multi.Generic (1)
06:19:38.0593 3912 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
06:19:38.0750 3912 ERSvc - ok
06:19:38.0843 3912 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
06:19:38.0890 3912 Eventlog - ok
06:19:38.0953 3912 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
06:19:39.0000 3912 EventSystem - ok
06:19:39.0031 3912 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:19:39.0171 3912 Fastfat - ok
06:19:39.0250 3912 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:19:39.0265 3912 FastUserSwitchingCompatibility - ok
06:19:39.0343 3912 Fax (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe
06:19:39.0484 3912 Fax - ok
06:19:39.0515 3912 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
06:19:39.0640 3912 Fdc - ok
06:19:39.0656 3912 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
06:19:39.0796 3912 Fips - ok
06:19:39.0812 3912 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
06:19:39.0937 3912 Flpydisk - ok
06:19:39.0968 3912 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
06:19:40.0109 3912 FltMgr - ok
06:19:40.0234 3912 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
06:19:40.0250 3912 FontCache3.0.0.0 - ok
06:19:40.0281 3912 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:19:40.0484 3912 Fs_Rec - ok
06:19:40.0515 3912 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:19:40.0703 3912 Ftdisk - ok
06:19:40.0718 3912 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
06:19:40.0875 3912 gagp30kx - ok
06:19:40.0906 3912 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:19:41.0031 3912 Gpc - ok
06:19:41.0187 3912 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
06:19:41.0203 3912 gupdate - ok
06:19:41.0218 3912 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
06:19:41.0250 3912 gupdatem - ok
06:19:41.0328 3912 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
06:19:41.0343 3912 gusvc - ok
06:19:41.0390 3912 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
06:19:41.0515 3912 helpsvc - ok
06:19:41.0609 3912 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
06:19:41.0781 3912 HidServ - ok
06:19:41.0796 3912 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:19:41.0953 3912 HidUsb - ok
06:19:42.0031 3912 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
06:19:42.0156 3912 hkmsvc - ok
06:19:42.0171 3912 hpn - ok
06:19:42.0234 3912 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
06:19:42.0281 3912 HPZid412 - ok
06:19:42.0312 3912 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
06:19:42.0328 3912 HPZipr12 - ok
06:19:42.0343 3912 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
06:19:42.0390 3912 HPZius12 - ok
06:19:42.0453 3912 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:19:42.0500 3912 HTTP - ok
06:19:42.0578 3912 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
06:19:42.0703 3912 HTTPFilter - ok
06:19:42.0718 3912 i2omgmt - ok
06:19:42.0750 3912 i2omp - ok
06:19:42.0812 3912 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:19:43.0000 3912 i8042prt - ok
06:19:43.0312 3912 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:19:43.0359 3912 idsvc - ok
06:19:43.0390 3912 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:19:43.0531 3912 Imapi - ok
06:19:43.0625 3912 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
06:19:43.0765 3912 ImapiService - ok
06:19:43.0796 3912 ini910u - ok
06:19:43.0921 3912 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Programme\acer\eRecovery\int15.sys
06:19:43.0921 3912 int15.sys ( UnsignedFile.Multi.Generic ) - warning
06:19:43.0921 3912 int15.sys - detected UnsignedFile.Multi.Generic (1)
06:19:43.0953 3912 IntelIde - ok
06:19:44.0000 3912 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
06:19:44.0156 3912 Ip6Fw - ok
06:19:44.0187 3912 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:19:44.0406 3912 IpFilterDriver - ok
06:19:44.0453 3912 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:19:44.0593 3912 IpInIp - ok
06:19:44.0640 3912 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:19:44.0781 3912 IpNat - ok
06:19:44.0828 3912 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:19:44.0968 3912 IPSec - ok
06:19:45.0015 3912 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:19:45.0156 3912 IRENUM - ok
06:19:45.0203 3912 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:19:45.0343 3912 isapnp - ok
06:19:45.0375 3912 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:19:45.0515 3912 Kbdclass - ok
06:19:45.0546 3912 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:19:45.0703 3912 kbdhid - ok
06:19:45.0734 3912 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:19:45.0875 3912 kmixer - ok
06:19:46.0093 3912 KMWDSERVICE (257cab50360a7d21ea237f2d8eee8478) C:\Programme\Multimedia Keyboard & Mouse Driver\V5\KMWDSrv.exe
06:19:46.0171 3912 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - warning
06:19:46.0171 3912 KMWDSERVICE - detected UnsignedFile.Multi.Generic (1)
06:19:46.0296 3912 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:19:46.0328 3912 KSecDD - ok
06:19:46.0375 3912 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
06:19:46.0390 3912 lanmanserver - ok
06:19:46.0515 3912 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
06:19:46.0531 3912 lanmanworkstation - ok
06:19:46.0546 3912 lbrtfdc - ok
06:19:46.0609 3912 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
06:19:46.0750 3912 LmHosts - ok
06:19:46.0843 3912 MACNDIS5 (20098f89e7638892ec22a69af5287844) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
06:19:46.0843 3912 MACNDIS5 ( UnsignedFile.Multi.Generic ) - warning
06:19:46.0843 3912 MACNDIS5 - detected UnsignedFile.Multi.Generic (1)
06:19:46.0968 3912 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
06:19:46.0984 3912 McComponentHostService - ok
06:19:47.0046 3912 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
06:19:47.0203 3912 Messenger - ok
06:19:47.0234 3912 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:19:47.0421 3912 mnmdd - ok
06:19:47.0468 3912 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
06:19:47.0609 3912 mnmsrvc - ok
06:19:47.0640 3912 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
06:19:47.0796 3912 Modem - ok
06:19:47.0828 3912 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:19:47.0984 3912 Mouclass - ok
06:19:48.0031 3912 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:19:48.0218 3912 mouhid - ok
06:19:48.0468 3912 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:19:48.0593 3912 MountMgr - ok
06:19:48.0625 3912 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
06:19:48.0750 3912 MPE - ok
06:19:48.0765 3912 mraid35x - ok
06:19:48.0796 3912 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:19:48.0921 3912 MRxDAV - ok
06:19:49.0000 3912 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:19:49.0031 3912 MRxSmb - ok
06:19:49.0156 3912 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
06:19:49.0296 3912 MSDTC - ok
06:19:49.0343 3912 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:19:49.0484 3912 Msfs - ok
06:19:49.0531 3912 MSIServer - ok
06:19:49.0578 3912 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:19:49.0718 3912 MSKSSRV - ok
06:19:49.0734 3912 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:19:49.0890 3912 MSPCLOCK - ok
06:19:49.0906 3912 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:19:50.0031 3912 MSPQM - ok
06:19:50.0062 3912 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:19:50.0187 3912 mssmbios - ok
06:19:50.0203 3912 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
06:19:50.0343 3912 MSTEE - ok
06:19:50.0359 3912 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:19:50.0406 3912 Mup - ok
06:19:50.0437 3912 MZCCntrl (1c36625bb3ab79e1ad11e808033a80f5) C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
06:19:50.0453 3912 MZCCntrl ( UnsignedFile.Multi.Generic ) - warning
06:19:50.0453 3912 MZCCntrl - detected UnsignedFile.Multi.Generic (1)
06:19:50.0484 3912 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
06:19:50.0640 3912 NABTSFEC - ok
06:19:50.0718 3912 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
06:19:50.0859 3912 napagent - ok
06:19:50.0906 3912 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:19:51.0046 3912 NDIS - ok
06:19:51.0093 3912 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
06:19:51.0218 3912 NdisIP - ok
06:19:51.0250 3912 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:19:51.0265 3912 NdisTapi - ok
06:19:51.0312 3912 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:19:51.0437 3912 Ndisuio - ok
06:19:51.0453 3912 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:19:51.0593 3912 NdisWan - ok
06:19:51.0609 3912 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:19:51.0625 3912 NDProxy - ok
06:19:51.0640 3912 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:19:51.0765 3912 NetBIOS - ok
06:19:51.0812 3912 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:19:51.0937 3912 NetBT - ok
06:19:52.0031 3912 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
06:19:52.0156 3912 NetDDE - ok
06:19:52.0171 3912 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
06:19:52.0296 3912 NetDDEdsdm - ok
06:19:52.0390 3912 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:19:52.0515 3912 Netlogon - ok
06:19:52.0609 3912 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
06:19:52.0734 3912 Netman - ok
06:19:52.0843 3912 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:19:52.0859 3912 NetTcpPortSharing - ok
06:19:52.0953 3912 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
06:19:52.0968 3912 Nla - ok
06:19:53.0015 3912 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
06:19:53.0156 3912 nm - ok
06:19:53.0187 3912 NPFMntor - ok
06:19:53.0218 3912 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:19:53.0375 3912 Npfs - ok
06:19:53.0453 3912 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:19:53.0593 3912 Ntfs - ok
06:19:53.0625 3912 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
06:19:53.0625 3912 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
06:19:53.0625 3912 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
06:19:53.0671 3912 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:19:53.0796 3912 NtLmSsp - ok
06:19:53.0921 3912 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
06:19:54.0093 3912 NtmsSvc - ok
06:19:54.0125 3912 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:19:54.0281 3912 Null - ok
06:19:54.0343 3912 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:19:54.0546 3912 NwlnkFlt - ok
06:19:54.0562 3912 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:19:54.0750 3912 NwlnkFwd - ok
06:19:54.0781 3912 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
06:19:54.0921 3912 Parport - ok
06:19:54.0953 3912 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:19:55.0093 3912 PartMgr - ok
06:19:55.0125 3912 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
06:19:55.0281 3912 ParVdm - ok
06:19:55.0328 3912 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
06:19:55.0468 3912 PCI - ok
06:19:55.0484 3912 PCIDump - ok
06:19:55.0500 3912 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:19:55.0703 3912 PCIIde - ok
06:19:55.0750 3912 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
06:19:55.0890 3912 Pcmcia - ok
06:19:55.0906 3912 PDCOMP - ok
06:19:55.0937 3912 PDFRAME - ok
06:19:55.0953 3912 PDRELI - ok
06:19:55.0968 3912 PDRFRAME - ok
06:19:56.0000 3912 perc2 - ok
06:19:56.0015 3912 perc2hib - ok
06:19:56.0078 3912 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
06:19:56.0078 3912 pfc ( UnsignedFile.Multi.Generic ) - warning
06:19:56.0093 3912 pfc - detected UnsignedFile.Multi.Generic (1)
06:19:56.0171 3912 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
06:19:56.0218 3912 PlugPlay - ok
06:19:56.0296 3912 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
06:19:56.0312 3912 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
06:19:56.0312 3912 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
06:19:56.0359 3912 Point32 (5c71f7cdd1b4ba5f00b87ca05e414aea) C:\WINDOWS\system32\DRIVERS\point32.sys
06:19:56.0359 3912 Point32 ( UnsignedFile.Multi.Generic ) - warning
06:19:56.0359 3912 Point32 - detected UnsignedFile.Multi.Generic (1)
06:19:56.0390 3912 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:19:56.0531 3912 PolicyAgent - ok
06:19:56.0578 3912 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:19:56.0734 3912 PptpMiniport - ok
06:19:56.0765 3912 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:19:56.0890 3912 ProtectedStorage - ok
06:19:56.0921 3912 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:19:57.0093 3912 PSched - ok
06:19:57.0109 3912 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:19:57.0281 3912 Ptilink - ok
06:19:57.0312 3912 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
06:19:57.0328 3912 PxHelp20 - ok
06:19:57.0343 3912 ql1080 - ok
06:19:57.0375 3912 Ql10wnt - ok
06:19:57.0390 3912 ql12160 - ok
06:19:57.0421 3912 ql1240 - ok
06:19:57.0437 3912 ql1280 - ok
06:19:57.0453 3912 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:19:57.0671 3912 RasAcd - ok
06:19:57.0750 3912 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
06:19:57.0875 3912 RasAuto - ok
06:19:57.0906 3912 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:19:58.0031 3912 Rasl2tp - ok
06:19:58.0093 3912 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
06:19:58.0234 3912 RasMan - ok
06:19:58.0250 3912 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:19:58.0390 3912 RasPppoe - ok
06:19:58.0406 3912 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:19:58.0593 3912 Raspti - ok
06:19:58.0625 3912 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:19:58.0750 3912 Rdbss - ok
06:19:58.0781 3912 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:19:58.0968 3912 RDPCDD - ok
06:19:59.0031 3912 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
06:19:59.0046 3912 RDPWD - ok
06:19:59.0093 3912 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
06:19:59.0234 3912 RDSessMgr - ok
06:19:59.0265 3912 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:19:59.0406 3912 redbook - ok
06:19:59.0484 3912 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
06:19:59.0609 3912 RemoteAccess - ok
06:19:59.0640 3912 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
06:19:59.0796 3912 RpcLocator - ok
06:19:59.0890 3912 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
06:19:59.0953 3912 RpcSs - ok
06:20:00.0015 3912 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
06:20:00.0187 3912 RSVP - ok
06:20:00.0234 3912 RTL2832UBDA (9f9acc7e0c86d7f2e29fcb6f949173e1) C:\WINDOWS\system32\drivers\RTL2832UBDA.sys
06:20:00.0250 3912 RTL2832UBDA - ok
06:20:00.0281 3912 RTL2832UUSB (ad5774a01bd623b4e2ef42b82b13a3f0) C:\WINDOWS\system32\Drivers\RTL2832UUSB.sys
06:20:00.0296 3912 RTL2832UUSB - ok
06:20:00.0328 3912 RTLWUSB (f564f1c5813b47a86903d42cd778311c) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
06:20:00.0375 3912 RTLWUSB ( UnsignedFile.Multi.Generic ) - warning
06:20:00.0375 3912 RTLWUSB - detected UnsignedFile.Multi.Generic (1)
06:20:00.0437 3912 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:20:00.0578 3912 SamSs - ok
06:20:00.0625 3912 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
06:20:00.0781 3912 SCardSvr - ok
06:20:00.0859 3912 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
06:20:01.0015 3912 Schedule - ok
06:20:01.0062 3912 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:20:01.0187 3912 Secdrv - ok
06:20:01.0281 3912 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
06:20:01.0421 3912 seclogon - ok
06:20:01.0500 3912 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
06:20:01.0640 3912 SENS - ok
06:20:01.0671 3912 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
06:20:01.0828 3912 Serial - ok
06:20:01.0875 3912 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:20:02.0015 3912 Sfloppy - ok
06:20:02.0093 3912 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
06:20:02.0234 3912 SharedAccess - ok
06:20:02.0296 3912 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:20:02.0312 3912 ShellHWDetection - ok
06:20:02.0328 3912 Simbad - ok
06:20:02.0375 3912 SiS315 (8b3cdb4b1453b3a2e6e7300aabe50d0e) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
06:20:02.0421 3912 SiS315 - ok
06:20:02.0468 3912 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
06:20:02.0468 3912 SISAGP - ok
06:20:02.0500 3912 SiSkp (87a5176a3762b1341619ce63152c1da9) C:\WINDOWS\system32\DRIVERS\srvkp.sys
06:20:02.0531 3912 SiSkp - ok
06:20:02.0562 3912 SISNICXP (47f39481bc8941e0d51601a85691448d) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
06:20:02.0593 3912 SISNICXP - ok
06:20:02.0640 3912 SjyPkt (3d7ef286e806f9bd9339aa52e28dcd67) C:\WINDOWS\System32\Drivers\SjyPkt.sys
06:20:02.0656 3912 SjyPkt ( UnsignedFile.Multi.Generic ) - warning
06:20:02.0656 3912 SjyPkt - detected UnsignedFile.Multi.Generic (1)
06:20:02.0703 3912 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
06:20:02.0843 3912 SLIP - ok
06:20:02.0906 3912 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
06:20:02.0921 3912 sonypvs1 ( UnsignedFile.Multi.Generic ) - warning
06:20:02.0921 3912 sonypvs1 - detected UnsignedFile.Multi.Generic (1)
06:20:02.0937 3912 Sparrow - ok
06:20:02.0984 3912 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:20:03.0125 3912 splitter - ok
06:20:03.0171 3912 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
06:20:03.0187 3912 Spooler - ok
06:20:03.0218 3912 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
06:20:03.0375 3912 sr - ok
06:20:03.0484 3912 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
06:20:03.0609 3912 srservice - ok
06:20:03.0671 3912 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:20:03.0734 3912 Srv - ok
06:20:03.0781 3912 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
06:20:03.0921 3912 SSDPSRV - ok
06:20:03.0968 3912 SSHDRV86 (b9e31f2a3640403b0ea3a867bb73b9f4) C:\WINDOWS\system32\drivers\SSHDRV86.sys
06:20:03.0984 3912 SSHDRV86 ( UnsignedFile.Multi.Generic ) - warning
06:20:03.0984 3912 SSHDRV86 - detected UnsignedFile.Multi.Generic (1)
06:20:04.0078 3912 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
06:20:04.0250 3912 stisvc - ok
06:20:04.0265 3912 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
06:20:04.0421 3912 streamip - ok
06:20:04.0453 3912 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:20:04.0593 3912 swenum - ok
06:20:04.0640 3912 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:20:04.0765 3912 swmidi - ok
06:20:04.0859 3912 SwPrv - ok
06:20:04.0890 3912 symc810 - ok
06:20:04.0906 3912 symc8xx - ok
06:20:04.0937 3912 sym_hi - ok
06:20:04.0953 3912 sym_u3 - ok
06:20:05.0000 3912 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
06:20:05.0015 3912 SynTP - ok
06:20:05.0062 3912 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:20:05.0187 3912 sysaudio - ok
06:20:05.0250 3912 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
06:20:05.0390 3912 SysmonLog - ok
06:20:05.0484 3912 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
06:20:05.0625 3912 TapiSrv - ok
06:20:05.0703 3912 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:20:05.0750 3912 Tcpip - ok
06:20:05.0796 3912 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:20:05.0921 3912 TDPIPE - ok
06:20:05.0937 3912 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:20:06.0093 3912 TDTCP - ok
06:20:06.0140 3912 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:20:06.0281 3912 TermDD - ok
06:20:06.0375 3912 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
06:20:06.0515 3912 TermService - ok
06:20:06.0578 3912 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:20:06.0593 3912 Themes - ok
06:20:06.0625 3912 TosIde - ok
06:20:06.0703 3912 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
06:20:06.0828 3912 TrkWks - ok
06:20:06.0968 3912 TuneUp.Defrag (5d1ccc2692851213065bd23701ab27f4) C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
06:20:06.0984 3912 TuneUp.Defrag - ok
06:20:07.0078 3912 TuneUp.UtilitiesSvc (6358390595647e745d7cbb00bdf44c6d) C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
06:20:07.0125 3912 TuneUp.UtilitiesSvc - ok
06:20:07.0171 3912 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
06:20:07.0187 3912 TuneUpUtilitiesDrv - ok
06:20:07.0218 3912 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
06:20:07.0218 3912 UBHelper ( UnsignedFile.Multi.Generic ) - warning
06:20:07.0218 3912 UBHelper - detected UnsignedFile.Multi.Generic (1)
06:20:07.0281 3912 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:20:07.0421 3912 Udfs - ok
06:20:07.0437 3912 ultra - ok
06:20:07.0515 3912 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
06:20:07.0546 3912 UMWdf - ok
06:20:07.0640 3912 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:20:07.0796 3912 Update - ok
06:20:07.0921 3912 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
06:20:08.0078 3912 upnphost - ok
06:20:08.0140 3912 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
06:20:08.0312 3912 UPS - ok
06:20:08.0343 3912 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
06:20:08.0484 3912 usbaudio - ok
06:20:08.0531 3912 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:20:08.0656 3912 usbccgp - ok
06:20:08.0703 3912 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:20:08.0843 3912 usbehci - ok
06:20:08.0875 3912 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:20:09.0000 3912 usbhub - ok
06:20:09.0031 3912 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
06:20:09.0171 3912 usbohci - ok
06:20:09.0218 3912 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:20:09.0359 3912 usbprint - ok
06:20:09.0375 3912 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:20:09.0515 3912 usbscan - ok
06:20:09.0531 3912 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:20:09.0671 3912 USBSTOR - ok
06:20:09.0734 3912 UxTuneUp (69d0e8ca1a30335029b3c5609ecdb654) C:\WINDOWS\System32\uxtuneup.dll
06:20:09.0750 3912 UxTuneUp - ok
06:20:09.0781 3912 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:20:09.0906 3912 VgaSave - ok
06:20:09.0921 3912 ViaIde - ok
06:20:09.0968 3912 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
06:20:10.0093 3912 VolSnap - ok
06:20:10.0187 3912 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
06:20:10.0328 3912 VSS - ok
06:20:10.0390 3912 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
06:20:10.0531 3912 W32Time - ok
06:20:10.0593 3912 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:20:10.0718 3912 Wanarp - ok
06:20:10.0781 3912 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
06:20:10.0812 3912 wanatw - ok
06:20:10.0828 3912 WDICA - ok
06:20:10.0875 3912 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:20:11.0046 3912 wdmaud - ok
06:20:11.0109 3912 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
06:20:11.0250 3912 WebClient - ok
06:20:11.0312 3912 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
06:20:11.0453 3912 winmgmt - ok
06:20:11.0562 3912 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
06:20:11.0578 3912 WmdmPmSN - ok
06:20:11.0640 3912 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
06:20:11.0781 3912 WmiApSrv - ok
06:20:11.0828 3912 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
06:20:11.0843 3912 WpdUsb - ok
06:20:11.0937 3912 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
06:20:12.0093 3912 wscsvc - ok
06:20:12.0109 3912 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
06:20:12.0250 3912 WSTCODEC - ok
06:20:12.0296 3912 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
06:20:12.0453 3912 wuauserv - ok
06:20:12.0546 3912 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
06:20:12.0703 3912 WZCSVC - ok
06:20:12.0765 3912 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
06:20:12.0906 3912 xmlprov - ok
06:20:12.0968 3912 MBR (0x1B8) (67d07fa51dcd5a4397248f397bb779ae) \Device\Harddisk0\DR0
06:20:16.0750 3912 \Device\Harddisk0\DR0 - ok
06:20:16.0765 3912 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk1\DR4
06:20:16.0890 3912 \Device\Harddisk1\DR4 - ok
06:20:16.0921 3912 Boot (0x1200) (f6237a10fc85b5e8cbda2e8956a5509e) \Device\Harddisk0\DR0\Partition0
06:20:16.0921 3912 \Device\Harddisk0\DR0\Partition0 - ok
06:20:16.0921 3912 Boot (0x1200) (73c838f6a6c1b6e38123759d7a44a96f) \Device\Harddisk0\DR0\Partition1
06:20:16.0921 3912 \Device\Harddisk0\DR0\Partition1 - ok
06:20:16.0953 3912 Boot (0x1200) (8ad49433727e46a48aaf2f89bfaff2da) \Device\Harddisk1\DR4\Partition0
06:20:16.0953 3912 \Device\Harddisk1\DR4\Partition0 - ok
06:20:16.0953 3912 ============================================================
06:20:16.0953 3912 Scan finished
06:20:16.0953 3912 ============================================================
06:20:16.0984 3924 Detected object count: 15
06:20:16.0984 3924 Actual detected object count: 15
06:23:42.0390 3924 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0390 3924 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:23:42.0390 3924 EAPPkt ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0390 3924 EAPPkt ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:23:42.0406 3924 int15.sys ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0406 3924 int15.sys ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:23:42.0406 3924 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0406 3924 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:23:42.0421 3924 MACNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0421 3924 MACNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:23:42.0421 3924 MZCCntrl ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0421 3924 MZCCntrl ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:23:42.0421 3924 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0421 3924 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:23:42.0421 3924 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0421 3924 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:23:42.0437 3924 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0437 3924 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:23:42.0437 3924 Point32 ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0437 3924 Point32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:23:42.0437 3924 RTLWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0437 3924 RTLWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:23:42.0437 3924 SjyPkt ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0437 3924 SjyPkt ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:23:42.0437 3924 sonypvs1 ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0437 3924 sonypvs1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:23:42.0437 3924 SSHDRV86 ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0437 3924 SSHDRV86 ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:23:42.0437 3924 UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user
06:23:42.0437 3924 UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
Geändert von Mr. Invisibl (30.05.2012 um 16:44 Uhr) |
|
30.05.2012, 20:37
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner unter Windows XP Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.05.2012, 00:07
| #9 |
| | Verschlüsselungstrojaner unter Windows XP Diesen Schritt habe ich ebenfalls ohne Probleme hinbekommen! ComboFix.txt: Code:
ATTFilter ComboFix 12-05-30.04 - Hans-Peter 30.05.2012 10:29:39.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.446.139 [GMT -12:00]
ausgeführt von:: c:\dokumente und einstellungen\Hans-Peter\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\389D51A1.TMP
c:\dokumente und einstellungen\Hans-Peter\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\winsh320
c:\windows\system32\winsh321
c:\windows\system32\winsh322
c:\windows\system32\winsh323
c:\windows\system32\winsh324
c:\windows\system32\winsh325
c:\windows\Uninstall.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-04-28 bis 2012-05-30 ))))))))))))))))))))))))))))))
.
.
2012-05-30 16:46 . 2011-07-13 10:55 2237440 ----a-r- C:\OTLPE.exe
2012-05-30 16:46 . 2012-05-30 16:46 -------- d-----w- C:\_OTL
2012-05-22 17:45 . 2012-05-22 17:45 -------- d--h--w- c:\windows\PIF
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:51 . 2004-08-04 12:50 2071424 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 1980-01-01 12:00 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:51 . 1980-01-01 12:00 1862400 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 04:38 . 2012-03-19 20:05 97208 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b106b661-3e1b-4015-af5c-195e909f35c6}"= "c:\programme\NCH_DE\prxtbNCH_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b106b661-3e1b-4015-af5c-195e909f35c6}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b106b661-3e1b-4015-af5c-195e909f35c6}]
2011-05-09 08:49 176936 ----a-w- c:\programme\NCH_DE\prxtbNCH_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b106b661-3e1b-4015-af5c-195e909f35c6}"= "c:\programme\NCH_DE\prxtbNCH_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b106b661-3e1b-4015-af5c-195e909f35c6}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-04 68856]
"T-Online_Software_6\WLAN-Access Finder"="c:\programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2006-08-07 647220]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 88363]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ArcSoft Connection Service"="c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"KMConfig"="c:\programme\Multimedia Keyboard & Mouse Driver\V5\StartAutorun.exe" [2007-03-07 212992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Remote Control.lnk - c:\programme\Conceptronic Multimedia\CTVDIGUSB2 Device Utilities\RTLRCtl.exe [2010-11-15 90112]
TMMonitor.lnk - c:\programme\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2010-11-15 258048]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
"Performance Center"=c:\programme\Ascentive\Performance Center\ApcMain.exe -m
"T-Online_Software_6\WLAN-Access Finder"=c:\programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"DelayShred"=c:\progra~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\dokume~1\HANS-P~1\LOKALE~1\temp\TEMPOR~1\Content.IE5\ODO8NPKN.SH! c:\dokume~1\HANS-P~1\LOKALE~1\temp\TEMPOR~1\Content.IE5\3PWDSK31.SH! c:\dokume~1\HANS-P~1\LOKALE~1\temp\TEMPOR~1\Content.IE5\HTP8EAVA.SH! c:\dokume~1\HANS-P~1\LOKALE~1\temp\TEMPOR~1\Content.IE5\67454PQ9.SH! c:\dokume~1\HANS-P~1\LOKALE~1\temp\TEMPOR~1\Content.SH! c:\dokume~1\HANS-P~1\LOKALE~1\temp\TEMPOR~1.SH!
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AOLDialer"=c:\programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
"RealTray"=c:\programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"eRecoveryService"=c:\windows\System32\Check.exe
"SiS Windows KeyHook"=c:\windows\system32\keyhook.exe
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe"
"PCMService"="c:\programme\Arcade\PCMService.exe"
"SiSPower"=Rundll32.exe SiSPower.dll,ModeAgent
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R1 SSHDRV86;SSHDRV86;c:\windows\system32\drivers\SSHDRV86.sys [31.01.2006 08:41 81408]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [31.01.2006 07:08 66048]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\programme\Multimedia Keyboard & Mouse Driver\V5\KMWDSrv.exe [08.05.2007 17:00 2179072]
R3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [09.12.2006 07:04 17280]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 07:24 10064]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [22.02.2010 06:46 135664]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [22.02.2010 06:46 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe [15.01.2010 00:49 227232]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [15.11.2010 06:36 93344]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [15.11.2010 06:36 32800]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [07.03.2006 06:49 112384]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [07.03.2006 06:49 13532]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-31 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\programme\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-23 05:36]
.
2012-05-30 c:\windows\Tasks\Automatische Problemsuche.job
- c:\programme\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-31 02:38]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-22 18:46]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-22 18:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?AF=110810&babsrc=HP_ss&mntrId=320d180e000000000000000fb5d0df74
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\dokumente und einstellungen\Hans-Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\hvay6vxb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - NCH DE Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110810
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 320d180e000000000000000fb5d0df74
FF - user.js: extensions.BabylonToolbar_i.hardId - 320d180e000000000000000fb5d0df74
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15419
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-30 10:36
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2139227033-4218479189-3264577692-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a2,60,04,36,60,10,75,db,68,49,a1,ce,a7,a8,12,e6,05,2e,16,0d,37,6c,07,
27,b3,be,79,b4,50,6d,7f,25,1a,84,41,0a,a1,45,59,5e,dd,79,fc,8d,83,1b,12,44,\
"??"=hex:c7,06,59,9d,c4,67,6a,09,e3,23,2a,33,6c,b4,35,14
.
Zeit der Fertigstellung: 2012-05-30 10:38:43
ComboFix-quarantined-files.txt 2012-05-30 22:38
.
Vor Suchlauf: 19 Verzeichnis(se), 21.837.447.168 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 21.982.838.784 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A0EA364F3BC22163B52FF00AD6257AA0
|
|
31.05.2012, 07:47
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner unter Windows XP Partitionen nach NTFS konvertieren: 1) Start, Ausführen, cmd eintippen und okDanach kommt C: dran 6) Befehl convert c: /fs:ntfs eintippen bestätigen mit Return oder Enter
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.05.2012, 10:06
| #11 |
| | Verschlüsselungstrojaner unter Windows XP Gut, das habe ich beides ausgeführt. Wie geht es nun weiter? |
|
31.05.2012, 10:23
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner unter Windows XP Mach bitte ein neues OTL-Log zur Kontrolle - Bitte wieder alles nach Möglichkeit hier in CODE-Tags posten. CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.05.2012, 11:30
| #13 |
| | Verschlüsselungstrojaner unter Windows XP OTL.txt: Code:
ATTFilter OTL logfile created on: 30.05.2012 23:12:19 - Run 1 OTL by OldTimer - Version 3.2.44.0 Folder = C:\Dokumente und Einstellungen\Hans-Peter\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 446,48 Mb Total Physical Memory | 163,90 Mb Available Physical Memory | 36,71% Memory free 1,03 Gb Paging File | 0,84 Gb Available in Paging File | 81,55% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 35,71 Gb Total Space | 21,74 Gb Free Space | 60,88% Space Free | Partition Type: NTFS Drive D: | 35,88 Gb Total Space | 35,68 Gb Free Space | 99,44% Space Free | Partition Type: NTFS Drive F: | 1,86 Gb Total Space | 0,93 Gb Free Space | 50,18% Space Free | Partition Type: FAT Computer Name: ACER-9C5CBFE9EE | User Name: Hans-Peter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.31 11:31:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hans-Peter\Desktop\OTL.exe PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2010.01.15 00:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.10.30 14:33:46 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2009.10.30 14:31:24 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2009.10.09 00:12:56 | 000,090,112 | R--- | M] () -- C:\Programme\Conceptronic Multimedia\CTVDIGUSB2 Device Utilities\RTLRCtl.exe PRC - [2008.12.30 11:20:20 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\ArcSoft\TotalMedia 3.5\TMMonitor.exe PRC - [2008.04.13 14:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.09.25 23:18:54 | 000,561,152 | ---- | M] (UASSOFT.COM) -- C:\Programme\Multimedia Keyboard & Mouse Driver\V5\KMProcess.exe PRC - [2007.09.17 22:51:14 | 001,470,464 | ---- | M] (UASSOFT.COM) -- C:\Programme\Multimedia Keyboard & Mouse Driver\V5\KMConfig.exe PRC - [2007.08.08 19:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe PRC - [2007.05.08 17:00:48 | 002,179,072 | ---- | M] (UASSOFT.COM) -- C:\Programme\Multimedia Keyboard & Mouse Driver\V5\KMWDSrv.exe PRC - [2007.03.06 14:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Programme\Multimedia Keyboard & Mouse Driver\V5\StartAutorun.exe PRC - [2005.11.15 13:02:04 | 000,061,440 | ---- | M] (T-Online International AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe PRC - [2004.10.07 23:44:24 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2004.08.16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe ========== Modules (No Company Name) ========== MOD - [2009.10.09 00:12:56 | 000,090,112 | R--- | M] () -- C:\Programme\Conceptronic Multimedia\CTVDIGUSB2 Device Utilities\RTLRCtl.exe MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2008.04.13 14:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008.03.24 16:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll MOD - [2007.08.05 22:53:32 | 000,053,248 | ---- | M] () -- C:\Programme\Multimedia Keyboard & Mouse Driver\V5\MouseHook.dll MOD - [2007.08.05 21:31:02 | 000,114,688 | ---- | M] () -- C:\Programme\Multimedia Keyboard & Mouse Driver\V5\keydll.dll MOD - [2007.04.19 09:39:08 | 000,436,992 | ---- | M] () -- C:\Programme\ArcSoft\TotalMedia 3.5\FPXLIB.DLL MOD - [2007.04.19 09:33:00 | 000,035,584 | ---- | M] () -- C:\Programme\ArcSoft\TotalMedia 3.5\uPiApi.dll MOD - [2007.04.19 09:29:42 | 000,273,216 | ---- | M] () -- C:\Programme\ArcSoft\TotalMedia 3.5\magengin.dll MOD - [2007.04.19 09:29:38 | 000,187,136 | ---- | M] () -- C:\Programme\ArcSoft\TotalMedia 3.5\kgl.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe -- (NPFMntor) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.01.15 00:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.12.15 07:45:38 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.10.30 14:31:24 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2009.10.30 14:27:34 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008.04.13 14:22:56 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm) SRV - [2008.04.13 14:22:56 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE) SRV - [2008.04.13 14:22:16 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger) SRV - [2008.04.13 14:22:08 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter) SRV - [2007.08.08 19:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2007.05.08 17:00:48 | 002,179,072 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Programme\Multimedia Keyboard & Mouse Driver\V5\KMWDSrv.exe -- (KMWDSERVICE) SRV - [2005.11.15 13:02:04 | 000,061,440 | ---- | M] (T-Online International AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl) SRV - [2004.08.16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\HANS-P~1\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2009.10.25 14:43:54 | 000,032,800 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2009.10.25 14:43:52 | 000,093,344 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - [2009.10.14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2008.04.13 13:58:18 | 000,154,112 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio) DRV - [2008.04.13 13:58:14 | 000,800,384 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot) DRV - [2008.04.13 06:53:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008.04.13 06:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2008.04.13 06:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs) DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2006.01.31 08:41:32 | 000,081,408 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV86.sys -- (SSHDRV86) DRV - [2005.11.24 12:36:42 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5) DRV - [2005.04.21 13:33:12 | 000,112,384 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB) DRV - [2005.03.02 00:09:02 | 000,240,640 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315) DRV - [2005.02.25 19:45:32 | 000,013,312 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp) DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\acer\eRecovery\int15.sys -- (int15.sys) DRV - [2004.12.21 10:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2004.11.05 01:43:58 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP) DRV - [2004.10.07 19:51:08 | 001,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2004.08.04 05:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k) DRV - [2004.08.04 05:00:00 | 000,007,040 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm) DRV - [2004.08.04 05:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload) DRV - [2004.03.08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv) DRV - [2003.12.05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2003.07.18 09:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP) DRV - [2003.01.10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2002.10.15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1) DRV - [2002.10.02 08:57:12 | 000,013,532 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SjyPkt.sys -- (SjyPkt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=110810&babsrc=HP_ss&mntrId=320d180e000000000000000fb5d0df74 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {F044364B-0B38-4713-B87A-C8752784F68B} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=110810&babsrc=SP_ss&mntrId=320d180e000000000000000fb5d0df74 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 IE - HKCU\..\SearchScopes\{F044364B-0B38-4713-B87A-C8752784F68B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "NCH DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..browser.search.selectedEngine: "NCH DE Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13" FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.19 08:05:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.02.23 07:03:04 | 000,000,000 | ---D | M] [2008.07.19 21:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Mozilla\Extensions [2008.07.19 21:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2010.02.23 07:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\hvay6vxb.default\extensions [2012.05.22 04:57:54 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\hvay6vxb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.05.02 05:29:58 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\hvay6vxb.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6} [2012.03.20 08:20:16 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\hvay6vxb.default\extensions\ffxtlbr@babylon.com [2012.03.06 17:29:04 | 000,000,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\hvay6vxb.default\searchplugins\conduit.xml [2012.03.19 08:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.19 08:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2012.03.19 08:05:58 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de [2012.05.03 05:19:24 | 000,570,013 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\HANS-PETER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\HVAY6VXB.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012.03.12 16:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.03.12 17:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.20 08:17:48 | 000,002,310 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml [2012.03.12 17:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.03.12 17:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.03.12 17:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.12 17:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.12 17:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.05.30 10:36:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [KMConfig] "C:\Programme\Multimedia Keyboard & Mouse Driver\V5\StartAutorun.exe" KMConfig.exe File not found O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe (T-Online International AG, Marmiko IT-Solutions GmbH) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Remote Control.lnk = C:\Programme\Conceptronic Multimedia\CTVDIGUSB2 Device Utilities\RTLRCtl.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TMMonitor.lnk = C:\Programme\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{034B6442-2FEA-4241-8D73-1E8D520BEA29}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 () - hxxp://www.actionbikes.de/actionbikes/images1/Bashan%20200%20seite1.jpg O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error. SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.LEAD - LCODCCMP.DLL File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.05.30 23:04:33 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hans-Peter\Desktop\OTL.exe [2012.05.30 13:08:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.05.30 13:08:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.05.30 13:08:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.05.30 13:08:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.05.30 13:08:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012.05.30 13:08:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.05.30 13:08:14 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Hans-Peter\Startmenü\Programme\Verwaltung [2012.05.30 10:38:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012.05.30 10:24:31 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012.05.30 10:23:18 | 004,532,250 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Hans-Peter\Desktop\ComboFix.exe [2012.05.30 04:46:49 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe [2012.05.30 04:46:46 | 000,000,000 | ---D | C] -- C:\_OTL [2012.05.22 05:45:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF ========== Files - Modified Within 30 Days ========== [2012.05.31 11:31:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hans-Peter\Desktop\OTL.exe [2012.05.31 00:03:26 | 004,532,250 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Hans-Peter\Desktop\ComboFix.exe [2012.05.30 22:57:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.05.30 22:45:54 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Automatische Problemsuche.job [2012.05.30 22:36:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.05.30 22:35:56 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.05.30 22:35:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.05.30 22:35:35 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys [2012.05.30 12:00:02 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\HPpromotions journeysoftware.job [2012.05.30 10:24:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012.05.21 05:17:36 | 000,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.05.15 07:32:22 | 000,461,330 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.05.15 07:32:22 | 000,443,222 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.05.15 07:32:22 | 000,086,016 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.05.15 07:32:22 | 000,072,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.05.15 07:29:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.05.09 07:18:32 | 000,070,198 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans-Peter\Desktop\Mietvertrag.pdf ========== Files Created - No Company Name ========== [2012.05.30 13:08:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.05.30 13:08:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.05.30 13:08:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.05.30 13:08:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.05.30 13:08:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.05.30 10:24:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012.05.30 10:24:33 | 000,262,448 | RHS- | C] () -- C:\cmldr [2012.05.09 07:18:28 | 000,070,198 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Peter\Desktop\Mietvertrag.pdf [2012.02.15 06:02:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2010.11.15 06:37:01 | 000,294,974 | R--- | C] () -- C:\WINDOWS\System32\RTL283XACCESS.dll [2010.11.15 06:36:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll ========== LOP Check ========== [2009.04.08 06:11:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ascentive [2007.12.11 05:58:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo [2008.04.11 23:49:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2012.03.20 08:02:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz [2007.12.11 05:58:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ebay [2010.01.09 06:25:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2007.05.30 07:53:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData [2006.01.23 18:00:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager [2007.02.27 21:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2008.07.19 21:48:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom [2009.12.15 07:44:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010.01.09 06:29:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL [2008.03.08 01:56:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2007.05.05 04:33:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom [2009.12.15 07:44:02 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2009.04.08 06:10:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Ascentive [2007.12.11 06:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Ashampoo [2007.09.19 20:20:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Atari [2008.04.11 23:49:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Babylon [2007.12.11 05:53:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\BayWatcher Pro [2008.03.24 07:58:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\BOM [2008.12.07 03:51:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Friday's games [2008.03.30 03:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\ICQ Toolbar [2009.03.08 04:13:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Kingston [2009.07.21 07:11:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\MSNInstaller [2007.06.20 06:34:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Opera [2006.01.23 17:55:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\T-DSL SpeedManager [2006.12.09 07:05:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\T-Online [2008.07.19 21:46:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\TomTom [2009.12.15 07:45:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\TuneUp Software [2008.03.08 02:16:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Ulead Systems [2007.05.05 04:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Zylom [2012.05.30 22:45:54 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\Automatische Problemsuche.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2005.12.21 20:01:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Adobe [2005.12.21 20:01:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\AdobeUM [2005.03.08 10:52:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\AOL [2010.11.15 06:43:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\ArcSoft [2009.04.08 06:10:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Ascentive [2007.12.11 06:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Ashampoo [2007.09.19 20:20:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Atari [2008.04.11 23:49:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Babylon [2007.12.11 05:53:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\BayWatcher Pro [2008.03.24 07:58:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\BOM [2005.12.16 13:52:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Cyberlink [2007.11.01 07:02:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\DivX [2008.12.07 03:51:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Friday's games [2007.11.23 09:34:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Google [2007.01.01 01:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Help [2008.03.30 03:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\ICQ Toolbar [2005.03.07 23:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Identities [2009.07.21 07:08:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\InstallShield [2009.03.08 04:13:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Kingston [2006.01.28 22:34:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Macromedia [2005.03.07 23:23:00 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Microsoft [2008.03.30 00:47:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Mozilla [2009.07.21 07:11:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\MSNInstaller [2007.06.20 06:34:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Opera [2007.11.30 07:23:36 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\SecuROM [2005.12.16 06:40:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Symantec [2006.01.23 17:55:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\T-DSL SpeedManager [2006.12.09 07:05:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\T-Online [2008.07.19 21:46:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\TomTom [2009.12.15 07:45:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\TuneUp Software [2008.03.08 02:16:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Ulead Systems [2009.04.13 07:10:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\WinRAR [2005.03.08 10:52:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\You've Got Pictures Screensaver [2007.05.05 04:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Zylom < %APPDATA%\*.exe /s > [2007.09.25 18:29:14 | 002,867,864 | ---- | M] (Adobe Systems Inc ) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\Ac705EmP_efgj.exe [2007.06.08 01:46:52 | 023,813,608 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe [2008.09.19 01:19:30 | 000,937,465 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Kingston\SecureTraveler.exe [2008.09.18 15:32:22 | 001,839,104 | -H-- | M] () -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Kingston\SecureTravelerA.exe [2008.09.19 01:05:36 | 003,231,744 | -H-- | M] () -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Kingston\SecureTravelerB.exe [2008.07.18 13:31:28 | 000,143,360 | ---- | M] (Kingston) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Kingston\SecureTravelerDaemon.exe [2008.09.18 15:32:22 | 001,839,104 | -H-- | M] () -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Kingston\tmp\SecureTravelerA.exe [2008.09.19 01:05:36 | 003,231,744 | -H-- | M] () -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Kingston\tmp\SecureTravelerB.exe [2008.07.18 13:31:28 | 000,143,360 | ---- | M] (Kingston) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Kingston\tmp\SecureTravelerDaemon.exe < %SYSTEMDRIVE%\*.exe > [2008.10.25 01:08:08 | 002,368,347 | ---- | M] (InstallShield Software Corporation) -- C:\JSetup.exe [2011.07.12 22:55:06 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe < MD5 for: AGP440.SYS > [2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys [2011.10.19 03:16:28 | 023,898,261 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys [2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2011.10.19 03:16:28 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 06:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008.04.13 06:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 06:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys [2011.10.19 03:16:28 | 023,898,261 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys [2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2011.10.19 03:16:28 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 06:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008.04.13 06:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 06:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.13 14:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008.04.13 14:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.13 14:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.13 14:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008.04.13 14:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.13 14:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009.02.06 06:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 06:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.13 14:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008.04.13 14:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.13 14:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 05:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 06:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 03:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 06:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 05:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 03:48:40 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.13 14:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll [2008.04.13 14:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.13 14:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.13 14:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008.04.13 14:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.13 14:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 05:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 05:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.13 14:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008.04.13 14:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.13 14:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2005.03.07 23:22:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2005.03.07 23:22:08 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2005.03.07 23:22:06 | 000,413,696 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
31.05.2012, 13:07
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner unter Windows XP Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.05.2012, 16:06
| #15 |
| | Verschlüsselungstrojaner unter Windows XP Nach dem Starten von GMER stürzt der PC wieder ab und es kommt folgende Meldung: OSAM.log: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 03:37:01 on 31.05.2012 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.17109 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "HPpromotions journeysoftware.job" - "hp" - C:\Programme\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Automatische Problemsuche.job" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "catchme" (catchme) - ? - C:\DOKUME~1\HANS-P~1\LOKALE~1\Temp\catchme.sys (File not found) "cdrbsdrv" (cdrbsdrv) - "B.H.A Corporation" - C:\WINDOWS\system32\drivers\cdrbsdrv.sys "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "int15.sys" (int15.sys) - ? - C:\Programme\acer\eRecovery\int15.sys (File found, but it contains no detailed information) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - "Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS "Microsoft IntelliPoint Filter Driver" (Point32) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\point32.sys "NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver" (RTLWUSB) - "NETGEAR Inc." - C:\WINDOWS\System32\DRIVERS\wg111v2.sys "Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\WINDOWS\System32\drivers\Afc.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "Realtek EAPPkt Protocol" (EAPPkt) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\DRIVERS\EAPPkt.sys "Service for Realtek AC97 Audio (WDM)" (ALCXWDM) - ? - C:\WINDOWS\System32\drivers\ALCXWDM.SYS (File not found) "SjyPkt" (SjyPkt) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\Drivers\SjyPkt.sys "Sony Digital Imaging Video2" (sonypvs1) - "Sony Corporation" - C:\WINDOWS\System32\DRIVERS\sonypvs1.sys "SSHDRV86" (SSHDRV86) - ? - C:\WINDOWS\system32\drivers\SSHDRV86.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys "UBHelper" (UBHelper) - ? - C:\WINDOWS\system32\drivers\UBHelper.sys (File found, but it contains no detailed information) "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )----- "(0) Source" - ? - hxxp://www.actionbikes.de/actionbikes/images1/Bashan%20200%20seite1.jpg (HTTP value) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {b106b661-3e1b-4015-af5c-195e909f35c6} "NCH DE Toolbar" - "Conduit Ltd." - C:\Programme\NCH_DE\prxtbNCH_.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} "Get_ActiveX Control" - "Netopsystems AG" - C:\WINDOWS\DOWNLO~1\HPGETD~1.OCX / https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10n.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {98889811-442D-49dd-99D7-DC866BE87DBC} "Babylon Toolbar" - "Babylon Ltd." - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll <binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll {b106b661-3e1b-4015-af5c-195e909f35c6} "NCH DE Toolbar" - "Conduit Ltd." - C:\Programme\NCH_DE\prxtbNCH_.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {2EECD738-5844-4a99-B4B6-146BF802613B} "Babylon toolbar helper" - "Babylon BHO" - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll {b106b661-3e1b-4015-af5c-195e909f35c6} "NCH DE Toolbar" - "Conduit Ltd." - C:\Programme\NCH_DE\prxtbNCH_.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists) "Remote Control.lnk" - ? - C:\Programme\Conceptronic Multimedia\CTVDIGUSB2 Device Utilities\RTLRCtl.exe (Shortcut exists | File exists) "TMMonitor.lnk" - "ArcSoft, Inc." - C:\Programme\ArcSoft\TotalMedia 3.5\TMMonitor.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Hans-Peter\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "T-Online_Software_6\WLAN-Access Finder" - "T-Online International AG, Marmiko IT-Solutions GmbH" - C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "ArcSoft Connection Service" - "ArcSoft Inc." - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe "KMConfig" - "UASSOFT.COM" - "C:\Programme\Multimedia Keyboard & Mouse Driver\V5\StartAutorun.exe" KMConfig.exe "LaunchApp" - "Acer Inc." - Alaunch [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Keyboard And Mouse Communication Service" (KMWDSERVICE) - "UASSOFT.COM" - C:\Programme\Multimedia Keyboard & Mouse Driver\V5\KMWDSrv.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe "Norton AntiVirus Firewall Monitor Service" (NPFMntor) - ? - "C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe" (File not found) "Notebook Manager Service" (anbmService) - "OSA Technologies Inc." - C:\Acer\eManager\anbmServ.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\system32\HPZipm12.exe "T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - "T-Online International AG, Marmiko IT-Solutions GmbH" - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe "TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll "TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\WINDOWS\ACER.SCR (File found, but it contains no detailed information) -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-31 03:45:59
-----------------------------
03:45:59.687 OS Version: Windows 5.1.2600 Service Pack 3
03:45:59.687 Number of processors: 1 586 0x2C02
03:45:59.687 ComputerName: ACER-9C5CBFE9EE UserName: Hans-Peter
03:46:00.046 Initialize success
03:48:44.781 AVAST engine defs: 12053100
03:48:55.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
03:48:55.234 Disk 0 Vendor: HTS541080G9AT00 MB4VA60A Size: 76319MB BusType: 3
03:48:55.265 Disk 0 MBR read successfully
03:48:55.265 Disk 0 MBR scan
03:48:55.812 Disk 0 unknown MBR code
03:48:55.828 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 3004 MB offset 63
03:48:56.171 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 36569 MB offset 6152895
03:48:56.734 Disk 0 Partition - 00 0F Extended LBA 36742 MB offset 81047925
03:48:56.750 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 36742 MB offset 81047988
03:48:56.781 Disk 0 scanning sectors +156296385
03:48:57.312 Disk 0 scanning C:\WINDOWS\system32\drivers
03:49:20.687 Service scanning
03:49:45.218 Modules scanning
03:49:51.828 Disk 0 trace - called modules:
03:49:51.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
03:49:51.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84dce5e0]
03:49:51.890 3 CLASSPNP.SYS[f75fefd7] -> nt!IofCallDriver -> \Device\00000070[0x84d69f18]
03:49:51.906 5 ACPI.sys[f7494620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x84dcfd98]
03:49:52.531 AVAST engine scan C:\WINDOWS
03:50:10.765 AVAST engine scan C:\WINDOWS\system32
03:53:47.156 AVAST engine scan C:\WINDOWS\system32\drivers
03:54:01.781 AVAST engine scan C:\Dokumente und Einstellungen\Hans-Peter
03:55:45.203 AVAST engine scan C:\Dokumente und Einstellungen\All Users
03:55:58.171 Scan finished successfully
03:57:34.796 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Hans-Peter\Desktop\MBR.dat"
03:57:34.828 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Hans-Peter\Desktop\aswMBR.txt"
|
|
| Themen zu Verschlüsselungstrojaner unter Windows XP |
| .com, babylon toolbar, babylontoolbar, bho, conduit, dateien, desktop, disabletaskmgr, einstellungen, error, explorer, firefox, format, helper, icq, logfile, netgear, object, realtek, registry, scan, security, security scan, software, trojaner, unter windows xp, wallpaper, windows, windows xp, winlogon, yahoo |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
