Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox google search redirect to ihavenet and other


  • This topic is locked This topic is locked
26 replies to this topic

#1 freifrei

freifrei

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:02:46 PM

Posted 27 May 2012 - 07:22 PM

hello,
have for two years the problem of forwarding on google with firefox always come to ihavenent.com and from there to any other pages. can circumvent the problem- just open the site in google cache. Maybe can help someone, is really annoying.

thank you in advance
frei


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Frei at 0:34:06 on 2012-05-28
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\basfipm.exe
C:\Programme\Gemeinsame Dateien\GtFlashSwitch\GtFlashSwitch.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\3DataManager\WTGService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\Firefox\firefox.exe
E:\Lager\Virusscan\DDS which will create a log of programs running on your computer\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.euro.dell.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\gemeinsame

dateien\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} -

c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [DVDLauncher] "c:\programme\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM] "c:\programme\gemeinsame dateien\installshield\updateservice\ISUSPM.exe" -scheduler
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\ednet\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\programme\ednet\widcomm\bluetooth

software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} - file://z:\data\Hidinmon.ocx
DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} - file://z:\data\A9.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{2FA7964D-F45B-4124-B41B-9CF706EEB0DF} : NameServer = 213.94.78.17 213.94.78.16
Notify: !SASWinLogon - c:\programme\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} -

c:\programme\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und

einstellungen\roland\anwendungsdaten\mozilla\firefox\profiles\l6uu2ib3.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=
FF - plugin: c:\dokumente und

einstellungen\roland\anwendungsdaten\mozilla\firefox\profiles\l6uu2ib3.default\extensions\{e001c731-5e37

-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\programme\mozillafirefox\plugins\np_gp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: d:\quiktim\plugins\npqtplugin.dll
FF - plugin: d:\quiktim\plugins\npqtplugin2.dll
FF - plugin: d:\quiktim\plugins\npqtplugin3.dll
FF - plugin: d:\quiktim\plugins\npqtplugin4.dll
FF - plugin: d:\quiktim\plugins\npqtplugin5.dll
FF - plugin: d:\quiktim\plugins\npqtplugin6.dll
FF - plugin: d:\quiktim\plugins\npqtplugin7.dll
.
---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
============= SERVICES / DRIVERS ===============
.
R? ew_hwusbdev;Huawei MobileBroadband USB PNP Device
R? GTMNDISIRPXP;GT M 3G+ IRP NDIS
R? GTUQBUS;GT UQ BUS
R? S6U12AScanner;MUSTEK 1200 CU PLUS Still Image Device Service
S? !SASCORE;SAS Core Service
S? ewusbnet;HUAWEI USB-NDIS miniport
S? GtFlashSwitch;GtFlashSwitch
S? hpcd2k;hpcd2k
S? huawei_enumerator;huawei_enumerator
S? pavboot;pavboot
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? WTGService;WTGService
.
=============== Created Last 30 ================
.
2012-05-26 13:54:24 -------- d-----w- c:\dokumente und

einstellungen\roland\anwendungsdaten\SUPERAntiSpyware.com
2012-05-26 13:53:37 -------- d-----w- c:\programme\SUPERAntiSpyware
2012-05-26 13:53:37 -------- d-----w- c:\dokumente und einstellungen\all

users\anwendungsdaten\SUPERAntiSpyware.com
2012-05-26 13:31:50 -------- d-----w- c:\programme\Firefox
2012-05-15 12:28:48 -------- d-----w- c:\dokumente und

einstellungen\roland\anwendungsdaten\PriceGong
2012-05-05 16:14:58 -------- d-----w- c:\dokumente und einstellungen\roland\lokale

einstellungen\anwendungsdaten\Google
2012-05-05 16:14:58 -------- d-----w- c:\dokumente und einstellungen\roland\lokale

einstellungen\anwendungsdaten\CRE
.
==================== Find3M ====================
.
2012-05-10 10:13:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-10 10:13:26 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-11 13:51:24 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51:18 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:51:18 1862400 ----a-w- c:\windows\system32\win32k.sys
2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:00:09 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00:08 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00:08 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:09:48 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:09:48 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 0:34:22,17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:46 AM

Posted 27 May 2012 - 11:25 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 freifrei

freifrei
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:02:46 PM

Posted 28 May 2012 - 05:53 AM

Hi gringo, sorry for my english, it's not very well.
thanks for the quick response and thank you to help me.

i have now a good 10 times what searched on google and so far everything has worked out well, no forwarding of the google search on "ihavenet.cxx /? search ..." or "secure.bidvertiser.cxx ..." no idea why it works now, suddenly, but I do not trust the thing.

' ve run combofix :



ComboFix 12-05-28.01 - Frei 28.05.2012 11:34:21.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2046.1485 [GMT 2:00]
ausgeführt von:: e:\lager\Virusscan\ComboFix\ComboFix.exe
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\1.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\a.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\b.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\c.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\d.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\e.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\f.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\g.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\h.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\i.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\j.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\k.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\l.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\m.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\mru.xml
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\n.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\o.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\p.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\q.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\r.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\s.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\t.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\u.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\v.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\w.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\wlu.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\x.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\y.txt
c:\dokumente und einstellungen\Roland\Anwendungsdaten\PriceGong\Data\z.txt
c:\dokumente und einstellungen\Roland\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\system32\C
c:\windows\system32\C\Microsoft\Office\appevent.log
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-04-28 bis 2012-05-28 ))))))))))))))))))))))))))))))
.
.
2012-05-28 01:50 . 2012-05-28 01:50 388096 ----a-r- c:\dokumente und einstellungen\Roland\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-28 01:50 . 2012-05-28 01:50 -------- d-----w- c:\programme\Trend Micro
2012-05-26 13:54 . 2012-05-26 13:54 -------- d-----w- c:\dokumente und einstellungen\Roland\Anwendungsdaten\SUPERAntiSpyware.com
2012-05-26 13:53 . 2012-05-26 13:54 -------- d-----w- c:\programme\SUPERAntiSpyware
2012-05-26 13:53 . 2012-05-26 13:53 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2012-05-26 13:31 . 2012-05-26 13:31 -------- d-----w- c:\programme\Firefox
2012-05-05 16:14 . 2012-05-05 16:14 -------- d-----w- c:\dokumente und einstellungen\Roland\Lokale Einstellungen\Anwendungsdaten\Google
2012-05-05 16:14 . 2012-05-05 16:14 -------- d-----w- c:\dokumente und einstellungen\Roland\Lokale Einstellungen\Anwendungsdaten\CRE
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 10:13 . 2012-03-30 09:15 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-10 10:13 . 2011-05-13 01:36 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:51 . 1980-01-01 00:00 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2004-08-04 14:00 1862400 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:51 . 1980-01-01 00:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-04 13:56 . 2011-08-22 10:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:00 . 2004-08-04 14:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2004-08-04 14:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00 . 2004-08-04 14:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:09 . 2004-08-04 14:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:09 . 2004-08-04 14:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 14:00 385024 ------w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"DVDLauncher"="c:\programme\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"ISUSPM"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\Messenger\\MSMSGS.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
"c:\\WINDOWS\\SYSTEM32\\MMC.EXE"=
"c:\\Programme\\Microsoft Office\\Office10\\OUTLOOK.EXE"=
"d:\\FEAR\\FEARServer.exe"=
"d:\\FTP Commanda\\ftpcomm.exe"=
"d:\\FEAR\\FEAR.exe"=
"d:\\FEAR\\FEARMP.exe"=
"c:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"d:\\Quiktim\\QuickTimePlayer.exe"=
"d:\\VLC\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [13.08.2011 11:59 28552]
R1 hpcd2k;hpcd2k;c:\windows\SYSTEM32\DRIVERS\hpcd2k.sys [26.01.2005 01:00 4421]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [22.07.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [12.07.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\programme\SUPERAntiSpyware\SASCore.exe [12.08.2011 01:38 116608]
R2 GtFlashSwitch;GtFlashSwitch;c:\programme\Gemeinsame Dateien\GtFlashSwitch\GtFlashSwitch.exe [09.02.2007 14:48 176128]
R2 WTGService;WTGService;c:\programme\3DataManager\WTGService.exe [17.04.2011 15:18 312784]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\SYSTEM32\DRIVERS\ewusbnet.sys [17.04.2011 15:18 117504]
R3 huawei_enumerator;huawei_enumerator;c:\windows\SYSTEM32\DRIVERS\ew_jubusenum.sys [17.04.2011 13:10 72832]
R3 pcouffin;VSO Software pcouffin;c:\windows\SYSTEM32\DRIVERS\pcouffin.sys [22.03.2009 13:40 47360]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\SYSTEM32\DRIVERS\ew_hwusbdev.sys [17.04.2011 13:10 102784]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\SYSTEM32\DRIVERS\Gtm51Irp.sys [15.01.2007 18:48 122240]
S3 GTUQBUS;GT UQ BUS;c:\windows\SYSTEM32\DRIVERS\gtuqbus.sys [15.01.2007 18:48 36992]
S3 S6U12AScanner;MUSTEK 1200 CU PLUS Still Image Device Service;c:\windows\SYSTEM32\DRIVERS\UsbScan.sys [23.05.2006 22:16 15104]
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-25 c:\windows\Tasks\{3A6FAECE-AE17-4753-8910-2E5204FD0ADD}_OPTI_Roland.job
- c:\windows\system32\MOBSYNC.EXE [2004-08-04 02:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\EDnet\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\dokumente und einstellungen\Roland\Anwendungsdaten\Mozilla\Firefox\Profiles\l6uu2ib3.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-28 11:39
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(984)
c:\programme\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2012-05-28 11:41:49
ComboFix-quarantined-files.txt 2012-05-28 09:41
.
Vor Suchlauf: 3.004.272.640 Bytes frei
Nach Suchlauf: 2.968.104.960 Bytes frei
.
- - End Of File - - 9E7323612CECA4645FA96EBD05A79E48

Edited by freifrei, 28 May 2012 - 08:04 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:46 AM

Posted 28 May 2012 - 10:23 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 freifrei

freifrei
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:02:46 PM

Posted 30 May 2012 - 03:52 PM

hi

as it looks fine, I have so far no problems. it all works (for now) ;) thank you very much for your help.

I will post the logs anyway?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:46 AM

Posted 30 May 2012 - 08:48 PM

Greetings

combofix is only the first step - these other two reports will check if there is any rootkits hiding on the system and then we will update the security on the computer so it is best to let me have these reports and finishup with me

we don't have to do it all at once either if you want to do a little a day that is fine


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 freifrei

freifrei
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:02:46 PM

Posted 31 May 2012 - 03:44 PM

ok :)

hi, the TDSSKiller log:

22:41:43.0171 2960 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
22:41:43.0203 2960 ============================================================
22:41:43.0203 2960 Current date / time: 2012/05/30 22:41:43.0203
22:41:43.0203 2960 SystemInfo:
22:41:43.0203 2960
22:41:43.0203 2960 OS Version: 5.1.2600 ServicePack: 3.0
22:41:43.0203 2960 Product type: Workstation
22:41:43.0203 2960 ComputerName:
22:41:43.0203 2960 UserName:
22:41:43.0203 2960 Windows directory: C:\WINDOWS
22:41:43.0203 2960 System windows directory: C:\WINDOWS
22:41:43.0203 2960 Processor architecture: Intel x86
22:41:43.0203 2960 Number of processors: 2
22:41:43.0203 2960 Page size: 0x1000
22:41:43.0203 2960 Boot type: Normal boot
22:41:43.0203 2960 ============================================================
22:41:44.0687 2960 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:41:44.0687 2960 Drive \Device\Harddisk1\DR1 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:41:44.0703 2960 Drive \Device\Harddisk2\DR6 - Size: 0x1E680000 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:41:44.0703 2960 ============================================================
22:41:44.0703 2960 \Device\Harddisk0\DR0:
22:41:44.0703 2960 MBR partitions:
22:41:44.0703 2960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0x4E2AA6E
22:41:44.0703 2960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4E4DF37, BlocksNum 0xDBB71C5
22:41:44.0703 2960 \Device\Harddisk1\DR1:
22:41:44.0703 2960 MBR partitions:
22:41:44.0703 2960 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A050BD
22:41:44.0703 2960 \Device\Harddisk2\DR6:
22:41:44.0703 2960 MBR partitions:
22:41:44.0703 2960 ============================================================
22:41:44.0734 2960 C: <-> \Device\Harddisk0\DR0\Partition0
22:41:44.0796 2960 D: <-> \Device\Harddisk0\DR0\Partition1
22:41:44.0859 2960 E: <-> \Device\Harddisk1\DR1\Partition0
22:41:44.0859 2960 ============================================================
22:41:44.0859 2960 Initialize success
22:41:44.0859 2960 ============================================================
22:42:00.0000 3540 ============================================================
22:42:00.0000 3540 Scan started
22:42:00.0000 3540 Mode: Manual;
22:42:00.0000 3540 ============================================================
22:42:00.0265 3540 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Programme\SUPERAntiSpyware\SASCORE.EXE
22:42:00.0265 3540 !SASCORE - ok
22:42:00.0359 3540 Abiosdsk - ok
22:42:00.0390 3540 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:42:00.0390 3540 abp480n5 - ok
22:42:00.0406 3540 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:42:00.0421 3540 ACPI - ok
22:42:00.0437 3540 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:42:00.0437 3540 ACPIEC - ok
22:42:00.0453 3540 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:42:00.0453 3540 adpu160m - ok
22:42:00.0468 3540 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
22:42:00.0468 3540 aeaudio - ok
22:42:00.0515 3540 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:42:00.0515 3540 aec - ok
22:42:00.0546 3540 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:42:00.0562 3540 AFD - ok
22:42:00.0562 3540 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:42:00.0578 3540 agp440 - ok
22:42:00.0578 3540 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:42:00.0578 3540 agpCPQ - ok
22:42:00.0593 3540 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:42:00.0593 3540 Aha154x - ok
22:42:00.0609 3540 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:42:00.0609 3540 aic78u2 - ok
22:42:00.0625 3540 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:42:00.0625 3540 aic78xx - ok
22:42:00.0640 3540 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
22:42:00.0656 3540 Alerter - ok
22:42:00.0656 3540 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
22:42:00.0671 3540 ALG - ok
22:42:00.0671 3540 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:42:00.0671 3540 AliIde - ok
22:42:00.0703 3540 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:42:00.0703 3540 alim1541 - ok
22:42:00.0703 3540 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:42:00.0703 3540 amdagp - ok
22:42:00.0718 3540 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:42:00.0718 3540 amsint - ok
22:42:00.0765 3540 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
22:42:00.0781 3540 AppMgmt - ok
22:42:00.0812 3540 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:42:00.0812 3540 Arp1394 - ok
22:42:00.0828 3540 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:42:00.0828 3540 asc - ok
22:42:00.0828 3540 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:42:00.0828 3540 asc3350p - ok
22:42:00.0843 3540 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:42:00.0843 3540 asc3550 - ok
22:42:00.0875 3540 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
22:42:00.0875 3540 Aspi32 - ok
22:42:00.0921 3540 aspnet_state (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
22:42:00.0937 3540 aspnet_state - ok
22:42:00.0953 3540 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:42:00.0953 3540 AsyncMac - ok
22:42:00.0984 3540 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:42:00.0984 3540 atapi - ok
22:42:00.0984 3540 Atdisk - ok
22:42:01.0031 3540 Ati HotKey Poller (c49a64d70dd96f1a511f2d2badfb924f) C:\WINDOWS\system32\Ati2evxx.exe
22:42:01.0046 3540 Ati HotKey Poller - ok
22:42:01.0109 3540 ATI Smart (fdc4b0d5e8d477c75d962f395c3a25f0) C:\WINDOWS\SYSTEM32\ati2sgag.exe
22:42:01.0125 3540 ATI Smart - ok
22:42:01.0250 3540 ati2mtag (4f1d98c5faa232d89f479aa2f6ef4196) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:42:01.0328 3540 ati2mtag - ok
22:42:01.0453 3540 ATIAVAIW (de216801d656910d1880af7274ac915e) C:\WINDOWS\system32\DRIVERS\atinavt2.sys
22:42:01.0453 3540 ATIAVAIW - ok
22:42:01.0468 3540 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:42:01.0484 3540 Atmarpc - ok
22:42:01.0515 3540 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
22:42:01.0515 3540 AudioSrv - ok
22:42:01.0546 3540 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:42:01.0546 3540 audstub - ok
22:42:01.0593 3540 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:42:01.0609 3540 b57w2k - ok
22:42:01.0625 3540 BAsfIpM (bdd5538b859dbeb3ecaf09b3d027553a) C:\WINDOWS\system32\basfipm.exe
22:42:01.0640 3540 BAsfIpM - ok
22:42:01.0640 3540 BASFND (3d87b0484be1093c6614062701f375c5) C:\WINDOWS\system32\Drivers\BASFND.sys
22:42:01.0640 3540 BASFND - ok
22:42:01.0656 3540 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:42:01.0656 3540 Beep - ok
22:42:01.0687 3540 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
22:42:01.0734 3540 BITS - ok
22:42:01.0765 3540 BMLoad (d002033c1a37f6af51b5f0ba6d0211bc) C:\WINDOWS\system32\drivers\BMLoad.sys
22:42:01.0781 3540 BMLoad - ok
22:42:01.0812 3540 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
22:42:01.0828 3540 Browser - ok
22:42:01.0859 3540 btaudio (0c7b763abda79b53e2016af1af8b9706) C:\WINDOWS\system32\drivers\btaudio.sys
22:42:01.0875 3540 btaudio - ok
22:42:01.0906 3540 BTDriver (1b24333d2bcb4dc1c5c3b15bedace5b4) C:\WINDOWS\system32\DRIVERS\btport.sys
22:42:01.0906 3540 BTDriver - ok
22:42:02.0000 3540 BTKRNL (54e368a1768c627f2adb8ab5624d0bc4) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
22:42:02.0031 3540 BTKRNL - ok
22:42:02.0062 3540 BTSERIAL (8aeca4330654da58423e7fe03a704513) C:\WINDOWS\system32\drivers\btserial.sys
22:42:02.0062 3540 BTSERIAL - ok
22:42:02.0171 3540 btwdins (6d3ea768af4587289b2934b891c77920) C:\Programme\EDnet\WIDCOMM\Bluetooth Software\bin\btwdins.exe
22:42:02.0171 3540 btwdins - ok
22:42:02.0234 3540 BTWDNDIS (bde1502aabe76f71d32178e5c6a58e89) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
22:42:02.0265 3540 BTWDNDIS - ok
22:42:02.0281 3540 btwmodem (458b6ccd6b2a5ac5b483f0f31db28171) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
22:42:02.0296 3540 btwmodem - ok
22:42:02.0328 3540 BTWUSB (fca94255e0a0e65c7c93530bdf10adca) C:\WINDOWS\system32\Drivers\btwusb.sys
22:42:02.0343 3540 BTWUSB - ok
22:42:02.0421 3540 catchme - ok
22:42:02.0453 3540 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:42:02.0453 3540 cbidf - ok
22:42:02.0468 3540 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:42:02.0468 3540 cbidf2k - ok
22:42:02.0500 3540 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:42:02.0500 3540 CCDECODE - ok
22:42:02.0546 3540 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:42:02.0546 3540 cd20xrnt - ok
22:42:02.0546 3540 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\DRIVERS\cdaudio.sys
22:42:02.0562 3540 Cdaudio - ok
22:42:02.0562 3540 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:42:02.0578 3540 Cdfs - ok
22:42:02.0578 3540 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:42:02.0593 3540 Cdrom - ok
22:42:02.0593 3540 Changer - ok
22:42:02.0640 3540 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
22:42:02.0640 3540 CiSvc - ok
22:42:02.0656 3540 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
22:42:02.0656 3540 ClipSrv - ok
22:42:02.0671 3540 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:42:02.0671 3540 CmdIde - ok
22:42:02.0671 3540 COMSysApp - ok
22:42:02.0687 3540 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:42:02.0687 3540 Cpqarray - ok
22:42:02.0765 3540 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
22:42:02.0781 3540 CryptSvc - ok
22:42:02.0796 3540 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:42:02.0812 3540 dac2w2k - ok
22:42:02.0812 3540 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:42:02.0812 3540 dac960nt - ok
22:42:02.0906 3540 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
22:42:02.0921 3540 DcomLaunch - ok
22:42:02.0968 3540 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
22:42:02.0968 3540 Dhcp - ok
22:42:02.0984 3540 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:42:02.0984 3540 Disk - ok
22:42:02.0984 3540 dmadmin - ok
22:42:03.0046 3540 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
22:42:03.0062 3540 dmboot - ok
22:42:03.0093 3540 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
22:42:03.0093 3540 dmio - ok
22:42:03.0109 3540 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:42:03.0109 3540 dmload - ok
22:42:03.0140 3540 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
22:42:03.0156 3540 dmserver - ok
22:42:03.0171 3540 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:42:03.0171 3540 DMusic - ok
22:42:03.0203 3540 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
22:42:03.0203 3540 Dnscache - ok
22:42:03.0234 3540 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
22:42:03.0250 3540 Dot3svc - ok
22:42:03.0250 3540 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:42:03.0250 3540 dpti2o - ok
22:42:03.0265 3540 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:42:03.0265 3540 drmkaud - ok
22:42:03.0296 3540 drvmcdb (1e7d457d6039617add96f14a882eccd7) C:\WINDOWS\system32\DRIVERS\drvmcdb.sys
22:42:03.0312 3540 drvmcdb - ok
22:42:03.0328 3540 drvnddm (ffc29800582d81df841385cd850cb05e) C:\WINDOWS\system32\drivers\drvnddm.sys
22:42:03.0328 3540 drvnddm - ok
22:42:03.0343 3540 E100B (a6de5342417fec3c0aa8efebb899c431) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:42:03.0359 3540 E100B - ok
22:42:03.0390 3540 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
22:42:03.0390 3540 EapHost - ok
22:42:03.0421 3540 ElbyCDFL (80d46e888cd8c8139dffcc7eb6017cac) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
22:42:03.0421 3540 ElbyCDFL - ok
22:42:03.0437 3540 ElbyCDIO (329ed852d278242a6a55214cd40fceab) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
22:42:03.0437 3540 ElbyCDIO - ok
22:42:03.0468 3540 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
22:42:03.0484 3540 ERSvc - ok
22:42:03.0515 3540 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
22:42:03.0531 3540 Eventlog - ok
22:42:03.0578 3540 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
22:42:03.0593 3540 EventSystem - ok
22:42:03.0625 3540 ewusbnet (a52794c010c6df5b4bc70c4ab5e04088) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
22:42:03.0625 3540 ewusbnet - ok
22:42:03.0656 3540 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
22:42:03.0656 3540 ew_hwusbdev - ok
22:42:03.0671 3540 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:42:03.0687 3540 Fastfat - ok
22:42:03.0718 3540 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
22:42:03.0734 3540 FastUserSwitchingCompatibility - ok
22:42:03.0796 3540 Fax (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe
22:42:03.0812 3540 Fax - ok
22:42:03.0828 3540 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:42:03.0843 3540 Fdc - ok
22:42:03.0859 3540 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
22:42:03.0859 3540 Fips - ok
22:42:03.0890 3540 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:42:03.0890 3540 Flpydisk - ok
22:42:03.0953 3540 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:42:03.0953 3540 FltMgr - ok
22:42:03.0984 3540 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:42:03.0984 3540 Fs_Rec - ok
22:42:04.0015 3540 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:42:04.0015 3540 Ftdisk - ok
22:42:04.0031 3540 GcKernel (72fe2bea6863d4eb93442a1c4fb5ca48) C:\WINDOWS\system32\DRIVERS\GcKernel.sys
22:42:04.0046 3540 GcKernel - ok
22:42:04.0109 3540 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:42:04.0140 3540 Gpc - ok
22:42:04.0203 3540 GtFlashSwitch (d47cbe7ecdf9c048f674df2da9943422) C:\Programme\Gemeinsame Dateien\GtFlashSwitch\GtFlashSwitch.exe
22:42:04.0218 3540 GtFlashSwitch - ok
22:42:04.0250 3540 GTMNDISIRPXP (88ca21245590cb1ba9252fba570ed2b9) C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys
22:42:04.0250 3540 GTMNDISIRPXP - ok
22:42:04.0281 3540 GTPTSER (0f0b5ebf2ce07914b8bdebd3afbd28c8) C:\WINDOWS\system32\DRIVERS\gtptser.sys
22:42:04.0281 3540 GTPTSER - ok
22:42:04.0312 3540 GTUQBUS (b6dd2f2f77e4626ba3a47f2a02cdddb3) C:\WINDOWS\system32\DRIVERS\gtuqbus.sys
22:42:04.0312 3540 GTUQBUS - ok
22:42:04.0359 3540 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:42:04.0359 3540 helpsvc - ok
22:42:04.0390 3540 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
22:42:04.0406 3540 HidServ - ok
22:42:04.0437 3540 HIDSwvd (bd205320308fb41c88a4049a2d1764b4) C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
22:42:04.0437 3540 HIDSwvd - ok
22:42:04.0468 3540 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:42:04.0468 3540 HidUsb - ok
22:42:04.0500 3540 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
22:42:04.0515 3540 hkmsvc - ok
22:42:04.0546 3540 hpcd2k (f72906171a73176623a9792e0a82cece) C:\WINDOWS\system32\drivers\hpcd2k.sys
22:42:04.0546 3540 hpcd2k - ok
22:42:04.0578 3540 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:42:04.0578 3540 hpn - ok
22:42:04.0609 3540 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:42:04.0625 3540 HTTP - ok
22:42:04.0656 3540 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
22:42:04.0656 3540 HTTPFilter - ok
22:42:04.0687 3540 huawei_enumerator (92548543d50c9bccdb31ffb7ec39249d) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
22:42:04.0687 3540 huawei_enumerator - ok
22:42:04.0750 3540 hwdatacard (1f40368dc40b17de3fa0fbe8a9d82f9e) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
22:42:04.0765 3540 hwdatacard - ok
22:42:04.0796 3540 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:42:04.0796 3540 i2omgmt - ok
22:42:04.0796 3540 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:42:04.0796 3540 i2omp - ok
22:42:04.0812 3540 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:42:04.0812 3540 i8042prt - ok
22:42:04.0875 3540 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:42:04.0906 3540 ialm - ok
22:42:05.0000 3540 Iap (be9a7ee5bfcfe8e3f11c98b892d8fef5) C:\Programme\Dell\OpenManage\Client\Iap.exe
22:42:05.0000 3540 Iap - ok
22:42:05.0046 3540 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:42:05.0046 3540 Imapi - ok
22:42:05.0093 3540 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
22:42:05.0109 3540 ImapiService - ok
22:42:05.0109 3540 InCDFs - ok
22:42:05.0125 3540 InCDPass - ok
22:42:05.0125 3540 InCDRm - ok
22:42:05.0156 3540 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:42:05.0156 3540 ini910u - ok
22:42:05.0171 3540 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:42:05.0171 3540 IntelIde - ok
22:42:05.0187 3540 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:42:05.0203 3540 intelppm - ok
22:42:05.0234 3540 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:42:05.0234 3540 Ip6Fw - ok
22:42:05.0265 3540 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:42:05.0265 3540 IpFilterDriver - ok
22:42:05.0281 3540 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:42:05.0296 3540 IpInIp - ok
22:42:05.0328 3540 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:42:05.0343 3540 IpNat - ok
22:42:05.0359 3540 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:42:05.0359 3540 IPSec - ok
22:42:05.0375 3540 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:42:05.0375 3540 IRENUM - ok
22:42:05.0406 3540 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:42:05.0406 3540 isapnp - ok
22:42:05.0421 3540 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:42:05.0437 3540 Kbdclass - ok
22:42:05.0453 3540 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:42:05.0453 3540 kbdhid - ok
22:42:05.0468 3540 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:42:05.0484 3540 kmixer - ok
22:42:05.0515 3540 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:42:05.0531 3540 KSecDD - ok
22:42:05.0562 3540 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
22:42:05.0578 3540 lanmanworkstation - ok
22:42:05.0578 3540 lbrtfdc - ok
22:42:05.0656 3540 LightScribeService (75f8fdf480dbed5358188e0eaa2020d9) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
22:42:05.0671 3540 LightScribeService - ok
22:42:05.0687 3540 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
22:42:05.0687 3540 LmHosts - ok
22:42:05.0750 3540 MDM (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
22:42:05.0765 3540 MDM - ok
22:42:05.0812 3540 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
22:42:05.0828 3540 Messenger - ok
22:42:05.0859 3540 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:42:05.0859 3540 mnmdd - ok
22:42:05.0890 3540 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
22:42:05.0906 3540 mnmsrvc - ok
22:42:05.0921 3540 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
22:42:05.0921 3540 Modem - ok
22:42:05.0937 3540 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:42:05.0937 3540 Mouclass - ok
22:42:05.0984 3540 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:42:05.0984 3540 mouhid - ok
22:42:06.0015 3540 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:42:06.0015 3540 MountMgr - ok
22:42:06.0031 3540 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
22:42:06.0031 3540 MPE - ok
22:42:06.0078 3540 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:42:06.0078 3540 mraid35x - ok
22:42:06.0109 3540 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:42:06.0125 3540 MRxDAV - ok
22:42:06.0187 3540 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:42:06.0203 3540 MRxSmb - ok
22:42:06.0234 3540 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
22:42:06.0234 3540 MSDTC - ok
22:42:06.0250 3540 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:42:06.0250 3540 Msfs - ok
22:42:06.0250 3540 MSIServer - ok
22:42:06.0281 3540 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:42:06.0296 3540 MSKSSRV - ok
22:42:06.0296 3540 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:42:06.0296 3540 MSPCLOCK - ok
22:42:06.0312 3540 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:42:06.0312 3540 MSPQM - ok
22:42:06.0328 3540 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:42:06.0328 3540 mssmbios - ok
22:42:06.0359 3540 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:42:06.0359 3540 MSTEE - ok
22:42:06.0390 3540 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:42:06.0406 3540 Mup - ok
22:42:06.0421 3540 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:42:06.0421 3540 NABTSFEC - ok
22:42:06.0468 3540 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
22:42:06.0484 3540 napagent - ok
22:42:06.0515 3540 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:42:06.0515 3540 NDIS - ok
22:42:06.0531 3540 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:42:06.0531 3540 NdisIP - ok
22:42:06.0562 3540 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:42:06.0562 3540 NdisTapi - ok
22:42:06.0578 3540 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:42:06.0578 3540 Ndisuio - ok
22:42:06.0593 3540 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:42:06.0593 3540 NdisWan - ok
22:42:06.0625 3540 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:42:06.0625 3540 NDProxy - ok
22:42:06.0640 3540 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:42:06.0640 3540 NetBIOS - ok
22:42:06.0656 3540 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:42:06.0671 3540 NetBT - ok
22:42:06.0703 3540 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
22:42:06.0718 3540 NetDDE - ok
22:42:06.0718 3540 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
22:42:06.0734 3540 NetDDEdsdm - ok
22:42:06.0765 3540 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:42:06.0765 3540 Netlogon - ok
22:42:06.0828 3540 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
22:42:06.0843 3540 Netman - ok
22:42:06.0875 3540 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:42:06.0875 3540 NIC1394 - ok
22:42:06.0921 3540 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
22:42:06.0921 3540 Nla - ok
22:42:06.0968 3540 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\WINDOWS\system32\drivers\ccdcmb.sys
22:42:06.0968 3540 nmwcd - ok
22:42:07.0031 3540 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\WINDOWS\system32\drivers\ccdcmbo.sys
22:42:07.0031 3540 nmwcdc - ok
22:42:07.0062 3540 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:42:07.0078 3540 Npfs - ok
22:42:07.0109 3540 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:42:07.0156 3540 Ntfs - ok
22:42:07.0156 3540 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:42:07.0156 3540 NtLmSsp - ok
22:42:07.0203 3540 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
22:42:07.0234 3540 NtmsSvc - ok
22:42:07.0265 3540 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:42:07.0265 3540 Null - ok
22:42:07.0359 3540 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:42:07.0406 3540 nv - ok
22:42:07.0484 3540 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:42:07.0484 3540 NwlnkFlt - ok
22:42:07.0484 3540 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:42:07.0484 3540 NwlnkFwd - ok
22:42:07.0515 3540 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:42:07.0515 3540 ohci1394 - ok
22:42:07.0546 3540 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
22:42:07.0546 3540 omci - ok
22:42:07.0609 3540 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
22:42:07.0609 3540 Parport - ok
22:42:07.0625 3540 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:42:07.0625 3540 PartMgr - ok
22:42:07.0656 3540 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
22:42:07.0656 3540 ParVdm - ok
22:42:07.0671 3540 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
22:42:07.0671 3540 pavboot - ok
22:42:07.0687 3540 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
22:42:07.0703 3540 pccsmcfd - ok
22:42:07.0718 3540 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
22:42:07.0734 3540 PCI - ok
22:42:07.0734 3540 PCIDump - ok
22:42:07.0750 3540 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:42:07.0750 3540 PCIIde - ok
22:42:07.0781 3540 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:42:07.0781 3540 Pcmcia - ok
22:42:07.0828 3540 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
22:42:07.0828 3540 pcouffin - ok
22:42:07.0828 3540 PDCOMP - ok
22:42:07.0843 3540 PDFRAME - ok
22:42:07.0859 3540 PDRELI - ok
22:42:07.0859 3540 PDRFRAME - ok
22:42:07.0875 3540 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:42:07.0875 3540 perc2 - ok
22:42:07.0890 3540 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:42:07.0890 3540 perc2hib - ok
22:42:07.0953 3540 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
22:42:07.0953 3540 PlugPlay - ok
22:42:07.0984 3540 PnkBstrA (a9d6b1e7ef097c7f3b5dc4f56c0e7386) C:\WINDOWS\system32\PnkBstrA.exe
22:42:07.0984 3540 PnkBstrA - ok
22:42:08.0015 3540 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:42:08.0015 3540 PolicyAgent - ok
22:42:08.0031 3540 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:42:08.0046 3540 PptpMiniport - ok
22:42:08.0062 3540 PQNTDrv (b26019a686d36e22f954e67c8fec4297) C:\WINDOWS\system32\drivers\PQNTDrv.sys
22:42:08.0062 3540 PQNTDrv - ok
22:42:08.0078 3540 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:42:08.0078 3540 ProtectedStorage - ok
22:42:08.0093 3540 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:42:08.0093 3540 PSched - ok
22:42:08.0093 3540 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:42:08.0093 3540 Ptilink - ok
22:42:08.0125 3540 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
22:42:08.0125 3540 PxHelp20 - ok
22:42:08.0125 3540 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:42:08.0125 3540 ql1080 - ok
22:42:08.0140 3540 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:42:08.0140 3540 Ql10wnt - ok
22:42:08.0156 3540 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:42:08.0171 3540 ql12160 - ok
22:42:08.0171 3540 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:42:08.0171 3540 ql1240 - ok
22:42:08.0187 3540 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:42:08.0187 3540 ql1280 - ok
22:42:08.0203 3540 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:42:08.0203 3540 RasAcd - ok
22:42:08.0234 3540 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
22:42:08.0234 3540 RasAuto - ok
22:42:08.0250 3540 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:42:08.0265 3540 Rasl2tp - ok
22:42:08.0296 3540 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
22:42:08.0312 3540 RasMan - ok
22:42:08.0328 3540 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:42:08.0328 3540 RasPppoe - ok
22:42:08.0343 3540 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:42:08.0343 3540 Raspti - ok
22:42:08.0359 3540 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:42:08.0375 3540 Rdbss - ok
22:42:08.0390 3540 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:42:08.0390 3540 RDPCDD - ok
22:42:08.0421 3540 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:42:08.0421 3540 rdpdr - ok
22:42:08.0484 3540 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:42:08.0500 3540 RDPWD - ok
22:42:08.0531 3540 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
22:42:08.0546 3540 RDSessMgr - ok
22:42:08.0562 3540 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:42:08.0562 3540 redbook - ok
22:42:08.0593 3540 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
22:42:08.0609 3540 RemoteAccess - ok
22:42:08.0640 3540 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
22:42:08.0640 3540 RemoteRegistry - ok
22:42:08.0671 3540 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
22:42:08.0671 3540 ROOTMODEM - ok
22:42:08.0703 3540 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
22:42:08.0718 3540 RpcLocator - ok
22:42:08.0765 3540 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
22:42:08.0781 3540 RpcSs - ok
22:42:08.0812 3540 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
22:42:08.0828 3540 RSVP - ok
22:42:08.0875 3540 S6U12AScanner (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\drivers\usbscan.sys
22:42:08.0875 3540 S6U12AScanner - ok
22:42:08.0890 3540 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:42:08.0890 3540 SamSs - ok
22:42:08.0968 3540 SASDIFSV (39763504067962108505bff25f024345) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
22:42:08.0968 3540 SASDIFSV - ok
22:42:08.0984 3540 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
22:42:09.0000 3540 SASKUTIL - ok
22:42:09.0031 3540 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
22:42:09.0031 3540 sbp2port - ok
22:42:09.0078 3540 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
22:42:09.0093 3540 SCardSvr - ok
22:42:09.0125 3540 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
22:42:09.0140 3540 Schedule - ok
22:42:09.0187 3540 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:42:09.0187 3540 Secdrv - ok
22:42:09.0218 3540 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
22:42:09.0218 3540 seclogon - ok
22:42:09.0250 3540 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
22:42:09.0250 3540 SENS - ok
22:42:09.0296 3540 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:42:09.0296 3540 serenum - ok
22:42:09.0359 3540 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
22:42:09.0375 3540 Serial - ok
22:42:09.0484 3540 ServiceLayer (58d5bfdf3adf49fe9cabd78cc61d92f6) C:\Programme\PC Connectivity Solution\ServiceLayer.exe
22:42:09.0500 3540 ServiceLayer - ok
22:42:09.0531 3540 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
22:42:09.0531 3540 Sfloppy - ok
22:42:09.0562 3540 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
22:42:09.0578 3540 SharedAccess - ok
22:42:09.0609 3540 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
22:42:09.0609 3540 ShellHWDetection - ok
22:42:09.0625 3540 Simbad - ok
22:42:09.0656 3540 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:42:09.0656 3540 sisagp - ok
22:42:09.0687 3540 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:42:09.0687 3540 SLIP - ok
22:42:09.0750 3540 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
22:42:09.0765 3540 smwdm - ok
22:42:09.0781 3540 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:42:09.0781 3540 Sparrow - ok
22:42:09.0812 3540 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:42:09.0812 3540 splitter - ok
22:42:09.0859 3540 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:42:09.0875 3540 Spooler - ok
22:42:09.0906 3540 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
22:42:09.0906 3540 sr - ok
22:42:09.0968 3540 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
22:42:09.0984 3540 srservice - ok
22:42:10.0015 3540 sscdbhk5 (4264ebe2edb3cae56d6ea734b0e0ac8e) C:\WINDOWS\system32\drivers\sscdbhk5.sys
22:42:10.0015 3540 sscdbhk5 - ok
22:42:10.0046 3540 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
22:42:10.0062 3540 SSDPSRV - ok
22:42:10.0078 3540 ssrtln (fdf219e0b6a5cbba34424ac361030aed) C:\WINDOWS\system32\drivers\ssrtln.sys
22:42:10.0078 3540 ssrtln - ok
22:42:10.0125 3540 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
22:42:10.0140 3540 stisvc - ok
22:42:10.0171 3540 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:42:10.0171 3540 streamip - ok
22:42:10.0203 3540 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:42:10.0203 3540 swenum - ok
22:42:10.0218 3540 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:42:10.0218 3540 swmidi - ok
22:42:10.0234 3540 SwPrv - ok
22:42:10.0265 3540 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:42:10.0281 3540 symc810 - ok
22:42:10.0281 3540 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:42:10.0281 3540 symc8xx - ok
22:42:10.0312 3540 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:42:10.0312 3540 sym_hi - ok
22:42:10.0312 3540 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:42:10.0328 3540 sym_u3 - ok
22:42:10.0328 3540 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:42:10.0343 3540 sysaudio - ok
22:42:10.0375 3540 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
22:42:10.0390 3540 SysmonLog - ok
22:42:10.0421 3540 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
22:42:10.0437 3540 TapiSrv - ok
22:42:10.0484 3540 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:42:10.0500 3540 Tcpip - ok
22:42:10.0562 3540 tcpipBM (dcfeb82ca988598ceb8f83148616038e) C:\WINDOWS\system32\drivers\tcpipBM.sys
22:42:10.0562 3540 tcpipBM - ok
22:42:10.0578 3540 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:42:10.0578 3540 TDPIPE - ok
22:42:10.0609 3540 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:42:10.0625 3540 TDTCP - ok
22:42:10.0671 3540 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:42:10.0671 3540 TermDD - ok
22:42:10.0703 3540 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
22:42:10.0734 3540 TermService - ok
22:42:10.0796 3540 tfsnboio (546fc132beb3fdab509ac2ae4b37686f) C:\WINDOWS\system32\dla\tfsnboio.sys
22:42:10.0812 3540 tfsnboio - ok
22:42:10.0843 3540 tfsncofs (9a4b6cd62ffcecbd25c41ac5108c2419) C:\WINDOWS\system32\dla\tfsncofs.sys
22:42:10.0843 3540 tfsncofs - ok
22:42:10.0859 3540 tfsndrct (0d3ea4b03068f634351a8ae086f45737) C:\WINDOWS\system32\dla\tfsndrct.sys
22:42:10.0859 3540 tfsndrct - ok
22:42:10.0890 3540 tfsndres (95a72c82ac6f7bda100fbaecc79c1785) C:\WINDOWS\system32\dla\tfsndres.sys
22:42:10.0890 3540 tfsndres - ok
22:42:10.0921 3540 tfsnifs (0b618d034d3bf4f2fe0e54a32bf66795) C:\WINDOWS\system32\dla\tfsnifs.sys
22:42:10.0921 3540 tfsnifs - ok
22:42:10.0953 3540 tfsnopio (ee40f4f65b152725ace00c31c42f9db0) C:\WINDOWS\system32\dla\tfsnopio.sys
22:42:10.0953 3540 tfsnopio - ok
22:42:10.0984 3540 tfsnpool (2d5091546a8da11226220100cfcab8d7) C:\WINDOWS\system32\dla\tfsnpool.sys
22:42:10.0984 3540 tfsnpool - ok
22:42:11.0000 3540 tfsnudf (82896687c37eb954ec7b81ae5d4c5a6c) C:\WINDOWS\system32\dla\tfsnudf.sys
22:42:11.0015 3540 tfsnudf - ok
22:42:11.0046 3540 tfsnudfa (ff533f46c1e1c6f23bf90d72bdb14b94) C:\WINDOWS\system32\dla\tfsnudfa.sys
22:42:11.0062 3540 tfsnudfa - ok
22:42:11.0093 3540 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
22:42:11.0093 3540 Themes - ok
22:42:11.0140 3540 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
22:42:11.0140 3540 TlntSvr - ok
22:42:11.0171 3540 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
22:42:11.0171 3540 TosIde - ok
22:42:11.0203 3540 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
22:42:11.0218 3540 TrkWks - ok
22:42:11.0281 3540 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
22:42:11.0281 3540 tunmp - ok
22:42:11.0328 3540 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:42:11.0328 3540 Udfs - ok
22:42:11.0359 3540 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:42:11.0375 3540 ultra - ok
22:42:11.0421 3540 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:42:11.0437 3540 Update - ok
22:42:11.0468 3540 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
22:42:11.0484 3540 upnphost - ok
22:42:11.0515 3540 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
22:42:11.0515 3540 upperdev - ok
22:42:11.0546 3540 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
22:42:11.0546 3540 UPS - ok
22:42:11.0578 3540 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:42:11.0578 3540 usbccgp - ok
22:42:11.0609 3540 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:42:11.0625 3540 usbehci - ok
22:42:11.0625 3540 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:42:11.0640 3540 usbhub - ok
22:42:11.0656 3540 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:42:11.0656 3540 usbprint - ok
22:42:11.0687 3540 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:42:11.0687 3540 usbscan - ok
22:42:11.0718 3540 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
22:42:11.0718 3540 usbser - ok
22:42:11.0750 3540 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
22:42:11.0750 3540 UsbserFilt - ok
22:42:11.0765 3540 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:42:11.0781 3540 USBSTOR - ok
22:42:11.0796 3540 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:42:11.0796 3540 usbuhci - ok
22:42:11.0859 3540 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:42:11.0859 3540 VgaSave - ok
22:42:11.0890 3540 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:42:11.0890 3540 viaagp - ok
22:42:11.0906 3540 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:42:11.0906 3540 ViaIde - ok
22:42:11.0921 3540 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
22:42:11.0921 3540 VolSnap - ok
22:42:11.0984 3540 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
22:42:12.0000 3540 VSS - ok
22:42:12.0031 3540 w32time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
22:42:12.0046 3540 w32time - ok
22:42:12.0109 3540 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:42:12.0125 3540 Wanarp - ok
22:42:12.0171 3540 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:42:12.0187 3540 Wdf01000 - ok
22:42:12.0203 3540 WDICA - ok
22:42:12.0234 3540 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:42:12.0234 3540 wdmaud - ok
22:42:12.0281 3540 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
22:42:12.0281 3540 WebClient - ok
22:42:12.0343 3540 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:42:12.0343 3540 winmgmt - ok
22:42:12.0406 3540 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:42:12.0406 3540 WmdmPmSN - ok
22:42:12.0468 3540 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
22:42:12.0484 3540 Wmi - ok
22:42:12.0531 3540 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:42:12.0531 3540 WmiApSrv - ok
22:42:12.0656 3540 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
22:42:12.0671 3540 WMPNetworkSvc - ok
22:42:12.0703 3540 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:42:12.0718 3540 WpdUsb - ok
22:42:12.0734 3540 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:42:12.0734 3540 WS2IFSL - ok
22:42:12.0765 3540 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
22:42:12.0781 3540 wscsvc - ok
22:42:12.0812 3540 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:42:12.0812 3540 WSTCODEC - ok
22:42:12.0859 3540 WTGService (1d448834ebaeb2d99ae7c6634b8d17be) C:\Programme\3DataManager\WTGService.exe
22:42:12.0875 3540 WTGService - ok
22:42:12.0921 3540 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
22:42:12.0953 3540 wuauserv - ok
22:42:13.0015 3540 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:42:13.0015 3540 WudfPf - ok
22:42:13.0046 3540 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:42:13.0046 3540 WudfRd - ok
22:42:13.0062 3540 WudfSvc (575a4190d989f64732119e4114045a4f) C:\WINDOWS\System32\WUDFSvc.dll
22:42:13.0078 3540 WudfSvc - ok
22:42:13.0125 3540 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
22:42:13.0171 3540 WZCSVC - ok
22:42:13.0187 3540 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
22:42:13.0218 3540 xmlprov - ok
22:42:13.0281 3540 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:42:13.0671 3540 \Device\Harddisk0\DR0 - ok
22:42:13.0671 3540 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
22:42:13.0968 3540 \Device\Harddisk1\DR1 - ok
22:42:13.0984 3540 MBR (0x1B8) (9aeed90ddbf63aae8915fd41f941adaf) \Device\Harddisk2\DR6
22:42:18.0796 3540 \Device\Harddisk2\DR6 - ok
22:42:18.0812 3540 Boot (0x1200) (d31f3287013f25b752ee159419e9f3fd) \Device\Harddisk0\DR0\Partition0
22:42:18.0812 3540 \Device\Harddisk0\DR0\Partition0 - ok
22:42:18.0828 3540 Boot (0x1200) (8c3e253a3ebfe8b7512ac4d940e83d1a) \Device\Harddisk0\DR0\Partition1
22:42:18.0828 3540 \Device\Harddisk0\DR0\Partition1 - ok
22:42:18.0828 3540 Boot (0x1200) (e9a0be2de26d78a18b9c693adc95361c) \Device\Harddisk1\DR1\Partition0
22:42:18.0828 3540 \Device\Harddisk1\DR1\Partition0 - ok
22:42:18.0828 3540 ============================================================
22:42:18.0828 3540 Scan finished
22:42:18.0828 3540 ============================================================
22:42:18.0843 1344 Detected object count: 0
22:42:18.0843 1344 Actual detected object count: 0
22:43:22.0000 2280 Deinitialize success


and the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-30 22:44:05
-----------------------------
22:44:05.890 OS Version: Windows 5.1.2600 Service Pack 3
22:44:05.890 Number of processors: 2 586 0x401
22:44:05.890 ComputerName: UserName:
22:44:06.250 Initialize success
22:44:25.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f
22:44:25.093 Disk 0 Vendor: Maxtor_6Y160M0 YAR51HW0 Size: 152587MB BusType: 3
22:44:25.093 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-17
22:44:25.093 Disk 1 Vendor: Maxtor_6Y160M0 YAR51HW0 Size: 152587MB BusType: 3
22:44:25.109 Disk 0 MBR read successfully
22:44:25.109 Disk 0 MBR scan
22:44:25.109 Disk 0 Windows XP default MBR code
22:44:25.109 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 70 MB offset 63
22:44:25.109 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 40021 MB offset 144585
22:44:25.125 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 112494 MB offset 82108215
22:44:25.125 Disk 0 scanning sectors +312496380
22:44:25.187 Disk 0 scanning C:\WINDOWS\system32\drivers
22:44:32.968 Service scanning
22:44:41.500 Modules scanning
22:44:46.765 Disk 0 trace - called modules:
22:44:46.781 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
22:44:46.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8d6ab8]
22:44:46.781 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-f[0x8a91c3f0]
22:44:46.781 Scan finished successfully
22:45:37.500 Disk 0 MBR has been saved successfully to "E:\Lager\Virusscan\aswMBR\MBR.dat"
22:45:37.515 The log file has been saved successfully to "E:\Lager\Virusscan\aswMBR\aswMBR12.05.30.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:46 AM

Posted 31 May 2012 - 10:03 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

FireFox::
FF - ProfilePath - c:\dokumente und einstellungen\Roland\Anwendungsdaten\Mozilla\Firefox\Profiles\l6uu2ib3.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 freifrei

freifrei
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:02:46 PM

Posted 01 June 2012 - 06:51 AM

hello,

done, everything looks good :)

ComboFix log:

ComboFix 12-05-28.01 - 01.06.2012 12:48:47.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2046.1499 [GMT 2:00]
ausgeführt von:: e:\lager\Virusscan\ComboFix\ComboFix.exe
Benutzte Befehlsschalter :: e:\lager\Virusscan\ComboFix\CFScript.txt
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-01 bis 2012-06-01 ))))))))))))))))))))))))))))))
.
.
2012-05-28 01:50 . 2012-05-28 01:50 388096 ----a-r- c:\dokumente und einstellungen\Roland\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-28 01:50 . 2012-05-28 01:50 -------- d-----w- c:\programme\Trend Micro
2012-05-26 13:54 . 2012-05-26 13:54 -------- d-----w- c:\dokumente und einstellungen\Roland\Anwendungsdaten\SUPERAntiSpyware.com
2012-05-26 13:53 . 2012-05-26 13:54 -------- d-----w- c:\programme\SUPERAntiSpyware
2012-05-26 13:53 . 2012-05-26 13:53 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2012-05-26 13:31 . 2012-05-26 13:31 -------- d-----w- c:\programme\Firefox
2012-05-05 16:14 . 2012-05-05 16:14 -------- d-----w- c:\dokumente und einstellungen\Roland\Lokale Einstellungen\Anwendungsdaten\Google
2012-05-05 16:14 . 2012-05-05 16:14 -------- d-----w- c:\dokumente und einstellungen\Roland\Lokale Einstellungen\Anwendungsdaten\CRE
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 10:13 . 2012-03-30 09:15 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-10 10:13 . 2011-05-13 01:36 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:51 . 1980-01-01 00:00 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2004-08-04 14:00 1862400 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:51 . 1980-01-01 00:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-04 13:56 . 2011-08-22 10:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"DVDLauncher"="c:\programme\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"ISUSPM"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\Messenger\\MSMSGS.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
"c:\\WINDOWS\\SYSTEM32\\MMC.EXE"=
"c:\\Programme\\Microsoft Office\\Office10\\OUTLOOK.EXE"=
"d:\\FEAR\\FEARServer.exe"=
"d:\\FTP Commanda\\ftpcomm.exe"=
"d:\\FEAR\\FEAR.exe"=
"d:\\FEAR\\FEARMP.exe"=
"c:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"d:\\Quiktim\\QuickTimePlayer.exe"=
"d:\\Tenrrot\\utorrent.exe"=
"d:\\VLC\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [13.08.2011 11:59 28552]
R1 hpcd2k;hpcd2k;c:\windows\SYSTEM32\DRIVERS\hpcd2k.sys [26.01.2005 01:00 4421]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [22.07.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [12.07.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\programme\SUPERAntiSpyware\SASCore.exe [12.08.2011 01:38 116608]
R2 GtFlashSwitch;GtFlashSwitch;c:\programme\Gemeinsame Dateien\GtFlashSwitch\GtFlashSwitch.exe [09.02.2007 14:48 176128]
R2 WTGService;WTGService;c:\programme\3DataManager\WTGService.exe [17.04.2011 15:18 312784]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\SYSTEM32\DRIVERS\ewusbnet.sys [17.04.2011 15:18 117504]
R3 huawei_enumerator;huawei_enumerator;c:\windows\SYSTEM32\DRIVERS\ew_jubusenum.sys [17.04.2011 13:10 72832]
R3 pcouffin;VSO Software pcouffin;c:\windows\SYSTEM32\DRIVERS\pcouffin.sys [22.03.2009 13:40 47360]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\SYSTEM32\DRIVERS\ew_hwusbdev.sys [17.04.2011 13:10 102784]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\SYSTEM32\DRIVERS\Gtm51Irp.sys [15.01.2007 18:48 122240]
S3 GTUQBUS;GT UQ BUS;c:\windows\SYSTEM32\DRIVERS\gtuqbus.sys [15.01.2007 18:48 36992]
S3 S6U12AScanner;MUSTEK 1200 CU PLUS Still Image Device Service;c:\windows\SYSTEM32\DRIVERS\UsbScan.sys [23.05.2006 22:16 15104]
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-31 c:\windows\Tasks\{3A6FAECE-AE17-4753-8910-2E5204FD0ADD}_OPTI_Roland.job
- c:\windows\system32\MOBSYNC.EXE [2004-08-04 02:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\EDnet\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\dokumente und einstellungen\Roland\Anwendungsdaten\Mozilla\Firefox\Profiles\l6uu2ib3.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-01 12:55
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(980)
c:\programme\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2012-06-01 12:56:57
ComboFix-quarantined-files.txt 2012-06-01 10:56
.
Vor Suchlauf: 2.613.878.784 Bytes frei
Nach Suchlauf: 2.597.277.696 Bytes frei
.
- - End Of File - - 71803AA3FEEF379DBEE15E46F89F93F7

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:46 AM

Posted 03 June 2012 - 06:59 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 8.3.1 - Deutsch
LoudMo Contextual Ad Assistant
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 freifrei

freifrei
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:02:46 PM

Posted 04 June 2012 - 03:13 PM

In your next post I need the following

Log From MBAM:

Malwarebytes Anti-Malware 1.61.0.1400
Datenbank Version: v2012.06.04.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702

04.06.2012 19:40:09

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 271114
Laufzeit: 4 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

PS: can not LoudMo Contextual Ad Assistant remove. can only delete in reg?

report from Hijackthis
let me know of any problems you may have had
How is the computer doing now?

Edited by freifrei, 04 June 2012 - 03:17 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:46 AM

Posted 04 June 2012 - 11:15 PM

That is fine - can you send me the report for hijackthis?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 freifrei

freifrei
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:02:46 PM

Posted 05 June 2012 - 05:51 AM

thank you for your time to help me

In your next post I need the following

2.)report from Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:40:55, on 05.06.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Programme\Gemeinsame Dateien\GtFlashSwitch\GtFlashSwitch.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\3DataManager\WTGService.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Lager\Software_WinXX\wecker\Wecker.exe
C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [wecker] E:\Lager\Software_WinXX\wecker\Wecker.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\EDnet\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\EDnet\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\EDnet\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Spin Palace Casino - 00A20C0F-5CF1-401C-BCC6-30FF9D92DA7D - C:\Microgaming\Casino\SpinPalace\Casinogame.exe (HKCU)
O9 - Extra button: Spin Palace Casino - 093B81E2-C785-47B4-B4E5-13FBA4B74F81 - C:\Microgaming\Casino\SpinPalace\Casinogame.exe (HKCU)
O9 - Extra button: Ruby Fortune Casino - 68B0ABC7-AE1B-4ECC-9C54-5972B01B820A - C:\Microgaming\Casino\RubyFortune\Casinogame.exe (HKCU)
O9 - Extra button: Mummys Gold Casino - B0D3E920-BABF-4AD7-A16E-8FF6F8314124 - C:\Microgaming\Casino\MummysGoldCasino\Casinogame.exe (HKCU)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://Z:\data\Hidinmon.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://Z:\data\A9.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\EDnet\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Programme\Gemeinsame Dateien\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WTGService - Unknown owner - C:\Programme\3DataManager\WTGService.exe

--
End of file - 5743 bytes



3.)let me know of any problems you may have had
4.)How is the computer doing now?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:46 AM

Posted 05 June 2012 - 07:57 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [DVDLauncher] "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe"
      O4 - HKLM\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
      O4 - HKLM\..\Run: [wecker] E:\Lager\Software_WinXX\wecker\Wecker.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 freifrei

freifrei
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:02:46 PM

Posted 07 June 2012 - 04:27 AM

hello,

I'm sorry, but your last entry I have not understood. I have no idea with hijack what should I do???? I'm too stupid.

and at the Eset Online Scanner I miss three things he needs and I do not have?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users