| |
| |||||||
Log-Analyse und Auswertung: Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.12.2011, 16:43
| #1 |
 |  Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet Hallo, ich habe versucht alle Logfiles zu erstellen und hoffe es ist richtig so.  Zu meinem Problem: Seit ca. 4 Tagen konnte Antivir nicht mehr auto-updaten. Außerdem bin ich bei Google öfter auf komische Seiten (Search, Werbeseiten) umgeleitet worden. Firefox brauchte auch beim Starten sehr lange und hatte meist eine Weile keine Rückmeldung. Meine eigenen Schritte: Zunächst habe ich versucht Antivir mit einem aktuellen Download per Überinstallation zu reparieren und immer wieder versucht zu aktualisieren. Zwischendurch hat das auch einmal geklappt. Nun geht es wieder nicht mehr. Ich habe bei einem Vollscan mehrere Schädlinge gefunden und in die Quarantäne packen lassen. (Log hängt an, sieht allerdings komisch aus weil ausversehen der Scanner doppelt lief und daher die Dateien schon vom ersten weggepakt wurden- der Log ist aber vom zweiten - sorry) Sind aber die selben Warnmeldungen. Nun findet Antivir nichts mehr und eine Antivir Boot-CD eines Kollegen (ca. 14 Tage alt) hat auch nichts mehr gefunden. Ich konnte aber die Boot-CD nicht updaten lassen. Andere Probleme als das weiterleiten bei Suchmaschienen und das Updaten habe ich nicht. Windowsupdates liefen OK. Wir haben eine Fritzbox und ich hoffe das der Schädling noch nichts nach aussen senden konnte... Wäre toll wenn Ihr mir weiter helfen könntet - Komplett neu aufsetzten wäre der GAU... Und ja, ich weiß ich hab viel komischen Kram auf dem Computer  Danke schon einmal!  Hier die LOG von OTL, die anderen im Anhang. OTL logfile created on: 03.12.2011 14:21:14 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Steffi\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19154) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1021,38 Mb Total Physical Memory | 363,01 Mb Available Physical Memory | 35,54% Memory free 2,25 Gb Paging File | 1,22 Gb Available in Paging File | 54,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 71,28 Gb Total Space | 12,26 Gb Free Space | 17,20% Space Free | Partition Type: NTFS Drive D: | 70,94 Gb Total Space | 40,84 Gb Free Space | 57,58% Space Free | Partition Type: NTFS Computer Name: GRISU | User Name: Steffi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.03 13:50:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steffi\Desktop\OTL.exe PRC - [2011.12.03 13:27:39 | 000,173,056 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\2839F\EE168.exe PRC - [2011.12.02 10:05:02 | 000,189,952 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\9F2CC\lvvm.exe PRC - [2011.12.01 17:01:34 | 000,286,208 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\Microsoft\D512\551.exe PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.08.31 09:43:46 | 000,241,664 | ---- | M] () -- C:\Programme\Join Air\AssistantServices.exe PRC - [2009.08.31 09:43:14 | 000,132,608 | ---- | M] () -- C:\Programme\Join Air\UIExec.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.16 16:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.10.16 15:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.04.14 15:45:22 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Steffi\AppData\Local\Temp\RtkBtMnt.exe PRC - [2006.12.08 13:35:24 | 000,614,400 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2006.12.01 09:34:16 | 000,131,072 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2006.12.01 06:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.11.30 18:39:10 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2006.11.30 16:48:26 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2006.11.23 15:24:46 | 000,319,488 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe PRC - [2006.11.20 20:43:08 | 000,118,784 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2006.11.20 20:04:18 | 000,720,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe PRC - [2006.11.17 07:26:58 | 000,453,120 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe PRC - [2006.11.16 15:35:18 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2006.11.12 23:13:10 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2006.11.12 11:35:58 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe ========== Modules (No Company Name) ========== MOD - [2011.12.03 13:27:39 | 000,173,056 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\2839F\EE168.exe MOD - [2011.12.02 10:05:02 | 000,189,952 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\9F2CC\lvvm.exe MOD - [2011.12.01 17:01:34 | 000,286,208 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\Microsoft\D512\551.exe MOD - [2011.12.01 10:42:08 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll MOD - [2011.12.01 10:40:11 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll MOD - [2011.12.01 10:40:02 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll MOD - [2011.12.01 10:39:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll MOD - [2011.12.01 10:39:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll MOD - [2011.12.01 10:37:57 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll MOD - [2011.12.01 10:37:34 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll MOD - [2011.12.01 10:37:23 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll MOD - [2011.12.01 10:36:03 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll MOD - [2011.12.01 10:35:52 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2011.03.27 21:11:04 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2009.08.31 09:43:14 | 000,132,608 | ---- | M] () -- C:\Programme\Join Air\UIExec.exe MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2006.11.30 20:56:32 | 000,696,320 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll MOD - [2006.11.30 20:56:32 | 000,036,864 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll MOD - [2006.11.23 18:14:32 | 000,245,760 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll MOD - [2006.11.23 15:24:42 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll MOD - [2006.11.23 15:24:26 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll MOD - [2006.11.20 20:04:16 | 000,237,568 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll MOD - [2006.11.16 15:34:54 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll MOD - [2006.11.16 12:20:46 | 000,172,032 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\eDSplugin.dll MOD - [2006.11.16 12:19:10 | 000,037,376 | ---- | M] () -- C:\Windows\System32\MSNChatHook.dll MOD - [2006.11.16 12:18:50 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll MOD - [2006.11.12 23:13:14 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll MOD - [2006.11.12 23:13:14 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll MOD - [2006.11.12 23:13:00 | 000,010,752 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll MOD - [2006.11.12 23:12:58 | 000,126,976 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll MOD - [2006.11.12 23:12:56 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll MOD - [2006.11.12 23:12:46 | 000,540,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll MOD - [2006.09.04 09:41:14 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll MOD - [2006.08.08 10:11:06 | 000,073,216 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\Wlan.dll MOD - [2003.06.07 06:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.08.31 09:43:46 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Programme\Join Air\AssistantServices.exe -- (UI Assistant Service) SRV - [2008.12.01 20:48:19 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.10.16 16:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.10.16 15:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2006.12.01 09:34:16 | 000,131,072 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2006.11.30 18:39:10 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2006.11.20 20:43:08 | 000,118,784 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2006.11.16 15:35:18 | 000,045,056 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2006.11.12 23:13:10 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) ========== Driver Services (SafeList) ========== DRV - [2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.07.20 13:44:58 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.22 15:35:04 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.02.02 17:14:20 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.02.02 17:14:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.02.02 17:14:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2008.11.17 06:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.11.08 09:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007.04.10 09:00:00 | 000,389,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2006.12.20 20:50:00 | 004,448,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006.11.22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2006.11.02 14:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006.10.30 02:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.10.25 07:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2006.10.25 07:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2006.10.25 07:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006.10.18 15:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA) DRV - [2006.08.04 10:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2005.01.13 13:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Bing" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94 FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.71 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 56040 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Programme\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Steffi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.26 19:07:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.26 14:15:41 | 000,000,000 | ---D | M] [2008.12.21 12:16:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi\AppData\Roaming\mozilla\Extensions [2011.11.18 20:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\iv44ljhc.default\extensions [2010.07.13 06:33:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\iv44ljhc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.07.02 18:18:22 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\iv44ljhc.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf} [2011.11.26 19:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions () (No name found) -- C:\USERS\STEFFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IV44LJHC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.11.26 19:07:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.10.27 12:08:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.27 12:08:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.27 12:08:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.27 12:08:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.27 12:08:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.27 12:08:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST) O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [UIExec] C:\Program Files\Join Air\UIExec.exe () O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKCU..\Run: [4C8.exe] C:\Users\Steffi\AppData\Roaming\Microsoft\8932\4C8.exe () O4 - HKCU..\Run: [551.exe] C:\Users\Steffi\AppData\Roaming\Microsoft\D512\551.exe () O4 - HKCU..\Run: [579.exe] C:\Users\Steffi\AppData\Roaming\Microsoft\5112\579.exe () O4 - HKCU..\Run: [8DE.exe] C:\Users\Steffi\AppData\Roaming\Microsoft\ABB2\8DE.exe () O4 - HKCU..\Run: [B1A.exe] C:\Users\Steffi\AppData\Roaming\Microsoft\BA12\B1A.exe () O4 - HKCU..\Run: [E15.exe] C:\Users\Steffi\AppData\Roaming\Microsoft\3EC2\E15.exe () O4 - HKCU..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKCU..\Run: [捁牥吠畯r] File not found F3 - HKCU WinNT: Load - (C:\Users\Steffi\AppData\Roaming\9F2CC\lvvm.exe) -C:\Users\Steffi\AppData\Roaming\9F2CC\lvvm.exe () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O16 - DPF: {1F831FA3-42FC-11D4-95A6-0080AD30DCE1} file:///C:/Programme/AutoCAD%202002%20Deu/InstFred.ocx (InstaFred) O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Programme/AutoCAD%202002%20Deu/AcDcToday.ocx (AcDcToday-Steuerung) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {AE563724-B4F5-11D4-A415-00108302FDFD} file:///C:/Programme/AutoCAD%202002%20Deu/InstBanr.ocx (NOXLATE-BANR) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Programme/AutoCAD%202002%20Deu/AcPreview.ocx (AcPreview-Steuerung) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{599E380C-9F2F-41D6-914C-38FBA143A0A4}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\Steffi\AppData\Roaming\2839F\B81AB.exe) -C:\Users\Steffi\AppData\Roaming\2839F\B81AB.exe () O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.12.05 03:24:29 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0c0265da-89ca-11de-8f48-0016d46869d2}\Shell - "" = AutoRun O33 - MountPoints2\{0c0265da-89ca-11de-8f48-0016d46869d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{0c0265f9-89ca-11de-8f48-0016d46869d2}\Shell - "" = AutoRun O33 - MountPoints2\{0c0265f9-89ca-11de-8f48-0016d46869d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{48a114c8-a91b-11de-9021-0016d46869d2}\Shell - "" = AutoRun O33 - MountPoints2\{48a114c8-a91b-11de-9021-0016d46869d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{48a114ca-a91b-11de-9021-0016d46869d2}\Shell - "" = AutoRun O33 - MountPoints2\{48a114ca-a91b-11de-9021-0016d46869d2}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{6b068047-9898-11de-a14d-0016d46869d2}\Shell - "" = AutoRun O33 - MountPoints2\{6b068047-9898-11de-a14d-0016d46869d2}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{6b068049-9898-11de-a14d-0016d46869d2}\Shell - "" = AutoRun O33 - MountPoints2\{6b068049-9898-11de-a14d-0016d46869d2}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{fe3e9f66-9d70-11de-ad97-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{fe3e9f66-9d70-11de-ad97-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {76E7A40E-A6D8-0D3A-A2C5-04CBB4C2F830} - Themes Setup ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: 捁牥吠畯敒業摮牥 - hkey= - key= - File not found MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.03 13:50:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Steffi\Desktop\OTL.exe [2011.12.02 23:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.12.01 09:49:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.11.24 18:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\LP [2011.11.24 17:14:30 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\9F2CC [2011.11.24 17:13:52 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\2839F [2011.11.23 17:04:21 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Local\Unity [2011.11.20 16:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ovis [2011.11.20 16:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Ovis [2011.11.17 17:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab [2011.11.17 14:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8 [2011.11.14 13:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.08 12:06:09 | 000,000,000 | --SD | C] -- C:\Users\Steffi\Documents\Eigene Datenquellen [2011.11.06 11:39:26 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\dvdcss [2007.04.14 15:55:35 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2006.12.05 03:31:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll ========== Files - Modified Within 30 Days ========== [2011.12.03 14:15:15 | 000,633,580 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.03 14:15:15 | 000,600,138 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.03 14:15:15 | 000,128,796 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.03 14:15:15 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.03 14:13:43 | 000,049,528 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\nvModes.001 [2011.12.03 14:11:29 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.03 14:10:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.03 14:10:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.03 14:10:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.03 14:10:36 | 1071,767,552 | -HS- | M] () -- C:\hiberfil.sys [2011.12.03 14:07:24 | 000,000,000 | ---- | M] () -- C:\Users\Steffi\defogger_reenable [2011.12.03 14:04:14 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.03 13:58:31 | 000,302,592 | ---- | M] () -- C:\Users\Steffi\Desktop\bv6lfwgn.exe [2011.12.03 13:50:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steffi\Desktop\OTL.exe [2011.12.03 13:49:19 | 000,050,477 | ---- | M] () -- C:\Users\Steffi\Desktop\Defogger.exe [2011.12.03 13:31:01 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{02450484-794A-42CC-8D18-CF725362E277}.job [2011.12.02 23:26:37 | 001,666,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.02 17:19:36 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn [2011.12.01 09:59:44 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI [2011.11.30 19:23:36 | 000,044,032 | ---- | M] () -- C:\Users\Steffi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.29 17:21:37 | 000,049,528 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\nvModes.dat [2011.11.24 18:13:05 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\At1.job [2011.11.20 16:28:01 | 000,000,973 | ---- | M] () -- C:\Users\Steffi\Desktop\pdf-Recover.lnk [2011.11.17 14:13:03 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk [2011.11.04 15:39:13 | 000,004,096 | -H-- | M] () -- C:\Users\Steffi\AppData\Local\keyfile3.drm ========== Files Created - No Company Name ========== [2011.12.03 14:07:24 | 000,000,000 | ---- | C] () -- C:\Users\Steffi\defogger_reenable [2011.12.03 13:58:30 | 000,302,592 | ---- | C] () -- C:\Users\Steffi\Desktop\bv6lfwgn.exe [2011.12.03 13:49:16 | 000,050,477 | ---- | C] () -- C:\Users\Steffi\Desktop\Defogger.exe [2011.12.01 14:49:19 | 1071,767,552 | -HS- | C] () -- C:\hiberfil.sys [2011.12.01 09:59:44 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.11.24 18:12:12 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\At1.job [2011.11.20 16:28:01 | 000,000,973 | ---- | C] () -- C:\Users\Steffi\Desktop\pdf-Recover.lnk [2011.11.17 14:13:03 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk [2010.07.20 13:44:58 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys [2010.07.19 17:45:10 | 000,079,360 | ---- | C] () -- C:\Windows\System32\acdbres.dll [2010.07.13 14:59:07 | 000,004,096 | -H-- | C] () -- C:\Users\Steffi\AppData\Local\keyfile3.drm [2010.07.02 10:59:39 | 000,000,983 | ---- | C] () -- C:\Users\Steffi\AppData\Local\upayuwaxohesewe.dll [2010.04.30 23:27:19 | 000,000,680 | ---- | C] () -- C:\Users\Steffi\AppData\Local\d3d9caps.dat [2009.11.18 08:51:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.11.17 14:01:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.11.17 14:01:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.02 12:04:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.12.03 12:27:57 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2007.07.23 21:02:49 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.07.07 14:22:12 | 000,044,032 | ---- | C] () -- C:\Users\Steffi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.04.15 15:14:04 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe [2007.04.15 14:49:41 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.04.14 16:42:31 | 000,049,528 | ---- | C] () -- C:\Users\Steffi\AppData\Roaming\nvModes.001 [2007.04.14 16:42:30 | 000,049,528 | ---- | C] () -- C:\Users\Steffi\AppData\Roaming\nvModes.dat [2007.04.14 15:55:35 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2007.04.14 15:54:55 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007.04.14 15:54:55 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.04.14 15:54:01 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007.04.14 15:47:25 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.DAT [2007.04.14 15:43:22 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini [2006.12.24 14:28:29 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2006.12.05 12:27:19 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2006.12.05 10:40:19 | 000,000,101 | ---- | C] () -- C:\Windows\Alaunch.ini [2006.12.05 10:40:08 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2006.12.05 03:35:42 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll [2006.12.05 03:31:50 | 000,319,488 | ---- | C] () -- C:\Windows\System32\SysMonitor.exe [2006.12.05 03:31:48 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2006.12.05 03:24:47 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys [2006.12.05 03:17:47 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll [2006.11.16 12:20:38 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2006.11.16 12:20:20 | 000,200,704 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2006.11.16 12:20:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2006.11.16 12:19:10 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MSNChatHook.dll [2006.11.16 12:19:04 | 000,123,904 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2006.11.16 12:18:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2006.11.16 12:18:50 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.11.16 12:18:06 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.13 04:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin [2006.11.02 16:33:31 | 000,633,580 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,128,796 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 001,666,376 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,600,138 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,106,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [2001.04.30 09:36:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\mtstack.exe [2000.09.19 00:50:28 | 000,202,752 | ---- | C] () -- C:\Windows\System32\zlib.dll ========== LOP Check ========== [2011.12.03 14:11:32 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\2839F [2011.12.02 10:05:02 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\9F2CC [2010.07.19 17:58:28 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Autodesk [2011.05.09 19:59:50 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\FileZilla [2010.05.01 00:28:24 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\GARMIN [2011.03.15 08:19:36 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\IcoFX [2010.07.20 14:29:06 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Nemetschek [2011.11.24 18:13:05 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\At1.job [2011.12.03 14:09:33 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.12.03 13:31:01 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{02450484-794A-42CC-8D18-CF725362E277}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.02.03 16:59:56 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2007.04.14 15:42:47 | 000,000,000 | ---D | M] -- C:\Acer [2009.08.02 22:01:55 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache [2006.12.05 10:38:59 | 000,000,000 | ---D | M] -- C:\Book [2009.11.29 12:43:46 | 000,000,000 | -HSD | M] -- C:\Boot [2011.12.01 09:55:12 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2007.04.14 15:37:55 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2006.12.24 14:28:38 | 000,000,000 | ---D | M] -- C:\DRV [2007.08.31 16:34:09 | 000,000,000 | ---D | M] -- C:\MyWorks [2009.11.16 17:30:27 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.11.24 18:12:09 | 000,000,000 | R--D | M] -- C:\Program Files [2011.10.19 07:27:33 | 000,000,000 | -H-D | M] -- C:\ProgramData [2007.04.14 15:37:55 | 000,000,000 | -HSD | M] -- C:\Programme [2011.12.03 14:25:37 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.12.02 12:26:20 | 000,000,000 | ---D | M] -- C:\temp [2009.02.03 16:59:18 | 000,000,000 | R--D | M] -- C:\Users [2011.12.01 11:39:51 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys [2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys [2011.04.21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys [2006.11.02 09:58:43 | 000,270,336 | ---- | M] (Microsoft Corporation) MD5=5D24CAF8EFD924A875698FF28384DB8B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6000.16386_none_d5b1809661820e7c\afd.sys [2011.04.21 14:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys [2008.01.19 06:57:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys [2009.04.11 05:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys [2011.04.21 14:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.12.22 10:06:06 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.12.22 10:06:05 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe [2006.11.02 10:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-01 09:26:46 ========== Alternate Data Streams ========== @Alternate Data Stream - 577 bytes -> C:\Users\Steffi\Documents\Herzlichen Glückwunsch.eml:OECustomProperty @Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:88E3B9B6 @Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:BD4CC9FB @Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:70B3C619 < End of report > |
|
04.12.2011, 19:43
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
__________________ |
|
05.12.2011, 07:58
| #3 |
| | Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet Hallo Cosinus,
__________________danke fürs kümmern :-) Malwarebytes hats gepackt und über 30 Dinge gefunden - da kann ich Antivir ja fast in die Tonne kloppen? Jedenfalls scheint alles bereinigt, der zweite Scanner hat nix gefunden. Antivir ließ sich auch wieder updaten. Logs sind im Anhang bzw. unten am Text. Zwei Dinge die ich manuell ändern mußte: Malwarebytes wurde nach dem Hochfahren vom Autostart abgehalten, ich mußte es manuell erlauben. Und beim Starten von Firefox jetzt zum Schluss wurde angezeigt das der eingestellte Proxy die Verbindung zurückweist. Ich habe das jetzt von der Einstellung Manuell Http 127.0.0.1 Port 56040 auf `Einstellungen des Systems verwenden´umgestellt und es ging. Hoffe das war OK und ich habe euren Programmen da nicht reingepfuscht... aber sonst wär ich nicht ins Netz gekommen. Wenns das jetzt gewesen wäre wäre ja super - bin gespannt was die Logs sagen. Kann man Malwarebytes parallel zu Antivir laufen lassen als Sicherheit für die Zukunft? Erleichterte Grüße, Grisu ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=50d7e66b7a572848b5498984f7400200 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-12-04 11:24:55 # local_time=2011-12-05 12:24:55 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1792 16777215 100 0 4029674 4029674 0 0 # compatibility_mode=5892 16776638 66 100 884139 160568055 0 0 # compatibility_mode=8192 67108863 100 0 3988 3988 0 0 # scanned=198366 # found=0 # cleaned=0 # scan_time=5767 |
|
05.12.2011, 09:44
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet Mach bitte ein neues OTL-Log CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.12.2011, 10:22
| #5 |
| | Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet Hallo, Scan hat geklappt. Ich hoffe inständig das alles weg ist - mal sehen was der Fachmann sagt. Hier das LOGOTL Logfile: Code:
ATTFilter OTL logfile created on: 05.12.2011 09:49:31 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Steffi\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19154) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1021,38 Mb Total Physical Memory | 544,48 Mb Available Physical Memory | 53,31% Memory free 2,25 Gb Paging File | 1,19 Gb Available in Paging File | 52,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 71,28 Gb Total Space | 14,48 Gb Free Space | 20,31% Space Free | Partition Type: NTFS Drive D: | 70,94 Gb Total Space | 40,84 Gb Free Space | 57,58% Space Free | Partition Type: NTFS Computer Name: GRISU | User Name: Steffi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.03 13:50:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steffi\Desktop\OTL.exe PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.08.31 09:43:46 | 000,241,664 | ---- | M] () -- C:\Programme\Join Air\AssistantServices.exe PRC - [2009.08.31 09:43:14 | 000,132,608 | ---- | M] () -- C:\Programme\Join Air\UIExec.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.16 16:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.10.16 15:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.04.14 15:45:22 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Steffi\AppData\Local\Temp\RtkBtMnt.exe PRC - [2006.12.08 13:35:24 | 000,614,400 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2006.12.01 09:34:16 | 000,131,072 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2006.12.01 06:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.11.30 18:39:10 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2006.11.30 16:48:26 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2006.11.23 15:24:46 | 000,319,488 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe PRC - [2006.11.20 20:43:08 | 000,118,784 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2006.11.20 20:04:18 | 000,720,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe PRC - [2006.11.17 07:26:58 | 000,453,120 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe PRC - [2006.11.16 15:35:18 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2006.11.12 23:13:10 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2006.11.12 11:35:58 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe ========== Modules (No Company Name) ========== MOD - [2011.12.01 10:42:08 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll MOD - [2011.12.01 10:40:11 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll MOD - [2011.12.01 10:40:02 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll MOD - [2011.12.01 10:39:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll MOD - [2011.12.01 10:39:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll MOD - [2011.12.01 10:37:57 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll MOD - [2011.12.01 10:37:34 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll MOD - [2011.12.01 10:37:23 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll MOD - [2011.12.01 10:36:03 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll MOD - [2011.12.01 10:35:52 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2011.03.27 21:11:04 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2009.08.31 09:43:14 | 000,132,608 | ---- | M] () -- C:\Programme\Join Air\UIExec.exe MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2006.11.30 20:56:32 | 000,696,320 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll MOD - [2006.11.30 20:56:32 | 000,036,864 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll MOD - [2006.11.23 18:14:32 | 000,245,760 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll MOD - [2006.11.23 15:24:42 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll MOD - [2006.11.23 15:24:26 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll MOD - [2006.11.20 20:04:16 | 000,237,568 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll MOD - [2006.11.16 15:34:54 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll MOD - [2006.11.16 12:20:46 | 000,172,032 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\eDSplugin.dll MOD - [2006.11.16 12:19:10 | 000,037,376 | ---- | M] () -- C:\Windows\System32\MSNChatHook.dll MOD - [2006.11.16 12:18:50 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll MOD - [2006.11.12 23:13:14 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll MOD - [2006.11.12 23:13:14 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll MOD - [2006.11.12 23:13:00 | 000,010,752 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll MOD - [2006.11.12 23:12:58 | 000,126,976 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll MOD - [2006.11.12 23:12:56 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll MOD - [2006.11.12 23:12:46 | 000,540,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll MOD - [2006.09.04 09:41:14 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll MOD - [2006.08.08 10:11:06 | 000,073,216 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\Wlan.dll MOD - [2003.06.07 06:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.08.31 09:43:46 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Programme\Join Air\AssistantServices.exe -- (UI Assistant Service) SRV - [2008.12.01 20:48:19 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.10.16 16:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.10.16 15:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2006.12.01 09:34:16 | 000,131,072 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2006.11.30 18:39:10 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2006.11.20 20:43:08 | 000,118,784 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2006.11.16 15:35:18 | 000,045,056 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2006.11.12 23:13:10 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) ========== Driver Services (SafeList) ========== DRV - [2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.07.20 13:44:58 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.22 15:35:04 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.02.02 17:14:20 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.02.02 17:14:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.02.02 17:14:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2008.11.17 06:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.11.08 09:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007.04.10 09:00:00 | 000,389,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2006.12.20 20:50:00 | 004,448,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006.11.22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2006.11.02 14:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006.10.30 02:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.10.25 07:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2006.10.25 07:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2006.10.25 07:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006.10.18 15:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA) DRV - [2006.08.04 10:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2005.01.13 13:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Bing" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94 FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.71 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 56040 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Programme\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Steffi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.26 19:07:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.26 14:15:41 | 000,000,000 | ---D | M] [2008.12.21 12:16:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi\AppData\Roaming\mozilla\Extensions [2011.12.04 12:35:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\iv44ljhc.default\extensions [2010.07.13 06:33:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\iv44ljhc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.07.02 18:18:22 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\iv44ljhc.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf} [2011.11.26 19:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions () (No name found) -- C:\USERS\STEFFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IV44LJHC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.11.26 19:07:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.10.27 12:08:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.27 12:08:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.27 12:08:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.27 12:08:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.27 12:08:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.27 12:08:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST) O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [UIExec] C:\Program Files\Join Air\UIExec.exe () O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKCU..\Run: [捁牥吠畯r] File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O16 - DPF: {1F831FA3-42FC-11D4-95A6-0080AD30DCE1} file:///C:/Programme/AutoCAD%202002%20Deu/InstFred.ocx (InstaFred) O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Programme/AutoCAD%202002%20Deu/AcDcToday.ocx (AcDcToday-Steuerung) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {AE563724-B4F5-11D4-A415-00108302FDFD} file:///C:/Programme/AutoCAD%202002%20Deu/InstBanr.ocx (NOXLATE-BANR) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Programme/AutoCAD%202002%20Deu/AcPreview.ocx (AcPreview-Steuerung) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{599E380C-9F2F-41D6-914C-38FBA143A0A4}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.12.05 03:24:29 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0c0265da-89ca-11de-8f48-0016d46869d2}\Shell - "" = AutoRun O33 - MountPoints2\{0c0265da-89ca-11de-8f48-0016d46869d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{0c0265f9-89ca-11de-8f48-0016d46869d2}\Shell - "" = AutoRun O33 - MountPoints2\{0c0265f9-89ca-11de-8f48-0016d46869d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{48a114c8-a91b-11de-9021-0016d46869d2}\Shell - "" = AutoRun O33 - MountPoints2\{48a114c8-a91b-11de-9021-0016d46869d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{48a114ca-a91b-11de-9021-0016d46869d2}\Shell - "" = AutoRun O33 - MountPoints2\{48a114ca-a91b-11de-9021-0016d46869d2}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{6b068047-9898-11de-a14d-0016d46869d2}\Shell - "" = AutoRun O33 - MountPoints2\{6b068047-9898-11de-a14d-0016d46869d2}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{6b068049-9898-11de-a14d-0016d46869d2}\Shell - "" = AutoRun O33 - MountPoints2\{6b068049-9898-11de-a14d-0016d46869d2}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{fe3e9f66-9d70-11de-ad97-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{fe3e9f66-9d70-11de-ad97-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: 捁牥吠畯敒業摮牥 - hkey= - key= - File not found MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - Service SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {76E7A40E-A6D8-0D3A-A2C5-04CBB4C2F830} - Themes Setup ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM File not found Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.04 22:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.12.04 19:56:11 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\Malwarebytes [2011.12.04 19:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.04 19:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.04 19:54:57 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.04 19:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.12.04 19:53:37 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Steffi\Desktop\esetsmartinstaller_enu.exe [2011.12.04 19:52:55 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Steffi\Desktop\mbam-setup-1.51.2.1300.exe [2011.12.03 13:50:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Steffi\Desktop\OTL.exe [2011.12.02 23:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.12.01 09:49:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.11.24 18:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\LP [2011.11.24 17:14:30 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\9F2CC [2011.11.24 17:13:52 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\2839F [2011.11.23 17:04:21 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Local\Unity [2011.11.20 16:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ovis [2011.11.20 16:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Ovis [2011.11.17 17:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab [2011.11.17 14:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8 [2011.11.14 13:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.08 12:06:09 | 000,000,000 | --SD | C] -- C:\Users\Steffi\Documents\Eigene Datenquellen [2011.11.06 11:39:26 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\dvdcss [2007.04.14 15:55:35 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2006.12.05 03:31:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll ========== Files - Modified Within 30 Days ========== [2011.12.05 09:20:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.05 09:20:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.05 09:04:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.05 07:30:25 | 000,049,528 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\nvModes.001 [2011.12.05 07:29:49 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.05 07:24:43 | 000,633,580 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.05 07:24:43 | 000,600,138 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.05 07:24:43 | 000,128,796 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.05 07:24:43 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.05 07:20:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.05 07:20:12 | 1071,767,552 | -HS- | M] () -- C:\hiberfil.sys [2011.12.04 19:55:03 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.04 19:53:38 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Steffi\Desktop\esetsmartinstaller_enu.exe [2011.12.04 19:53:03 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steffi\Desktop\mbam-setup-1.51.2.1300.exe [2011.12.04 19:24:08 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{02450484-794A-42CC-8D18-CF725362E277}.job [2011.12.03 19:16:52 | 000,049,528 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\nvModes.dat [2011.12.03 16:12:59 | 000,008,708 | ---- | M] () -- C:\Users\Steffi\Desktop\Extrasundgmer.zip [2011.12.03 14:07:24 | 000,000,000 | ---- | M] () -- C:\Users\Steffi\defogger_reenable [2011.12.03 13:58:31 | 000,302,592 | ---- | M] () -- C:\Users\Steffi\Desktop\bv6lfwgn.exe [2011.12.03 13:50:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steffi\Desktop\OTL.exe [2011.12.03 13:49:19 | 000,050,477 | ---- | M] () -- C:\Users\Steffi\Desktop\Defogger.exe [2011.12.02 23:26:37 | 001,666,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.02 17:19:36 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn [2011.12.01 09:59:44 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI [2011.11.30 19:23:36 | 000,044,032 | ---- | M] () -- C:\Users\Steffi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.24 18:13:05 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\At1.job [2011.11.20 16:28:01 | 000,000,973 | ---- | M] () -- C:\Users\Steffi\Desktop\pdf-Recover.lnk [2011.11.17 14:13:03 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk ========== Files Created - No Company Name ========== [2011.12.04 19:55:03 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.03 16:12:59 | 000,008,708 | ---- | C] () -- C:\Users\Steffi\Desktop\Extrasundgmer.zip [2011.12.03 14:07:24 | 000,000,000 | ---- | C] () -- C:\Users\Steffi\defogger_reenable [2011.12.03 13:58:30 | 000,302,592 | ---- | C] () -- C:\Users\Steffi\Desktop\bv6lfwgn.exe [2011.12.03 13:49:16 | 000,050,477 | ---- | C] () -- C:\Users\Steffi\Desktop\Defogger.exe [2011.12.01 14:49:19 | 1071,767,552 | -HS- | C] () -- C:\hiberfil.sys [2011.12.01 09:59:44 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.11.24 18:12:12 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\At1.job [2011.11.20 16:28:01 | 000,000,973 | ---- | C] () -- C:\Users\Steffi\Desktop\pdf-Recover.lnk [2011.11.17 14:13:03 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk [2010.07.20 13:44:58 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys [2010.07.19 17:45:10 | 000,079,360 | ---- | C] () -- C:\Windows\System32\acdbres.dll [2010.07.13 14:59:07 | 000,004,096 | -H-- | C] () -- C:\Users\Steffi\AppData\Local\keyfile3.drm [2010.07.02 10:59:39 | 000,000,983 | ---- | C] () -- C:\Users\Steffi\AppData\Local\upayuwaxohesewe.dll [2010.04.30 23:27:19 | 000,000,680 | ---- | C] () -- C:\Users\Steffi\AppData\Local\d3d9caps.dat [2009.11.18 08:51:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.11.17 14:01:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.11.17 14:01:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.02 12:04:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.12.03 12:27:57 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2007.07.23 21:02:49 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.07.07 14:22:12 | 000,044,032 | ---- | C] () -- C:\Users\Steffi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.04.15 15:14:04 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe [2007.04.15 14:49:41 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.04.14 16:42:31 | 000,049,528 | ---- | C] () -- C:\Users\Steffi\AppData\Roaming\nvModes.001 [2007.04.14 16:42:30 | 000,049,528 | ---- | C] () -- C:\Users\Steffi\AppData\Roaming\nvModes.dat [2007.04.14 15:55:35 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2007.04.14 15:54:55 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007.04.14 15:54:55 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.04.14 15:54:01 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007.04.14 15:47:25 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.DAT [2007.04.14 15:43:22 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini [2006.12.24 14:28:29 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2006.12.05 12:27:19 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2006.12.05 10:40:19 | 000,000,101 | ---- | C] () -- C:\Windows\Alaunch.ini [2006.12.05 10:40:08 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2006.12.05 03:35:42 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll [2006.12.05 03:31:50 | 000,319,488 | ---- | C] () -- C:\Windows\System32\SysMonitor.exe [2006.12.05 03:31:48 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2006.12.05 03:24:47 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys [2006.12.05 03:17:47 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll [2006.11.16 12:20:38 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2006.11.16 12:20:20 | 000,200,704 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2006.11.16 12:20:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2006.11.16 12:19:10 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MSNChatHook.dll [2006.11.16 12:19:04 | 000,123,904 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2006.11.16 12:18:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2006.11.16 12:18:50 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.11.16 12:18:06 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.13 04:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin [2006.11.02 16:33:31 | 000,633,580 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,128,796 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 001,666,376 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,600,138 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,106,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [2001.04.30 09:36:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\mtstack.exe [2000.09.19 00:50:28 | 000,202,752 | ---- | C] () -- C:\Windows\System32\zlib.dll ========== LOP Check ========== [2011.12.04 21:56:32 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\2839F [2011.12.04 21:56:32 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\9F2CC [2010.07.19 17:58:28 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Autodesk [2011.05.09 19:59:50 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\FileZilla [2010.05.01 00:28:24 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\GARMIN [2011.03.15 08:19:36 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\IcoFX [2010.07.20 14:29:06 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Nemetschek [2011.11.24 18:13:05 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\At1.job [2011.12.05 00:54:21 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.12.04 19:24:08 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{02450484-794A-42CC-8D18-CF725362E277}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.12.04 21:56:32 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\2839F [2011.12.04 21:56:32 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\9F2CC [2011.11.13 16:35:56 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Adobe [2008.12.11 13:58:53 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\AdobeAUM [2007.04.16 21:13:41 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\AdobeUM [2010.07.19 17:58:28 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Autodesk [2011.10.19 07:28:57 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Avira [2007.08.31 16:32:35 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\CyberLink [2011.11.06 11:39:26 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\dvdcss [2011.05.09 19:59:50 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\FileZilla [2010.05.01 00:28:24 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\GARMIN [2011.02.22 13:22:32 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Google [2011.03.15 08:19:36 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\IcoFX [2007.04.14 15:43:51 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Identities [2009.08.02 09:49:18 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Intel [2007.04.14 15:43:27 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Macromedia [2011.12.04 19:56:11 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Media Center Programs [2011.12.04 19:21:38 | 000,000,000 | --SD | M] -- C:\Users\Steffi\AppData\Roaming\Microsoft [2008.12.21 12:16:14 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Mozilla [2010.07.20 14:29:06 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Nemetschek [2011.09.09 11:20:56 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Skype [2010.11.30 16:20:01 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\skypePM [2011.05.08 12:39:13 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\U3 [2011.08.23 18:48:58 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\vlc < %APPDATA%\*.exe /s > [2008.05.04 15:02:26 | 004,603,904 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\U3\057330140BD2F734\LaunchPad.exe [2007.10.23 08:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\U3\temp\cleanup.exe [2008.05.02 09:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Steffi\AppData\Roaming\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.04.03 15:25:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.04.03 15:25:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.04.03 15:25:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.04.14 15:44:43 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.04.14 15:44:44 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll < > ========== Alternate Data Streams ========== @Alternate Data Stream - 577 bytes -> C:\Users\Steffi\Documents\Herzlichen Glückwunsch.eml:OECustomProperty @Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:88E3B9B6 @Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:BD4CC9FB @Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:70B3C619 < End of report > Danke fürs schnelle reagieren!! Grüße, Stephanie |
|
05.12.2011, 14:12
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*http://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.google.de"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56040
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKCU..\Run: [????r] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.12.05 03:24:29 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c0265da-89ca-11de-8f48-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{0c0265da-89ca-11de-8f48-0016d46869d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0c0265f9-89ca-11de-8f48-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{0c0265f9-89ca-11de-8f48-0016d46869d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{48a114c8-a91b-11de-9021-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{48a114c8-a91b-11de-9021-0016d46869d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{48a114ca-a91b-11de-9021-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{48a114ca-a91b-11de-9021-0016d46869d2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6b068047-9898-11de-a14d-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{6b068047-9898-11de-a14d-0016d46869d2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6b068049-9898-11de-a14d-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{6b068049-9898-11de-a14d-0016d46869d2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fe3e9f66-9d70-11de-ad97-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fe3e9f66-9d70-11de-ad97-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
MsConfig - StartUpReg: ????????? - hkey= - key= - File not found
[2011.11.24 18:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011.11.24 17:14:30 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\9F2CC
[2011.11.24 17:13:52 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\2839F
[2011.11.24 18:13:05 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\At1.job
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:88E3B9B6
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:BD4CC9FB
@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:70B3C619
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet |
|
05.12.2011, 15:17
| #7 |
| | Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet Hallo Arne, ich habe es gemäß deiner Anleitung gemacht, beim ersten Mal lief alles durch, dann waren nur noch die beiden Einträge am Ende in den eckigen Klammern in diesem Fenster übrig, alle Sachen vom Desktop weg und er ist anscheinend stecken geblieben- hat nach einer Weile gesagt wegen unbekanntem Fehler gehts nicht mehr - hab per Austaste nen Warmstart gemacht und das ganze wiederholt. Ging diesmal ganz schnell und nach dem Autoneustart kam das Log- Fenster, hier der Text. All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SEARCH PAGE| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: "Bing" removed from browser.search.selectedEngine Prefs.js: "hxxp://www.google.de" removed from browser.startup.homepage Prefs.js: "127.0.0.1" removed from network.proxy.http Prefs.js: 56040 removed from network.proxy.http_port Prefs.js: "*.local" removed from network.proxy.no_proxies_on Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\ not found. File C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found. File C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}\ not found. File C:\Windows\System32\eDStoolbar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found. File C:\Windows\System32\eDStoolbar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found. File C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found. File C:\Windows\System32\eDStoolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\????r not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File C:\autoexec.bat not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c0265da-89ca-11de-8f48-0016d46869d2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c0265da-89ca-11de-8f48-0016d46869d2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c0265da-89ca-11de-8f48-0016d46869d2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c0265da-89ca-11de-8f48-0016d46869d2}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c0265f9-89ca-11de-8f48-0016d46869d2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c0265f9-89ca-11de-8f48-0016d46869d2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c0265f9-89ca-11de-8f48-0016d46869d2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c0265f9-89ca-11de-8f48-0016d46869d2}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48a114c8-a91b-11de-9021-0016d46869d2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48a114c8-a91b-11de-9021-0016d46869d2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48a114c8-a91b-11de-9021-0016d46869d2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48a114c8-a91b-11de-9021-0016d46869d2}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48a114ca-a91b-11de-9021-0016d46869d2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48a114ca-a91b-11de-9021-0016d46869d2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48a114ca-a91b-11de-9021-0016d46869d2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48a114ca-a91b-11de-9021-0016d46869d2}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b068047-9898-11de-a14d-0016d46869d2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b068047-9898-11de-a14d-0016d46869d2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b068047-9898-11de-a14d-0016d46869d2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b068047-9898-11de-a14d-0016d46869d2}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b068049-9898-11de-a14d-0016d46869d2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b068049-9898-11de-a14d-0016d46869d2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b068049-9898-11de-a14d-0016d46869d2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b068049-9898-11de-a14d-0016d46869d2}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe3e9f66-9d70-11de-ad97-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe3e9f66-9d70-11de-ad97-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe3e9f66-9d70-11de-ad97-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe3e9f66-9d70-11de-ad97-806e6f6e6963}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\?????????\ not found. Folder C:\Program Files\LP\ not found. Folder C:\Users\Steffi\AppData\Roaming\9F2CC\ not found. Folder C:\Users\Steffi\AppData\Roaming\2839F\ not found. File C:\Windows\tasks\At1.job not found. Unable to delete ADS C:\ProgramData\TEMP:88E3B9B6 . Unable to delete ADS C:\ProgramData\TEMP:BD4CC9FB . Unable to delete ADS C:\ProgramData\TEMP:70B3C619 . ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Holger ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Steffi ->Temp folder emptied: 241587 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 6185485 bytes ->Flash cache emptied: 337845 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 274607775 bytes RecycleBin emptied: 5288706014 bytes Total Files Cleaned = 5.312,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 12052011_150000 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot. Registry entries deleted on Reboot... Dazu ne Frage, ich versteh ja nix davon, hab nur gesehn das PDF-creator gefixt wurde ? Ist das Programm schlecht? Ich benutze es sehr gerne weil es kostenlos ist und aus allen Programmen pdfs druckt...is freeware, glaube ich von Chip runter geladen.. Ansonsten schon mal tausend Dank fürs Fix schreiben. Sobald ich das go kriege das alles oK ist trau ich mich wieder in Paypal und geh bei Euch spenden! (Nach den neuen Passworten, die wahrscheinlich ja fällig sind) Aber ich wart erst mal auf deine Anweisungen. Danke!! Stephanie |
|
05.12.2011, 15:47
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.12.2011, 16:05
| #9 |
| | Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet Hallo, jetzt das ganze noch mal richtig. Ich versuch mal das alte Log gegen das neue zu tauschen, hoffe das geht mit dem Editierdings. Icons oder Dateien/Zugriffmöglichkeiten fehlen meines Erachtens nicht, ich benutze die User-Ordner aber auch fast nie, hab meine eigene Struktur. Komme in die Dokumente, Eigene Bilder etc. Ordner unter User Steffi ohne Meckern rein, die meinst Du doch? Hier der zweite LOG mit allem angehakt: 15:58:43.0870 4820 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44 15:58:43.0893 4820 ============================================================ 15:58:43.0893 4820 Current date / time: 2011/12/05 15:58:43.0893 15:58:43.0893 4820 SystemInfo: 15:58:43.0893 4820 15:58:43.0893 4820 OS Version: 6.0.6002 ServicePack: 2.0 15:58:43.0893 4820 Product type: Workstation 15:58:43.0893 4820 ComputerName: GRISU 15:58:43.0894 4820 UserName: Steffi 15:58:43.0894 4820 Windows directory: C:\Windows 15:58:43.0894 4820 System windows directory: C:\Windows 15:58:43.0894 4820 Processor architecture: Intel x86 15:58:43.0894 4820 Number of processors: 2 15:58:43.0894 4820 Page size: 0x1000 15:58:43.0894 4820 Boot type: Normal boot 15:58:43.0894 4820 ============================================================ 15:58:46.0627 4820 Initialize success 15:58:53.0396 3008 ============================================================ 15:58:53.0396 3008 Scan started 15:58:53.0396 3008 Mode: Manual; 15:58:53.0396 3008 ============================================================ 15:58:56.0506 3008 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 15:58:56.0525 3008 ACPI - ok 15:58:57.0073 3008 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 15:58:57.0092 3008 adp94xx - ok 15:58:57.0127 3008 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 15:58:57.0134 3008 adpahci - ok 15:58:57.0164 3008 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 15:58:57.0172 3008 adpu160m - ok 15:58:57.0196 3008 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 15:58:57.0201 3008 adpu320 - ok 15:58:57.0298 3008 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 15:58:57.0310 3008 AFD - ok 15:58:57.0341 3008 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 15:58:57.0343 3008 agp440 - ok 15:58:57.0371 3008 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 15:58:57.0374 3008 aic78xx - ok 15:58:57.0405 3008 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 15:58:57.0419 3008 aliide - ok 15:58:57.0456 3008 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 15:58:57.0458 3008 amdagp - ok 15:58:57.0483 3008 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 15:58:57.0484 3008 amdide - ok 15:58:57.0511 3008 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 15:58:57.0513 3008 AmdK7 - ok 15:58:57.0535 3008 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 15:58:57.0537 3008 AmdK8 - ok 15:58:57.0601 3008 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 15:58:57.0603 3008 arc - ok 15:58:57.0639 3008 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 15:58:57.0642 3008 arcsas - ok 15:58:57.0703 3008 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 15:58:57.0705 3008 AsyncMac - ok 15:58:57.0762 3008 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 15:58:57.0763 3008 atapi - ok 15:58:57.0837 3008 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys 15:58:57.0840 3008 avgntflt - ok 15:58:57.0878 3008 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys 15:58:57.0882 3008 avipbb - ok 15:58:57.0899 3008 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys 15:58:57.0902 3008 avkmgr - ok 15:58:57.0956 3008 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys 15:58:57.0961 3008 b57nd60x - ok 15:58:58.0019 3008 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys 15:58:58.0021 3008 bcm4sbxp - ok 15:58:58.0066 3008 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 15:58:58.0068 3008 Beep - ok 15:58:58.0096 3008 blbdrive - ok 15:58:58.0173 3008 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 15:58:58.0182 3008 bowser - ok 15:58:58.0227 3008 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 15:58:58.0229 3008 BrFiltLo - ok 15:58:58.0252 3008 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 15:58:58.0254 3008 BrFiltUp - ok 15:58:58.0286 3008 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 15:58:58.0289 3008 Brserid - ok 15:58:58.0308 3008 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 15:58:58.0310 3008 BrSerWdm - ok 15:58:58.0350 3008 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 15:58:58.0353 3008 BrUsbMdm - ok 15:58:58.0373 3008 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 15:58:58.0375 3008 BrUsbSer - ok 15:58:58.0400 3008 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 15:58:58.0402 3008 BTHMODEM - ok 15:58:58.0470 3008 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 15:58:58.0482 3008 cdfs - ok 15:58:58.0528 3008 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 15:58:58.0531 3008 cdrom - ok 15:58:58.0555 3008 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 15:58:58.0557 3008 circlass - ok 15:58:58.0614 3008 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 15:58:58.0627 3008 CLFS - ok 15:58:58.0694 3008 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 15:58:58.0695 3008 CmBatt - ok 15:58:58.0719 3008 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 15:58:58.0721 3008 cmdide - ok 15:58:58.0807 3008 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 15:58:58.0808 3008 Compbatt - ok 15:58:58.0829 3008 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 15:58:58.0831 3008 crcdisk - ok 15:58:58.0860 3008 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 15:58:58.0861 3008 Crusoe - ok 15:58:58.0965 3008 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 15:58:58.0983 3008 DfsC - ok 15:58:59.0073 3008 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 15:58:59.0089 3008 disk - ok 15:58:59.0139 3008 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys 15:58:59.0141 3008 DKbFltr - ok 15:58:59.0285 3008 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys 15:58:59.0288 3008 DritekPortIO - ok 15:58:59.0351 3008 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 15:58:59.0364 3008 drmkaud - ok 15:58:59.0522 3008 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 15:58:59.0540 3008 DXGKrnl - ok 15:58:59.0571 3008 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 15:58:59.0575 3008 E1G60 - ok 15:58:59.0649 3008 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 15:58:59.0653 3008 Ecache - ok 15:58:59.0817 3008 eeCtrl (2d401f82d4e81aaf89daaa45f04782a2) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 15:58:59.0827 3008 eeCtrl - ok 15:59:00.0120 3008 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 15:59:00.0139 3008 elxstor - ok 15:59:00.0187 3008 EMSCR (1fa3f9df8983873746fa6b72dd7e3c2c) C:\Windows\system32\DRIVERS\EMS7SK.sys 15:59:00.0189 3008 EMSCR - ok 15:59:00.0231 3008 ESDCR (9c7487253aad6bf61f9bc83d50e32ccc) C:\Windows\system32\DRIVERS\ESD7SK.sys 15:59:00.0233 3008 ESDCR - ok 15:59:00.0272 3008 ESMCR (99589d975da04f8bd31f124428fcc797) C:\Windows\system32\DRIVERS\ESM7SK.sys 15:59:00.0275 3008 ESMCR - ok 15:59:00.0370 3008 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 15:59:00.0378 3008 exfat - ok 15:59:00.0445 3008 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 15:59:00.0454 3008 fastfat - ok 15:59:00.0471 3008 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 15:59:00.0473 3008 fdc - ok 15:59:00.0551 3008 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 15:59:00.0561 3008 FileInfo - ok 15:59:00.0616 3008 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 15:59:00.0618 3008 Filetrace - ok 15:59:00.0664 3008 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 15:59:00.0665 3008 flpydisk - ok 15:59:00.0738 3008 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 15:59:00.0752 3008 FltMgr - ok 15:59:00.0788 3008 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 15:59:00.0791 3008 Fs_Rec - ok 15:59:00.0810 3008 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 15:59:00.0812 3008 gagp30kx - ok 15:59:00.0910 3008 Hardlock (d95554949082fd29a04d351b58396718) C:\Windows\system32\drivers\hardlock.sys 15:59:00.0929 3008 Hardlock - ok 15:59:00.0987 3008 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\Windows\system32\drivers\Haspnt.sys 15:59:01.0000 3008 Haspnt - ok 15:59:01.0043 3008 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 15:59:01.0049 3008 HdAudAddService - ok 15:59:01.0107 3008 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 15:59:01.0120 3008 HDAudBus - ok 15:59:01.0143 3008 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 15:59:01.0144 3008 HidBth - ok 15:59:01.0170 3008 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 15:59:01.0172 3008 HidIr - ok 15:59:01.0233 3008 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 15:59:01.0246 3008 HidUsb - ok 15:59:01.0277 3008 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 15:59:01.0279 3008 HpCISSs - ok 15:59:01.0326 3008 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 15:59:01.0332 3008 HSFHWAZL - ok 15:59:01.0385 3008 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys 15:59:01.0418 3008 HSF_DPV - ok 15:59:01.0463 3008 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 15:59:01.0468 3008 HSXHWAZL - ok 15:59:01.0613 3008 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 15:59:01.0623 3008 HTTP - ok 15:59:01.0694 3008 hwdatacard (1720966d9c7ea5e2d78b6db92d2f9171) C:\Windows\system32\DRIVERS\ewusbmdm.sys 15:59:01.0704 3008 hwdatacard - ok 15:59:01.0755 3008 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 15:59:01.0773 3008 i2omp - ok 15:59:01.0849 3008 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 15:59:01.0852 3008 i8042prt - ok 15:59:01.0882 3008 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 15:59:01.0887 3008 iaStorV - ok 15:59:01.0927 3008 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 15:59:01.0934 3008 iirsp - ok 15:59:02.0062 3008 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys 15:59:02.0146 3008 int15 - ok 15:59:02.0715 3008 IntcAzAudAddService (04bef1c4aa990e0d5851c7532fc8642c) C:\Windows\system32\drivers\RTKVHDA.sys 15:59:02.0771 3008 IntcAzAudAddService - ok 15:59:02.0972 3008 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys 15:59:02.0983 3008 intelide - ok 15:59:03.0063 3008 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 15:59:03.0065 3008 intelppm - ok 15:59:03.0130 3008 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:59:03.0140 3008 IpFilterDriver - ok 15:59:03.0159 3008 IpInIp - ok 15:59:03.0195 3008 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 15:59:03.0197 3008 IPMIDRV - ok 15:59:03.0249 3008 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 15:59:03.0274 3008 IPNAT - ok 15:59:03.0338 3008 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys 15:59:03.0342 3008 irda - ok 15:59:03.0395 3008 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 15:59:03.0397 3008 IRENUM - ok 15:59:03.0438 3008 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 15:59:03.0440 3008 isapnp - ok 15:59:03.0528 3008 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 15:59:03.0533 3008 iScsiPrt - ok 15:59:03.0556 3008 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 15:59:03.0558 3008 iteatapi - ok 15:59:03.0583 3008 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 15:59:03.0584 3008 iteraid - ok 15:59:03.0646 3008 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 15:59:03.0648 3008 kbdclass - ok 15:59:03.0672 3008 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 15:59:03.0674 3008 kbdhid - ok 15:59:03.0743 3008 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 15:59:03.0756 3008 KSecDD - ok 15:59:03.0969 3008 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 15:59:03.0972 3008 lltdio - ok 15:59:04.0008 3008 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 15:59:04.0010 3008 LSI_FC - ok 15:59:04.0033 3008 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 15:59:04.0036 3008 LSI_SAS - ok 15:59:04.0067 3008 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 15:59:04.0070 3008 LSI_SCSI - ok 15:59:04.0120 3008 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 15:59:04.0124 3008 luafv - ok 15:59:04.0191 3008 massfilter (567d3cbc0ba3332887d091a237d4fd3c) C:\Windows\system32\drivers\massfilter.sys 15:59:04.0193 3008 massfilter - ok 15:59:04.0206 3008 MBAMSwissArmy - ok 15:59:04.0239 3008 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 15:59:04.0241 3008 mdmxsdk - ok 15:59:04.0265 3008 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 15:59:04.0267 3008 megasas - ok 15:59:04.0338 3008 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 15:59:04.0340 3008 Modem - ok 15:59:04.0397 3008 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 15:59:04.0399 3008 monitor - ok 15:59:04.0452 3008 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 15:59:04.0454 3008 mouclass - ok 15:59:04.0473 3008 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 15:59:04.0475 3008 mouhid - ok 15:59:04.0525 3008 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 15:59:04.0527 3008 MountMgr - ok 15:59:04.0571 3008 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 15:59:04.0574 3008 mpio - ok 15:59:04.0622 3008 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 15:59:04.0625 3008 mpsdrv - ok 15:59:04.0651 3008 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 15:59:04.0654 3008 Mraid35x - ok 15:59:04.0718 3008 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 15:59:04.0722 3008 MRxDAV - ok 15:59:04.0777 3008 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 15:59:04.0780 3008 mrxsmb - ok 15:59:04.0847 3008 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:59:04.0852 3008 mrxsmb10 - ok 15:59:04.0874 3008 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:59:04.0877 3008 mrxsmb20 - ok 15:59:04.0906 3008 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 15:59:04.0908 3008 msahci - ok 15:59:04.0927 3008 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 15:59:04.0930 3008 msdsm - ok 15:59:04.0986 3008 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 15:59:05.0001 3008 Msfs - ok 15:59:05.0062 3008 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 15:59:05.0079 3008 msisadrv - ok 15:59:05.0138 3008 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 15:59:05.0141 3008 MSKSSRV - ok 15:59:05.0188 3008 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 15:59:05.0191 3008 MSPCLOCK - ok 15:59:05.0241 3008 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 15:59:05.0253 3008 MSPQM - ok 15:59:05.0302 3008 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 15:59:05.0306 3008 MsRPC - ok 15:59:05.0366 3008 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 15:59:05.0368 3008 mssmbios - ok 15:59:05.0390 3008 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 15:59:05.0392 3008 MSTEE - ok 15:59:05.0417 3008 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 15:59:05.0419 3008 Mup - ok 15:59:05.0525 3008 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 15:59:05.0534 3008 NativeWifiP - ok 15:59:05.0638 3008 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 15:59:05.0653 3008 NDIS - ok 15:59:05.0717 3008 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 15:59:05.0719 3008 NdisTapi - ok 15:59:05.0775 3008 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 15:59:05.0777 3008 Ndisuio - ok 15:59:05.0834 3008 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 15:59:05.0854 3008 NdisWan - ok 15:59:05.0906 3008 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 15:59:05.0909 3008 NDProxy - ok 15:59:05.0969 3008 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 15:59:05.0972 3008 NetBIOS - ok 15:59:06.0004 3008 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 15:59:06.0010 3008 netbt - ok 15:59:06.0202 3008 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys 15:59:06.0254 3008 NETw3v32 - ok 15:59:06.0771 3008 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys 15:59:06.0877 3008 NETw5v32 - ok 15:59:07.0225 3008 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 15:59:07.0234 3008 nfrd960 - ok 15:59:07.0284 3008 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 15:59:07.0295 3008 Npfs - ok 15:59:07.0340 3008 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 15:59:07.0342 3008 nsiproxy - ok 15:59:07.0422 3008 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 15:59:07.0456 3008 Ntfs - ok 15:59:07.0480 3008 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys 15:59:07.0497 3008 NTIDrvr - ok 15:59:07.0624 3008 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 15:59:07.0640 3008 ntrigdigi - ok 15:59:07.0671 3008 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 15:59:07.0672 3008 Null - ok 15:59:08.0159 3008 nvlddmkm (dcb0f735bb78497f6076177eb7d20214) C:\Windows\system32\DRIVERS\nvlddmkm.sys 15:59:08.0285 3008 nvlddmkm - ok 15:59:08.0636 3008 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 15:59:08.0658 3008 nvraid - ok 15:59:08.0682 3008 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 15:59:08.0685 3008 nvstor - ok 15:59:08.0717 3008 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 15:59:08.0720 3008 nv_agp - ok 15:59:08.0734 3008 NwlnkFlt - ok 15:59:08.0751 3008 NwlnkFwd - ok 15:59:08.0796 3008 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys 15:59:08.0798 3008 ohci1394 - ok 15:59:08.0859 3008 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 15:59:08.0862 3008 Parport - ok 15:59:08.0908 3008 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 15:59:08.0911 3008 partmgr - ok 15:59:08.0927 3008 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 15:59:08.0929 3008 Parvdm - ok 15:59:08.0988 3008 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 15:59:09.0011 3008 pci - ok 15:59:09.0048 3008 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys 15:59:09.0050 3008 pciide - ok 15:59:09.0105 3008 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys 15:59:09.0110 3008 pcmcia - ok 15:59:09.0274 3008 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 15:59:09.0304 3008 PEAUTH - ok 15:59:09.0389 3008 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 15:59:09.0392 3008 PptpMiniport - ok 15:59:09.0417 3008 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 15:59:09.0420 3008 Processor - ok 15:59:09.0509 3008 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 15:59:09.0528 3008 PSched - ok 15:59:09.0567 3008 PSDFilter (88b72d2a800300eb05c69f3c6c3180f2) C:\Windows\system32\DRIVERS\psdfilter.sys 15:59:09.0569 3008 PSDFilter - ok 15:59:09.0587 3008 PSDNServ (9649e11fc5459bf6b2c9e8e327e45c3a) C:\Windows\system32\drivers\PSDNServ.sys 15:59:09.0589 3008 PSDNServ - ok 15:59:09.0628 3008 psdvdisk (3d0be1373b9dfe9fc7b64f090e4d59e3) C:\Windows\system32\drivers\psdvdisk.sys 15:59:09.0630 3008 psdvdisk - ok 15:59:09.0694 3008 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 15:59:09.0725 3008 ql2300 - ok 15:59:09.0753 3008 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 15:59:09.0756 3008 ql40xx - ok 15:59:09.0807 3008 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 15:59:09.0809 3008 QWAVEdrv - ok 15:59:09.0854 3008 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 15:59:09.0857 3008 RasAcd - ok 15:59:09.0944 3008 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 15:59:09.0965 3008 Rasl2tp - ok 15:59:10.0019 3008 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 15:59:10.0021 3008 RasPppoe - ok 15:59:10.0082 3008 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 15:59:10.0106 3008 RasSstp - ok 15:59:10.0161 3008 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 15:59:10.0177 3008 rdbss - ok 15:59:10.0217 3008 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 15:59:10.0219 3008 RDPCDD - ok 15:59:10.0256 3008 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 15:59:10.0263 3008 rdpdr - ok 15:59:10.0305 3008 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 15:59:10.0307 3008 RDPENCDD - ok 15:59:10.0341 3008 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 15:59:10.0346 3008 RDPWD - ok 15:59:10.0455 3008 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 15:59:10.0458 3008 rspndr - ok 15:59:10.0489 3008 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 15:59:10.0493 3008 sbp2port - ok 15:59:10.0598 3008 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 15:59:10.0601 3008 sdbus - ok 15:59:10.0633 3008 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 15:59:10.0635 3008 secdrv - ok 15:59:10.0673 3008 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 15:59:10.0675 3008 Serenum - ok 15:59:10.0700 3008 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 15:59:10.0703 3008 Serial - ok 15:59:10.0760 3008 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 15:59:10.0780 3008 sermouse - ok 15:59:10.0820 3008 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 15:59:10.0822 3008 sffdisk - ok 15:59:10.0851 3008 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 15:59:10.0853 3008 sffp_mmc - ok 15:59:10.0871 3008 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 15:59:10.0873 3008 sffp_sd - ok 15:59:10.0901 3008 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 15:59:10.0903 3008 sfloppy - ok 15:59:10.0931 3008 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 15:59:10.0934 3008 sisagp - ok 15:59:10.0956 3008 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 15:59:10.0958 3008 SiSRaid2 - ok 15:59:10.0986 3008 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 15:59:10.0989 3008 SiSRaid4 - ok 15:59:11.0052 3008 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 15:59:11.0056 3008 Smb - ok 15:59:11.0081 3008 SMSCIRDA (ced16c76469ba00e2ab310857cd4c767) C:\Windows\system32\DRIVERS\SMSCirda.sys 15:59:11.0084 3008 SMSCIRDA - ok 15:59:11.0140 3008 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 15:59:11.0161 3008 spldr - ok 15:59:11.0230 3008 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 15:59:11.0257 3008 srv - ok 15:59:11.0314 3008 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 15:59:11.0318 3008 srv2 - ok 15:59:11.0369 3008 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 15:59:11.0393 3008 srvnet - ok 15:59:11.0436 3008 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 15:59:11.0438 3008 ssmdrv - ok 15:59:11.0513 3008 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 15:59:11.0515 3008 swenum - ok 15:59:11.0546 3008 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 15:59:11.0560 3008 Symc8xx - ok 15:59:11.0595 3008 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 15:59:11.0597 3008 Sym_hi - ok 15:59:11.0622 3008 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 15:59:11.0624 3008 Sym_u3 - ok 15:59:11.0666 3008 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys 15:59:11.0671 3008 SynTP - ok 15:59:11.0763 3008 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 15:59:11.0796 3008 Tcpip - ok 15:59:11.0832 3008 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 15:59:11.0840 3008 Tcpip6 - ok 15:59:11.0973 3008 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 15:59:11.0998 3008 tcpipreg - ok 15:59:12.0040 3008 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 15:59:12.0042 3008 TDPIPE - ok 15:59:12.0070 3008 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 15:59:12.0073 3008 TDTCP - ok 15:59:12.0132 3008 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 15:59:12.0135 3008 tdx - ok 15:59:12.0188 3008 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 15:59:12.0191 3008 TermDD - ok 15:59:12.0246 3008 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 15:59:12.0264 3008 tssecsrv - ok 15:59:12.0312 3008 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 15:59:12.0314 3008 tunmp - ok 15:59:12.0366 3008 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 15:59:12.0368 3008 tunnel - ok 15:59:12.0389 3008 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 15:59:12.0392 3008 uagp35 - ok 15:59:12.0414 3008 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\Windows\system32\drivers\UBHelper.sys 15:59:12.0415 3008 UBHelper - ok 15:59:12.0553 3008 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 15:59:12.0571 3008 udfs - ok 15:59:12.0804 3008 UIUSys - ok 15:59:13.0034 3008 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 15:59:13.0052 3008 uliagpkx - ok 15:59:13.0096 3008 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 15:59:13.0102 3008 uliahci - ok 15:59:13.0123 3008 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 15:59:13.0126 3008 UlSata - ok 15:59:13.0152 3008 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 15:59:13.0155 3008 ulsata2 - ok 15:59:13.0211 3008 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 15:59:13.0213 3008 umbus - ok 15:59:13.0293 3008 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 15:59:13.0296 3008 usbccgp - ok 15:59:13.0319 3008 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 15:59:13.0322 3008 usbcir - ok 15:59:13.0382 3008 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 15:59:13.0385 3008 usbehci - ok 15:59:13.0415 3008 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 15:59:13.0420 3008 usbhub - ok 15:59:13.0449 3008 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 15:59:13.0454 3008 usbohci - ok 15:59:13.0476 3008 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys 15:59:13.0478 3008 usbprint - ok 15:59:13.0524 3008 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:59:13.0526 3008 USBSTOR - ok 15:59:13.0572 3008 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 15:59:13.0596 3008 usbuhci - ok 15:59:13.0654 3008 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 15:59:13.0656 3008 vga - ok 15:59:13.0711 3008 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 15:59:13.0736 3008 VgaSave - ok 15:59:13.0768 3008 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 15:59:13.0771 3008 viaagp - ok 15:59:13.0789 3008 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 15:59:13.0791 3008 ViaC7 - ok 15:59:13.0858 3008 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 15:59:13.0860 3008 viaide - ok 15:59:13.0882 3008 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 15:59:13.0886 3008 volmgr - ok 15:59:13.0954 3008 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 15:59:13.0961 3008 volmgrx - ok 15:59:14.0018 3008 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 15:59:14.0043 3008 volsnap - ok 15:59:14.0080 3008 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 15:59:14.0084 3008 vsmraid - ok 15:59:14.0118 3008 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 15:59:14.0120 3008 WacomPen - ok 15:59:14.0178 3008 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 15:59:14.0180 3008 Wanarp - ok 15:59:14.0195 3008 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 15:59:14.0198 3008 Wanarpv6 - ok 15:59:14.0233 3008 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 15:59:14.0235 3008 Wd - ok 15:59:14.0427 3008 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 15:59:14.0456 3008 Wdf01000 - ok 15:59:14.0535 3008 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 15:59:14.0555 3008 winachsf - ok 15:59:14.0685 3008 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 15:59:14.0704 3008 WmiAcpi - ok 15:59:14.0819 3008 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 15:59:14.0821 3008 WpdUsb - ok 15:59:14.0871 3008 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 15:59:14.0873 3008 ws2ifsl - ok 15:59:14.0965 3008 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 15:59:14.0968 3008 WUDFRd - ok 15:59:15.0000 3008 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys 15:59:15.0002 3008 XAudio - ok 15:59:15.0062 3008 ZTEusbmdm6k (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 15:59:15.0065 3008 ZTEusbmdm6k - ok 15:59:15.0095 3008 ZTEusbnmea (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys 15:59:15.0098 3008 ZTEusbnmea - ok 15:59:15.0140 3008 ZTEusbser6k (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 15:59:15.0144 3008 ZTEusbser6k - ok 15:59:15.0175 3008 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0 15:59:16.0206 3008 \Device\Harddisk0\DR0 - ok 15:59:16.0232 3008 Boot (0x1200) (014ca19c129256f8eab2549c3f889605) \Device\Harddisk0\DR0\Partition0 15:59:16.0249 3008 \Device\Harddisk0\DR0\Partition0 - ok 15:59:16.0285 3008 Boot (0x1200) (8ce178f40e5b9798b87d7a3dceaa5180) \Device\Harddisk0\DR0\Partition1 15:59:16.0301 3008 \Device\Harddisk0\DR0\Partition1 - ok 15:59:16.0304 3008 ============================================================ 15:59:16.0304 3008 Scan finished 15:59:16.0304 3008 ============================================================ 15:59:16.0323 5284 Detected object count: 0 15:59:16.0323 5284 Actual detected object count: 0 16:12:53.0159 0452 ============================================================ 16:12:53.0159 0452 Scan started 16:12:53.0159 0452 Mode: Manual; SigCheck; TDLFS; 16:12:53.0159 0452 ============================================================ 16:12:54.0553 0452 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 16:12:54.0766 0452 ACPI - ok 16:12:55.0013 0452 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 16:12:55.0103 0452 adp94xx - ok 16:12:55.0587 0452 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 16:12:55.0606 0452 adpahci - ok 16:12:55.0923 0452 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 16:12:55.0938 0452 adpu160m - ok 16:12:56.0200 0452 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 16:12:56.0215 0452 adpu320 - ok 16:12:56.0287 0452 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 16:12:56.0491 0452 AFD - ok 16:12:56.0622 0452 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 16:12:56.0635 0452 agp440 - ok 16:12:56.0763 0452 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 16:12:56.0777 0452 aic78xx - ok 16:12:56.0819 0452 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 16:12:56.0832 0452 aliide - ok 16:12:56.0848 0452 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 16:12:56.0862 0452 amdagp - ok 16:12:56.0897 0452 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 16:12:56.0910 0452 amdide - ok 16:12:56.0937 0452 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 16:12:57.0194 0452 AmdK7 - ok 16:12:57.0227 0452 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 16:12:57.0356 0452 AmdK8 - ok 16:12:57.0649 0452 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 16:12:57.0662 0452 arc - ok 16:12:57.0720 0452 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 16:12:57.0734 0452 arcsas - ok 16:12:57.0806 0452 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 16:12:58.0018 0452 AsyncMac - ok 16:12:58.0087 0452 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 16:12:58.0103 0452 atapi - ok 16:12:58.0196 0452 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys 16:12:58.0269 0452 avgntflt - ok 16:12:58.0301 0452 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys 16:12:58.0317 0452 avipbb - ok 16:12:58.0502 0452 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys 16:12:58.0516 0452 avkmgr - ok 16:12:58.0815 0452 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys 16:12:58.0922 0452 b57nd60x - ok 16:12:59.0177 0452 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys 16:12:59.0261 0452 bcm4sbxp - ok 16:12:59.0302 0452 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 16:12:59.0359 0452 Beep - ok 16:12:59.0381 0452 blbdrive - ok 16:12:59.0465 0452 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 16:12:59.0582 0452 bowser - ok 16:12:59.0607 0452 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 16:12:59.0766 0452 BrFiltLo - ok 16:12:59.0788 0452 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 16:12:59.0848 0452 BrFiltUp - ok 16:12:59.0878 0452 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 16:12:59.0963 0452 Brserid - ok 16:12:59.0989 0452 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 16:13:00.0080 0452 BrSerWdm - ok 16:13:00.0109 0452 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 16:13:00.0207 0452 BrUsbMdm - ok 16:13:00.0298 0452 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 16:13:00.0397 0452 BrUsbSer - ok 16:13:00.0425 0452 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 16:13:00.0502 0452 BTHMODEM - ok 16:13:00.0628 0452 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 16:13:00.0700 0452 cdfs - ok 16:13:00.0742 0452 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 16:13:00.0800 0452 cdrom - ok 16:13:00.0836 0452 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 16:13:00.0901 0452 circlass - ok 16:13:01.0027 0452 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 16:13:01.0048 0452 CLFS - ok 16:13:01.0130 0452 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 16:13:01.0210 0452 CmBatt - ok 16:13:01.0233 0452 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 16:13:01.0245 0452 cmdide - ok 16:13:01.0343 0452 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 16:13:01.0356 0452 Compbatt - ok 16:13:01.0388 0452 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 16:13:01.0400 0452 crcdisk - ok 16:13:01.0484 0452 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 16:13:01.0585 0452 Crusoe - ok 16:13:01.0701 0452 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 16:13:01.0781 0452 DfsC - ok 16:13:01.0842 0452 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 16:13:01.0869 0452 disk - ok 16:13:01.0897 0452 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys 16:13:01.0910 0452 DKbFltr - ok 16:13:02.0043 0452 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys 16:13:02.0056 0452 DritekPortIO - ok 16:13:02.0164 0452 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 16:13:02.0238 0452 drmkaud - ok 16:13:02.0319 0452 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 16:13:02.0366 0452 DXGKrnl - ok 16:13:02.0396 0452 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 16:13:02.0502 0452 E1G60 - ok 16:13:02.0552 0452 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 16:13:02.0569 0452 Ecache - ok 16:13:02.0952 0452 eeCtrl (2d401f82d4e81aaf89daaa45f04782a2) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 16:13:03.0015 0452 eeCtrl - ok 16:13:03.0166 0452 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 16:13:03.0186 0452 elxstor - ok 16:13:03.0278 0452 EMSCR (1fa3f9df8983873746fa6b72dd7e3c2c) C:\Windows\system32\DRIVERS\EMS7SK.sys 16:13:03.0361 0452 EMSCR - ok 16:13:03.0389 0452 ESDCR (9c7487253aad6bf61f9bc83d50e32ccc) C:\Windows\system32\DRIVERS\ESD7SK.sys 16:13:03.0433 0452 ESDCR - ok 16:13:03.0463 0452 ESMCR (99589d975da04f8bd31f124428fcc797) C:\Windows\system32\DRIVERS\ESM7SK.sys 16:13:03.0485 0452 ESMCR - ok 16:13:03.0579 0452 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 16:13:03.0635 0452 exfat - ok 16:13:03.0734 0452 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 16:13:03.0786 0452 fastfat - ok 16:13:03.0840 0452 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 16:13:03.0924 0452 fdc - ok 16:13:04.0020 0452 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 16:13:04.0034 0452 FileInfo - ok 16:13:04.0141 0452 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 16:13:04.0212 0452 Filetrace - ok 16:13:04.0244 0452 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 16:13:04.0322 0452 flpydisk - ok 16:13:04.0473 0452 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 16:13:04.0492 0452 FltMgr - ok 16:13:04.0613 0452 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 16:13:04.0679 0452 Fs_Rec - ok 16:13:04.0724 0452 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 16:13:04.0738 0452 gagp30kx - ok 16:13:05.0056 0452 Hardlock (d95554949082fd29a04d351b58396718) C:\Windows\system32\drivers\hardlock.sys 16:13:05.0197 0452 Hardlock - ok 16:13:05.0321 0452 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\Windows\system32\drivers\Haspnt.sys 16:13:05.0367 0452 Haspnt ( UnsignedFile.Multi.Generic ) - warning 16:13:05.0368 0452 Haspnt - detected UnsignedFile.Multi.Generic (1) 16:13:05.0400 0452 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 16:13:05.0483 0452 HdAudAddService - ok 16:13:05.0707 0452 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 16:13:05.0852 0452 HDAudBus - ok 16:13:05.0920 0452 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 16:13:06.0020 0452 HidBth - ok 16:13:06.0059 0452 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 16:13:06.0159 0452 HidIr - ok 16:13:06.0266 0452 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 16:13:06.0339 0452 HidUsb - ok 16:13:06.0366 0452 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 16:13:06.0379 0452 HpCISSs - ok 16:13:06.0504 0452 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 16:13:06.0544 0452 HSFHWAZL - ok 16:13:06.0818 0452 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys 16:13:06.0948 0452 HSF_DPV - ok 16:13:07.0030 0452 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 16:13:07.0074 0452 HSXHWAZL - ok 16:13:07.0246 0452 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 16:13:07.0410 0452 HTTP - ok 16:13:07.0504 0452 hwdatacard (1720966d9c7ea5e2d78b6db92d2f9171) C:\Windows\system32\DRIVERS\ewusbmdm.sys 16:13:07.0550 0452 hwdatacard - ok 16:13:07.0588 0452 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 16:13:07.0601 0452 i2omp - ok 16:13:07.0682 0452 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 16:13:07.0741 0452 i8042prt - ok 16:13:07.0803 0452 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 16:13:07.0820 0452 iaStorV - ok 16:13:08.0126 0452 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 16:13:08.0139 0452 iirsp - ok 16:13:08.0306 0452 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys 16:13:08.0332 0452 int15 ( UnsignedFile.Multi.Generic ) - warning 16:13:08.0332 0452 int15 - detected UnsignedFile.Multi.Generic (1) 16:13:08.0567 0452 IntcAzAudAddService (04bef1c4aa990e0d5851c7532fc8642c) C:\Windows\system32\drivers\RTKVHDA.sys 16:13:08.0729 0452 IntcAzAudAddService - ok 16:13:08.0927 0452 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys 16:13:08.0949 0452 intelide - ok 16:13:09.0184 0452 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 16:13:09.0231 0452 intelppm - ok 16:13:09.0508 0452 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:13:09.0559 0452 IpFilterDriver - ok 16:13:09.0812 0452 IpInIp - ok 16:13:09.0883 0452 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 16:13:09.0979 0452 IPMIDRV - ok 16:13:10.0026 0452 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 16:13:10.0090 0452 IPNAT - ok 16:13:10.0326 0452 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys 16:13:10.0394 0452 irda - ok 16:13:10.0605 0452 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 16:13:10.0642 0452 IRENUM - ok 16:13:10.0792 0452 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 16:13:10.0807 0452 isapnp - ok 16:13:10.0883 0452 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 16:13:10.0914 0452 iScsiPrt - ok 16:13:10.0945 0452 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 16:13:10.0958 0452 iteatapi - ok 16:13:10.0982 0452 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 16:13:10.0996 0452 iteraid - ok 16:13:11.0056 0452 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 16:13:11.0071 0452 kbdclass - ok 16:13:11.0094 0452 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 16:13:11.0176 0452 kbdhid - ok 16:13:11.0420 0452 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 16:13:11.0465 0452 KSecDD - ok 16:13:11.0535 0452 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 16:13:11.0606 0452 lltdio - ok 16:13:11.0784 0452 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 16:13:11.0816 0452 LSI_FC - ok 16:13:11.0843 0452 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 16:13:11.0859 0452 LSI_SAS - ok 16:13:11.0955 0452 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 16:13:11.0980 0452 LSI_SCSI - ok 16:13:12.0063 0452 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 16:13:12.0132 0452 luafv - ok 16:13:12.0190 0452 massfilter (567d3cbc0ba3332887d091a237d4fd3c) C:\Windows\system32\drivers\massfilter.sys 16:13:12.0239 0452 massfilter - ok 16:13:12.0251 0452 MBAMSwissArmy - ok 16:13:12.0315 0452 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 16:13:12.0362 0452 mdmxsdk - ok 16:13:12.0386 0452 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 16:13:12.0399 0452 megasas - ok 16:13:12.0482 0452 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 16:13:12.0523 0452 Modem - ok 16:13:12.0607 0452 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 16:13:12.0682 0452 monitor - ok 16:13:12.0718 0452 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 16:13:12.0737 0452 mouclass - ok 16:13:12.0772 0452 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 16:13:12.0833 0452 mouhid - ok 16:13:13.0001 0452 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 16:13:13.0020 0452 MountMgr - ok 16:13:13.0059 0452 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 16:13:13.0087 0452 mpio - ok 16:13:13.0121 0452 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 16:13:13.0170 0452 mpsdrv - ok 16:13:13.0217 0452 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 16:13:13.0233 0452 Mraid35x - ok 16:13:13.0306 0452 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 16:13:13.0396 0452 MRxDAV - ok 16:13:13.0465 0452 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 16:13:13.0527 0452 mrxsmb - ok 16:13:13.0591 0452 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:13:13.0649 0452 mrxsmb10 - ok 16:13:13.0673 0452 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:13:13.0733 0452 mrxsmb20 - ok 16:13:13.0771 0452 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 16:13:13.0798 0452 msahci - ok 16:13:13.0837 0452 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 16:13:13.0858 0452 msdsm - ok 16:13:13.0952 0452 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 16:13:14.0010 0452 Msfs - ok 16:13:14.0072 0452 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 16:13:14.0085 0452 msisadrv - ok 16:13:14.0159 0452 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 16:13:14.0220 0452 MSKSSRV - ok 16:13:14.0265 0452 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 16:13:14.0316 0452 MSPCLOCK - ok 16:13:14.0373 0452 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 16:13:14.0421 0452 MSPQM - ok 16:13:14.0522 0452 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 16:13:14.0548 0452 MsRPC - ok 16:13:14.0608 0452 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 16:13:14.0639 0452 mssmbios - ok 16:13:14.0687 0452 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 16:13:14.0755 0452 MSTEE - ok 16:13:14.0848 0452 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 16:13:14.0903 0452 Mup - ok 16:13:14.0996 0452 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 16:13:15.0049 0452 NativeWifiP - ok 16:13:15.0176 0452 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 16:13:15.0249 0452 NDIS - ok 16:13:15.0336 0452 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 16:13:15.0383 0452 NdisTapi - ok 16:13:15.0450 0452 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 16:13:15.0517 0452 Ndisuio - ok 16:13:15.0587 0452 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 16:13:15.0625 0452 NdisWan - ok 16:13:15.0681 0452 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 16:13:15.0747 0452 NDProxy - ok 16:13:15.0789 0452 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 16:13:15.0841 0452 NetBIOS - ok 16:13:15.0966 0452 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 16:13:16.0070 0452 netbt - ok 16:13:16.0476 0452 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys 16:13:16.0632 0452 NETw3v32 - ok 16:13:16.0990 0452 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys 16:13:17.0325 0452 NETw5v32 ( UnsignedFile.Multi.Generic ) - warning 16:13:17.0325 0452 NETw5v32 - detected UnsignedFile.Multi.Generic (1) 16:13:17.0645 0452 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 16:13:17.0672 0452 nfrd960 - ok 16:13:17.0827 0452 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 16:13:17.0875 0452 Npfs - ok 16:13:17.0938 0452 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 16:13:17.0987 0452 nsiproxy - ok 16:13:18.0187 0452 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 16:13:18.0302 0452 Ntfs - ok 16:13:18.0724 0452 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys 16:13:18.0755 0452 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning 16:13:18.0755 0452 NTIDrvr - detected UnsignedFile.Multi.Generic (1) 16:13:18.0779 0452 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 16:13:18.0861 0452 ntrigdigi - ok 16:13:18.0968 0452 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 16:13:19.0025 0452 Null - ok 16:13:19.0658 0452 nvlddmkm (dcb0f735bb78497f6076177eb7d20214) C:\Windows\system32\DRIVERS\nvlddmkm.sys 16:13:20.0000 0452 nvlddmkm - ok 16:13:20.0268 0452 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 16:13:20.0299 0452 nvraid - ok 16:13:20.0326 0452 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 16:13:20.0340 0452 nvstor - ok 16:13:20.0360 0452 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 16:13:20.0390 0452 nv_agp - ok 16:13:20.0403 0452 NwlnkFlt - ok 16:13:20.0420 0452 NwlnkFwd - ok 16:13:20.0450 0452 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys 16:13:20.0537 0452 ohci1394 - ok 16:13:20.0580 0452 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 16:13:20.0670 0452 Parport - ok 16:13:20.0940 0452 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 16:13:20.0980 0452 partmgr - ok 16:13:21.0370 0452 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 16:13:21.0474 0452 Parvdm - ok 16:13:21.0841 0452 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 16:13:21.0864 0452 pci - ok 16:13:21.0935 0452 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys 16:13:21.0970 0452 pciide - ok 16:13:22.0104 0452 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys 16:13:22.0142 0452 pcmcia - ok 16:13:22.0278 0452 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 16:13:22.0463 0452 PEAUTH - ok 16:13:22.0821 0452 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 16:13:22.0872 0452 PptpMiniport - ok 16:13:23.0182 0452 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 16:13:23.0275 0452 Processor - ok 16:13:23.0552 0452 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 16:13:23.0617 0452 PSched - ok 16:13:23.0887 0452 PSDFilter (88b72d2a800300eb05c69f3c6c3180f2) C:\Windows\system32\DRIVERS\psdfilter.sys 16:13:23.0918 0452 PSDFilter ( UnsignedFile.Multi.Generic ) - warning 16:13:23.0918 0452 PSDFilter - detected UnsignedFile.Multi.Generic (1) 16:13:24.0072 0452 PSDNServ (9649e11fc5459bf6b2c9e8e327e45c3a) C:\Windows\system32\drivers\PSDNServ.sys 16:13:24.0079 0452 PSDNServ ( UnsignedFile.Multi.Generic ) - warning 16:13:24.0079 0452 PSDNServ - detected UnsignedFile.Multi.Generic (1) 16:13:24.0104 0452 psdvdisk (3d0be1373b9dfe9fc7b64f090e4d59e3) C:\Windows\system32\drivers\psdvdisk.sys 16:13:24.0126 0452 psdvdisk ( UnsignedFile.Multi.Generic ) - warning 16:13:24.0126 0452 psdvdisk - detected UnsignedFile.Multi.Generic (1) 16:13:24.0181 0452 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 16:13:24.0287 0452 ql2300 - ok 16:13:24.0328 0452 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 16:13:24.0345 0452 ql40xx - ok 16:13:24.0393 0452 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 16:13:24.0464 0452 QWAVEdrv - ok 16:13:24.0508 0452 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 16:13:24.0568 0452 RasAcd - ok 16:13:24.0620 0452 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 16:13:24.0667 0452 Rasl2tp - ok 16:13:24.0728 0452 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 16:13:24.0775 0452 RasPppoe - ok 16:13:24.0847 0452 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 16:13:24.0882 0452 RasSstp - ok 16:13:24.0937 0452 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 16:13:25.0008 0452 rdbss - ok 16:13:25.0060 0452 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 16:13:25.0115 0452 RDPCDD - ok 16:13:25.0223 0452 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 16:13:25.0437 0452 rdpdr - ok 16:13:25.0747 0452 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 16:13:25.0816 0452 RDPENCDD - ok 16:13:26.0073 0452 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 16:13:26.0147 0452 RDPWD - ok 16:13:26.0408 0452 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 16:13:26.0481 0452 rspndr - ok 16:13:26.0698 0452 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 16:13:26.0722 0452 sbp2port - ok 16:13:26.0851 0452 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 16:13:26.0917 0452 sdbus - ok 16:13:26.0986 0452 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 16:13:27.0073 0452 secdrv - ok 16:13:27.0126 0452 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 16:13:27.0212 0452 Serenum - ok 16:13:27.0242 0452 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 16:13:27.0331 0452 Serial - ok 16:13:27.0391 0452 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 16:13:27.0452 0452 sermouse - ok 16:13:27.0606 0452 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 16:13:27.0695 0452 sffdisk - ok 16:13:27.0893 0452 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 16:13:27.0979 0452 sffp_mmc - ok 16:13:28.0013 0452 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 16:13:28.0089 0452 sffp_sd - ok 16:13:28.0120 0452 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 16:13:28.0199 0452 sfloppy - ok 16:13:28.0251 0452 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 16:13:28.0269 0452 sisagp - ok 16:13:28.0288 0452 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 16:13:28.0319 0452 SiSRaid2 - ok 16:13:28.0361 0452 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 16:13:28.0385 0452 SiSRaid4 - ok 16:13:28.0472 0452 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 16:13:28.0529 0452 Smb - ok 16:13:28.0556 0452 SMSCIRDA (ced16c76469ba00e2ab310857cd4c767) C:\Windows\system32\DRIVERS\SMSCirda.sys 16:13:28.0600 0452 SMSCIRDA - ok 16:13:28.0693 0452 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 16:13:28.0707 0452 spldr - ok 16:13:28.0772 0452 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 16:13:28.0876 0452 srv - ok 16:13:28.0944 0452 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 16:13:29.0008 0452 srv2 - ok 16:13:29.0078 0452 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 16:13:29.0150 0452 srvnet - ok 16:13:29.0200 0452 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 16:13:29.0223 0452 ssmdrv - ok 16:13:29.0288 0452 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 16:13:29.0302 0452 swenum - ok 16:13:29.0343 0452 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 16:13:29.0357 0452 Symc8xx - ok 16:13:29.0382 0452 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 16:13:29.0396 0452 Sym_hi - ok 16:13:29.0420 0452 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 16:13:29.0441 0452 Sym_u3 - ok 16:13:29.0463 0452 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys 16:13:29.0483 0452 SynTP - ok 16:13:29.0727 0452 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 16:13:29.0856 0452 Tcpip - ok 16:13:30.0415 0452 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 16:13:30.0559 0452 Tcpip6 - ok 16:13:30.0903 0452 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 16:13:31.0073 0452 tcpipreg - ok 16:13:31.0559 0452 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 16:13:31.0652 0452 TDPIPE - ok 16:13:31.0934 0452 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 16:13:31.0971 0452 TDTCP - ok 16:13:32.0151 0452 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 16:13:32.0201 0452 tdx - ok 16:13:32.0284 0452 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 16:13:32.0321 0452 TermDD - ok 16:13:32.0453 0452 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 16:13:32.0525 0452 tssecsrv - ok 16:13:32.0576 0452 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 16:13:32.0662 0452 tunmp - ok 16:13:32.0707 0452 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 16:13:32.0733 0452 tunnel - ok 16:13:32.0775 0452 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 16:13:32.0790 0452 uagp35 - ok 16:13:32.0822 0452 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\Windows\system32\drivers\UBHelper.sys 16:13:32.0863 0452 UBHelper ( UnsignedFile.Multi.Generic ) - warning 16:13:32.0863 0452 UBHelper - detected UnsignedFile.Multi.Generic (1) 16:13:32.0926 0452 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 16:13:32.0962 0452 udfs - ok 16:13:33.0046 0452 UIUSys - ok 16:13:33.0175 0452 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 16:13:33.0197 0452 uliagpkx - ok 16:13:33.0227 0452 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 16:13:33.0247 0452 uliahci - ok 16:13:33.0286 0452 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 16:13:33.0302 0452 UlSata - ok 16:13:33.0326 0452 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 16:13:33.0360 0452 ulsata2 - ok 16:13:33.0408 0452 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 16:13:33.0461 0452 umbus - ok 16:13:33.0590 0452 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 16:13:33.0634 0452 usbccgp - ok 16:13:33.0683 0452 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 16:13:33.0769 0452 usbcir - ok 16:13:33.0823 0452 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 16:13:33.0868 0452 usbehci - ok 16:13:33.0900 0452 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 16:13:33.0945 0452 usbhub - ok 16:13:33.0979 0452 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 16:13:34.0058 0452 usbohci - ok 16:13:34.0084 0452 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys 16:13:34.0161 0452 usbprint - ok 16:13:34.0465 0452 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:13:34.0507 0452 USBSTOR - ok 16:13:34.0580 0452 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 16:13:34.0626 0452 usbuhci - ok 16:13:34.0684 0452 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 16:13:34.0762 0452 vga - ok 16:13:34.0808 0452 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 16:13:34.0856 0452 VgaSave - ok 16:13:34.0887 0452 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 16:13:34.0914 0452 viaagp - ok 16:13:34.0941 0452 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 16:13:35.0025 0452 ViaC7 - ok 16:13:35.0144 0452 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 16:13:35.0217 0452 viaide - ok 16:13:35.0278 0452 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 16:13:35.0302 0452 volmgr - ok 16:13:35.0405 0452 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 16:13:35.0454 0452 volmgrx - ok 16:13:35.0504 0452 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 16:13:35.0526 0452 volsnap - ok 16:13:35.0566 0452 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 16:13:35.0593 0452 vsmraid - ok 16:13:35.0625 0452 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 16:13:35.0701 0452 WacomPen - ok 16:13:35.0752 0452 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 16:13:35.0786 0452 Wanarp - ok 16:13:35.0795 0452 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 16:13:35.0829 0452 Wanarpv6 - ok 16:13:35.0996 0452 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 16:13:36.0010 0452 Wd - ok 16:13:36.0122 0452 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 16:13:36.0181 0452 Wdf01000 - ok 16:13:36.0264 0452 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 16:13:36.0307 0452 winachsf - ok 16:13:36.0514 0452 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 16:13:36.0554 0452 WmiAcpi - ok 16:13:36.0638 0452 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 16:13:36.0731 0452 WpdUsb - ok 16:13:36.0789 0452 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 16:13:36.0828 0452 ws2ifsl - ok 16:13:36.0994 0452 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 16:13:37.0043 0452 WUDFRd - ok 16:13:37.0562 0452 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys 16:13:37.0594 0452 XAudio - ok 16:13:37.0823 0452 ZTEusbmdm6k (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 16:13:37.0877 0452 ZTEusbmdm6k - ok 16:13:37.0945 0452 ZTEusbnmea (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys 16:13:37.0995 0452 ZTEusbnmea - ok 16:13:38.0024 0452 ZTEusbser6k (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 16:13:38.0042 0452 ZTEusbser6k - ok 16:13:38.0081 0452 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0 16:13:40.0872 0452 \Device\Harddisk0\DR0 - ok 16:13:40.0916 0452 Boot (0x1200) (014ca19c129256f8eab2549c3f889605) \Device\Harddisk0\DR0\Partition0 16:13:40.0926 0452 \Device\Harddisk0\DR0\Partition0 - ok 16:13:40.0991 0452 Boot (0x1200) (8ce178f40e5b9798b87d7a3dceaa5180) \Device\Harddisk0\DR0\Partition1 16:13:41.0019 0452 \Device\Harddisk0\DR0\Partition1 - ok 16:13:41.0020 0452 ============================================================ 16:13:41.0020 0452 Scan finished 16:13:41.0020 0452 ============================================================ 16:13:41.0039 4236 Detected object count: 8 16:13:41.0039 4236 Actual detected object count: 8 16:14:01.0783 4236 Haspnt ( UnsignedFile.Multi.Generic ) - skipped by user 16:14:01.0784 4236 Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:14:01.0787 4236 int15 ( UnsignedFile.Multi.Generic ) - skipped by user 16:14:01.0787 4236 int15 ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:14:01.0792 4236 NETw5v32 ( UnsignedFile.Multi.Generic ) - skipped by user 16:14:01.0792 4236 NETw5v32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:14:01.0794 4236 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user 16:14:01.0794 4236 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:14:01.0797 4236 PSDFilter ( UnsignedFile.Multi.Generic ) - skipped by user 16:14:01.0797 4236 PSDFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:14:01.0800 4236 PSDNServ ( UnsignedFile.Multi.Generic ) - skipped by user 16:14:01.0800 4236 PSDNServ ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:14:01.0803 4236 psdvdisk ( UnsignedFile.Multi.Generic ) - skipped by user 16:14:01.0803 4236 psdvdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:14:01.0806 4236 UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user 16:14:01.0806 4236 UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip Grüße, Stephanie Geändert von Grisu 35 (05.12.2011 um 16:18 Uhr) Grund: Falsche Einstellungen, Log ausgetauscht |
|
05.12.2011, 18:40
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.12.2011, 20:00
| #11 |
| | Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet Hallo, ich hatte nach dem Neustart Probleme das Log von Combofix zu finden. Ich hoffe das ist das richtige, ansonsten habe ich hier noch eine Quarantäne.txt von Combofix, soll die auch mit rein? Combofix Logfile: Code:
ATTFilter ComboFix 11-12-05.02 - Steffi 05.12.2011 19:26:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.1021.479 [GMT 1:00]
ausgeführt von:: c:\users\Steffi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-05 bis 2011-12-05 ))))))))))))))))))))))))))))))
.
.
2011-12-05 13:44 . 2011-12-05 13:44 -------- d-----w- C:\_OTL
2011-12-04 21:42 . 2011-12-04 21:42 -------- d-----w- c:\program files\ESET
2011-12-04 18:56 . 2011-12-04 18:56 -------- d-----w- c:\users\Steffi\AppData\Roaming\Malwarebytes
2011-12-04 18:55 . 2011-12-04 18:55 -------- d-----w- c:\programdata\Malwarebytes
2011-12-04 18:54 . 2011-12-04 18:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-04 18:54 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-01 08:44 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-12-01 08:42 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-01 08:42 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-12-01 08:42 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-12-01 08:42 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-12-01 08:42 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-12-01 08:42 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-12-01 08:42 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-12-01 08:42 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-12-01 07:04 . 2011-12-01 07:05 143 ----a-w- c:\users\Steffi\AppData\Roaming\Microsoft\1EE2\bl124753_64.bat
2011-11-23 16:04 . 2011-11-23 16:04 -------- d-----w- c:\users\Steffi\AppData\Local\Unity
2011-11-22 08:00 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36C02AD1-5ADE-4505-8102-8954AB4AE60B}\mpengine.dll
2011-11-20 15:27 . 2011-11-20 15:27 -------- d-----w- c:\program files\Ovis
2011-11-17 17:09 . 2003-11-10 17:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-11-17 17:09 . 2003-11-10 17:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-11-17 17:09 . 2003-11-10 17:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-11-17 17:09 . 2003-11-10 17:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-11-17 17:09 . 2003-11-10 17:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-11-17 17:09 . 2011-11-17 17:09 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-11-17 17:09 . 2011-11-17 17:09 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-11-17 16:50 . 2011-11-17 16:50 -------- d-----w- c:\program files\SystemRequirementsLab
2011-11-06 10:39 . 2011-11-06 10:39 -------- d-----w- c:\users\Steffi\AppData\Roaming\dvdcss
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 07:16 . 2011-07-25 06:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 13:00 . 2011-10-19 06:27 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-19 06:27 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-11 13:00 . 2011-10-19 06:27 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-26 18:07 . 2011-05-09 19:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"UIExec"="c:\program files\Join Air\UIExec.exe" [2009-08-31 132608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-12-24 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-20 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-20 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-20 81920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-4-15 110592]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-5 528384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
??????????????e [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 136176]
R2 UI Assistant Service;UI Assistant Service;c:\program files\Join Air\AssistantServices.exe [2009-08-31 241664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-22 9728]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 35413875
*Deregistered* - 35413875
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 10:39]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 10:39]
.
2011-12-05 c:\windows\Tasks\User_Feed_Synchronization-{02450484-794A-42CC-8D18-CF725362E277}.job
- c:\windows\system32\msfeedssync.exe [2011-12-01 21:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uSearchMigratedDefaultURL =
mStart Page =
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Steffi\AppData\Roaming\Mozilla\Firefox\Profiles\iv44ljhc.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - user.js: yahoo.homepage.dontask - true
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-eRecoveryService - (no file)
AddRemove-Volo View Express - c:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-05 19:36
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-12-05 19:40:52
ComboFix-quarantined-files.txt 2011-12-05 18:40
.
Vor Suchlauf: 12 Verzeichnis(se), 22.781.526.016 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 22.600.491.008 Bytes frei
.
- - End Of File - - 348B78B02606BFED0AFD4E0A74679EE2
Grüße, Stephanie |
|
05.12.2011, 20:43
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.12.2011, 21:33
| #13 |
| | Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet Hallo Arne, hat etwas gedauert bis die Log geschrieben war.. Combofix Logfile: Code:
ATTFilter ComboFix 11-12-05.02 - Steffi 05.12.2011 20:54:02.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.1021.364 [GMT 1:00]
ausgeführt von:: c:\users\Steffi\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Steffi\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infizierte Kopie von c:\windows\system32\user32.dll wurde gefunden und desinfiziert
Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!user32.dll wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-05 bis 2011-12-05 ))))))))))))))))))))))))))))))
.
.
2011-12-05 20:05 . 2011-12-05 20:17 -------- d-----w- c:\users\Steffi\AppData\Local\temp
2011-12-05 20:05 . 2011-12-05 20:05 -------- d-----w- c:\users\Holger\AppData\Local\temp
2011-12-05 20:05 . 2011-12-05 20:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-05 13:44 . 2011-12-05 13:44 -------- d-----w- C:\_OTL
2011-12-04 21:42 . 2011-12-04 21:42 -------- d-----w- c:\program files\ESET
2011-12-04 18:56 . 2011-12-04 18:56 -------- d-----w- c:\users\Steffi\AppData\Roaming\Malwarebytes
2011-12-04 18:55 . 2011-12-04 18:55 -------- d-----w- c:\programdata\Malwarebytes
2011-12-04 18:54 . 2011-12-04 18:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-04 18:54 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-01 08:44 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-12-01 08:42 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-01 08:42 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-12-01 08:42 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-12-01 08:42 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-12-01 08:42 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-12-01 08:42 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-12-01 08:42 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-12-01 08:42 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-12-01 07:04 . 2011-12-01 07:05 143 ----a-w- c:\users\Steffi\AppData\Roaming\Microsoft\1EE2\bl124753_64.bat
2011-11-23 16:04 . 2011-11-23 16:04 -------- d-----w- c:\users\Steffi\AppData\Local\Unity
2011-11-22 08:00 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36C02AD1-5ADE-4505-8102-8954AB4AE60B}\mpengine.dll
2011-11-20 15:27 . 2011-11-20 15:27 -------- d-----w- c:\program files\Ovis
2011-11-17 17:09 . 2003-11-10 17:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-11-17 17:09 . 2003-11-10 17:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-11-17 17:09 . 2003-11-10 17:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-11-17 17:09 . 2003-11-10 17:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-11-17 17:09 . 2003-11-10 17:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-11-17 17:09 . 2011-11-17 17:09 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-11-17 17:09 . 2011-11-17 17:09 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-11-17 16:50 . 2011-11-17 16:50 -------- d-----w- c:\program files\SystemRequirementsLab
2011-11-06 10:39 . 2011-11-06 10:39 -------- d-----w- c:\users\Steffi\AppData\Roaming\dvdcss
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 07:16 . 2011-07-25 06:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 13:00 . 2011-10-19 06:27 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-19 06:27 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-11 13:00 . 2011-10-19 06:27 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-26 18:07 . 2011-05-09 19:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"UIExec"="c:\program files\Join Air\UIExec.exe" [2009-08-31 132608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-12-24 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-20 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-20 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-20 81920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-4-15 110592]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-5 528384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
??????????????e [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 136176]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-22 9728]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 UI Assistant Service;UI Assistant Service;c:\program files\Join Air\AssistantServices.exe [2009-08-31 241664]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 10:39]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 10:39]
.
2011-12-05 c:\windows\Tasks\User_Feed_Synchronization-{02450484-794A-42CC-8D18-CF725362E277}.job
- c:\windows\system32\msfeedssync.exe [2011-12-01 21:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uSearchMigratedDefaultURL =
mStart Page =
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Steffi\AppData\Roaming\Mozilla\Firefox\Profiles\iv44ljhc.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4748)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\ShowErrMsg.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\System32\rundll32.exe
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\windows\ehome\ehmsas.exe
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\users\Steffi\AppData\Local\Temp\RtkBtMnt.exe
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\program files\avira\antivir desktop\ipmGui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-05 21:26:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-12-05 20:23
ComboFix2.txt 2011-12-05 18:40
.
Vor Suchlauf: 15 Verzeichnis(se), 22.512.340.992 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 22.465.036.288 Bytes frei
.
- - End Of File - - F567D1EC70BEC5433964165A4504A52F
Grüße, Stephanie |
|
05.12.2011, 22:36
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.12.2011, 09:44
| #15 |
| | Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet Einen schönen Nikolausmorgen :-) Hier die drei Scans. GMER GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-06 09:07:42
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVS-22RST0 rev.04.01G04
Running: bv6lfwgn.exe; Driver: C:\Users\Steffi\AppData\Local\Temp\kgtdqpoc.sys
---- System - GMER 1.0.15 ----
SSDT 87D0EB1E ZwCreateSection
SSDT 87D0EB28 ZwRequestWaitReplyPort
SSDT 87D0EB23 ZwSetContextThread
SSDT 87D0EB2D ZwSetSecurityObject
SSDT 87D0EB32 ZwSystemDebugControl
SSDT 87D0EABF ZwTerminateProcess
INT 0x06 \??\C:\Windows\system32\drivers\Haspnt.sys 9A10A16D
INT 0x0E \??\C:\Windows\system32\drivers\Haspnt.sys 9A109FC2
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 828E7998 4 Bytes [1E, EB, D0, 87]
.text ntkrnlpa.exe!KeSetEvent + 539 828E7CBC 4 Bytes [28, EB, D0, 87]
.text ntkrnlpa.exe!KeSetEvent + 56D 828E7CF0 4 Bytes [23, EB, D0, 87]
.text ntkrnlpa.exe!KeSetEvent + 5D1 828E7D54 4 Bytes [2D, EB, D0, 87]
.text ntkrnlpa.exe!KeSetEvent + 619 828E7D9C 4 Bytes [32, EB, D0, 87]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8AC0B340, 0x2932D7, 0xE8000020]
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0x9A129400, 0x87EE2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9A1CD620] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9A1CD620]
.protectÿÿÿÿhardlockunknown last code section [0x9A1CD400, 0x5126, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0x9A1CD400, 0x5126, 0xE0000020]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73FA7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73FFA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73FABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73F9F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73FA75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73F9E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73FD8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73FADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73F9FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73F9FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73F971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7402CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73FCC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73F9D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73F96853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73F9687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73FA2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3944] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [6276F3FB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 09:17:00 on 06.12.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 8.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl "plotman.cpl" - "Autodesk, Inc." - C:\Windows\system32\plotman.cpl "styleman.cpl" - "Autodesk, Inc." - C:\Windows\system32\styleman.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "AdobeGamma" - ? - %CommonFiles%\Adobe\Callibration\Adobe Gamma.cpl (File not found) "PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Conexant Setup API" (UIUSys) - ? - C:\Windows\System32\DRIVERS\UIUSYS.SYS (File not found) "Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\DPortIO.sys "Haspnt" (Haspnt) - "Aladdin Knowledge Systems" - C:\Windows\system32\drivers\Haspnt.sys "int15" (int15) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys (File found, but it contains no detailed information) "Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit" (NETw5v32) - "Intel Corporation" - C:\Windows\System32\DRIVERS\NETw5v32.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "kgtdqpoc" (kgtdqpoc) - ? - C:\Users\Steffi\AppData\Local\Temp\kgtdqpoc.sys (Hidden registry entry, rootkit activity | File not found) "MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\Windows\system32\drivers\mbamswissarmy.sys (File not found) "PSDFilter" (PSDFilter) - "HiTRUST" - C:\Windows\System32\DRIVERS\psdfilter.sys "PSDNSERVER" (PSDNServ) - "HiTRUST" - C:\Windows\System32\drivers\PSDNServ.sys "psdvdisk" (psdvdisk) - "HiTRUST" - C:\Windows\System32\drivers\psdvdisk.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys "UBHelper" (UBHelper) - ? - C:\Windows\system32\drivers\UBHelper.sys (File found, but it contains no detailed information) "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll (File not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} "AcDcToday-Steuerung" - "Autodesk" - C:\Windows\DOWNLO~1\ACDCTO~1.OCX / file:///C:/Programme/AutoCAD%202002%20Deu/AcDcToday.ocx {F281A59C-7B65-11D3-8617-0010830243BD} "AcPreview-Steuerung" - "Autodesk" - C:\Windows\DOWNLO~1\ACPREV~1.OCX / file:///C:/Programme/AutoCAD%202002%20Deu/AcPreview.ocx {1F831FA3-42FC-11D4-95A6-0080AD30DCE1} "InstaFred" - "Autodesk, Inc." - C:\Windows\DOWNLO~1\InstFred.ocx / file:///C:/Programme/AutoCAD%202002%20Deu/InstFred.ocx {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {AE563724-B4F5-11D4-A415-00108302FDFD} "NOXLATE-BANR" - "Autodesk, Inc." - C:\Windows\DOWNLO~1\InstBanr.ocx / file:///C:/Programme/AutoCAD%202002%20Deu/InstBanr.ocx {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "HiTRUST" - C:\Windows\system32\ActiveToolBand.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe (Shortcut exists | File exists) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "eDataSecurity Loader" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe "LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe "QuickTime Task" - "Apple Computer, Inc." - "C:\Program Files\QuickTime\qttask.exe" -atboottime "UIExec" - ? - "C:\Program Files\Join Air\UIExec.exe" (File found, but it contains no detailed information) "WarReg_PopUp" - "Acer Inc." - C:\Acer\WR_PopUp\WarReg_PopUp.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "eLock Service" (eLockService) - "Acer Inc." - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe "eNet Service" (eNet Service) - "Acer Inc." - C:\Acer\Empowering Technology\eNet\eNet Service.exe "ePower Service" (WMIService) - "acer" - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe "eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe "eSettings Service" (eSettingsService) - ? - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe (File found, but it contains no detailed information) "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Symantec Lic NetConnect service" (CLTNetCnService) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (File not found) "UI Assistant Service" (UI Assistant Service) - ? - C:\Program Files\Join Air\AssistantServices.exe (File found, but it contains no detailed information) [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\Windows\Acer.scr (File found, but it contains no detailed information) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Computer, Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru ASW: aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-12-06 09:17:49 ----------------------------- 09:17:49.677 OS Version: Windows 6.0.6002 Service Pack 2 09:17:49.677 Number of processors: 2 586 0xE08 09:17:49.678 ComputerName: GRISU UserName: 09:18:05.739 Initialize success 09:20:19.386 AVAST engine defs: 11120501 09:20:29.183 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 09:20:29.243 Disk 0 Vendor: WDC_WD1600BEVS-22RST0 04.01G04 Size: 152627MB BusType: 3 09:20:31.448 Disk 0 MBR read successfully 09:20:31.451 Disk 0 MBR scan 09:20:31.594 Disk 0 unknown MBR code 09:20:31.656 Disk 0 scanning sectors +312576705 09:20:32.155 Disk 0 scanning C:\Windows\system32\drivers 09:22:17.462 Service scanning 09:22:20.793 Modules scanning 09:23:51.698 Disk 0 trace - called modules: 09:23:51.724 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 09:23:51.729 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858f32c8] 09:23:51.734 3 CLASSPNP.SYS[86fb48b3] -> nt!IofCallDriver -> [0x852eb4c8] 09:23:51.741 5 acpi.sys[82e9b6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x852eb030] 09:23:53.272 AVAST engine scan C:\Windows 09:24:12.396 AVAST engine scan C:\Windows\system32 09:29:32.037 AVAST engine scan C:\Windows\system32\drivers 09:29:53.887 AVAST engine scan C:\Users\Steffi 09:35:45.632 AVAST engine scan C:\ProgramData 09:37:37.681 Scan finished successfully 09:38:35.527 Disk 0 MBR has been saved successfully to "C:\Users\Steffi\Desktop\MBR.dat" 09:38:35.535 The log file has been saved successfully to "C:\Users\Steffi\Desktop\aswMBR.txt" Grüße, Stephanie |
|
| Themen zu Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet |
| 0x00000001, alternate, antivir, autorun, avira, bho, bonjour, boot-cd, c:\windows\system32\rundll32.exe, computer, error, excel, excel.exe, firefox, format, google, google earth, helper, home, hängt, launch, nvlddmkm.sys, plug-in, popup, problem, realtek, registry, required, rundll, senden, sketchup, software, starten, symantec, version=1.0, virus, virus ?, vista |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
