| |
| |||||||
Log-Analyse und Auswertung: Logfile zu Google-UmleitungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.01.2012, 17:27
| #1 |
 |  Logfile zu Google-Umleitung Hallo, habe das bekannte Problem mit der Umleitung auf Werbeseiten wenn ich über Google, Bing etc. was suche und auf den Link klicke. Hier das Logfile von Hijack This: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:19:43, on 23.01.2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16912) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe C:\Program Files\OO Software\Defrag\oodtray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files\ICQ7.5\ICQ.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\David\Desktop\HiJackThis204.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [Steam] "D:\Stream\Steam.exe" -silent O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.5\ICQ.exe" silent loginmode=4 O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 5476 bytes Hoffe auf eure Hilfe! |
|
23.01.2012, 17:38
| #2 |
| /// Malware-holic   | Logfile zu Google-Umleitung Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
23.01.2012, 18:30
| #3 |
| | Logfile zu Google-Umleitung So hier kommts:
__________________Extras:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.01.2012 18:15:48 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\David\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 74,53% Memory free
7,00 Gb Paging File | 5,91 Gb Available in Paging File | 84,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 56,14 Gb Total Space | 2,02 Gb Free Space | 3,59% Space Free | Partition Type: NTFS
Drive D: | 292,43 Gb Total Space | 254,33 Gb Free Space | 86,97% Space Free | Partition Type: NTFS
Drive S: | 117,19 Gb Total Space | 86,56 Gb Free Space | 73,87% Space Free | Partition Type: NTFS
Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{05CAF469-9765-8FBF-10AD-FD621091824A}" = CCC Help English
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3143 Banner Remover 1.1
"{1808A2AC-DB66-6B80-9340-F6476390CB18}" = AMD Drag and Drop Transcoding
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{26D4FB2E-BA55-3E2C-CC6F-97D6A0A74306}" = AMD Fuel
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{3A8DED06-80E7-4555-AA1F-FF4A2A4D353C}" = Aerosoft's - DHC-6 Twin Otter X
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1D0591-14F7-736E-143A-62DC3E552A1A}" = Catalyst Control Center InstallProxy
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{6F64A42C-6D93-6788-EB4F-07CC066DE194}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76D1FBEB-FBBF-0D1E-BB0A-CAA0D19E2C7F}" = ccc-utility
"{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8D8B8115-40C1-A707-B7DA-599514076A81}" = AMD VISION Engine Control Center
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A716BE0A-331D-4603-9E70-319153D1943F}_is1" = Mafia 2
"{A942958E-AF92-7901-861B-7F373A1B6ABA}" = AMD Catalyst Install Manager
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E29CFB36-F070-4612-8DB5-7038161B6294}" = O&O Defrag Free Edition
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{F01F90DD-10AD-4230-A501-3419FAE06ACA}" = MyWorld Complete
"{F48756D1-A348-2DA5-B59B-DF39F293F750}" = AMD Media Foundation Decoders
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Boeing 737 Fuel Planner 1.5" = Boeing 737 Fuel Planner 1.5
"CCleaner" = CCleaner
"Classics Hangar Fw 190 A, die frühen Baureihen 2.0" = Classics Hangar Fw 190 A, die frühen Baureihen 2.0
"Classics Hangar Fw 190 A, die späten Baureihen" = Classics Hangar Fw 190 A, die späten Baureihen
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.93
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"IrfanView" = IrfanView (remove only)
"IvAe_is1" = The Eye v1.0.8 (b367)
"Lexmark 1200 Series" = Lexmark 1200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"SkyTest® BU-Trainingssoftware_is1" = SkyTest® BU-Trainingssoftware 2.3
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"StarCraft II" = StarCraft II
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNationsForever_is1" = TmNationsForever
"VLC media player" = VLC media player 1.1.0
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flight1 ATR 72-500 for FSX (Includes SP1)" = Flight1 ATR 72-500 for FSX (Includes SP1)re.exe
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 20.11.2011 12:03:25 | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fs9.exe, Version: 9.1.0.40901, Zeitstempel:
0x4135a208 Name des fehlerhaften Moduls: MFC70.DLL, Version: 7.0.9466.0, Zeitstempel:
0x3c36f60b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000f0e7 ID des fehlerhaften Prozesses:
0x8e0 Startzeit der fehlerhaften Anwendung: 0x01cca79d63089280 Pfad der fehlerhaften
Anwendung: S:\FS2004\fs9.exe Pfad des fehlerhaften Moduls: S:\FS2004\MFC70.DLL Berichtskennung:
2cfbd200-1391-11e1-b847-001d60c0e463
Error - 20.11.2011 12:06:50 | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fs9.exe, Version: 9.1.0.40901, Zeitstempel:
0x4135a208 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0xdc8 Startzeit der fehlerhaften Anwendung: 0x01cca79e40fe0390 Pfad der fehlerhaften
Anwendung: S:\FS2004\fs9.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung:
a71f8d10-1391-11e1-b847-001d60c0e463
Error - 20.11.2011 12:06:54 | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fs9.exe, Version: 9.1.0.40901, Zeitstempel:
0x4135a208 Name des fehlerhaften Moduls: MFC70.DLL, Version: 7.0.9466.0, Zeitstempel:
0x3c36f60b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000f0e7 ID des fehlerhaften Prozesses:
0xdc8 Startzeit der fehlerhaften Anwendung: 0x01cca79e40fe0390 Pfad der fehlerhaften
Anwendung: S:\FS2004\fs9.exe Pfad des fehlerhaften Moduls: S:\FS2004\MFC70.DLL Berichtskennung:
a9617660-1391-11e1-b847-001d60c0e463
Error - 20.11.2011 13:07:11 | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fs9.exe, Version: 9.1.0.40901, Zeitstempel:
0x4135a208 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0xf68 Startzeit der fehlerhaften Anwendung: 0x01cca79eab4580c0 Pfad der fehlerhaften
Anwendung: S:\FS2004\fs9.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung:
158ea9e0-139a-11e1-b847-001d60c0e463
Error - 20.11.2011 15:41:32 | Computer Name = David-PC | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7600.16667 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 8f8 Startzeit: 01cca7bc519d8632 Endzeit: 1441 Anwendungspfad:
C:\Program Files\Windows Media Player\wmplayer.exe Berichts-ID: a23851b3-13af-11e1-a7bf-001d60c0e463
Error - 23.11.2011 17:45:04 | Computer Name = David-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7600.16768 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: a9c Startzeit: 01ccaa1602cc07f0 Endzeit: 60000 Anwendungspfad:
C:\Windows\Explorer.EXE Berichts-ID: 39cc7ec1-161c-11e1-93d5-001d60c0e463
Error - 29.11.2011 17:57:34 | Computer Name = David-PC | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7600.16667 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 28c Startzeit: 01ccaee1dcb16670 Endzeit: 18 Anwendungspfad:
C:\Program Files\Windows Media Player\wmplayer.exe Berichts-ID: 22751441-1ad5-11e1-89b8-001d60c0e463
Error - 08.12.2011 14:53:34 | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LXCZaiox.exe, Version: 1.50.0.0,
Zeitstempel: 0x45a49f3d Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7600.16644,
Zeitstempel: 0x4c4ee5ad Ausnahmecode: 0xc0000005 Fehleroffset: 0x0023cfda ID des fehlerhaften
Prozesses: 0xc8c Startzeit der fehlerhaften Anwendung: 0x01ccb5d8910ecf20 Pfad der
fehlerhaften Anwendung: C:\Program Files\Lexmark 1200 Series\LXCZaiox.exe Pfad des
fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll Berichtskennung: edb10070-21cd-11e1-ae55-001d60c0e463
Error - 11.12.2011 11:44:33 | Computer Name = David-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\Anno1701\Tools\Tages\DrvSetup_x64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.01.2012 11:59:05 | Computer Name = David-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\Anno1701\Tools\Tages\DrvSetup_x64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 22.01.2012 13:30:28 | Computer Name = David-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 22.01.2012 13:31:44 | Computer Name = David-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 22.01.2012 14:16:44 | Computer Name = David-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 22.01.2012 14:50:42 | Computer Name = David-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 22.01.2012 14:51:04 | Computer Name = David-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 22.01.2012 14:52:13 | Computer Name = David-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 23.01.2012 12:11:45 | Computer Name = David-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 23.01.2012 12:12:10 | Computer Name = David-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 23.01.2012 12:13:32 | Computer Name = David-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 23.01.2012 12:57:07 | Computer Name = David-PC | Source = WMPNetworkSvc | ID = 866300
Description =
< End of report >
OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.01.2012 18:15:48 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\David\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 74,53% Memory free 7,00 Gb Paging File | 5,91 Gb Available in Paging File | 84,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 56,14 Gb Total Space | 2,02 Gb Free Space | 3,59% Space Free | Partition Type: NTFS Drive D: | 292,43 Gb Total Space | 254,33 Gb Free Space | 86,97% Space Free | Partition Type: NTFS Drive S: | 117,19 Gb Total Space | 86,56 Gb Free Space | 73,87% Space Free | Partition Type: NTFS Computer Name: DAVID-PC | User Name: David | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\David\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH) PRC - C:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Lexmark 1200 Series\LXCZbmgr.exe (Lexmark International, Inc.) PRC - C:\Programme\Lexmark 1200 Series\LXCZbmon.exe (Lexmark International, Inc.) PRC - C:\Windows\System32\lxczcoms.exe ( ) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b8ee7bf7d7ac34623238f731b05395a2\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a\System.Runtime.Remoting.ni.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dabeb21f09f88576c2cce838280c7f44\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2b0b477db8f5a19d6365b93106b26651\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a5feb05f9283b0e79e0959b5df220130\WindowsFormsIntegration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\fccf285ecdd9091a3f8d5e73d79c3300\UIAutomationProvider.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\401a9dbeaad6b6ca70c90ae4fbd2e0b8\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b540398c49e7c32ab58666de7f09f645\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\af091a68303117ca2166aa13bcbfbbd0\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\c0afb5fbfbc7a8d670b430672c5fd578\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\90223e809b1ff291a7f65509702e2fa1\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a48e483c6b13da563725d72ec518a0bb\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\69adb8f9940fa1330f6f1b706e3dc31e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\2b1af7649e57195b4b85bbf4c5cb7c90\mscorlib.ni.dll () MOD - C:\Users\David\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll () MOD - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (OODefragAgent) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (lxcz_device) -- C:\Windows\System32\lxczcoms.exe ( ) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation) DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (HCW85BDA) -- C:\Windows\System32\drivers\HCW85BDA.sys (Hauppauge Computer Works) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) DRV - (gfvknt) -- C:\Windows\System32\drivers\gfvknt.sys (GoFlight, Inc.) DRV - (npusbio) -- C:\Windows\System32\drivers\npusbio.sys (Thesycon GmbH, Germany) DRV - (SaiH0763) -- C:\Windows\System32\drivers\SaiH0763.sys (Saitek) DRV - (SaiH0BAC) -- C:\Windows\System32\drivers\SaiH0BAC.sys (Saitek) DRV - (USBPNPA) -- C:\Windows\System32\drivers\CM108.sys (C-Media Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A1 91 6A DE 32 D9 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11222.991 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.14 18:11:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.10 20:34:01 | 000,000,000 | ---D | M] [2010.09.18 20:34:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\mozilla\Extensions [2010.10.22 16:34:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\fcgehftb.default\extensions [2010.10.22 15:50:37 | 000,003,915 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fcgehftb.default\searchplugins\sweetim.xml [2012.01.11 20:26:22 | 000,002,057 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fcgehftb.default\searchplugins\youtube-videosuche.xml [2011.10.23 17:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.08.15 19:35:03 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2010.10.28 20:47:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.30 11:21:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.12 22:40:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.16 21:17:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.24 20:15:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.10.23 17:24:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.08.15 19:35:03 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{906305F7-AAFC-45E9-8BBD-941950A84DAD} [2010.10.28 20:47:03 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.30 11:21:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.12 22:40:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.16 21:17:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.24 20:15:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.10.23 17:24:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.09.14 22:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.09.14 22:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.09.14 22:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.09.14 22:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.09.14 22:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.22 15:48:58 | 000,001,021 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 ar.atwola.com O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 127.0.0.1 71i.de O2 - BHO: (no name) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [Steam] D:\Stream\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34F41EE6-4E29-4426-8CAF-751466165E39}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{44cf3c0c-265e-11e0-b676-001d60c0e463}\Shell - "" = AutoRun O33 - MountPoints2\{44cf3c0c-265e-11e0-b676-001d60c0e463}\Shell\AutoRun\command - "" = L:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.23 18:01:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe [2012.01.23 17:14:38 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\David\Desktop\HiJackThis204.exe [2012.01.22 18:33:27 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Malwarebytes [2012.01.22 18:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.22 18:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.22 18:33:21 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.01.22 18:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.01.22 18:32:08 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\David\Desktop\mbam-setup-1.60.0.1800.exe [2012.01.22 18:26:34 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\tdsskiller [2012.01.21 14:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5 [2012.01.21 14:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.5 [2012.01.14 18:38:52 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\PoWi-Protokolle [2012.01.11 23:05:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.01.05 17:12:07 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2012.01.05 17:12:04 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\TeamSpeak 3 Client [2012.01.01 17:37:15 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\ABIVorbereitung [2010.09.26 15:39:51 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll [2010.09.26 15:39:51 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll [2010.09.26 15:39:51 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll [2010.09.26 15:39:51 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll [2010.09.26 15:39:51 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll [2010.09.26 15:39:51 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll [2010.09.26 15:39:51 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll [2010.09.26 15:39:51 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll [2010.09.26 15:39:50 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll [2010.09.26 15:39:50 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll [2010.09.26 15:39:50 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll [2010.09.26 15:39:50 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxczcoms.exe [2010.09.26 15:39:50 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll [2010.09.26 15:39:50 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxczih.exe [2010.09.26 15:39:50 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxczcfg.exe ========== Files - Modified Within 30 Days ========== [2012.01.23 18:01:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe [2012.01.23 17:18:34 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.23 17:18:34 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.23 17:14:39 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\David\Desktop\HiJackThis204.exe [2012.01.23 17:10:50 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\ALNLIIFE.job [2012.01.23 17:10:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.23 17:10:39 | 2817,433,600 | -HS- | M] () -- C:\hiberfil.sys [2012.01.22 18:33:23 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.22 18:32:57 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\David\Desktop\mbam-setup-1.60.0.1800.exe [2012.01.21 19:44:07 | 000,122,880 | RHS- | M] () -- C:\Windows\System32\he-IL0.dll [2012.01.21 19:41:59 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.21 19:41:59 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.21 19:41:59 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.21 19:41:59 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.21 19:41:40 | 003,913,348 | ---- | M] () -- C:\Users\David\Desktop\Me gusta.mp3 [2012.01.21 17:45:53 | 001,135,342 | ---- | M] () -- C:\Users\David\Documents\Arbeitstechniken_Schießen.pdf [2012.01.21 14:37:37 | 000,001,770 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.5.lnk [2012.01.19 14:58:06 | 000,118,520 | ---- | M] () -- C:\Users\David\Desktop\Profil.odt [2012.01.17 18:35:34 | 000,012,901 | ---- | M] () -- C:\Users\David\Desktop\Erklärung.odt [2012.01.15 21:58:38 | 001,234,605 | ---- | M] () -- C:\Users\David\Documents\kernphysik.pdf [2012.01.05 17:12:07 | 000,001,207 | ---- | M] () -- C:\Users\David\Desktop\TeamSpeak 3 Client.lnk [2012.01.04 19:25:20 | 002,782,011 | ---- | M] () -- C:\Users\David\Desktop\P Stands For Paddy.mp3 [2012.01.04 19:24:12 | 003,347,922 | ---- | M] () -- C:\Users\David\Desktop\Wall Of Folk.mp3 [2011.12.30 12:27:12 | 000,005,632 | ---- | M] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.28 20:41:00 | 000,034,004 | ---- | M] () -- C:\Users\David\Desktop\flugzeug-sonnenuntergang_596.jpg ========== Files Created - No Company Name ========== [2012.01.22 18:33:23 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.21 19:44:07 | 000,122,880 | RHS- | C] () -- C:\Windows\System32\he-IL0.dll [2012.01.21 19:44:07 | 000,000,308 | ---- | C] () -- C:\Windows\tasks\ALNLIIFE.job [2012.01.21 18:26:17 | 003,913,348 | ---- | C] () -- C:\Users\David\Desktop\Me gusta.mp3 [2012.01.21 17:45:53 | 001,135,342 | ---- | C] () -- C:\Users\David\Documents\Arbeitstechniken_Schießen.pdf [2012.01.21 14:37:37 | 000,001,770 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.5.lnk [2012.01.19 14:50:05 | 000,118,520 | ---- | C] () -- C:\Users\David\Desktop\Profil.odt [2012.01.17 18:35:32 | 000,012,901 | ---- | C] () -- C:\Users\David\Desktop\Erklärung.odt [2012.01.15 21:58:38 | 001,234,605 | ---- | C] () -- C:\Users\David\Documents\kernphysik.pdf [2012.01.05 17:12:07 | 000,001,207 | ---- | C] () -- C:\Users\David\Desktop\TeamSpeak 3 Client.lnk [2012.01.04 18:10:11 | 003,347,922 | ---- | C] () -- C:\Users\David\Desktop\Wall Of Folk.mp3 [2012.01.04 17:56:10 | 002,782,011 | ---- | C] () -- C:\Users\David\Desktop\P Stands For Paddy.mp3 [2011.12.28 20:41:00 | 000,034,004 | ---- | C] () -- C:\Users\David\Desktop\flugzeug-sonnenuntergang_596.jpg [2011.11.24 12:35:37 | 000,000,080 | ---- | C] () -- C:\Users\David\AppData\Local\X-Plane Installer.prf [2011.11.10 03:28:32 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2011.11.10 03:28:32 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll [2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011.11.02 23:09:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\zlib1i.dll [2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll [2011.10.21 20:30:14 | 000,243,168 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.10.03 13:45:21 | 000,083,872 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.10.03 13:45:05 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.09.21 08:53:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.08.15 20:46:06 | 000,417,066 | ---- | C] () -- C:\Windows\System32\sig.bin [2011.06.23 17:21:14 | 000,552,960 | ---- | C] () -- C:\Windows\System32\FS2AUDIO.dll [2011.05.05 20:49:04 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2011.05.05 20:31:28 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2011.02.22 18:55:20 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.02.22 18:55:20 | 000,042,112 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.01.30 18:58:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.04 16:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.01.04 16:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.01.04 16:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.01.04 16:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.01.04 16:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.11.04 14:46:30 | 000,286,208 | ---- | C] () -- C:\Windows\System32\binkw32.dll [2010.11.02 18:01:39 | 000,000,061 | -HS- | C] () -- C:\Windows\cnerolf.dat [2010.10.31 14:05:48 | 000,005,632 | ---- | C] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.26 15:40:34 | 000,000,245 | ---- | C] () -- C:\Windows\Lexstat.ini [2010.09.26 15:39:51 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll [2010.09.26 15:39:51 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll [2009.07.14 09:47:43 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,304,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2007.07.18 10:31:30 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC0763_0C.dll [2007.07.18 10:31:30 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0763_10.dll [2007.07.18 10:31:30 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0763_0A.dll [2007.07.18 10:31:30 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0763_09.dll [2007.07.18 10:31:30 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC0763_11.dll [2007.07.18 10:31:28 | 000,831,488 | ---- | C] () -- C:\Windows\System32\SaiC0763.Dll [2007.07.18 10:31:28 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0763_07.dll [2007.07.18 10:31:28 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC0763_0402.dll [2007.07.02 07:50:54 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_0402.dll [2007.07.02 07:50:54 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_11.dll [2007.07.02 07:50:52 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_0C.dll [2007.07.02 07:50:52 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_10.dll [2007.07.02 07:50:52 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_0A.dll [2007.07.02 07:50:52 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_09.dll [2007.07.02 07:50:50 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_07.dll [2007.07.02 07:46:40 | 000,839,680 | ---- | C] () -- C:\Windows\System32\SaiC0BAC.Dll [2007.06.20 19:39:26 | 000,271,872 | ---- | C] () -- C:\Windows\System32\flt1chk3.dll [2007.02.07 17:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini [2007.01.22 08:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxczcoin.dll [2006.06.07 13:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll [2006.03.27 11:19:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll [2006.03.07 11:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll [2006.02.22 23:37:47 | 000,318,014 | ---- | C] () -- C:\Windows\System32\flt1chk4.dll [2006.01.10 17:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll [2006.01.10 17:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll [2005.09.25 18:48:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll [2005.01.15 00:51:21 | 000,000,151 | ---- | C] () -- C:\Windows\swfl5.ini ========== LOP Check ========== [2011.10.17 16:46:11 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\.ZMatrix [2011.11.07 21:05:08 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Canneverbe Limited [2011.07.21 16:27:31 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\DAEMON Tools Lite [2011.05.05 20:49:12 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\FreeAudioPack [2011.06.15 21:26:02 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\FreeCDRipper [2011.08.22 19:33:04 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\GameRanger [2010.11.14 19:52:49 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\GetRightToGo [2011.05.25 17:49:24 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\gtk-2.0 [2010.10.14 18:03:28 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\HiFi [2012.01.23 18:15:46 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\ICQ [2010.09.23 20:33:39 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\IrfanView [2010.09.20 18:02:14 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\OpenOffice.org [2011.02.22 18:54:03 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Samsung [2011.10.15 20:53:19 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\SkyTestBU1 [2011.05.05 21:01:51 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\TeraCopy [2012.01.05 17:28:01 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\TS3Client [2011.11.17 13:33:21 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Ubisoft [2012.01.23 17:10:50 | 000,000,308 | ---- | M] () -- C:\Windows\Tasks\ALNLIIFE.job [2012.01.18 20:36:55 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.10.05 15:52:20 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.09.21 08:48:38 | 000,000,000 | ---D | M] -- C:\ATI [2010.09.16 22:20:37 | 000,000,000 | -HSD | M] -- C:\Boot [2012.01.12 11:33:20 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.09.16 21:32:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.09.26 15:38:44 | 000,000,000 | ---D | M] -- C:\lexmark [2010.10.06 17:44:01 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.01.22 18:33:21 | 000,000,000 | R--D | M] -- C:\Program Files [2012.01.22 18:33:22 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.09.16 21:32:37 | 000,000,000 | -HSD | M] -- C:\Programme [2010.09.16 21:32:37 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.01.23 18:17:12 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.12.08 20:49:42 | 000,000,000 | ---D | M] -- C:\temp [2010.09.28 17:29:16 | 000,000,000 | R--D | M] -- C:\Users [2012.01.22 19:49:31 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2011.11.10 04:12:24 | 000,466,944 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll [2012.01.21 19:44:07 | 000,122,880 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\he-IL0.dll < %USERPROFILE%\*.* > [2011.05.25 17:49:23 | 000,000,886 | ---- | M] () -- C:\Users\David\.recently-used.xbel [2012.01.23 18:25:11 | 002,621,440 | -HS- | M] () -- C:\Users\David\NTUSER.DAT [2012.01.23 18:25:11 | 000,262,144 | -HS- | M] () -- C:\Users\David\ntuser.dat.LOG1 [2010.09.16 21:32:49 | 000,000,000 | -HS- | M] () -- C:\Users\David\ntuser.dat.LOG2 [2010.09.16 21:35:11 | 000,065,536 | -HS- | M] () -- C:\Users\David\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.09.16 21:35:11 | 000,524,288 | -HS- | M] () -- C:\Users\David\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.09.16 21:35:11 | 000,524,288 | -HS- | M] () -- C:\Users\David\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010.09.16 21:32:49 | 000,000,020 | -HS- | M] () -- C:\Users\David\ntuser.ini [2010.12.17 14:23:37 | 000,000,199 | ---- | M] () -- C:\Users\David\QualityWings_Ultimate 757 Collection.reg < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:EFD9810A @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A1D5C6AA < End of report > |
|
23.01.2012, 19:19
| #4 |
| /// Malware-holic | Logfile zu Google-Umleitung öffne malwarebytes, berichte und poste mir alle logs.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.01.2012, 21:50
| #5 |
| | Logfile zu Google-Umleitung Ich habe einen kompletten Suchvorgang gemacht aber es wurde nichts gefunden: Malwarebytes Anti-Malware (Test) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.23.04 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 David :: DAVID-PC [Administrator] Schutz: Aktiviert 23.01.2012 20:49:17 mbam-log-2012-01-23 (20-49-17).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 414499 Laufzeit: 57 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Das Problem besteht weiterhin |
|
24.01.2012, 12:20
| #6 |
| /// Malware-holic | Logfile zu Google-Umleitung ich wollte kein neues log, ich wollte die alten, wenn sie denn vorhanden sind
__________________ --> Logfile zu Google-Umleitung |
|
24.01.2012, 16:41
| #7 |
| | Logfile zu Google-Umleitung Ok, hier sind sie alle. Die ältesten zuerst: Malwarebytes Anti-Malware (Test) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.22.03 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 David :: DAVID-PC [Administrator] Schutz: Aktiviert 22.01.2012 18:34:33 mbam-log-2012-01-22 (18-34-33).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 186770 Laufzeit: 4 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware (Test) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.22.03 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 David :: DAVID-PC [Administrator] Schutz: Aktiviert 22.01.2012 18:39:49 mbam-log-2012-01-22 (18-39-49).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 413948 Laufzeit: 56 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 S:\Flusi-Dateien\9Dragons - Kai Tak\9dv2-1\9Dragons v2.1 Update.exe (Adware.Onlinegames) -> Erfolgreich gelöscht und in Quarantäne gestellt. S:\Flusi-Dateien\fsonlinecenter_v2.0\FSOnlineCenter_v2.0.exe (Adware.Onlinegames) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Malwarebytes Anti-Malware (Test) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.23.04 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 David :: DAVID-PC [Administrator] Schutz: Aktiviert 23.01.2012 20:44:29 mbam-log-2012-01-23 (20-44-29).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 186629 Laufzeit: 4 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware (Test) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.23.04 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 David :: DAVID-PC [Administrator] Schutz: Aktiviert 23.01.2012 20:49:17 mbam-log-2012-01-23 (20-49-17).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 414499 Laufzeit: 57 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
24.01.2012, 16:58
| #8 |
| /// Malware-holic | Logfile zu Google-Umleitung danke. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.01.2012, 15:42
| #9 |
| | Logfile zu Google-Umleitung Hier jetzt das Logfile von Combofix: Combofix Logfile: Code:
ATTFilter ComboFix 12-01-29.01 - David 29.01.2012 15:22:58.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3583.2730 [GMT 1:00]
ausgeführt von:: c:\users\David\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\David\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-28 bis 2012-01-29 ))))))))))))))))))))))))))))))
.
.
2012-01-29 14:28 . 2012-01-29 14:30 -------- d-----w- c:\users\David\AppData\Local\temp
2012-01-26 12:44 . 2012-01-26 12:44 -------- d-----w- c:\program files\Blobby Volley 2.0 Version 0.9c
2012-01-26 11:55 . 2011-11-17 05:48 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-26 11:55 . 2011-11-17 05:42 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-26 11:55 . 2011-11-17 05:39 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-26 11:55 . 2011-11-17 05:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-26 11:55 . 2011-11-17 05:48 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-26 11:55 . 2011-11-17 05:39 314368 ----a-w- c:\windows\system32\webio.dll
2012-01-26 11:55 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll
2012-01-26 11:55 . 2011-11-17 05:39 15360 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-26 11:55 . 2011-11-17 05:39 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-26 11:55 . 2011-11-17 05:36 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-22 17:33 . 2012-01-22 17:33 -------- d-----w- c:\users\David\AppData\Roaming\Malwarebytes
2012-01-22 17:33 . 2012-01-22 17:33 -------- d-----w- c:\programdata\Malwarebytes
2012-01-21 18:44 . 2012-01-21 18:44 122880 --sha-r- c:\windows\system32\he-IL0.dll
2012-01-21 13:36 . 2012-01-21 13:39 -------- d-----w- c:\program files\ICQ7.5
2012-01-20 15:55 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA148999-415C-4D63-82C6-B475BA9CC945}\mpengine.dll
2012-01-11 21:11 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 21:11 . 2011-11-19 14:06 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 21:11 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 21:10 . 2011-10-26 04:28 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-05 16:12 . 2012-01-05 16:12 -------- d-----w- c:\users\David\AppData\Local\TeamSpeak 3 Client
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-16 19:46 . 2011-05-22 19:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-24 04:23 . 2011-12-14 16:17 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 13:29 . 2010-09-17 14:48 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-10 03:44 . 2011-11-10 03:44 8913920 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-11-10 03:17 . 2011-11-10 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-10 03:16 . 2011-07-28 21:40 774656 ----a-w- c:\windows\system32\aticfx32.dll
2011-11-10 03:12 . 2011-11-10 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-10 03:11 . 2011-11-10 03:11 417792 ----a-w- c:\windows\system32\atieclxx.exe
2011-11-10 03:11 . 2011-11-10 03:11 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-11-10 03:10 . 2011-11-10 03:10 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2011-11-10 03:09 . 2011-11-10 03:09 360448 ----a-w- c:\windows\system32\atipdlxx.dll
2011-11-10 03:09 . 2011-11-10 03:09 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-11-10 03:09 . 2011-11-10 03:09 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-11-10 03:09 . 2011-11-10 03:09 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-11-10 03:06 . 2011-07-28 21:30 6077952 ----a-w- c:\windows\system32\atidxx32.dll
2011-11-10 02:58 . 2011-11-10 02:58 18996224 ----a-w- c:\windows\system32\atioglxx.dll
2011-11-10 02:40 . 2011-11-10 02:40 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-11-10 02:34 . 2011-11-10 02:34 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-11-10 02:34 . 2011-11-10 02:34 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-11-10 02:33 . 2011-07-28 21:09 5852672 ----a-w- c:\windows\system32\atiumdag.dll
2011-11-10 02:29 . 2011-11-10 02:29 11300864 ----a-w- c:\windows\system32\aticaldd.dll
2011-11-10 02:29 . 2011-07-28 21:03 4200960 ----a-w- c:\windows\system32\atiumdva.dll
2011-11-10 02:18 . 2011-07-28 21:01 51200 ----a-w- c:\windows\system32\coinst.dll
2011-11-10 02:13 . 2011-11-10 02:13 348160 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-11-10 02:12 . 2011-11-10 02:12 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-11-10 02:12 . 2011-11-10 02:12 263680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-11-10 02:11 . 2011-07-28 20:53 32256 ----a-w- c:\windows\system32\atiuxpag.dll
2011-11-10 02:11 . 2011-07-28 20:53 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\system32\atimpc32.dll
2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2011-11-10 02:10 . 2011-11-10 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-09 21:39 . 2011-11-09 21:39 59904 ----a-w- c:\windows\system32\OpenVideo.dll
2011-11-09 21:39 . 2011-11-09 21:39 54784 ----a-w- c:\windows\system32\OVDecode.dll
2011-11-09 21:38 . 2011-11-09 21:38 14375936 ----a-w- c:\windows\system32\amdocl.dll
2011-11-05 04:35 . 2011-12-14 16:19 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:34 . 2011-12-14 16:19 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 04:30 . 2011-12-14 16:17 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 03:28 . 2011-12-14 16:19 386048 ----a-w- c:\windows\system32\html.iec
2011-11-05 02:55 . 2011-12-14 16:19 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-04-28 934800]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-04-28 3373968]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-04-28 19856]
"Steam"="d:\stream\Steam.exe" [2011-08-05 1242448]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-08-01 124480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2009-04-27 74408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-01-25 2729800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168]
.
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 30312]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2011-08-15 49016]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-07-13 1394688]
R3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio.sys [2008-04-25 36384]
R3 SaiH0763;SaiH0763;c:\windows\system32\DRIVERS\SaiH0763.sys [2007-07-18 135680]
R3 SaiH0BAC;SaiH0BAC;c:\windows\system32\DRIVERS\SaiH0BAC.sys [2007-07-02 135168]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-01-03 114152]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-09 291840]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-01-05 222568]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-01-25 2336072]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 8913920]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 263680]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-10-17 85520]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2011-01-05 42112]
S3 gfvknt;GoFlight Virtual HID Keyboard;c:\windows\system32\DRIVERS\gfvknt.sys [2008-12-08 19968]
S3 netr73;USB-Drahtlos-802.11 b/g-Adaptertreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-29 c:\windows\Tasks\ALNLIIFE.job
- c:\windows\system32\he-IL0.dll [2012-01-21 18:44]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fcgehftb.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: G Data BankGuard: {906305f7-aafc-45e9-8bbd-941950a84dad} - c:\program files\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
SafeBoot-28383296.sys
SafeBoot-66989573.sys
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\Kies\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\Kies\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\lxczcoms.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-29 15:35:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-01-29 14:35
.
Vor Suchlauf: 1.890.889.728 Bytes frei
Nach Suchlauf: 1.909.264.384 Bytes frei
.
- - End Of File - - F9BC303A983DC686D01A9BB350D90B6F
|
|
30.01.2012, 12:33
| #10 |
| /// Malware-holic | Logfile zu Google-Umleitung download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
30.01.2012, 15:16
| #11 |
| | Logfile zu Google-Umleitung 15:13:28.0356 3804 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27 15:13:28.0465 3804 ============================================================ 15:13:28.0465 3804 Current date / time: 2012/01/30 15:13:28.0465 15:13:28.0465 3804 SystemInfo: 15:13:28.0465 3804 15:13:28.0465 3804 OS Version: 6.1.7600 ServicePack: 0.0 15:13:28.0465 3804 Product type: Workstation 15:13:28.0465 3804 ComputerName: DAVID-PC 15:13:28.0465 3804 UserName: David 15:13:28.0465 3804 Windows directory: C:\Windows 15:13:28.0465 3804 System windows directory: C:\Windows 15:13:28.0465 3804 Processor architecture: Intel x86 15:13:28.0465 3804 Number of processors: 2 15:13:28.0465 3804 Page size: 0x1000 15:13:28.0465 3804 Boot type: Normal boot 15:13:28.0465 3804 ============================================================ 15:13:29.0089 3804 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050 15:13:29.0214 3804 Initialize success 15:14:19.0197 3604 ============================================================ 15:14:19.0197 3604 Scan started 15:14:19.0197 3604 Mode: Manual; SigCheck; TDLFS; 15:14:19.0197 3604 ============================================================ 15:14:19.0618 3604 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 15:14:19.0712 3604 1394ohci - ok 15:14:19.0759 3604 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 15:14:19.0759 3604 ACPI - ok 15:14:19.0806 3604 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 15:14:19.0837 3604 AcpiPmi - ok 15:14:19.0884 3604 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 15:14:19.0899 3604 adp94xx - ok 15:14:19.0915 3604 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 15:14:19.0930 3604 adpahci - ok 15:14:19.0930 3604 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 15:14:19.0946 3604 adpu320 - ok 15:14:20.0008 3604 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys 15:14:20.0055 3604 AFD - ok 15:14:20.0055 3604 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 15:14:20.0071 3604 agp440 - ok 15:14:20.0102 3604 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 15:14:20.0118 3604 aic78xx - ok 15:14:20.0133 3604 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 15:14:20.0149 3604 aliide - ok 15:14:20.0180 3604 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 15:14:20.0196 3604 amdagp - ok 15:14:20.0211 3604 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 15:14:20.0211 3604 amdide - ok 15:14:20.0258 3604 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys 15:14:20.0305 3604 amdiox86 - ok 15:14:20.0336 3604 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 15:14:20.0352 3604 AmdK8 - ok 15:14:20.0664 3604 amdkmdag (ab70f110143892eb41aa46500aa5cf00) C:\Windows\system32\DRIVERS\atikmdag.sys 15:14:21.0288 3604 amdkmdag - ok 15:14:21.0350 3604 amdkmdap (32d68d05b871eed5572d0c2c764ea4ec) C:\Windows\system32\DRIVERS\atikmpag.sys 15:14:21.0381 3604 amdkmdap - ok 15:14:21.0412 3604 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 15:14:21.0428 3604 AmdPPM - ok 15:14:21.0459 3604 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys 15:14:21.0475 3604 amdsata - ok 15:14:21.0506 3604 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 15:14:21.0537 3604 amdsbs - ok 15:14:21.0568 3604 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys 15:14:21.0584 3604 amdxata - ok 15:14:21.0631 3604 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys 15:14:21.0646 3604 androidusb - ok 15:14:21.0709 3604 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 15:14:21.0787 3604 AppID - ok 15:14:21.0849 3604 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 15:14:21.0865 3604 arc - ok 15:14:21.0865 3604 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 15:14:21.0880 3604 arcsas - ok 15:14:21.0912 3604 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 15:14:22.0005 3604 AsyncMac - ok 15:14:22.0036 3604 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 15:14:22.0052 3604 atapi - ok 15:14:22.0114 3604 AtiHDAudioService (7725aecceddf81bd8374c77157e450ea) C:\Windows\system32\drivers\AtihdW73.sys 15:14:22.0130 3604 AtiHDAudioService - ok 15:14:22.0192 3604 atksgt (547f07839f71a4357a5e503646cac2b0) C:\Windows\system32\DRIVERS\atksgt.sys 15:14:22.0239 3604 atksgt - ok 15:14:22.0286 3604 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys 15:14:22.0302 3604 avgntflt - ok 15:14:22.0317 3604 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys 15:14:22.0348 3604 avipbb - ok 15:14:22.0411 3604 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 15:14:22.0458 3604 b06bdrv - ok 15:14:22.0504 3604 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 15:14:22.0520 3604 b57nd60x - ok 15:14:22.0551 3604 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 15:14:22.0598 3604 Beep - ok 15:14:22.0614 3604 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 15:14:22.0645 3604 blbdrive - ok 15:14:22.0676 3604 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys 15:14:22.0707 3604 bowser - ok 15:14:22.0723 3604 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 15:14:22.0738 3604 BrFiltLo - ok 15:14:22.0754 3604 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 15:14:22.0785 3604 BrFiltUp - ok 15:14:22.0832 3604 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys 15:14:22.0863 3604 BridgeMP - ok 15:14:22.0941 3604 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 15:14:22.0988 3604 Brserid - ok 15:14:23.0004 3604 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 15:14:23.0035 3604 BrSerWdm - ok 15:14:23.0050 3604 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 15:14:23.0082 3604 BrUsbMdm - ok 15:14:23.0082 3604 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 15:14:23.0097 3604 BrUsbSer - ok 15:14:23.0113 3604 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 15:14:23.0144 3604 BTHMODEM - ok 15:14:23.0253 3604 catchme - ok 15:14:23.0347 3604 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 15:14:23.0378 3604 cdfs - ok 15:14:23.0425 3604 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 15:14:23.0440 3604 cdrom - ok 15:14:23.0472 3604 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 15:14:23.0487 3604 circlass - ok 15:14:23.0518 3604 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 15:14:23.0534 3604 CLFS - ok 15:14:23.0565 3604 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 15:14:23.0581 3604 CmBatt - ok 15:14:23.0581 3604 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 15:14:23.0596 3604 cmdide - ok 15:14:23.0643 3604 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys 15:14:23.0659 3604 CNG - ok 15:14:23.0674 3604 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 15:14:23.0690 3604 Compbatt - ok 15:14:23.0706 3604 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 15:14:23.0737 3604 CompositeBus - ok 15:14:23.0752 3604 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 15:14:23.0752 3604 crcdisk - ok 15:14:23.0815 3604 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys 15:14:23.0846 3604 DfsC - ok 15:14:23.0893 3604 dgderdrv - ok 15:14:23.0924 3604 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 15:14:23.0986 3604 discache - ok 15:14:24.0033 3604 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 15:14:24.0049 3604 Disk - ok 15:14:24.0096 3604 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 15:14:24.0111 3604 drmkaud - ok 15:14:24.0158 3604 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys 15:14:24.0189 3604 DXGKrnl - ok 15:14:24.0220 3604 EagleXNt - ok 15:14:24.0314 3604 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 15:14:24.0423 3604 ebdrv - ok 15:14:24.0454 3604 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 15:14:24.0486 3604 elxstor - ok 15:14:24.0486 3604 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 15:14:24.0501 3604 ErrDev - ok 15:14:24.0532 3604 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 15:14:24.0579 3604 exfat - ok 15:14:24.0579 3604 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 15:14:24.0610 3604 fastfat - ok 15:14:24.0642 3604 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 15:14:24.0673 3604 fdc - ok 15:14:24.0688 3604 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 15:14:24.0688 3604 FileInfo - ok 15:14:24.0704 3604 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 15:14:24.0735 3604 Filetrace - ok 15:14:24.0751 3604 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 15:14:24.0782 3604 flpydisk - ok 15:14:24.0829 3604 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 15:14:24.0860 3604 FltMgr - ok 15:14:24.0876 3604 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 15:14:24.0891 3604 FsDepends - ok 15:14:24.0938 3604 FsUsbExDisk (10398b515653442a5b89fdf6a1d06180) C:\Windows\system32\FsUsbExDisk.SYS 15:14:24.0954 3604 FsUsbExDisk - ok 15:14:24.0985 3604 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 15:14:25.0000 3604 Fs_Rec - ok 15:14:25.0047 3604 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 15:14:25.0047 3604 fvevol - ok 15:14:25.0094 3604 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 15:14:25.0110 3604 gagp30kx - ok 15:14:25.0156 3604 GDPkIcpt (0f917bcee8f65402a2dd4024cf85ce32) C:\Windows\system32\drivers\PktIcpt.sys 15:14:25.0172 3604 GDPkIcpt - ok 15:14:25.0188 3604 GearAspiWDM (5dc17164f66380cbfefd895c18467773) C:\Windows\system32\drivers\GEARAspiWDM.sys 15:14:25.0188 3604 GearAspiWDM - ok 15:14:25.0234 3604 gfvknt (d2bdb0aedf24b4d1c88385415d83ab1b) C:\Windows\system32\DRIVERS\gfvknt.sys 15:14:25.0250 3604 gfvknt - ok 15:14:25.0328 3604 HCW85BDA (89364cc2a694364f4aa148b7cb802d57) C:\Windows\system32\drivers\HCW85BDA.sys 15:14:25.0390 3604 HCW85BDA - ok 15:14:25.0422 3604 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 15:14:25.0437 3604 hcw85cir - ok 15:14:25.0484 3604 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 15:14:25.0515 3604 HdAudAddService - ok 15:14:25.0562 3604 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 15:14:25.0578 3604 HDAudBus - ok 15:14:25.0593 3604 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 15:14:25.0609 3604 HidBatt - ok 15:14:25.0624 3604 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 15:14:25.0656 3604 HidBth - ok 15:14:25.0656 3604 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 15:14:25.0671 3604 HidIr - ok 15:14:25.0718 3604 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 15:14:25.0734 3604 HidUsb - ok 15:14:25.0765 3604 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 15:14:25.0765 3604 HpSAMD - ok 15:14:25.0812 3604 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 15:14:25.0890 3604 HTTP - ok 15:14:25.0921 3604 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 15:14:25.0921 3604 hwpolicy - ok 15:14:25.0936 3604 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 15:14:25.0968 3604 i8042prt - ok 15:14:25.0999 3604 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys 15:14:26.0014 3604 iaStorV - ok 15:14:26.0077 3604 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 15:14:26.0077 3604 iirsp - ok 15:14:26.0092 3604 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 15:14:26.0108 3604 intelide - ok 15:14:26.0124 3604 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 15:14:26.0155 3604 intelppm - ok 15:14:26.0155 3604 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:14:26.0202 3604 IpFilterDriver - ok 15:14:26.0233 3604 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 15:14:26.0248 3604 IPMIDRV - ok 15:14:26.0248 3604 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 15:14:26.0326 3604 IPNAT - ok 15:14:26.0342 3604 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 15:14:26.0373 3604 IRENUM - ok 15:14:26.0404 3604 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 15:14:26.0420 3604 isapnp - ok 15:14:26.0436 3604 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 15:14:26.0451 3604 iScsiPrt - ok 15:14:26.0451 3604 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 15:14:26.0467 3604 kbdclass - ok 15:14:26.0498 3604 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 15:14:26.0514 3604 kbdhid - ok 15:14:26.0545 3604 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys 15:14:26.0560 3604 KSecDD - ok 15:14:26.0592 3604 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys 15:14:26.0592 3604 KSecPkg - ok 15:14:26.0670 3604 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys 15:14:26.0701 3604 lirsgt - ok 15:14:26.0763 3604 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 15:14:26.0826 3604 lltdio - ok 15:14:26.0841 3604 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 15:14:26.0857 3604 LSI_FC - ok 15:14:26.0872 3604 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 15:14:26.0888 3604 LSI_SAS - ok 15:14:26.0904 3604 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 15:14:26.0904 3604 LSI_SAS2 - ok 15:14:26.0935 3604 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 15:14:26.0950 3604 LSI_SCSI - ok 15:14:26.0982 3604 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 15:14:27.0028 3604 luafv - ok 15:14:27.0060 3604 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 15:14:27.0060 3604 megasas - ok 15:14:27.0091 3604 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 15:14:27.0091 3604 MegaSR - ok 15:14:27.0106 3604 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 15:14:27.0138 3604 Modem - ok 15:14:27.0169 3604 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 15:14:27.0200 3604 monitor - ok 15:14:27.0216 3604 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 15:14:27.0231 3604 mouclass - ok 15:14:27.0247 3604 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 15:14:27.0278 3604 mouhid - ok 15:14:27.0294 3604 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 15:14:27.0309 3604 mountmgr - ok 15:14:27.0325 3604 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 15:14:27.0340 3604 mpio - ok 15:14:27.0356 3604 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 15:14:27.0496 3604 mpsdrv - ok 15:14:27.0512 3604 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 15:14:27.0543 3604 MRxDAV - ok 15:14:27.0574 3604 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys 15:14:27.0637 3604 mrxsmb - ok 15:14:27.0652 3604 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:14:27.0699 3604 mrxsmb10 - ok 15:14:27.0715 3604 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:14:27.0730 3604 mrxsmb20 - ok 15:14:27.0762 3604 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 15:14:27.0762 3604 msahci - ok 15:14:27.0777 3604 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 15:14:27.0793 3604 msdsm - ok 15:14:27.0808 3604 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 15:14:27.0840 3604 Msfs - ok 15:14:27.0855 3604 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 15:14:27.0886 3604 mshidkmdf - ok 15:14:27.0886 3604 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 15:14:27.0902 3604 msisadrv - ok 15:14:27.0933 3604 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 15:14:27.0964 3604 MSKSSRV - ok 15:14:27.0980 3604 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 15:14:28.0011 3604 MSPCLOCK - ok 15:14:28.0011 3604 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 15:14:28.0058 3604 MSPQM - ok 15:14:28.0074 3604 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 15:14:28.0089 3604 MsRPC - ok 15:14:28.0105 3604 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 15:14:28.0120 3604 mssmbios - ok 15:14:28.0136 3604 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 15:14:28.0167 3604 MSTEE - ok 15:14:28.0183 3604 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 15:14:28.0183 3604 MTConfig - ok 15:14:28.0214 3604 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 15:14:28.0214 3604 Mup - ok 15:14:28.0261 3604 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 15:14:28.0292 3604 NativeWifiP - ok 15:14:28.0339 3604 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 15:14:28.0386 3604 NDIS - ok 15:14:28.0432 3604 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 15:14:28.0479 3604 NdisCap - ok 15:14:28.0510 3604 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 15:14:28.0542 3604 NdisTapi - ok 15:14:28.0557 3604 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 15:14:28.0588 3604 Ndisuio - ok 15:14:28.0604 3604 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 15:14:28.0635 3604 NdisWan - ok 15:14:28.0635 3604 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 15:14:28.0682 3604 NDProxy - ok 15:14:28.0698 3604 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 15:14:28.0729 3604 NetBIOS - ok 15:14:28.0744 3604 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 15:14:28.0760 3604 NetBT - ok 15:14:28.0838 3604 netr73 (76b1157ef850830c5ece61d3e591ca8b) C:\Windows\system32\DRIVERS\netr73.sys 15:14:28.0869 3604 netr73 - ok 15:14:28.0900 3604 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 15:14:28.0916 3604 nfrd960 - ok 15:14:28.0963 3604 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 15:14:28.0994 3604 Npfs - ok 15:14:29.0041 3604 npusbio (0a01056f5128d80f6e6826e32ba52177) C:\Windows\system32\Drivers\npusbio.sys 15:14:29.0041 3604 npusbio - ok 15:14:29.0072 3604 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 15:14:29.0103 3604 nsiproxy - ok 15:14:29.0166 3604 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys 15:14:29.0244 3604 Ntfs - ok 15:14:29.0259 3604 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 15:14:29.0306 3604 Null - ok 15:14:29.0353 3604 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys 15:14:29.0384 3604 NVENETFD - ok 15:14:29.0743 3604 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys 15:14:30.0133 3604 nvlddmkm - ok 15:14:30.0164 3604 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys 15:14:30.0180 3604 nvraid - ok 15:14:30.0211 3604 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys 15:14:30.0226 3604 nvstor - ok 15:14:30.0258 3604 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 15:14:30.0273 3604 nv_agp - ok 15:14:30.0273 3604 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 15:14:30.0320 3604 ohci1394 - ok 15:14:30.0398 3604 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 15:14:30.0445 3604 Parport - ok 15:14:30.0460 3604 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 15:14:30.0460 3604 partmgr - ok 15:14:30.0492 3604 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 15:14:30.0507 3604 Parvdm - ok 15:14:30.0523 3604 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 15:14:30.0538 3604 pci - ok 15:14:30.0554 3604 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 15:14:30.0554 3604 pciide - ok 15:14:30.0585 3604 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 15:14:30.0585 3604 pcmcia - ok 15:14:30.0601 3604 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 15:14:30.0601 3604 pcw - ok 15:14:30.0632 3604 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 15:14:30.0694 3604 PEAUTH - ok 15:14:30.0757 3604 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 15:14:30.0788 3604 PptpMiniport - ok 15:14:30.0804 3604 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 15:14:30.0804 3604 Processor - ok 15:14:30.0866 3604 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 15:14:30.0882 3604 Psched - ok 15:14:30.0960 3604 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 15:14:31.0038 3604 ql2300 - ok 15:14:31.0053 3604 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 15:14:31.0069 3604 ql40xx - ok 15:14:31.0084 3604 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 15:14:31.0100 3604 QWAVEdrv - ok 15:14:31.0100 3604 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 15:14:31.0147 3604 RasAcd - ok 15:14:31.0178 3604 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 15:14:31.0209 3604 RasAgileVpn - ok 15:14:31.0225 3604 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 15:14:31.0256 3604 Rasl2tp - ok 15:14:31.0287 3604 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 15:14:31.0334 3604 RasPppoe - ok 15:14:31.0334 3604 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 15:14:31.0365 3604 RasSstp - ok 15:14:31.0381 3604 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 15:14:31.0412 3604 rdbss - ok 15:14:31.0428 3604 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 15:14:31.0443 3604 rdpbus - ok 15:14:31.0459 3604 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 15:14:31.0490 3604 RDPCDD - ok 15:14:31.0490 3604 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 15:14:31.0521 3604 RDPENCDD - ok 15:14:31.0537 3604 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 15:14:31.0552 3604 RDPREFMP - ok 15:14:31.0568 3604 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 15:14:31.0615 3604 RDPWD - ok 15:14:31.0646 3604 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 15:14:31.0662 3604 rdyboost - ok 15:14:31.0693 3604 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 15:14:31.0771 3604 rspndr - ok 15:14:31.0833 3604 SaiH0763 (04e8c6bee76584f926a84d035ce5b977) C:\Windows\system32\DRIVERS\SaiH0763.sys 15:14:31.0849 3604 SaiH0763 - ok 15:14:31.0880 3604 SaiH0BAC (3252d5571633e0b244541615d6252358) C:\Windows\system32\DRIVERS\SaiH0BAC.sys 15:14:31.0896 3604 SaiH0BAC - ok 15:14:31.0911 3604 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 15:14:31.0927 3604 sbp2port - ok 15:14:31.0942 3604 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 15:14:31.0974 3604 scfilter - ok 15:14:32.0020 3604 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 15:14:32.0052 3604 secdrv - ok 15:14:32.0083 3604 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 15:14:32.0098 3604 Serenum - ok 15:14:32.0098 3604 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 15:14:32.0130 3604 Serial - ok 15:14:32.0145 3604 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 15:14:32.0145 3604 sermouse - ok 15:14:32.0161 3604 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 15:14:32.0192 3604 sffdisk - ok 15:14:32.0208 3604 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 15:14:32.0223 3604 sffp_mmc - ok 15:14:32.0223 3604 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys 15:14:32.0254 3604 sffp_sd - ok 15:14:32.0270 3604 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 15:14:32.0286 3604 sfloppy - ok 15:14:32.0301 3604 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 15:14:32.0317 3604 sisagp - ok 15:14:32.0332 3604 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 15:14:32.0348 3604 SiSRaid2 - ok 15:14:32.0364 3604 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 15:14:32.0379 3604 SiSRaid4 - ok 15:14:32.0395 3604 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 15:14:32.0426 3604 Smb - ok 15:14:32.0473 3604 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 15:14:32.0488 3604 spldr - ok 15:14:32.0520 3604 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys 15:14:32.0551 3604 srv - ok 15:14:32.0582 3604 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys 15:14:32.0613 3604 srv2 - ok 15:14:32.0629 3604 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys 15:14:32.0660 3604 srvnet - ok 15:14:32.0691 3604 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\Windows\system32\DRIVERS\ssadbus.sys 15:14:32.0722 3604 ssadbus - ok 15:14:32.0754 3604 ssadmdfl (9630b486b62cc0adb0a89152ed0218d7) C:\Windows\system32\DRIVERS\ssadmdfl.sys 15:14:32.0769 3604 ssadmdfl - ok 15:14:32.0800 3604 ssadmdm (9afaa23421622c392b55508fa9613949) C:\Windows\system32\DRIVERS\ssadmdm.sys 15:14:32.0816 3604 ssadmdm - ok 15:14:32.0847 3604 ssadserd (1cac71d756ce00ae0681f9028dde874b) C:\Windows\system32\DRIVERS\ssadserd.sys 15:14:32.0863 3604 ssadserd - ok 15:14:32.0910 3604 sscdbus (069351a1d7d291013177a90ae6edccbc) C:\Windows\system32\DRIVERS\sscdbus.sys 15:14:32.0925 3604 sscdbus - ok 15:14:32.0941 3604 sscdmdfl (1c925be223a5c0f9f469252292a48df6) C:\Windows\system32\DRIVERS\sscdmdfl.sys 15:14:32.0956 3604 sscdmdfl - ok 15:14:32.0988 3604 sscdmdm (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\Windows\system32\DRIVERS\sscdmdm.sys 15:14:33.0003 3604 sscdmdm - ok 15:14:33.0034 3604 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 15:14:33.0050 3604 ssmdrv - ok 15:14:33.0097 3604 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 15:14:33.0112 3604 stexstor - ok 15:14:33.0144 3604 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 15:14:33.0144 3604 swenum - ok 15:14:33.0237 3604 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys 15:14:33.0284 3604 Tcpip - ok 15:14:33.0346 3604 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys 15:14:33.0362 3604 TCPIP6 - ok 15:14:33.0393 3604 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 15:14:33.0440 3604 tcpipreg - ok 15:14:33.0440 3604 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 15:14:33.0471 3604 TDPIPE - ok 15:14:33.0487 3604 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 15:14:33.0518 3604 TDTCP - ok 15:14:33.0534 3604 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 15:14:33.0549 3604 tdx - ok 15:14:33.0580 3604 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 15:14:33.0596 3604 TermDD - ok 15:14:33.0627 3604 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 15:14:33.0658 3604 tssecsrv - ok 15:14:33.0690 3604 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 15:14:33.0721 3604 tunnel - ok 15:14:33.0736 3604 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 15:14:33.0736 3604 uagp35 - ok 15:14:33.0768 3604 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 15:14:33.0799 3604 udfs - ok 15:14:33.0846 3604 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 15:14:33.0861 3604 uliagpkx - ok 15:14:33.0877 3604 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 15:14:33.0908 3604 umbus - ok 15:14:33.0908 3604 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 15:14:33.0924 3604 UmPass - ok 15:14:33.0955 3604 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\drivers\usbccgp.sys 15:14:34.0002 3604 usbccgp - ok 15:14:34.0017 3604 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 15:14:34.0064 3604 usbcir - ok 15:14:34.0111 3604 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys 15:14:34.0126 3604 usbehci - ok 15:14:34.0173 3604 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys 15:14:34.0204 3604 usbhub - ok 15:14:34.0220 3604 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys 15:14:34.0251 3604 usbohci - ok 15:14:34.0329 3604 USBPNPA (41b758cff0a3c10a69e088f440677399) C:\Windows\system32\drivers\CM108.sys 15:14:34.0392 3604 USBPNPA - ok 15:14:34.0423 3604 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 15:14:34.0438 3604 usbprint - ok 15:14:34.0470 3604 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 15:14:34.0485 3604 usbscan - ok 15:14:34.0516 3604 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:14:34.0563 3604 USBSTOR - ok 15:14:34.0594 3604 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys 15:14:34.0594 3604 usbuhci - ok 15:14:34.0641 3604 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 15:14:34.0657 3604 vdrvroot - ok 15:14:34.0672 3604 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 15:14:34.0688 3604 vga - ok 15:14:34.0704 3604 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 15:14:34.0735 3604 VgaSave - ok 15:14:34.0750 3604 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 15:14:34.0766 3604 vhdmp - ok 15:14:34.0797 3604 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 15:14:34.0813 3604 viaagp - ok 15:14:34.0813 3604 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 15:14:34.0844 3604 ViaC7 - ok 15:14:34.0844 3604 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 15:14:34.0860 3604 viaide - ok 15:14:34.0860 3604 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 15:14:34.0875 3604 volmgr - ok 15:14:34.0891 3604 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 15:14:34.0906 3604 volmgrx - ok 15:14:34.0906 3604 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 15:14:34.0922 3604 volsnap - ok 15:14:34.0938 3604 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 15:14:34.0953 3604 vsmraid - ok 15:14:34.0969 3604 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 15:14:35.0000 3604 vwifibus - ok 15:14:35.0031 3604 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 15:14:35.0062 3604 vwififlt - ok 15:14:35.0078 3604 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 15:14:35.0078 3604 WacomPen - ok 15:14:35.0109 3604 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 15:14:35.0156 3604 WANARP - ok 15:14:35.0156 3604 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 15:14:35.0172 3604 Wanarpv6 - ok 15:14:35.0203 3604 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 15:14:35.0203 3604 Wd - ok 15:14:35.0234 3604 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 15:14:35.0265 3604 Wdf01000 - ok 15:14:35.0328 3604 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 15:14:35.0390 3604 WfpLwf - ok 15:14:35.0406 3604 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 15:14:35.0421 3604 WIMMount - ok 15:14:35.0484 3604 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys 15:14:35.0499 3604 WinUsb - ok 15:14:35.0515 3604 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 15:14:35.0530 3604 WmiAcpi - ok 15:14:35.0593 3604 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 15:14:35.0624 3604 ws2ifsl - ok 15:14:35.0640 3604 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 15:14:35.0686 3604 WudfPf - ok 15:14:35.0702 3604 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 15:14:35.0733 3604 WUDFRd - ok 15:14:35.0780 3604 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 15:14:35.0874 3604 \Device\Harddisk0\DR0 - ok 15:14:35.0905 3604 Boot (0x1200) (d40c7076692434334a246a1fdca5ebfd) \Device\Harddisk0\DR0\Partition0 15:14:35.0905 3604 \Device\Harddisk0\DR0\Partition0 - ok 15:14:35.0920 3604 Boot (0x1200) (7b891ad8723fcaf37658e5941542fa6d) \Device\Harddisk0\DR0\Partition1 15:14:35.0920 3604 \Device\Harddisk0\DR0\Partition1 - ok 15:14:35.0936 3604 Boot (0x1200) (62283f294dd4de1c1a7bf119b8bb1a20) \Device\Harddisk0\DR0\Partition2 15:14:35.0936 3604 \Device\Harddisk0\DR0\Partition2 - ok 15:14:35.0936 3604 ============================================================ 15:14:35.0936 3604 Scan finished 15:14:35.0936 3604 ============================================================ 15:14:35.0967 3052 Detected object count: 0 15:14:35.0967 3052 Actual detected object count: 0 |
|
30.01.2012, 15:33
| #12 |
| /// Malware-holic | Logfile zu Google-Umleitung wird noch umgeleitet? wenn ja, tritt das problem mit allen browsern auf, und wohin wird umgeleitet?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
30.01.2012, 17:33
| #13 |
| | Logfile zu Google-Umleitung Ja, es wird immer noch umgeleitet. Ich benutze den Firefox. Aber auch beim IE ist das so und zwar bei allen Suchmaschinen. Ich werde auf Werbeseiten (Online-TV, Shoppen etc.). Manchmal steht im Tab oben in der Leiste "Redirecting", manchmal nicht... |
|
30.01.2012, 17:36
| #14 |
| /// Malware-holic | Logfile zu Google-Umleitung hitmanpro laden: http://www.trojaner-board.de/99424-c...o-scannen.html doppelklick, settings, license, test lizense aktivieren. dann scan, funde in quarantäne, am ende das log (xml) exportieren und die datei anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
30.01.2012, 17:40
| #15 |
| | Logfile zu Google-Umleitung Werde ich machen. Update: Ich habe jetzt Opera als Browser installiert und damit funktioniert es tadellos. Liegts an den anderen Browsern? |
|
| Themen zu Logfile zu Google-Umleitung |
| adobe, antivir, antivir guard, avg, avira, bho, desktop, explorer, firefox, google, hijack, hijack this, hijackthis, internet, internet explorer, logfile, mozilla, nvidia, object, plug-in, problem, software, suche, system, windows |
Linear-Darstellung
