| |
| |||||||
Log-Analyse und Auswertung: Firefox leitet auf andere Seiten um [Logfiles inside]Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.01.2012, 16:06
| #1 |
 | ![Firefox leitet auf andere Seiten um [Logfiles inside] - Standard](images/icons/icon1.gif){kind=icon} Firefox leitet auf andere Seiten um [Logfiles inside] Hallo, seit einiger Zeit leitet mich der Firefox bei einer Googlesuche auf andere Seiten um. Auch eine Abwandlung diese BKA-Trojaners hat sich breit gemacht den ich aber erstmal außer Gefecht setzen konnte durch eine Löschung des Übeltäters aus der Systemstart Liste. Damit ist der Kern des Problems natürlich nicht besiegt ! OTL-Logfile: Code:
ATTFilter OTL logfile created on: 28.01.2012 15:37:24 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alex\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 69,79% Memory free 7,93 Gb Paging File | 6,55 Gb Available in Paging File | 82,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 293,41 Gb Total Space | 158,73 Gb Free Space | 54,10% Space Free | Partition Type: NTFS Drive D: | 79,10 Gb Total Space | 25,31 Gb Free Space | 31,99% Space Free | Partition Type: NTFS Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.28 15:27:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe PRC - [2011.08.03 08:29:08 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.21 06:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 06:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.08.03 08:29:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.21 06:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.04.07 16:37:16 | 005,352,960 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.01.28 11:31:56 | 000,042,496 | ---- | M] (secr9tos) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\oem-drv64.sys -- (oem-drv64) OEM-SLP2.1 Driver (HPD64) DRV:64bit: - [2011.10.14 15:18:20 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.08.03 08:29:09 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.08.03 08:29:09 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.02.28 13:50:54 | 000,115,464 | ---- | M] (Archwave AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\phonic_FF808U_usb_x64.sys -- (phonic_FF808U_usb) DRV:64bit: - [2011.02.28 13:50:54 | 000,070,408 | ---- | M] (Archwave AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\phonic_FF808U_usb_avs_x64.sys -- (phonic_FF808U_usb_avs) DRV:64bit: - [2011.02.08 12:03:24 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.01.18 16:49:26 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.01.13 15:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R) DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.20 17:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.08.29 14:53:00 | 000,062,976 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\US122Wdmx64.sys -- (US122WdmService) DRV:64bit: - [2007.08.29 14:52:46 | 000,020,224 | ---- | M] (Frontier Design Group) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\US122DLx64.sys -- (US122DL) DRV:64bit: - [2007.08.29 14:52:36 | 000,200,320 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\US122x64.sys -- (US122) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 BF E7 26 39 51 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google Deutschland" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://www.google.de/" FF - prefs.js..network.proxy.backup.ftp: "85.214.50.156" FF - prefs.js..network.proxy.backup.ftp_port: 8118 FF - prefs.js..network.proxy.backup.socks: "85.214.50.156" FF - prefs.js..network.proxy.backup.socks_port: 8118 FF - prefs.js..network.proxy.backup.ssl: "85.214.50.156" FF - prefs.js..network.proxy.backup.ssl_port: 8118 FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.22 22:10:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.11 18:42:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.22 22:10:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.10 04:41:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.08.02 18:27:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions [2012.01.07 09:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\dihdoogs.default\extensions [2012.01.23 17:06:41 | 000,002,454 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\dihdoogs.default\searchplugins\google-deutschland.xml [2011.11.09 16:56:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DIHDOOGS.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI () (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DIHDOOGS.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI () (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DIHDOOGS.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.01.11 18:42:51 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 18:30:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.03 18:30:30 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.03 18:30:30 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.03 18:30:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.03 18:30:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.03 18:30:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.01.27 17:03:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A08B0FC1-616F-4ED8-88D4-2EB95E7FCCE6}: DhcpNameServer = 192.168.1.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6843933-1575-4465-96EE-D9AD31D7FBB5}: DhcpNameServer = 192.168.1.22 O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.28 15:31:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\OSAM [2012.01.28 15:28:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe [2012.01.27 18:04:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.01.27 17:57:51 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\blabla.exe [2012.01.27 17:25:12 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.01.27 16:16:15 | 000,000,000 | ---D | C] -- C:\blablabla [2012.01.27 16:02:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ywopl [2012.01.27 16:02:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ufyfka [2012.01.27 13:54:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.01.27 13:54:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.01.27 13:54:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.01.27 13:48:31 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.01.27 13:45:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.01.27 12:41:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes [2012.01.27 12:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.27 12:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.27 12:41:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.01.26 22:20:20 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{76CC1893-FC50-4086-823C-F796BEBE5125} [2012.01.26 22:20:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{194292B9-15BD-49AC-9C5E-D1CBAC6609CA} [2012.01.26 22:16:18 | 000,000,000 | ---D | C] -- C:\Windows\de [2012.01.26 21:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2012.01.26 21:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2012.01.26 21:23:47 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.01.26 21:21:06 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2012.01.26 21:21:06 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2012.01.26 21:21:03 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2012.01.26 21:21:03 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll [2012.01.26 21:20:20 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2012.01.26 21:20:20 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2012.01.26 21:18:00 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Windows Live [2012.01.26 21:17:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2012.01.26 18:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.01.26 18:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.01.26 18:11:31 | 004,391,956 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\blablabla.exe [2012.01.17 23:47:36 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012.01.17 23:47:36 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2012.01.17 23:47:36 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2012.01.17 23:47:36 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2012.01.17 23:47:36 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2012.01.17 23:47:35 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2012.01.11 02:52:02 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2012.01.11 02:52:02 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2012.01.11 02:52:02 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.01.11 02:52:01 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.01.11 02:51:58 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2012.01.11 02:51:57 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2012.01.11 02:51:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [2012.01.06 10:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2012.01.05 18:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2012.01.05 18:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.01.05 18:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2012.01.02 17:38:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\GTA Vice City User Files [2012.01.02 17:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2012.01.02 17:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games [2012.01.02 17:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012.01.02 15:19:52 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\X-Chat 2 [2012.01.02 15:19:52 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Downloads [2012.01.02 15:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XChat-WDK [2012.01.02 15:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\XChat-WDK [2011.12.29 18:46:26 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView [2011.12.29 18:46:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\IrfanView [2011.12.29 18:46:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView ========== Files - Modified Within 30 Days ========== [2012.01.28 15:27:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe [2012.01.28 14:44:11 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3562432153-2537355380-1562762292-1000UA.job [2012.01.28 11:39:44 | 000,026,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.28 11:39:44 | 000,026,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.28 11:32:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.28 11:32:00 | 3193,581,568 | -HS- | M] () -- C:\hiberfil.sys [2012.01.28 11:31:56 | 000,042,496 | ---- | M] (secr9tos) -- C:\Windows\SysNative\drivers\oem-drv64.sys [2012.01.28 06:44:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3562432153-2537355380-1562762292-1000Core.job [2012.01.27 17:52:11 | 000,080,384 | ---- | M] () -- C:\Users\Alex\Desktop\MBRCheck.exe [2012.01.27 17:03:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.01.27 16:07:16 | 000,010,435 | ---- | M] () -- C:\Users\Alex\Documents\chorTermine.html [2012.01.27 16:02:12 | 000,010,380 | ---- | M] () -- C:\Users\Alex\Documents\index.html [2012.01.27 13:50:42 | 004,391,956 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\blablabla.exe [2012.01.27 12:41:23 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.26 23:37:34 | 004,870,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.01.26 20:42:53 | 017,494,336 | ---- | M] () -- C:\Users\Alex\Desktop\groovy dreamy - Kopie (2).wav [2012.01.26 18:14:32 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.01.24 16:44:58 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\blabla.exe [2012.01.23 21:23:36 | 000,001,031 | ---- | M] () -- C:\Users\Alex\Desktop\Studio One x64.lnk [2012.01.23 16:30:02 | 004,246,536 | ---- | M] () -- C:\Users\Alex\Desktop\bewerbung.odt [2012.01.23 16:24:11 | 003,121,801 | ---- | M] () -- C:\Users\Alex\Desktop\bewerbung Alexander Riedel.pdf [2012.01.23 16:20:32 | 000,108,812 | ---- | M] () -- C:\Users\Alex\Desktop\Unbenannt-1.jpg [2012.01.14 18:51:18 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.14 18:51:18 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.14 18:51:18 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.14 18:51:18 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.14 18:51:18 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.29 18:46:26 | 000,001,894 | ---- | M] () -- C:\Users\Alex\Desktop\IrfanView Thumbnails.lnk [2011.12.29 18:46:26 | 000,001,002 | ---- | M] () -- C:\Users\Alex\Desktop\IrfanView.lnk ========== Files Created - No Company Name ========== [2012.01.27 17:54:58 | 000,302,592 | ---- | C] () -- C:\Users\Alex\Desktop\gmer.exe [2012.01.27 17:51:12 | 000,080,384 | ---- | C] () -- C:\Users\Alex\Desktop\MBRCheck.exe [2012.01.27 13:54:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.01.27 13:54:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.01.27 13:54:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.01.27 13:54:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.01.27 13:54:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.01.27 12:41:23 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.26 23:37:14 | 004,870,392 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.01.26 22:12:16 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2012.01.26 22:04:42 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2012.01.26 20:42:31 | 017,494,336 | ---- | C] () -- C:\Users\Alex\Desktop\groovy dreamy - Kopie (2).wav [2012.01.26 18:14:32 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.01.23 16:22:57 | 003,121,801 | ---- | C] () -- C:\Users\Alex\Desktop\bewerbung Alexander Riedel.pdf [2012.01.23 16:20:30 | 000,108,812 | ---- | C] () -- C:\Users\Alex\Desktop\Unbenannt-1.jpg [2012.01.18 23:30:02 | 004,246,536 | ---- | C] () -- C:\Users\Alex\Desktop\bewerbung.odt [2012.01.15 18:06:00 | 000,010,380 | ---- | C] () -- C:\Users\Alex\Documents\index.html [2011.12.29 18:46:26 | 000,001,894 | ---- | C] () -- C:\Users\Alex\Desktop\IrfanView Thumbnails.lnk [2011.12.29 18:46:26 | 000,001,002 | ---- | C] () -- C:\Users\Alex\Desktop\IrfanView.lnk [2011.11.30 17:14:45 | 000,000,132 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011.11.22 22:22:14 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.11.22 22:22:12 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.11.22 22:22:12 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.11.22 22:22:12 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.11.08 16:00:00 | 001,295,798 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandReverbpresets.xml [2011.11.08 16:00:00 | 000,826,767 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MReverbpresets.xml [2011.11.08 16:00:00 | 000,667,615 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandRhythmizerpresets.xml [2011.11.08 16:00:00 | 000,254,627 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandDelaypresets.xml [2011.11.08 16:00:00 | 000,199,297 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandFreqShifterpresets.xml [2011.11.08 16:00:00 | 000,193,849 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandDistortionpresets.xml [2011.11.08 16:00:00 | 000,163,535 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandConvolutionpresets.xml [2011.11.08 16:00:00 | 000,154,386 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandAutopanpresets.xml [2011.11.08 16:00:00 | 000,148,511 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandFlangerpresets.xml [2011.11.08 16:00:00 | 000,135,842 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MFilterpresets.xml [2011.11.08 16:00:00 | 000,125,408 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandVibratopresets.xml [2011.11.08 16:00:00 | 000,122,007 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandHarmonizerpresets.xml [2011.11.08 16:00:00 | 000,120,395 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandChoruspresets.xml [2011.11.08 16:00:00 | 000,115,704 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandPhaserpresets.xml [2011.11.08 16:00:00 | 000,086,911 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandRingModulatorpresets.xml [2011.11.08 16:00:00 | 000,086,536 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MRhythmizerSequencepresets.xml [2011.11.08 16:00:00 | 000,085,968 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MRhythmizerpresets.xml [2011.11.08 16:00:00 | 000,081,060 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandTremolopresets.xml [2011.11.08 16:00:00 | 000,063,631 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandReverbpresets.active [2011.11.08 16:00:00 | 000,063,254 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandDynamicspresets.xml [2011.11.08 16:00:00 | 000,061,406 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandDistortionpresets.active [2011.11.08 16:00:00 | 000,060,676 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandVibratopresets.active [2011.11.08 16:00:00 | 000,059,052 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandWaveShaperpresets.xml [2011.11.08 16:00:00 | 000,058,594 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandTransientpresets.xml [2011.11.08 16:00:00 | 000,054,609 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandTremolopresets.active [2011.11.08 16:00:00 | 000,053,759 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandAutopanpresets.active [2011.11.08 16:00:00 | 000,052,267 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MAutoDynamicEqpresets.xml [2011.11.08 16:00:00 | 000,051,825 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MRhythmizerSequenceVolumepresets.xml [2011.11.08 16:00:00 | 000,049,227 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MFilterpresets.active [2011.11.08 16:00:00 | 000,048,067 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandFreqShifterpresets.active [2011.11.08 16:00:00 | 000,046,546 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandFlangerpresets.active [2011.11.08 16:00:00 | 000,046,270 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandDynamicspresets.active [2011.11.08 16:00:00 | 000,044,956 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandPhaserpresets.active [2011.11.08 16:00:00 | 000,044,289 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandHarmonizerpresets.active [2011.11.08 16:00:00 | 000,040,503 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandDelaypresets.active [2011.11.08 16:00:00 | 000,038,927 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandChoruspresets.active [2011.11.08 16:00:00 | 000,037,342 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MDynamicEqpresets.xml [2011.11.08 16:00:00 | 000,035,733 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MReverbpresets.active [2011.11.08 16:00:00 | 000,034,155 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MDynamicspresets.active [2011.11.08 16:00:00 | 000,032,555 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandWaveShaperpresets.active [2011.11.08 16:00:00 | 000,032,410 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandSaturatorpresets.xml [2011.11.08 16:00:00 | 000,030,798 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MDynamicspresets.xml [2011.11.08 16:00:00 | 000,028,727 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MSpectralDynamicspresets.xml [2011.11.08 16:00:00 | 000,027,283 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandSaturatorpresets.active [2011.11.08 16:00:00 | 000,026,429 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MCompressorpresets.xml [2011.11.08 16:00:00 | 000,025,570 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandRingModulatorpresets.active [2011.11.08 16:00:00 | 000,023,302 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandTransientpresets.active [2011.11.08 16:00:00 | 000,021,399 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandLimiterpresets.active [2011.11.08 16:00:00 | 000,021,299 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MEqualizerpresets.xml [2011.11.08 16:00:00 | 000,020,511 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MSpectralDynamicspresets.active [2011.11.08 16:00:00 | 000,020,193 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MLimiterpresets.xml [2011.11.08 16:00:00 | 000,020,123 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MFlangerpresets.xml [2011.11.08 16:00:00 | 000,017,558 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MModernCompressorpresets.xml [2011.11.08 16:00:00 | 000,017,537 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MDelaypresets.xml [2011.11.08 16:00:00 | 000,015,613 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandLimiterpresets.xml [2011.11.08 16:00:00 | 000,013,158 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MOscillatorpresets.xml [2011.11.08 16:00:00 | 000,012,248 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MRhythmizerSequenceSetpresets.xml [2011.11.08 16:00:00 | 000,011,422 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MFreeformEqualizerpresets.xml [2011.11.08 16:00:00 | 000,010,793 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MDistortionpresets.xml [2011.11.08 16:00:00 | 000,009,119 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MFreqShifterpresets.xml [2011.11.08 16:00:00 | 000,007,646 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MStereoExpanderpresets.xml [2011.11.08 16:00:00 | 000,007,355 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MEqualizerLinearPhasepresets.xml [2011.11.08 16:00:00 | 000,006,953 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MFreeformAnalogEqpresets.xml [2011.11.08 16:00:00 | 000,006,687 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\menvelopepresets.xml [2011.11.08 16:00:00 | 000,006,652 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MAnalyzerpresets.xml [2011.11.08 16:00:00 | 000,005,914 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MWaveShaperpresets.xml [2011.11.08 16:00:00 | 000,005,832 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MDynamicsLimiterpresets.active [2011.11.08 16:00:00 | 000,005,022 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MRhythmizerSequenceVolumeSetpresets.xml [2011.11.08 16:00:00 | 000,004,490 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MModernCompressorAnalyzerpresets.xml [2011.11.08 16:00:00 | 000,004,377 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MChoruspresets.xml [2011.11.08 16:00:00 | 000,004,362 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MPhaserpresets.xml [2011.11.08 16:00:00 | 000,004,103 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MStereoProcessorpresets.xml [2011.11.08 16:00:00 | 000,003,771 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MRingModulatorpresets.xml [2011.11.08 16:00:00 | 000,003,597 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MTransientpresets.xml [2011.11.08 16:00:00 | 000,002,820 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MEqualizerAreasEditorpresets.xml [2011.11.08 16:00:00 | 000,002,666 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MVibratopresets.xml [2011.11.08 16:00:00 | 000,002,492 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MSpectralAnalyzerPrefilterpresets.xml [2011.11.08 16:00:00 | 000,002,366 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MTremolopresets.xml [2011.11.08 16:00:00 | 000,001,948 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MAutopanpresets.xml [2011.11.08 16:00:00 | 000,001,235 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\mbasestyleconfigurationpresets.xml [2011.11.08 16:00:00 | 000,001,011 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MValueToColor5presets.xml [2011.11.08 16:00:00 | 000,000,688 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MUltraMaximizerpresets.xml [2011.11.08 16:00:00 | 000,000,119 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MAutoEqualizerLinearPhasepresets.xml [2011.11.08 16:00:00 | 000,000,109 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MDynamicsLimiterpresets.xml [2011.11.08 16:00:00 | 000,000,098 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MAutoEqualizerpresets.xml [2011.08.02 18:10:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll < End of report > Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 15:55:39 on 28.01.2012 OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 9.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskUserS-1-5-21-3562432153-2537355380-1562762292-1000Core.job" - "Google Inc." - C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-3562432153-2537355380-1562762292-1000UA.job" - "Google Inc." - C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Atheros Extensible Wireless LAN device driver" (athr) - "Atheros Communications, Inc." - C:\Windows\System32\DRIVERS\athrx.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\blablabla\catchme.sys (File not found) "OEM-SLP2.1 Driver (HPD64)" (oem-drv64) - "secr9tos" - C:\Windows\System32\DRIVERS\oem-drv64.sys "VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.5" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7.5\ICQ.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll {CC59E0F9-7E43-44FA-9FAA-8377850BF205} "FDMIECookiesBHO Class" - ? - C:\Program Files (x86)\Free Download Manager\iefdm2.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Scheduler" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "NIHardwareService" (NIHardwareService) - "Native Instruments GmbH" - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe "SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite L500
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 186):
0x02A0D000 \SystemRoot\system32\xNtKrnl.exe
0x02FF7000 \SystemRoot\system32\hal.dll
0x00BCB000 \SystemRoot\system32\kdcom.dll
0x00C4F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C9E000 \SystemRoot\system32\PSHED.dll
0x00CB2000 \SystemRoot\system32\CLFS.SYS
0x00D10000 \SystemRoot\system32\CI.dll
0x00DD0000 \SystemRoot\system32\DRIVERS\oem-drv64.sys
0x00EAB000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F4F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F5E000 \SystemRoot\system32\drivers\ACPI.sys
0x00FB5000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FBE000 \SystemRoot\system32\drivers\msisadrv.sys
0x00FC8000 \SystemRoot\system32\drivers\pci.sys
0x00E00000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys
0x00E22000 \SystemRoot\system32\drivers\compbatt.sys
0x00E2B000 \SystemRoot\system32\drivers\BATTC.SYS
0x00E37000 \SystemRoot\system32\drivers\volmgr.sys
0x00E4C000 \SystemRoot\System32\drivers\volmgrx.sys
0x00DE3000 \SystemRoot\System32\drivers\mountmgr.sys
0x00C00000 \SystemRoot\system32\drivers\atapi.sys
0x00C09000 \SystemRoot\system32\drivers\ataport.SYS
0x00C33000 \SystemRoot\system32\drivers\msahci.sys
0x00C3E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x01051000 \SystemRoot\system32\drivers\amdxata.sys
0x0105C000 \SystemRoot\system32\drivers\fltmgr.sys
0x010A8000 \SystemRoot\system32\drivers\fileinfo.sys
0x01215000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010BC000 \SystemRoot\System32\Drivers\msrpc.sys
0x013B8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0111A000 \SystemRoot\System32\Drivers\cng.sys
0x013D3000 \SystemRoot\System32\drivers\pcw.sys
0x013E4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014AD000 \SystemRoot\system32\drivers\ndis.sys
0x015A0000 \SystemRoot\system32\drivers\NETIO.SYS
0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01688000 \SystemRoot\System32\drivers\tcpip.sys
0x0188C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x018D6000 \SystemRoot\system32\drivers\vmstorfl.sys
0x018E6000 \SystemRoot\system32\drivers\volsnap.sys
0x01932000 \SystemRoot\System32\Drivers\spldr.sys
0x0193A000 \SystemRoot\System32\drivers\rdyboost.sys
0x01974000 \SystemRoot\System32\Drivers\mup.sys
0x01986000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0198F000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x019C9000 \SystemRoot\system32\drivers\disk.sys
0x01600000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x0142B000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x01471000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01668000 \SystemRoot\System32\Drivers\Null.SYS
0x01671000 \SystemRoot\System32\Drivers\Beep.SYS
0x01678000 \SystemRoot\System32\drivers\vga.sys
0x0118C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x019DF000 \SystemRoot\System32\drivers\watchdog.sys
0x019EF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0149B000 \SystemRoot\system32\drivers\rdpencdd.sys
0x014A4000 \SystemRoot\system32\drivers\rdprefmp.sys
0x013EE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01200000 \SystemRoot\System32\Drivers\Npfs.SYS
0x011B1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x011D3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03AA0000 \SystemRoot\system32\drivers\afd.sys
0x03B29000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03B6E000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x03B79000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03B82000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03BA8000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03BBE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03BCD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03BE8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03A00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03A51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03A5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03A68000 \SystemRoot\System32\drivers\discache.sys
0x066C8000 \SystemRoot\system32\drivers\csc.sys
0x0674B000 \SystemRoot\System32\Drivers\dfsc.sys
0x06769000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0677A000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x0679E000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x07209000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x07820000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x07914000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0795A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0797E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0798B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x079E1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x067C4000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x06895000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x06800000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0680D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x06812000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x06830000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0683F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x06888000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x06600000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x079F2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0660F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x06625000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x06635000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0664B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x06FF4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0666F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0669E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03A77000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x011E0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0688A000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x07200000 \SystemRoot\system32\DRIVERS\swenum.sys
0x01000000 \SystemRoot\system32\DRIVERS\ks.sys
0x07A7C000 \SystemRoot\system32\DRIVERS\umbus.sys
0x07A8E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x07AE8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x07AFD000 \SystemRoot\system32\drivers\HdAudio.sys
0x07B59000 \SystemRoot\system32\drivers\portcls.sys
0x07B96000 \SystemRoot\system32\drivers\drmk.sys
0x07BB8000 \SystemRoot\system32\drivers\ksthunk.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x07BBE000 \SystemRoot\System32\drivers\Dxapi.sys
0x07BCA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x07BD8000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x07BE4000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x07A00000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x004E0000 \SystemRoot\System32\TSDDD.dll
0x00730000 \SystemRoot\System32\cdd.dll
0x008A0000 \SystemRoot\System32\ATMFD.DLL
0x07A21000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07A3E000 \SystemRoot\System32\Drivers\usbvideo.sys
0x01630000 \SystemRoot\system32\drivers\luafv.sys
0x03484000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x034A3000 \SystemRoot\system32\drivers\WudfPf.sys
0x034C4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x034D9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0352C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0353F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x070DE000 \SystemRoot\system32\drivers\HTTP.sys
0x071A7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x071C5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07000000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0702D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0707B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0709F000 \SystemRoot\System32\Drivers\secdrv.SYS
0x070AA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x071DD000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03557000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0A4AC000 \SystemRoot\System32\DRIVERS\srv.sys
0x0A5DF000 \SystemRoot\system32\DRIVERS\monitor.sys
0x77BB0000 \Windows\System32\ntdll.dll
0x47D20000 \Windows\System32\smss.exe
0xFFED0000 \Windows\System32\apisetschema.dll
0xFF520000 \Windows\System32\autochk.exe
0xFFDE0000 \Windows\System32\advapi32.dll
0xFFBD0000 \Windows\System32\ole32.dll
0xFFBB0000 \Windows\System32\imagehlp.dll
0x77D80000 \Windows\System32\normaliz.dll
0xFFB10000 \Windows\System32\comdlg32.dll
0x77D70000 \Windows\System32\psapi.dll
0xFFAB0000 \Windows\System32\Wldap32.dll
0xFFA40000 \Windows\System32\gdi32.dll
0xFF930000 \Windows\System32\msctf.dll
0xFF800000 \Windows\System32\rpcrt4.dll
0xFF7B0000 \Windows\System32\ws2_32.dll
0xFF790000 \Windows\System32\sechost.dll
0x779A0000 \Windows\System32\iertutil.dll
0x778A0000 \Windows\System32\user32.dll
0xFF6F0000 \Windows\System32\clbcatq.dll
0xFF670000 \Windows\System32\shlwapi.dll
0xFF590000 \Windows\System32\oleaut32.dll
0xFF510000 \Windows\System32\difxapi.dll
0xFE780000 \Windows\System32\shell32.dll
0xFE6B0000 \Windows\System32\usp10.dll
0xFE610000 \Windows\System32\msvcrt.dll
0x77780000 \Windows\System32\kernel32.dll
0xFE600000 \Windows\System32\lpk.dll
0xFE5D0000 \Windows\System32\imm32.dll
0xFE3F0000 \Windows\System32\setupapi.dll
0x77630000 \Windows\System32\urlmon.dll
0x774D0000 \Windows\System32\wininet.dll
0xFE3E0000 \Windows\System32\nsi.dll
0xFE3C0000 \Windows\System32\devobj.dll
0xFE380000 \Windows\System32\cfgmgr32.dll
0xFE310000 \Windows\System32\KernelBase.dll
0xFE1A0000 \Windows\System32\crypt32.dll
0xFE160000 \Windows\System32\wintrust.dll
0xFE0C0000 \Windows\System32\comctl32.dll
0xFE0B0000 \Windows\System32\msasn1.dll
0x77D60000 \Windows\SysWOW64\normaliz.dll
Processes (total 53):
0 System Idle Process
4 System
268 C:\Windows\System32\smss.exe
360 csrss.exe
432 C:\Windows\System32\wininit.exe
444 csrss.exe
488 C:\Windows\System32\services.exe
504 C:\Windows\System32\lsass.exe
512 C:\Windows\System32\lsm.exe
632 C:\Windows\System32\svchost.exe
708 C:\Windows\System32\svchost.exe
756 C:\Windows\System32\atiesrxx.exe
812 C:\Windows\System32\winlogon.exe
864 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
560 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\atieclxx.exe
1352 C:\Windows\System32\spoolsv.exe
1380 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1404 C:\Windows\System32\svchost.exe
1524 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1560 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1608 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1676 C:\Windows\System32\svchost.exe
1712 C:\Windows\System32\conhost.exe
1756 C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
1800 C:\Windows\System32\svchost.exe
2256 C:\Windows\System32\taskhost.exe
2436 C:\Windows\System32\dwm.exe
2460 C:\Windows\explorer.exe
2700 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2912 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3020 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3060 C:\Windows\System32\SearchIndexer.exe
2936 C:\Windows\System32\svchost.exe
3056 C:\Windows\System32\svchost.exe
1808 C:\Program Files\Windows Media Player\wmpnetwk.exe
2432 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3832 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
1556 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
672 C:\Windows\System32\svchost.exe
4020 C:\Windows\System32\svchost.exe
3616 dllhost.exe
3904 C:\Users\Alex\Desktop\OSAM\osam.exe
3120 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3636 C:\Windows\System32\audiodg.exe
3324 C:\Windows\System32\svchost.exe
612 C:\Users\Alex\Desktop\MBRCheck.exe
2652 C:\Windows\System32\conhost.exe
3936 C:\Windows\System32\dllhost.exe
2088 C:\Windows\System32\notepad.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000049`60900000 (NTFS)
PhysicalDrive0 Model Number: TOSHIBAMK4055GSX, Rev: FG011M
Size Device Name MBR Status
--------------------------------------------
372 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
TDSS Killer von Kaspersky lässt sich nicht ausführen, es passiert einfach nichts beim öffnen. Außerdem gehen auch manche andere Programme nichtmehr auszuführen, allerdings ohne System dahinter was geht und was nicht. In meinem Startmenü zeigt es unter "Alle Programme" nur noch die Ordner an, aber in denen befinden sich keine Verknüpfungen mehr. Unhide bringt keine Abhilfe ! Danke für die Hilfe im Vorraus ;D |
|
28.01.2012, 16:07
| #2 |
| | Firefox leitet auf andere Seiten um [Logfiles inside] Combofix Logfile:
__________________Code:
ATTFilter ComboFix 12-01-27.01 - Alex 27.01.2012 16:22:13.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4061.2660 [GMT 1:00]
ausgeführt von:: c:\users\Alex\Desktop\blablabla.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\NOTEPAD.EXE-x.txt
c:\programdata\RUNDLL32.EXE-x.txt
c:\users\Alex\AppData\Local\Mozilla\Firefox\firefox.exe
c:\windows\system32\drivers\etc\hosts.txt
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-27 bis 2012-01-27 ))))))))))))))))))))))))))))))
.
.
2012-01-27 16:01 . 2012-01-27 16:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-27 15:02 . 2012-01-27 15:02 -------- d-----w- c:\users\Alex\AppData\Roaming\Ywopl
2012-01-27 15:02 . 2012-01-27 15:02 -------- d-----w- c:\users\Alex\AppData\Roaming\Ufyfka
2012-01-27 11:41 . 2012-01-27 11:41 -------- d-----w- c:\users\Alex\AppData\Roaming\Malwarebytes
2012-01-27 11:41 . 2012-01-27 11:41 -------- d-----w- c:\programdata\Malwarebytes
2012-01-27 11:41 . 2012-01-27 11:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-26 20:17 . 2012-01-26 20:17 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-01-26 17:14 . 2012-01-26 17:14 -------- d-----w- c:\program files\CCleaner
2012-01-24 16:19 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C76B680F-9B1E-4A03-B1C5-53C43917CDB9}\mpengine.dll
2012-01-11 17:42 . 2012-01-11 17:42 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-11 17:42 . 2012-01-11 17:42 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-11 17:42 . 2012-01-11 17:42 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-11 17:42 . 2012-01-11 17:42 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 01:52 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 01:52 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 01:52 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 01:52 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 01:51 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 01:51 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 01:51 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 01:51 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-06 09:05 . 2012-01-14 17:08 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-01-05 17:25 . 2012-01-16 10:28 -------- d-----w- c:\programdata\Symantec
2012-01-05 17:25 . 2012-01-16 10:28 -------- d-----w- c:\programdata\Norton
2012-01-02 16:34 . 2012-01-02 16:34 -------- d-----w- c:\program files (x86)\Rockstar Games
2012-01-02 16:34 . 2012-01-02 16:34 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-01-02 14:19 . 2012-01-05 03:02 -------- d-----w- c:\users\Alex\AppData\Roaming\X-Chat 2
2012-01-02 14:19 . 2012-01-02 14:19 -------- d-----w- c:\program files\XChat-WDK
2011-12-29 17:46 . 2011-12-29 17:46 -------- d-----w- c:\users\Alex\AppData\Roaming\IrfanView
2011-12-29 17:46 . 2011-12-29 17:46 -------- d-----w- c:\program files (x86)\IrfanView
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 16:02 . 2011-08-02 17:20 42496 ----a-w- c:\windows\system32\drivers\oem-drv64.sys
2012-01-26 20:22 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-24 04:52 . 2011-12-14 18:41 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 13:29 . 2010-11-21 03:27 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-05 05:32 . 2011-12-14 18:41 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 18:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-15 14:01 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-15 14:01 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-15 14:01 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-15 14:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-15 14:01 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-15 14:01 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 14:01 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-15 14:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 phonic_FF808U_usb;phonic_FF808U_usb;c:\windows\system32\Drivers\phonic_FF808U_usb_x64.sys [x]
R3 phonic_FF808U_usb_avs;phonic_FF808U_usb_avs;c:\windows\system32\Drivers\phonic_FF808U_usb_avs_x64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 US122;US122 Driver;c:\windows\system32\Drivers\US122x64.sys [x]
R3 US122DL;US122 Firmware Downloader;c:\windows\system32\Drivers\US122DLx64.sys [x]
R3 US122WdmService;US122 Wdm Audio;c:\windows\system32\Drivers\US122Wdmx64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 oem-drv64;OEM-SLP2.1 Driver (HPD64);c:\windows\system32\DRIVERS\oem-drv64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3562432153-2537355380-1562762292-1000Core.job
- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-08 18:29]
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3562432153-2537355380-1562762292-1000UA.job
- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-08 18:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.hiergehtslos.de
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.22
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\dihdoogs.default\
FF - prefs.js: browser.search.selectedEngine - Google Deutschland
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.de/
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-27 17:24:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-01-27 16:24
.
Vor Suchlauf: 7 Verzeichnis(se), 170.334.744.576 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 170.212.773.888 Bytes frei
.
- - End Of File - - A95684B65CD8B2497CAA465899EC9426
|
|
30.01.2012, 12:55
| #3 |
| | Firefox leitet auf andere Seiten um [Logfiles inside] weiß keiner einen rat ?
__________________ |
|
30.01.2012, 13:23
| #4 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | ![Firefox leitet auf andere Seiten um [Logfiles inside] - Ausrufezeichen](images/icons/icon4.gif){kind=icon} Firefox leitet auf andere Seiten um [Logfiles inside]Zitat:
2.) Man postet hier nicht irgendwelche Logfiles, sondern als ersten Schritt das, was im Strang für Hilfesuchende erläutert wird!!  Bitte beachten => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html3.) Einen ganz klaren Hinweis gibt es auch zu http://www.trojaner-board.de/95175-combofix.html Zitat:
Du solltest hier einfach mal genauer lesen und die Regeln und Hinweise beachten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.01.2012, 13:30
| #5 |
| | Firefox leitet auf andere Seiten um [Logfiles inside] ok dass pushen nicht erwünscht ist sehe ich ein und entschuldige mich dafür. um den helfenden möglichst viele infos zu bieten habe ich einfach kurzerhand schonmal mehrere logfiles erstellt und mein problem geschildert. die sache mit dem combofix ist natürlich etwas voreilig von mir gewesen aber jeder in jedem thread bei dem ein ähnliches problem vorherrscht wird nun mal nach einem combofix log gefragt (weiß schon dass die ursache trotzdem immer irgendeine andere sein kann und man deswegen abwarten sollte, aber ich habs erstmal trotz respekts vor dem programm gemacht..) wenn der thread nun geschlossen werden sollte werde ich mich beim nächsten an die exakten regeln halten, wenn nicht können trotzdem gern hilfestellungen hier gegeben werden  gruß alex |
|
30.01.2012, 13:42
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox leitet auf andere Seiten um [Logfiles inside]Zitat:
Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ --> Firefox leitet auf andere Seiten um [Logfiles inside] |
|
30.01.2012, 15:57
| #7 |
| | Firefox leitet auf andere Seiten um [Logfiles inside] malware bytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.30.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Alex :: ALEX-PC [Administrator] 30.01.2012 13:44:43 mbam-log-2012-01-30 (13-44-43).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 328774 Laufzeit: 49 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=485f1e70aa26bb4992c2c7ae092d272d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-30 02:50:03
# local_time=2012-01-30 03:50:03 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 14807 64467331 7600 0
# compatibility_mode=5893 16776573 100 94 0 79560632 0 0
# compatibility_mode=8192 67108863 100 0 3854 3854 0 0
# scanned=159606
# found=3
# cleaned=0
# scan_time=4221
C:\Users\Alex\AppData\Local\Temp\jar_cache2710374185682029377.tmp Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\40a6a3f3-5c0a9cbe Java/Exploit.CVE-2011-3544.AD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\7904e833-5cc91608 Java/Exploit.CVE-2011-3544.D trojan (unable to clean) 00000000000000000000000000000000 I
_____________________________________________________ älteres malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.29.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Alex :: ALEX-PC [Administrator] 29.01.2012 21:55:50 mbam-log-2012-01-29 (21-55-50).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 327452 Laufzeit: 51 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Qoobox\Quarantine\C\Users\Alex\AppData\Local\Mozilla\Firefox\firefox.exe.vir (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\514c5f80-6031171a (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Alex\AppData\Roaming\Ufyfka\kopizu.exe (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
30.01.2012, 16:06
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox leitet auf andere Seiten um [Logfiles inside] Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.01.2012, 16:59
| #9 |
| | Firefox leitet auf andere Seiten um [Logfiles inside] OTL Code:
ATTFilter OTL logfile created on: 30.01.2012 16:48:50 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alex\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 60,87% Memory free 7,93 Gb Paging File | 6,35 Gb Available in Paging File | 80,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 293,41 Gb Total Space | 158,20 Gb Free Space | 53,92% Space Free | Partition Type: NTFS Drive D: | 79,10 Gb Total Space | 25,31 Gb Free Space | 31,99% Space Free | Partition Type: NTFS Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.28 15:27:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe PRC - [2011.08.03 08:29:08 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.21 06:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 06:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.08.03 08:29:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.21 06:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.04.07 16:37:16 | 005,352,960 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.01.28 11:31:56 | 000,042,496 | ---- | M] (secr9tos) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\oem-drv64.sys -- (oem-drv64) OEM-SLP2.1 Driver (HPD64) DRV:64bit: - [2011.10.14 15:18:20 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.08.03 08:29:09 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.08.03 08:29:09 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.02.28 13:50:54 | 000,115,464 | ---- | M] (Archwave AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\phonic_FF808U_usb_x64.sys -- (phonic_FF808U_usb) DRV:64bit: - [2011.02.28 13:50:54 | 000,070,408 | ---- | M] (Archwave AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\phonic_FF808U_usb_avs_x64.sys -- (phonic_FF808U_usb_avs) DRV:64bit: - [2011.02.08 12:03:24 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.01.18 16:49:26 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.01.13 15:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R) DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.20 17:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.08.29 14:53:00 | 000,062,976 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\US122Wdmx64.sys -- (US122WdmService) DRV:64bit: - [2007.08.29 14:52:46 | 000,020,224 | ---- | M] (Frontier Design Group) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\US122DLx64.sys -- (US122DL) DRV:64bit: - [2007.08.29 14:52:36 | 000,200,320 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\US122x64.sys -- (US122) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 BF E7 26 39 51 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google Deutschland" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://www.google.de/" FF - prefs.js..network.proxy.backup.ftp: "85.214.50.156" FF - prefs.js..network.proxy.backup.ftp_port: 8118 FF - prefs.js..network.proxy.backup.socks: "85.214.50.156" FF - prefs.js..network.proxy.backup.socks_port: 8118 FF - prefs.js..network.proxy.backup.ssl: "85.214.50.156" FF - prefs.js..network.proxy.backup.ssl_port: 8118 FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.22 22:10:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.11 18:42:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.22 22:10:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.10 04:41:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.08.02 18:27:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions [2012.01.07 09:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\dihdoogs.default\extensions [2012.01.23 17:06:41 | 000,002,454 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\dihdoogs.default\searchplugins\google-deutschland.xml [2011.11.09 16:56:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DIHDOOGS.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI () (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DIHDOOGS.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI () (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DIHDOOGS.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.01.11 18:42:51 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 18:30:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.03 18:30:30 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.03 18:30:30 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.03 18:30:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.03 18:30:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.03 18:30:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.01.27 17:03:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKCU..\Run: [MusicManager] C:\Users\Alex\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A08B0FC1-616F-4ED8-88D4-2EB95E7FCCE6}: DhcpNameServer = 192.168.1.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6843933-1575-4465-96EE-D9AD31D7FBB5}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FF808U Control Panel.lnk - C:\Programme\Phonic\UsbAudioDriver_FF808U\Phonic_USB_cpl_FF808.exe - (Archwave AG) MsConfig:64bit - StartUpFolder: C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.6897905278999491.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.9762385021001795.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= - File not found MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: avupdate - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: Firefox helper - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: jtiEKAcodyDO.exe - hkey= - key= - File not found MsConfig:64bit - StartUpReg: MusicManager - hkey= - key= - C:\Users\Alex\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: WX1G5A9I7ZVYUU2IP - hkey= - key= - File not found MsConfig:64bit - StartUpReg: {E0558017-78D0-7F5B-CC89-2E5E6496DF96} - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll () Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation) Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.30 14:35:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.01.28 15:31:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\OSAM [2012.01.28 15:28:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe [2012.01.27 18:04:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.01.27 17:57:51 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\blabla.exe [2012.01.27 17:25:12 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.01.27 16:16:15 | 000,000,000 | ---D | C] -- C:\blablabla [2012.01.27 16:02:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ywopl [2012.01.27 16:02:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ufyfka [2012.01.27 13:54:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.01.27 13:54:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.01.27 13:54:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.01.27 13:48:31 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.01.27 13:45:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.01.27 12:41:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes [2012.01.27 12:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.27 12:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.27 12:41:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.01.26 22:20:20 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{76CC1893-FC50-4086-823C-F796BEBE5125} [2012.01.26 22:20:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{194292B9-15BD-49AC-9C5E-D1CBAC6609CA} [2012.01.26 22:16:18 | 000,000,000 | ---D | C] -- C:\Windows\de [2012.01.26 21:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2012.01.26 21:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2012.01.26 21:23:47 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.01.26 21:18:00 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Windows Live [2012.01.26 21:17:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2012.01.26 18:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.01.26 18:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.01.26 18:11:31 | 004,391,956 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\blablabla.exe [2012.01.06 10:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2012.01.05 18:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2012.01.05 18:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.01.05 18:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2012.01.02 17:38:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\GTA Vice City User Files [2012.01.02 17:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2012.01.02 17:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games [2012.01.02 17:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012.01.02 15:19:52 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\X-Chat 2 [2012.01.02 15:19:52 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Downloads [2012.01.02 15:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XChat-WDK [2012.01.02 15:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\XChat-WDK ========== Files - Modified Within 30 Days ========== [2012.01.30 16:44:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3562432153-2537355380-1562762292-1000UA.job [2012.01.30 08:26:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.30 06:44:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3562432153-2537355380-1562762292-1000Core.job [2012.01.29 12:11:22 | 000,026,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.29 12:11:22 | 000,026,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.28 15:27:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe [2012.01.28 11:32:00 | 3193,581,568 | -HS- | M] () -- C:\hiberfil.sys [2012.01.28 11:31:56 | 000,042,496 | ---- | M] (secr9tos) -- C:\Windows\SysNative\drivers\oem-drv64.sys [2012.01.27 17:52:11 | 000,080,384 | ---- | M] () -- C:\Users\Alex\Desktop\MBRCheck.exe [2012.01.27 17:03:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.01.27 16:07:16 | 000,010,435 | ---- | M] () -- C:\Users\Alex\Documents\chorTermine.html [2012.01.27 16:02:12 | 000,010,380 | ---- | M] () -- C:\Users\Alex\Documents\index.html [2012.01.27 13:50:42 | 004,391,956 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\blablabla.exe [2012.01.27 12:41:23 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.26 23:37:34 | 004,870,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.01.26 20:42:53 | 017,494,336 | ---- | M] () -- C:\Users\Alex\Desktop\groovy dreamy - Kopie (2).wav [2012.01.26 18:14:32 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.01.24 16:44:58 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\blabla.exe [2012.01.23 21:23:36 | 000,001,031 | ---- | M] () -- C:\Users\Alex\Desktop\Studio One x64.lnk [2012.01.23 16:30:02 | 004,246,536 | ---- | M] () -- C:\Users\Alex\Desktop\bewerbung.odt [2012.01.23 16:24:11 | 003,121,801 | ---- | M] () -- C:\Users\Alex\Desktop\bewerbung Alexander Riedel.pdf [2012.01.23 16:20:32 | 000,108,812 | ---- | M] () -- C:\Users\Alex\Desktop\Unbenannt-1.jpg [2012.01.14 18:51:18 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.14 18:51:18 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.14 18:51:18 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.14 18:51:18 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.14 18:51:18 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat ========== Files Created - No Company Name ========== [2012.01.27 17:51:12 | 000,080,384 | ---- | C] () -- C:\Users\Alex\Desktop\MBRCheck.exe [2012.01.27 13:54:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.01.27 13:54:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.01.27 13:54:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.01.27 13:54:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.01.27 13:54:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.01.27 12:41:23 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.26 23:37:14 | 004,870,392 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.01.26 22:12:16 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2012.01.26 22:04:42 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2012.01.26 20:42:31 | 017,494,336 | ---- | C] () -- C:\Users\Alex\Desktop\groovy dreamy - Kopie (2).wav [2012.01.26 18:14:32 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.01.23 16:22:57 | 003,121,801 | ---- | C] () -- C:\Users\Alex\Desktop\bewerbung Alexander Riedel.pdf [2012.01.23 16:20:30 | 000,108,812 | ---- | C] () -- C:\Users\Alex\Desktop\Unbenannt-1.jpg [2012.01.18 23:30:02 | 004,246,536 | ---- | C] () -- C:\Users\Alex\Desktop\bewerbung.odt [2012.01.15 18:06:00 | 000,010,380 | ---- | C] () -- C:\Users\Alex\Documents\index.html [2011.11.30 17:14:45 | 000,000,132 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011.11.22 22:22:14 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.11.22 22:22:12 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.11.22 22:22:12 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.11.22 22:22:12 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.11.08 16:00:00 | 001,295,798 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandReverbpresets.xml [2011.11.08 16:00:00 | 000,826,767 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MReverbpresets.xml [2011.11.08 16:00:00 | 000,667,615 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandRhythmizerpresets.xml [2011.11.08 16:00:00 | 000,254,627 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandDelaypresets.xml [2011.11.08 16:00:00 | 000,199,297 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandFreqShifterpresets.xml [2011.11.08 16:00:00 | 000,193,849 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandDistortionpresets.xml [2011.11.08 16:00:00 | 000,163,535 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandConvolutionpresets.xml [2011.11.08 16:00:00 | 000,154,386 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandAutopanpresets.xml [2011.11.08 16:00:00 | 000,148,511 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandFlangerpresets.xml [2011.11.08 16:00:00 | 000,135,842 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MFilterpresets.xml [2011.11.08 16:00:00 | 000,125,408 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandVibratopresets.xml [2011.11.08 16:00:00 | 000,122,007 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandHarmonizerpresets.xml [2011.11.08 16:00:00 | 000,120,395 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandChoruspresets.xml [2011.11.08 16:00:00 | 000,115,704 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandPhaserpresets.xml [2011.11.08 16:00:00 | 000,086,911 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandRingModulatorpresets.xml [2011.11.08 16:00:00 | 000,086,536 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MRhythmizerSequencepresets.xml [2011.11.08 16:00:00 | 000,085,968 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MRhythmizerpresets.xml [2011.11.08 16:00:00 | 000,081,060 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandTremolopresets.xml [2011.11.08 16:00:00 | 000,063,631 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandReverbpresets.active [2011.11.08 16:00:00 | 000,063,254 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandDynamicspresets.xml [2011.11.08 16:00:00 | 000,061,406 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandDistortionpresets.active [2011.11.08 16:00:00 | 000,060,676 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandVibratopresets.active [2011.11.08 16:00:00 | 000,059,052 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandWaveShaperpresets.xml [2011.11.08 16:00:00 | 000,058,594 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandTransientpresets.xml [2011.11.08 16:00:00 | 000,054,609 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandTremolopresets.active [2011.11.08 16:00:00 | 000,053,759 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandAutopanpresets.active [2011.11.08 16:00:00 | 000,052,267 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MAutoDynamicEqpresets.xml [2011.11.08 16:00:00 | 000,051,825 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MRhythmizerSequenceVolumepresets.xml [2011.11.08 16:00:00 | 000,049,227 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MFilterpresets.active [2011.11.08 16:00:00 | 000,048,067 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandFreqShifterpresets.active [2011.11.08 16:00:00 | 000,046,546 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandFlangerpresets.active [2011.11.08 16:00:00 | 000,046,270 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandDynamicspresets.active [2011.11.08 16:00:00 | 000,044,956 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandPhaserpresets.active [2011.11.08 16:00:00 | 000,044,289 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandHarmonizerpresets.active [2011.11.08 16:00:00 | 000,040,503 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandDelaypresets.active [2011.11.08 16:00:00 | 000,038,927 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandChoruspresets.active [2011.11.08 16:00:00 | 000,037,342 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MDynamicEqpresets.xml [2011.11.08 16:00:00 | 000,035,733 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MReverbpresets.active [2011.11.08 16:00:00 | 000,034,155 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MDynamicspresets.active [2011.11.08 16:00:00 | 000,032,555 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandWaveShaperpresets.active [2011.11.08 16:00:00 | 000,032,410 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandSaturatorpresets.xml [2011.11.08 16:00:00 | 000,030,798 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MDynamicspresets.xml [2011.11.08 16:00:00 | 000,028,727 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MSpectralDynamicspresets.xml [2011.11.08 16:00:00 | 000,027,283 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandSaturatorpresets.active [2011.11.08 16:00:00 | 000,026,429 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MCompressorpresets.xml [2011.11.08 16:00:00 | 000,025,570 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandRingModulatorpresets.active [2011.11.08 16:00:00 | 000,023,302 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandTransientpresets.active [2011.11.08 16:00:00 | 000,021,399 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandLimiterpresets.active [2011.11.08 16:00:00 | 000,021,299 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MEqualizerpresets.xml [2011.11.08 16:00:00 | 000,020,511 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MSpectralDynamicspresets.active [2011.11.08 16:00:00 | 000,020,193 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MLimiterpresets.xml [2011.11.08 16:00:00 | 000,020,123 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MFlangerpresets.xml [2011.11.08 16:00:00 | 000,017,558 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MModernCompressorpresets.xml [2011.11.08 16:00:00 | 000,017,537 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MDelaypresets.xml [2011.11.08 16:00:00 | 000,015,613 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MMultiBandLimiterpresets.xml [2011.11.08 16:00:00 | 000,013,158 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MOscillatorpresets.xml [2011.11.08 16:00:00 | 000,012,248 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MRhythmizerSequenceSetpresets.xml [2011.11.08 16:00:00 | 000,011,422 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MFreeformEqualizerpresets.xml [2011.11.08 16:00:00 | 000,010,793 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MDistortionpresets.xml [2011.11.08 16:00:00 | 000,009,119 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MFreqShifterpresets.xml [2011.11.08 16:00:00 | 000,007,646 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MStereoExpanderpresets.xml [2011.11.08 16:00:00 | 000,007,355 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MEqualizerLinearPhasepresets.xml [2011.11.08 16:00:00 | 000,006,953 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MFreeformAnalogEqpresets.xml [2011.11.08 16:00:00 | 000,006,687 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\menvelopepresets.xml [2011.11.08 16:00:00 | 000,006,652 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MAnalyzerpresets.xml [2011.11.08 16:00:00 | 000,005,914 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MWaveShaperpresets.xml [2011.11.08 16:00:00 | 000,005,832 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MDynamicsLimiterpresets.active [2011.11.08 16:00:00 | 000,005,022 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MRhythmizerSequenceVolumeSetpresets.xml [2011.11.08 16:00:00 | 000,004,490 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MModernCompressorAnalyzerpresets.xml [2011.11.08 16:00:00 | 000,004,377 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MChoruspresets.xml [2011.11.08 16:00:00 | 000,004,362 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MPhaserpresets.xml [2011.11.08 16:00:00 | 000,004,103 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MStereoProcessorpresets.xml [2011.11.08 16:00:00 | 000,003,771 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MRingModulatorpresets.xml [2011.11.08 16:00:00 | 000,003,597 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MTransientpresets.xml [2011.11.08 16:00:00 | 000,002,820 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MEqualizerAreasEditorpresets.xml [2011.11.08 16:00:00 | 000,002,666 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MVibratopresets.xml [2011.11.08 16:00:00 | 000,002,492 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MSpectralAnalyzerPrefilterpresets.xml [2011.11.08 16:00:00 | 000,002,366 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MTremolopresets.xml [2011.11.08 16:00:00 | 000,001,948 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MAutopanpresets.xml [2011.11.08 16:00:00 | 000,001,235 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\mbasestyleconfigurationpresets.xml [2011.11.08 16:00:00 | 000,001,011 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MValueToColor5presets.xml [2011.11.08 16:00:00 | 000,000,688 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MUltraMaximizerpresets.xml [2011.11.08 16:00:00 | 000,000,119 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MAutoEqualizerLinearPhasepresets.xml [2011.11.08 16:00:00 | 000,000,109 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MDynamicsLimiterpresets.xml [2011.11.08 16:00:00 | 000,000,098 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\MAutoEqualizerpresets.xml [2011.08.02 18:10:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll ========== LOP Check ========== [2011.10.27 10:00:14 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\.minecraft [2012.01.26 18:17:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite [2011.12.20 10:18:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Fikutym [2012.01.26 18:17:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Free Download Manager [2011.08.08 19:59:29 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FreeHideIP [2012.01.12 21:50:27 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ICQ [2011.12.29 18:46:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\IrfanView [2011.09.20 11:29:26 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\iZotope [2011.10.27 17:18:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Line 6 [2011.11.22 21:47:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\MeldaProduction [2011.11.11 16:59:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\MeldaProduction IR [2011.11.11 16:59:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\MTexturedStyles [2011.12.12 15:51:06 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Obew [2011.08.10 13:27:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org [2011.11.12 17:17:17 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PreSonus [2011.08.04 16:36:29 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Propellerhead Software [2011.12.12 17:10:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Rykac [2011.11.30 15:52:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.08.02 18:29:29 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Thunderbird [2012.01.30 07:55:36 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ufyfka [2011.12.20 17:44:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Unity [2012.01.26 18:17:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\uTorrent [2011.11.14 16:19:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\WinBatch [2012.01.05 04:02:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\X-Chat 2 [2011.12.20 10:55:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ybezwo [2012.01.27 16:02:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ywopl [2009.07.14 06:08:49 | 000,031,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.10.27 10:00:14 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\.minecraft [2012.01.19 00:05:27 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Adobe [2011.11.30 15:52:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Adobe Mini Bridge CS5 [2011.08.03 00:02:38 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Apple Computer [2011.08.09 10:32:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Avira [2012.01.26 18:17:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite [2011.12.15 18:01:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DivX [2011.12.20 10:18:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Fikutym [2012.01.26 18:17:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Free Download Manager [2011.08.08 19:59:29 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FreeHideIP [2012.01.12 21:50:27 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ICQ [2011.08.02 18:21:15 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Identities [2011.12.29 18:46:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\IrfanView [2011.09.20 11:29:26 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\iZotope [2011.10.27 17:18:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Line 6 [2011.08.02 19:04:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Macromedia [2012.01.27 12:41:41 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Malwarebytes [2010.11.21 08:00:26 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Media Center Programs [2012.01.26 18:17:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Media Player Classic [2011.11.22 21:47:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\MeldaProduction [2011.11.11 16:59:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\MeldaProduction IR [2011.12.18 23:16:14 | 000,000,000 | --SD | M] -- C:\Users\Alex\AppData\Roaming\Microsoft [2011.08.02 18:27:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Mozilla [2011.11.11 16:59:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\MTexturedStyles [2011.12.12 15:51:06 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Obew [2011.08.10 13:27:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org [2011.11.12 17:17:17 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PreSonus [2011.08.04 16:36:29 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Propellerhead Software [2011.12.12 17:10:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Rykac [2011.11.30 15:52:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.08.02 18:29:29 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Thunderbird [2012.01.30 07:55:36 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ufyfka [2011.12.20 17:44:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Unity [2012.01.26 18:17:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\uTorrent [2011.09.05 11:37:05 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\vlc [2011.11.14 16:19:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\WinBatch [2011.08.02 19:02:58 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\WinRAR [2012.01.05 04:02:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\X-Chat 2 [2011.12.20 10:55:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ybezwo [2012.01.27 16:02:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ywopl < %APPDATA%\*.exe /s > [2011.03.01 14:26:14 | 000,270,848 | ---- | M] (Teckda) -- C:\Users\Alex\AppData\Roaming\.minecraft\Minecraft Beta.exe [2010.10.21 02:00:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Alex\AppData\Roaming\.minecraft\Minecraft Updater.exe [2011.03.01 14:26:14 | 000,270,848 | ---- | M] (Teckda) -- C:\Users\Alex\AppData\Roaming\.minecraft\Minecraft-m3Zz.exe [2010.09.25 10:15:26 | 000,232,159 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\.minecraft\Minecraft.exe [2011.09.01 11:15:07 | 000,081,716 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\.minecraft\Uninstall.exe [2010.10.21 02:00:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Alex\AppData\Roaming\.minecraft\Updater (zerstört die Mods).exe [2011.07.20 17:33:34 | 000,479,232 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\.minecraft\.craftbukkit\BukkitServerGUI_64.exe [2011.07.20 17:33:10 | 000,465,408 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\.minecraft\.craftbukkit\BukkitServerGUI_86.exe [2011.05.20 21:05:30 | 000,772,096 | ---- | M] (Microsoft) -- C:\Users\Alex\AppData\Roaming\.minecraft\tools\FlashShelter Editor Beta v0.1\FS Editor Beta.exe [2011.07.20 22:54:56 | 000,258,048 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\.minecraft\tools\Inventory Editor v0.9.15\INVedit.exe [2011.07.11 11:36:04 | 000,018,944 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\.minecraft\tools\MCEdit - World Editor v15-32bit\MCEditData\main.exe [2011.07.24 04:02:48 | 000,110,080 | ---- | M] (KVK Consultancy) -- C:\Users\Alex\AppData\Roaming\.minecraft\tools\MineBack - World Backup v4.2.0.4\MineBack.exe [2011.07.24 05:33:54 | 005,536,064 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\.minecraft\tools\Minecraft Structure Planner v0.97.7\MinecraftStructurePlanner.exe < %SYSTEMDRIVE%\*.exe > [2010.06.25 20:16:54 | 000,680,440 | ---- | M] (Microsoft Corporation) -- C:\DPInst.exe < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
30.01.2012, 21:45
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox leitet auf andere Seiten um [Logfiles inside] Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hiergehtslos.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 BF E7 26 39 51 CC 01 [binary data]
FF - prefs.js..network.proxy.backup.ftp: "85.214.50.156"
FF - prefs.js..network.proxy.backup.ftp_port: 8118
FF - prefs.js..network.proxy.backup.socks: "85.214.50.156"
FF - prefs.js..network.proxy.backup.socks_port: 8118
FF - prefs.js..network.proxy.backup.ssl: "85.214.50.156"
FF - prefs.js..network.proxy.backup.ssl_port: 8118
FF - prefs.js..network.proxy.gopher: ""
[2012.01.27 16:16:15 | 000,000,000 | ---D | C] -- C:\blablabla
[2012.01.27 16:02:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ywopl
[2012.01.27 16:02:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ufyfka
[2012.01.27 17:57:51 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\blabla.exe
[2012.01.27 13:50:42 | 004,391,956 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\blablabla.exe
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.01.2012, 22:01
| #11 |
| | Firefox leitet auf andere Seiten um [Logfiles inside]Code:
ATTFilter All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Prefs.js: "85.214.50.156" removed from network.proxy.backup.ftp
Prefs.js: 8118 removed from network.proxy.backup.ftp_port
Prefs.js: "85.214.50.156" removed from network.proxy.backup.socks
Prefs.js: 8118 removed from network.proxy.backup.socks_port
Prefs.js: "85.214.50.156" removed from network.proxy.backup.ssl
Prefs.js: 8118 removed from network.proxy.backup.ssl_port
Prefs.js: "" removed from network.proxy.gopher
C:\blablabla folder moved successfully.
C:\Users\Alex\AppData\Roaming\Ywopl folder moved successfully.
C:\Users\Alex\AppData\Roaming\Ufyfka folder moved successfully.
C:\Users\Alex\Desktop\blabla.exe moved successfully.
C:\Users\Alex\Desktop\blablabla.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Alex
->Temp folder emptied: 426453 bytes
->Temporary Internet Files folder emptied: 19662255 bytes
->Java cache emptied: 1028766 bytes
->FireFox cache emptied: 44036722 bytes
->Flash cache emptied: 4208 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6486 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 423207 bytes
Total Files Cleaned = 63,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 01302012_214743
Files\Folders moved on Reboot...
C:\Users\Alex\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Nachdem es neugestartet hat, war wieder dieses "Geld zum entsperren bezahlen " Script aktiv...Im Systemstart hatte sich der Eintrag "mozilla client" eingenistet mit der adresse C:\users\alex\appdata\local\mozilla\firefox\firefox.exe nach entfernen dieses geht es wieder... außerdem hat es beim start angezeigt, dass irgendeine .dll für Malwarebytes nicht gefunden worden ist. |
|
30.01.2012, 22:27
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox leitet auf andere Seiten um [Logfiles inside] Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.01.2012, 22:31
| #13 |
| | Firefox leitet auf andere Seiten um [Logfiles inside]Code:
ATTFilter 22:28:55.0600 3336 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
22:28:55.0798 3336 ============================================================
22:28:55.0798 3336 Current date / time: 2012/01/30 22:28:55.0798
22:28:55.0798 3336 SystemInfo:
22:28:55.0798 3336
22:28:55.0798 3336 OS Version: 6.1.7601 ServicePack: 1.0
22:28:55.0798 3336 Product type: Workstation
22:28:55.0798 3336 ComputerName: ALEX-PC
22:28:55.0799 3336 UserName: Alex
22:28:55.0799 3336 Windows directory: C:\Windows
22:28:55.0799 3336 System windows directory: C:\Windows
22:28:55.0799 3336 Running under WOW64
22:28:55.0799 3336 Processor architecture: Intel x64
22:28:55.0799 3336 Number of processors: 2
22:28:55.0799 3336 Page size: 0x1000
22:28:55.0799 3336 Boot type: Normal boot
22:28:55.0799 3336 ============================================================
22:28:57.0113 3336 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:28:57.0117 3336 \Device\Harddisk0\DR0:
22:28:57.0117 3336 MBR used
22:28:57.0117 3336 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:28:57.0117 3336 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x24AD2000
22:28:57.0117 3336 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x24B04800, BlocksNum 0x9E33800
22:28:57.0204 3336 Initialize success
22:28:57.0204 3336 ============================================================
22:30:02.0359 4072 ============================================================
22:30:02.0359 4072 Scan started
22:30:02.0359 4072 Mode: Manual; SigCheck; TDLFS;
22:30:02.0359 4072 ============================================================
22:30:03.0779 4072 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:30:03.0888 4072 1394ohci - ok
22:30:03.0982 4072 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:30:04.0013 4072 ACPI - ok
22:30:04.0122 4072 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:30:04.0185 4072 AcpiPmi - ok
22:30:04.0325 4072 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
22:30:04.0372 4072 adp94xx - ok
22:30:04.0465 4072 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
22:30:04.0512 4072 adpahci - ok
22:30:04.0621 4072 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
22:30:04.0668 4072 adpu320 - ok
22:30:04.0793 4072 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
22:30:04.0887 4072 AFD - ok
22:30:04.0965 4072 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:30:05.0011 4072 agp440 - ok
22:30:05.0121 4072 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:30:05.0152 4072 aliide - ok
22:30:05.0245 4072 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:30:05.0292 4072 amdide - ok
22:30:05.0401 4072 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
22:30:05.0464 4072 AmdK8 - ok
22:30:05.0526 4072 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
22:30:05.0589 4072 AmdPPM - ok
22:30:05.0682 4072 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
22:30:05.0729 4072 amdsata - ok
22:30:05.0823 4072 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
22:30:05.0869 4072 amdsbs - ok
22:30:05.0963 4072 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
22:30:05.0994 4072 amdxata - ok
22:30:06.0103 4072 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:30:06.0197 4072 AppID - ok
22:30:06.0337 4072 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
22:30:06.0369 4072 arc - ok
22:30:06.0478 4072 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
22:30:06.0509 4072 arcsas - ok
22:30:06.0603 4072 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:30:06.0681 4072 AsyncMac - ok
22:30:06.0743 4072 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:30:06.0774 4072 atapi - ok
22:30:06.0946 4072 athr (96abf88241f90ff647e55c934c55c2f1) C:\Windows\system32\DRIVERS\athrx.sys
22:30:07.0024 4072 athr ( UnsignedFile.Multi.Generic ) - warning
22:30:07.0024 4072 athr - detected UnsignedFile.Multi.Generic (1)
22:30:07.0305 4072 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
22:30:07.0507 4072 atikmdag - ok
22:30:07.0601 4072 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
22:30:07.0663 4072 avgntflt - ok
22:30:07.0679 4072 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
22:30:07.0695 4072 avipbb - ok
22:30:07.0819 4072 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
22:30:07.0913 4072 b06bdrv - ok
22:30:08.0007 4072 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:30:08.0085 4072 b57nd60a - ok
22:30:08.0194 4072 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:30:08.0241 4072 Beep - ok
22:30:08.0334 4072 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:30:08.0412 4072 blbdrive - ok
22:30:08.0521 4072 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:30:08.0584 4072 bowser - ok
22:30:08.0693 4072 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
22:30:08.0740 4072 BrFiltLo - ok
22:30:08.0818 4072 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
22:30:08.0849 4072 BrFiltUp - ok
22:30:08.0958 4072 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:30:09.0052 4072 BridgeMP - ok
22:30:09.0130 4072 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:30:09.0239 4072 Brserid - ok
22:30:09.0317 4072 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:30:09.0379 4072 BrSerWdm - ok
22:30:09.0457 4072 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:30:09.0520 4072 BrUsbMdm - ok
22:30:09.0598 4072 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:30:09.0645 4072 BrUsbSer - ok
22:30:09.0738 4072 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
22:30:09.0785 4072 BTHMODEM - ok
22:30:09.0832 4072 catchme - ok
22:30:09.0910 4072 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:30:10.0003 4072 cdfs - ok
22:30:10.0097 4072 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:30:10.0128 4072 cdrom - ok
22:30:10.0237 4072 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
22:30:10.0300 4072 circlass - ok
22:30:10.0393 4072 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:30:10.0425 4072 CLFS - ok
22:30:10.0534 4072 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:30:10.0565 4072 CmBatt - ok
22:30:10.0830 4072 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:30:10.0877 4072 cmdide - ok
22:30:10.0971 4072 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:30:11.0049 4072 CNG - ok
22:30:11.0127 4072 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
22:30:11.0142 4072 Compbatt - ok
22:30:11.0236 4072 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:30:11.0314 4072 CompositeBus - ok
22:30:11.0423 4072 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
22:30:11.0454 4072 crcdisk - ok
22:30:11.0563 4072 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
22:30:11.0657 4072 CSC - ok
22:30:11.0751 4072 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:30:11.0844 4072 DfsC - ok
22:30:11.0922 4072 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:30:12.0000 4072 discache - ok
22:30:12.0109 4072 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
22:30:12.0156 4072 Disk - ok
22:30:12.0250 4072 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
22:30:12.0328 4072 dmvsc - ok
22:30:12.0437 4072 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:30:12.0484 4072 drmkaud - ok
22:30:12.0609 4072 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:30:12.0640 4072 dtsoftbus01 - ok
22:30:12.0765 4072 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:30:12.0827 4072 DXGKrnl - ok
22:30:12.0999 4072 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
22:30:13.0123 4072 ebdrv - ok
22:30:13.0233 4072 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
22:30:13.0279 4072 elxstor - ok
22:30:13.0357 4072 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:30:13.0420 4072 ErrDev - ok
22:30:13.0513 4072 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:30:13.0607 4072 exfat - ok
22:30:13.0685 4072 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:30:13.0747 4072 fastfat - ok
22:30:13.0857 4072 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
22:30:13.0903 4072 fdc - ok
22:30:13.0997 4072 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:30:14.0028 4072 FileInfo - ok
22:30:14.0044 4072 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:30:14.0075 4072 Filetrace - ok
22:30:14.0153 4072 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
22:30:14.0200 4072 flpydisk - ok
22:30:14.0293 4072 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:30:14.0340 4072 FltMgr - ok
22:30:14.0434 4072 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:30:14.0465 4072 FsDepends - ok
22:30:14.0481 4072 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:30:14.0481 4072 Fs_Rec - ok
22:30:14.0590 4072 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:30:14.0652 4072 fvevol - ok
22:30:14.0746 4072 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
22:30:14.0777 4072 gagp30kx - ok
22:30:14.0886 4072 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:30:14.0902 4072 GEARAspiWDM - ok
22:30:14.0933 4072 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:30:14.0980 4072 hcw85cir - ok
22:30:15.0089 4072 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:30:15.0167 4072 HdAudAddService - ok
22:30:15.0261 4072 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:30:15.0323 4072 HDAudBus - ok
22:30:15.0417 4072 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
22:30:15.0448 4072 HidBatt - ok
22:30:15.0541 4072 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
22:30:15.0588 4072 HidBth - ok
22:30:15.0682 4072 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
22:30:15.0729 4072 HidIr - ok
22:30:15.0822 4072 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:30:15.0885 4072 HidUsb - ok
22:30:15.0978 4072 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:30:16.0009 4072 HpSAMD - ok
22:30:16.0119 4072 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:30:16.0212 4072 HTTP - ok
22:30:16.0290 4072 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:30:16.0321 4072 hwpolicy - ok
22:30:16.0415 4072 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:30:16.0431 4072 i8042prt - ok
22:30:16.0540 4072 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
22:30:16.0571 4072 iaStorV - ok
22:30:16.0789 4072 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:30:17.0008 4072 igfx - ok
22:30:17.0117 4072 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
22:30:17.0148 4072 iirsp - ok
22:30:17.0226 4072 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:30:17.0257 4072 intelide - ok
22:30:17.0351 4072 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:30:17.0398 4072 intelppm - ok
22:30:17.0491 4072 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:30:17.0554 4072 IpFilterDriver - ok
22:30:17.0647 4072 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:30:17.0694 4072 IPMIDRV - ok
22:30:17.0788 4072 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:30:17.0866 4072 IPNAT - ok
22:30:17.0959 4072 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:30:18.0006 4072 IRENUM - ok
22:30:18.0100 4072 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:30:18.0131 4072 isapnp - ok
22:30:18.0225 4072 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:30:18.0287 4072 iScsiPrt - ok
22:30:18.0365 4072 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:30:18.0396 4072 kbdclass - ok
22:30:18.0490 4072 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:30:18.0537 4072 kbdhid - ok
22:30:18.0646 4072 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:30:18.0693 4072 KSecDD - ok
22:30:18.0786 4072 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:30:18.0817 4072 KSecPkg - ok
22:30:18.0911 4072 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:30:18.0989 4072 ksthunk - ok
22:30:19.0098 4072 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:30:19.0192 4072 lltdio - ok
22:30:19.0285 4072 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
22:30:19.0332 4072 LSI_FC - ok
22:30:19.0410 4072 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
22:30:19.0441 4072 LSI_SAS - ok
22:30:19.0535 4072 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
22:30:19.0566 4072 LSI_SAS2 - ok
22:30:19.0644 4072 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
22:30:19.0691 4072 LSI_SCSI - ok
22:30:19.0785 4072 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:30:19.0878 4072 luafv - ok
22:30:19.0956 4072 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
22:30:19.0987 4072 megasas - ok
22:30:20.0097 4072 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
22:30:20.0143 4072 MegaSR - ok
22:30:20.0237 4072 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:30:20.0299 4072 Modem - ok
22:30:20.0377 4072 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:30:20.0409 4072 monitor - ok
22:30:20.0502 4072 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:30:20.0533 4072 mouclass - ok
22:30:20.0611 4072 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:30:20.0643 4072 mouhid - ok
22:30:20.0658 4072 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:30:20.0674 4072 mountmgr - ok
22:30:20.0736 4072 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:30:20.0783 4072 mpio - ok
22:30:20.0861 4072 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:30:20.0923 4072 mpsdrv - ok
22:30:21.0017 4072 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:30:21.0079 4072 MRxDAV - ok
22:30:21.0173 4072 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:30:21.0220 4072 mrxsmb - ok
22:30:21.0313 4072 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:30:21.0360 4072 mrxsmb10 - ok
22:30:21.0469 4072 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:30:21.0516 4072 mrxsmb20 - ok
22:30:21.0594 4072 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:30:21.0625 4072 msahci - ok
22:30:21.0703 4072 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:30:21.0735 4072 msdsm - ok
22:30:21.0844 4072 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:30:21.0891 4072 Msfs - ok
22:30:21.0906 4072 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:30:21.0953 4072 mshidkmdf - ok
22:30:22.0031 4072 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:30:22.0062 4072 msisadrv - ok
22:30:22.0156 4072 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:30:22.0234 4072 MSKSSRV - ok
22:30:22.0327 4072 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:30:22.0390 4072 MSPCLOCK - ok
22:30:22.0483 4072 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:30:22.0577 4072 MSPQM - ok
22:30:22.0671 4072 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:30:22.0717 4072 MsRPC - ok
22:30:22.0795 4072 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:30:22.0827 4072 mssmbios - ok
22:30:22.0905 4072 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:30:22.0998 4072 MSTEE - ok
22:30:23.0076 4072 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
22:30:23.0123 4072 MTConfig - ok
22:30:23.0201 4072 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:30:23.0232 4072 Mup - ok
22:30:23.0357 4072 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:30:23.0419 4072 NativeWifiP - ok
22:30:23.0529 4072 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:30:23.0560 4072 NDIS - ok
22:30:23.0653 4072 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:30:23.0716 4072 NdisCap - ok
22:30:23.0809 4072 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:30:23.0887 4072 NdisTapi - ok
22:30:23.0997 4072 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:30:24.0075 4072 Ndisuio - ok
22:30:24.0137 4072 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:30:24.0215 4072 NdisWan - ok
22:30:24.0293 4072 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:30:24.0355 4072 NDProxy - ok
22:30:24.0449 4072 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:30:24.0543 4072 NetBIOS - ok
22:30:24.0621 4072 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:30:24.0667 4072 NetBT - ok
22:30:24.0995 4072 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
22:30:25.0245 4072 NETw5s64 - ok
22:30:25.0697 4072 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
22:30:25.0931 4072 netw5v64 - ok
22:30:26.0025 4072 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
22:30:26.0056 4072 nfrd960 - ok
22:30:26.0149 4072 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:30:26.0227 4072 Npfs - ok
22:30:26.0321 4072 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:30:26.0399 4072 nsiproxy - ok
22:30:26.0524 4072 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
22:30:26.0586 4072 Ntfs - ok
22:30:26.0664 4072 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:30:26.0742 4072 Null - ok
22:30:26.0836 4072 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
22:30:26.0867 4072 nvraid - ok
22:30:26.0961 4072 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
22:30:27.0007 4072 nvstor - ok
22:30:27.0101 4072 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:30:27.0148 4072 nv_agp - ok
22:30:27.0241 4072 oem-drv64 (2dc039b54d46bda60eb4a57538a8b9ce) C:\Windows\system32\DRIVERS\oem-drv64.sys
22:30:27.0257 4072 oem-drv64 ( UnsignedFile.Multi.Generic ) - warning
22:30:27.0257 4072 oem-drv64 - detected UnsignedFile.Multi.Generic (1)
22:30:27.0335 4072 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:30:27.0397 4072 ohci1394 - ok
22:30:27.0475 4072 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
22:30:27.0522 4072 Parport - ok
22:30:27.0663 4072 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:30:27.0709 4072 partmgr - ok
22:30:27.0787 4072 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:30:27.0819 4072 pci - ok
22:30:27.0897 4072 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:30:27.0928 4072 pciide - ok
22:30:28.0021 4072 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
22:30:28.0068 4072 pcmcia - ok
22:30:28.0146 4072 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:30:28.0177 4072 pcw - ok
22:30:28.0271 4072 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:30:28.0365 4072 PEAUTH - ok
22:30:28.0489 4072 phonic_FF808U_usb (5d4c552089f906d08ae840ad4544be51) C:\Windows\system32\Drivers\phonic_FF808U_usb_x64.sys
22:30:28.0505 4072 phonic_FF808U_usb - ok
22:30:28.0630 4072 phonic_FF808U_usb_avs (50d901145ac18095cf90137e13bc9867) C:\Windows\system32\Drivers\phonic_FF808U_usb_avs_x64.sys
22:30:28.0661 4072 phonic_FF808U_usb_avs - ok
22:30:28.0770 4072 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:30:28.0864 4072 PptpMiniport - ok
22:30:28.0942 4072 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
22:30:28.0989 4072 Processor - ok
22:30:29.0082 4072 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:30:29.0176 4072 Psched - ok
22:30:29.0301 4072 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
22:30:29.0347 4072 ql2300 - ok
22:30:29.0441 4072 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
22:30:29.0488 4072 ql40xx - ok
22:30:29.0566 4072 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:30:29.0628 4072 QWAVEdrv - ok
22:30:29.0706 4072 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:30:29.0769 4072 RasAcd - ok
22:30:29.0847 4072 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:30:29.0909 4072 RasAgileVpn - ok
22:30:30.0003 4072 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:30:30.0081 4072 Rasl2tp - ok
22:30:30.0283 4072 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:30:30.0361 4072 RasPppoe - ok
22:30:30.0471 4072 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:30:30.0564 4072 RasSstp - ok
22:30:30.0658 4072 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:30:30.0736 4072 rdbss - ok
22:30:30.0814 4072 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:30:30.0876 4072 rdpbus - ok
22:30:30.0970 4072 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:30:31.0032 4072 RDPCDD - ok
22:30:31.0110 4072 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
22:30:31.0188 4072 RDPDR - ok
22:30:31.0282 4072 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:30:31.0360 4072 RDPENCDD - ok
22:30:31.0453 4072 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:30:31.0516 4072 RDPREFMP - ok
22:30:31.0609 4072 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
22:30:31.0656 4072 RdpVideoMiniport - ok
22:30:31.0750 4072 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:30:31.0828 4072 RDPWD - ok
22:30:31.0906 4072 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:30:31.0937 4072 rdyboost - ok
22:30:32.0062 4072 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:30:32.0155 4072 rspndr - ok
22:30:32.0343 4072 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:30:32.0389 4072 RTL8167 - ok
22:30:32.0467 4072 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:30:32.0514 4072 s3cap - ok
22:30:32.0608 4072 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:30:32.0623 4072 sbp2port - ok
22:30:32.0701 4072 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:30:32.0779 4072 scfilter - ok
22:30:32.0873 4072 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:30:32.0951 4072 secdrv - ok
22:30:33.0045 4072 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
22:30:33.0076 4072 Serenum - ok
22:30:33.0185 4072 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
22:30:33.0232 4072 Serial - ok
22:30:33.0325 4072 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
22:30:33.0372 4072 sermouse - ok
22:30:33.0450 4072 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:30:33.0497 4072 sffdisk - ok
22:30:33.0575 4072 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:30:33.0637 4072 sffp_mmc - ok
22:30:33.0715 4072 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:30:33.0762 4072 sffp_sd - ok
22:30:33.0840 4072 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
22:30:33.0887 4072 sfloppy - ok
22:30:34.0012 4072 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
22:30:34.0043 4072 SiSRaid2 - ok
22:30:34.0121 4072 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
22:30:34.0168 4072 SiSRaid4 - ok
22:30:34.0261 4072 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:30:34.0339 4072 Smb - ok
22:30:34.0449 4072 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:30:34.0464 4072 spldr - ok
22:30:34.0589 4072 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:30:34.0651 4072 srv - ok
22:30:34.0776 4072 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:30:34.0854 4072 srv2 - ok
22:30:34.0963 4072 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:30:35.0010 4072 srvnet - ok
22:30:35.0119 4072 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
22:30:35.0151 4072 stexstor - ok
22:30:35.0260 4072 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
22:30:35.0291 4072 storflt - ok
22:30:35.0385 4072 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:30:35.0431 4072 storvsc - ok
22:30:35.0509 4072 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:30:35.0541 4072 swenum - ok
22:30:35.0665 4072 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\Synth3dVsc.sys
22:30:35.0712 4072 Synth3dVsc - ok
22:30:35.0837 4072 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\Windows\system32\DRIVERS\SynTP.sys
22:30:35.0868 4072 SynTP - ok
22:30:36.0024 4072 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:30:36.0102 4072 Tcpip - ok
22:30:36.0258 4072 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:30:36.0305 4072 TCPIP6 - ok
22:30:36.0383 4072 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:30:36.0445 4072 tcpipreg - ok
22:30:36.0523 4072 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:30:36.0586 4072 TDPIPE - ok
22:30:36.0664 4072 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:30:36.0711 4072 TDTCP - ok
22:30:36.0804 4072 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:30:36.0867 4072 tdx - ok
22:30:36.0960 4072 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
22:30:36.0991 4072 TermDD - ok
22:30:37.0085 4072 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
22:30:37.0132 4072 terminpt - ok
22:30:37.0257 4072 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:30:37.0319 4072 tssecsrv - ok
22:30:37.0428 4072 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:30:37.0491 4072 TsUsbFlt - ok
22:30:37.0584 4072 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
22:30:37.0631 4072 TsUsbGD - ok
22:30:37.0725 4072 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
22:30:37.0787 4072 tsusbhub - ok
22:30:37.0896 4072 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:30:37.0974 4072 tunnel - ok
22:30:38.0052 4072 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
22:30:38.0083 4072 uagp35 - ok
22:30:38.0177 4072 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:30:38.0239 4072 udfs - ok
22:30:38.0349 4072 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:30:38.0380 4072 uliagpkx - ok
22:30:38.0473 4072 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:30:38.0536 4072 umbus - ok
22:30:38.0614 4072 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
22:30:38.0661 4072 UmPass - ok
22:30:38.0785 4072 US122 (d021deb32346eee3f62feb3d8f76693f) C:\Windows\system32\Drivers\US122x64.sys
22:30:38.0832 4072 US122 - ok
22:30:38.0941 4072 US122DL (01111dd976635ecd9fa8c2bcc7336a41) C:\Windows\system32\Drivers\US122DLx64.sys
22:30:38.0988 4072 US122DL - ok
22:30:39.0113 4072 US122WdmService (32742f3b719538a12b48717e1ed421cf) C:\Windows\system32\Drivers\US122Wdmx64.sys
22:30:39.0144 4072 US122WdmService - ok
22:30:39.0363 4072 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
22:30:39.0425 4072 usbaudio - ok
22:30:39.0503 4072 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
22:30:39.0534 4072 usbccgp - ok
22:30:39.0643 4072 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:30:39.0706 4072 usbcir - ok
22:30:39.0799 4072 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
22:30:39.0846 4072 usbehci - ok
22:30:39.0940 4072 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
22:30:39.0987 4072 usbhub - ok
22:30:40.0080 4072 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
22:30:40.0127 4072 usbohci - ok
22:30:40.0221 4072 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:30:40.0283 4072 usbprint - ok
22:30:40.0377 4072 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:30:40.0423 4072 usbscan - ok
22:30:40.0501 4072 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:30:40.0548 4072 USBSTOR - ok
22:30:40.0626 4072 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:30:40.0673 4072 usbuhci - ok
22:30:40.0782 4072 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
22:30:40.0845 4072 usbvideo - ok
22:30:40.0954 4072 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:30:40.0985 4072 vdrvroot - ok
22:30:41.0079 4072 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:30:41.0110 4072 vga - ok
22:30:41.0203 4072 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:30:41.0266 4072 VgaSave - ok
22:30:41.0328 4072 VGPU - ok
22:30:41.0359 4072 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:30:41.0391 4072 vhdmp - ok
22:30:41.0484 4072 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:30:41.0500 4072 viaide - ok
22:30:41.0593 4072 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
22:30:41.0640 4072 vmbus - ok
22:30:41.0718 4072 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:30:41.0781 4072 VMBusHID - ok
22:30:41.0874 4072 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:30:41.0890 4072 volmgr - ok
22:30:41.0983 4072 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:30:42.0046 4072 volmgrx - ok
22:30:42.0124 4072 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:30:42.0171 4072 volsnap - ok
22:30:42.0264 4072 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
22:30:42.0311 4072 vsmraid - ok
22:30:42.0389 4072 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:30:42.0451 4072 vwifibus - ok
22:30:42.0545 4072 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:30:42.0607 4072 vwififlt - ok
22:30:42.0685 4072 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
22:30:42.0732 4072 WacomPen - ok
22:30:42.0841 4072 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:30:42.0919 4072 WANARP - ok
22:30:42.0966 4072 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:30:43.0029 4072 Wanarpv6 - ok
22:30:43.0122 4072 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
22:30:43.0153 4072 Wd - ok
22:30:43.0263 4072 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:30:43.0309 4072 Wdf01000 - ok
22:30:43.0419 4072 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:30:43.0481 4072 WfpLwf - ok
22:30:43.0559 4072 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:30:43.0575 4072 WIMMount - ok
22:30:43.0715 4072 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:30:43.0777 4072 WinUsb - ok
22:30:43.0887 4072 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:30:43.0933 4072 WmiAcpi - ok
22:30:44.0043 4072 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:30:44.0105 4072 ws2ifsl - ok
22:30:44.0183 4072 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:30:44.0277 4072 WudfPf - ok
22:30:44.0370 4072 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:30:44.0448 4072 WUDFRd - ok
22:30:44.0479 4072 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:30:44.0511 4072 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
22:30:44.0511 4072 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
22:30:44.0542 4072 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:30:44.0542 4072 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:30:44.0573 4072 Boot (0x1200) (a47893ba920ae5593a78c62b2ea176f6) \Device\Harddisk0\DR0\Partition0
22:30:44.0573 4072 \Device\Harddisk0\DR0\Partition0 - ok
22:30:44.0604 4072 Boot (0x1200) (c0ab27e1d573a7f0969d108f7a874d17) \Device\Harddisk0\DR0\Partition1
22:30:44.0604 4072 \Device\Harddisk0\DR0\Partition1 - ok
22:30:44.0635 4072 Boot (0x1200) (636ebea5597a076ffffbd992e9111848) \Device\Harddisk0\DR0\Partition2
22:30:44.0635 4072 \Device\Harddisk0\DR0\Partition2 - ok
22:30:44.0635 4072 ============================================================
22:30:44.0635 4072 Scan finished
22:30:44.0635 4072 ============================================================
22:30:44.0729 2136 Detected object count: 4
22:30:44.0729 2136 Actual detected object count: 4
22:31:13.0667 2136 athr ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:13.0667 2136 athr ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:31:13.0667 2136 oem-drv64 ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:13.0667 2136 oem-drv64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:31:13.0683 2136 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - skipped by user
22:31:13.0683 2136 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Skip
22:31:13.0683 2136 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:31:13.0683 2136 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
|
|
30.01.2012, 22:42
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox leitet auf andere Seiten um [Logfiles inside]Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.01.2012, 22:59
| #15 |
| | Firefox leitet auf andere Seiten um [Logfiles inside]Code:
ATTFilter 22:51:11.0173 3336 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
22:51:11.0689 3336 ============================================================
22:51:11.0689 3336 Current date / time: 2012/01/30 22:51:11.0689
22:51:11.0689 3336 SystemInfo:
22:51:11.0689 3336
22:51:11.0689 3336 OS Version: 6.1.7601 ServicePack: 1.0
22:51:11.0689 3336 Product type: Workstation
22:51:11.0689 3336 ComputerName: ALEX-PC
22:51:11.0689 3336 UserName: Alex
22:51:11.0689 3336 Windows directory: C:\Windows
22:51:11.0689 3336 System windows directory: C:\Windows
22:51:11.0689 3336 Running under WOW64
22:51:11.0689 3336 Processor architecture: Intel x64
22:51:11.0689 3336 Number of processors: 2
22:51:11.0689 3336 Page size: 0x1000
22:51:11.0689 3336 Boot type: Normal boot
22:51:11.0689 3336 ============================================================
22:51:12.0937 3336 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:51:12.0953 3336 \Device\Harddisk0\DR0:
22:51:12.0953 3336 MBR used
22:51:12.0953 3336 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:51:12.0953 3336 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x24AD2000
22:51:12.0953 3336 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x24B04800, BlocksNum 0x9E33800
22:51:13.0046 3336 Initialize success
22:51:13.0046 3336 ============================================================
22:51:16.0634 3456 ============================================================
22:51:16.0634 3456 Scan started
22:51:16.0634 3456 Mode: Manual; SigCheck; TDLFS;
22:51:16.0634 3456 ============================================================
22:51:18.0226 3456 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:51:18.0475 3456 1394ohci - ok
22:51:18.0600 3456 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:51:18.0616 3456 ACPI - ok
22:51:18.0772 3456 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:51:18.0881 3456 AcpiPmi - ok
22:51:19.0162 3456 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
22:51:19.0193 3456 adp94xx - ok
22:51:19.0380 3456 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
22:51:19.0396 3456 adpahci - ok
22:51:19.0630 3456 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
22:51:19.0645 3456 adpu320 - ok
22:51:19.0864 3456 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
22:51:19.0942 3456 AFD - ok
22:51:20.0113 3456 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:51:20.0113 3456 agp440 - ok
22:51:20.0300 3456 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:51:20.0316 3456 aliide - ok
22:51:20.0472 3456 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:51:20.0488 3456 amdide - ok
22:51:20.0659 3456 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
22:51:20.0706 3456 AmdK8 - ok
22:51:20.0878 3456 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
22:51:20.0924 3456 AmdPPM - ok
22:51:21.0049 3456 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
22:51:21.0065 3456 amdsata - ok
22:51:21.0205 3456 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
22:51:21.0221 3456 amdsbs - ok
22:51:21.0455 3456 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
22:51:21.0455 3456 amdxata - ok
22:51:21.0736 3456 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:51:22.0656 3456 AppID - ok
22:51:22.0874 3456 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
22:51:22.0890 3456 arc - ok
22:51:23.0171 3456 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
22:51:23.0186 3456 arcsas - ok
22:51:23.0342 3456 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:51:23.0982 3456 AsyncMac - ok
22:51:24.0185 3456 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:51:24.0200 3456 atapi - ok
22:51:24.0544 3456 athr (96abf88241f90ff647e55c934c55c2f1) C:\Windows\system32\DRIVERS\athrx.sys
22:51:24.0700 3456 athr ( UnsignedFile.Multi.Generic ) - warning
22:51:24.0700 3456 athr - detected UnsignedFile.Multi.Generic (1)
22:51:25.0370 3456 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
22:51:25.0604 3456 atikmdag - ok
22:51:25.0760 3456 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
22:51:25.0916 3456 avgntflt - ok
22:51:26.0150 3456 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
22:51:26.0166 3456 avipbb - ok
22:51:26.0353 3456 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
22:51:26.0416 3456 b06bdrv - ok
22:51:26.0509 3456 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:51:26.0572 3456 b57nd60a - ok
22:51:26.0665 3456 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:51:26.0696 3456 Beep - ok
22:51:26.0868 3456 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:51:26.0915 3456 blbdrive - ok
22:51:27.0055 3456 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:51:27.0118 3456 bowser - ok
22:51:27.0242 3456 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
22:51:27.0320 3456 BrFiltLo - ok
22:51:27.0476 3456 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
22:51:27.0492 3456 BrFiltUp - ok
22:51:27.0601 3456 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:51:27.0679 3456 BridgeMP - ok
22:51:27.0804 3456 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:51:27.0851 3456 Brserid - ok
22:51:27.0944 3456 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:51:28.0007 3456 BrSerWdm - ok
22:51:28.0116 3456 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:51:28.0147 3456 BrUsbMdm - ok
22:51:28.0303 3456 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:51:28.0334 3456 BrUsbSer - ok
22:51:28.0428 3456 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
22:51:28.0459 3456 BTHMODEM - ok
22:51:28.0490 3456 catchme - ok
22:51:28.0584 3456 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:51:28.0631 3456 cdfs - ok
22:51:28.0756 3456 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:51:28.0818 3456 cdrom - ok
22:51:28.0927 3456 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
22:51:28.0958 3456 circlass - ok
22:51:29.0068 3456 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:51:29.0083 3456 CLFS - ok
22:51:29.0208 3456 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:51:29.0239 3456 CmBatt - ok
22:51:29.0270 3456 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:51:29.0270 3456 cmdide - ok
22:51:29.0395 3456 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:51:29.0442 3456 CNG - ok
22:51:29.0567 3456 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
22:51:29.0567 3456 Compbatt - ok
22:51:29.0707 3456 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:51:29.0754 3456 CompositeBus - ok
22:51:29.0910 3456 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
22:51:29.0926 3456 crcdisk - ok
22:51:30.0113 3456 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
22:51:30.0456 3456 CSC - ok
22:51:30.0643 3456 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:51:30.0706 3456 DfsC - ok
22:51:30.0924 3456 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:51:30.0955 3456 discache - ok
22:51:31.0158 3456 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
22:51:31.0189 3456 Disk - ok
22:51:31.0376 3456 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
22:51:31.0454 3456 dmvsc - ok
22:51:31.0673 3456 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:51:31.0720 3456 drmkaud - ok
22:51:31.0922 3456 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:51:31.0938 3456 dtsoftbus01 - ok
22:51:32.0094 3456 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:51:32.0125 3456 DXGKrnl - ok
22:51:32.0453 3456 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
22:51:32.0702 3456 ebdrv - ok
22:51:33.0046 3456 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
22:51:33.0092 3456 elxstor - ok
22:51:33.0217 3456 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:51:33.0280 3456 ErrDev - ok
22:51:33.0498 3456 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:51:33.0560 3456 exfat - ok
22:51:33.0732 3456 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:51:33.0810 3456 fastfat - ok
22:51:33.0919 3456 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
22:51:33.0966 3456 fdc - ok
22:51:34.0184 3456 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:51:34.0216 3456 FileInfo - ok
22:51:34.0403 3456 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:51:34.0481 3456 Filetrace - ok
22:51:34.0933 3456 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
22:51:34.0949 3456 flpydisk - ok
22:51:35.0245 3456 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:51:35.0276 3456 FltMgr - ok
22:51:35.0448 3456 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:51:35.0448 3456 FsDepends - ok
22:51:35.0620 3456 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:51:35.0635 3456 Fs_Rec - ok
22:51:35.0838 3456 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:51:35.0869 3456 fvevol - ok
22:51:36.0072 3456 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
22:51:36.0088 3456 gagp30kx - ok
22:51:36.0244 3456 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:51:36.0244 3456 GEARAspiWDM - ok
22:51:36.0431 3456 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:51:36.0478 3456 hcw85cir - ok
22:51:36.0836 3456 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:51:36.0899 3456 HdAudAddService - ok
22:51:37.0117 3456 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:51:37.0180 3456 HDAudBus - ok
22:51:37.0304 3456 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
22:51:37.0336 3456 HidBatt - ok
22:51:37.0507 3456 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
22:51:37.0570 3456 HidBth - ok
22:51:37.0726 3456 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
22:51:37.0772 3456 HidIr - ok
22:51:37.0991 3456 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:51:38.0069 3456 HidUsb - ok
22:51:38.0272 3456 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:51:38.0287 3456 HpSAMD - ok
22:51:38.0521 3456 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:51:38.0630 3456 HTTP - ok
22:51:38.0771 3456 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:51:38.0786 3456 hwpolicy - ok
22:51:38.0958 3456 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:51:38.0974 3456 i8042prt - ok
22:51:39.0145 3456 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
22:51:39.0161 3456 iaStorV - ok
22:51:39.0863 3456 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:51:40.0268 3456 igfx - ok
22:51:40.0440 3456 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
22:51:40.0456 3456 iirsp - ok
22:51:40.0705 3456 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:51:40.0736 3456 intelide - ok
22:51:40.0877 3456 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:51:40.0892 3456 intelppm - ok
22:51:41.0002 3456 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:51:41.0048 3456 IpFilterDriver - ok
22:51:41.0220 3456 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:51:41.0267 3456 IPMIDRV - ok
22:51:41.0454 3456 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:51:41.0516 3456 IPNAT - ok
22:51:41.0704 3456 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:51:41.0782 3456 IRENUM - ok
22:51:41.0953 3456 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:51:41.0984 3456 isapnp - ok
22:51:42.0156 3456 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:51:42.0203 3456 iScsiPrt - ok
22:51:42.0328 3456 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:51:42.0390 3456 kbdclass - ok
22:51:42.0515 3456 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:51:42.0546 3456 kbdhid - ok
22:51:42.0749 3456 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:51:42.0749 3456 KSecDD - ok
22:51:42.0874 3456 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:51:42.0889 3456 KSecPkg - ok
22:51:43.0123 3456 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:51:43.0170 3456 ksthunk - ok
22:51:43.0420 3456 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:51:43.0482 3456 lltdio - ok
22:51:43.0748 3456 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
22:51:43.0764 3456 LSI_FC - ok
22:51:43.0951 3456 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
22:51:43.0967 3456 LSI_SAS - ok
22:51:44.0279 3456 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
22:51:44.0279 3456 LSI_SAS2 - ok
22:51:44.0450 3456 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
22:51:44.0466 3456 LSI_SCSI - ok
22:51:44.0622 3456 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:51:44.0669 3456 luafv - ok
22:51:44.0809 3456 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
22:51:44.0809 3456 megasas - ok
22:51:45.0043 3456 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
22:51:45.0074 3456 MegaSR - ok
22:51:45.0199 3456 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:51:45.0246 3456 Modem - ok
22:51:45.0495 3456 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:51:45.0542 3456 monitor - ok
22:51:45.0683 3456 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:51:45.0698 3456 mouclass - ok
22:51:45.0870 3456 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:51:45.0870 3456 mouhid - ok
22:51:46.0151 3456 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:51:46.0166 3456 mountmgr - ok
22:51:46.0260 3456 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:51:46.0291 3456 mpio - ok
22:51:46.0447 3456 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:51:46.0494 3456 mpsdrv - ok
22:51:46.0634 3456 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:51:46.0665 3456 MRxDAV - ok
22:51:46.0853 3456 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:51:46.0915 3456 mrxsmb - ok
22:51:47.0165 3456 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:51:47.0180 3456 mrxsmb10 - ok
22:51:47.0414 3456 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:51:47.0430 3456 mrxsmb20 - ok
22:51:48.0506 3456 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:51:48.0506 3456 msahci - ok
22:51:48.0600 3456 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:51:48.0615 3456 msdsm - ok
22:51:48.0803 3456 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:51:48.0834 3456 Msfs - ok
22:51:49.0115 3456 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:51:49.0177 3456 mshidkmdf - ok
22:51:49.0286 3456 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:51:49.0286 3456 msisadrv - ok
22:51:49.0458 3456 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:51:49.0505 3456 MSKSSRV - ok
22:51:49.0723 3456 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:51:49.0770 3456 MSPCLOCK - ok
22:51:49.0957 3456 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:51:50.0004 3456 MSPQM - ok
22:51:50.0191 3456 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:51:50.0269 3456 MsRPC - ok
22:51:50.0394 3456 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:51:50.0394 3456 mssmbios - ok
22:51:50.0519 3456 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:51:50.0581 3456 MSTEE - ok
22:51:50.0815 3456 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
22:51:50.0846 3456 MTConfig - ok
22:51:51.0033 3456 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:51:51.0221 3456 Mup - ok
22:51:51.0455 3456 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:51:51.0501 3456 NativeWifiP - ok
22:51:52.0219 3456 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:51:52.0235 3456 NDIS - ok
22:51:52.0406 3456 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:51:52.0453 3456 NdisCap - ok
22:51:52.0578 3456 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:51:52.0625 3456 NdisTapi - ok
22:51:52.0874 3456 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:51:52.0937 3456 Ndisuio - ok
22:51:53.0327 3456 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:51:53.0389 3456 NdisWan - ok
22:51:53.0607 3456 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:51:53.0685 3456 NDProxy - ok
22:51:53.0826 3456 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:51:53.0935 3456 NetBIOS - ok
22:51:54.0044 3456 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:51:54.0122 3456 NetBT - ok
22:51:54.0777 3456 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
22:51:55.0089 3456 NETw5s64 - ok
22:51:55.0994 3456 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
22:51:56.0275 3456 netw5v64 - ok
22:51:56.0384 3456 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
22:51:56.0431 3456 nfrd960 - ok
22:51:56.0649 3456 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:51:56.0712 3456 Npfs - ok
22:51:56.0868 3456 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:51:56.0930 3456 nsiproxy - ok
22:51:57.0195 3456 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
22:51:57.0336 3456 Ntfs - ok
22:51:57.0523 3456 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:51:57.0617 3456 Null - ok
22:51:57.0726 3456 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
22:51:57.0757 3456 nvraid - ok
22:51:57.0913 3456 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
22:51:57.0944 3456 nvstor - ok
22:51:58.0069 3456 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:51:58.0116 3456 nv_agp - ok
22:51:58.0272 3456 oem-drv64 (b986a78f803fa6894d098957bd3a6914) C:\Windows\system32\DRIVERS\oem-drv64.sys
22:51:58.0303 3456 oem-drv64 ( UnsignedFile.Multi.Generic ) - warning
22:51:58.0303 3456 oem-drv64 - detected UnsignedFile.Multi.Generic (1)
22:51:58.0412 3456 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:51:58.0443 3456 ohci1394 - ok
22:51:58.0537 3456 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
22:51:58.0584 3456 Parport - ok
22:51:58.0755 3456 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:51:58.0771 3456 partmgr - ok
22:51:58.0818 3456 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:51:58.0833 3456 pci - ok
22:51:58.0958 3456 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:51:58.0974 3456 pciide - ok
22:51:59.0130 3456 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
22:51:59.0161 3456 pcmcia - ok
22:51:59.0286 3456 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:51:59.0301 3456 pcw - ok
22:51:59.0847 3456 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:51:59.0941 3456 PEAUTH - ok
22:52:00.0128 3456 phonic_FF808U_usb (5d4c552089f906d08ae840ad4544be51) C:\Windows\system32\Drivers\phonic_FF808U_usb_x64.sys
22:52:00.0159 3456 phonic_FF808U_usb - ok
22:52:00.0316 3456 phonic_FF808U_usb_avs (50d901145ac18095cf90137e13bc9867) C:\Windows\system32\Drivers\phonic_FF808U_usb_avs_x64.sys
22:52:00.0379 3456 phonic_FF808U_usb_avs - ok
22:52:00.0519 3456 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:52:00.0613 3456 PptpMiniport - ok
22:52:00.0722 3456 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
22:52:00.0769 3456 Processor - ok
22:52:00.0909 3456 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:52:01.0003 3456 Psched - ok
22:52:01.0315 3456 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
22:52:01.0440 3456 ql2300 - ok
22:52:01.0533 3456 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
22:52:01.0564 3456 ql40xx - ok
22:52:01.0892 3456 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:52:01.0970 3456 QWAVEdrv - ok
22:52:02.0064 3456 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:52:02.0173 3456 RasAcd - ok
22:52:02.0298 3456 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:52:02.0360 3456 RasAgileVpn - ok
22:52:02.0516 3456 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:52:02.0578 3456 Rasl2tp - ok
22:52:02.0844 3456 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:52:03.0062 3456 RasPppoe - ok
22:52:03.0452 3456 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:52:03.0499 3456 RasSstp - ok
22:52:03.0686 3456 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:52:03.0748 3456 rdbss - ok
22:52:03.0904 3456 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:52:03.0920 3456 rdpbus - ok
22:52:04.0029 3456 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:52:04.0092 3456 RDPCDD - ok
22:52:04.0263 3456 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
22:52:04.0310 3456 RDPDR - ok
22:52:04.0435 3456 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:52:04.0513 3456 RDPENCDD - ok
22:52:04.0762 3456 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:52:04.0809 3456 RDPREFMP - ok
22:52:05.0106 3456 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
22:52:05.0168 3456 RdpVideoMiniport - ok
22:52:05.0308 3456 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:52:05.0340 3456 RDPWD - ok
22:52:05.0464 3456 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:52:05.0496 3456 rdyboost - ok
22:52:05.0636 3456 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:52:05.0714 3456 rspndr - ok
22:52:06.0057 3456 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:52:06.0073 3456 RTL8167 - ok
22:52:06.0401 3456 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:52:06.0494 3456 s3cap - ok
22:52:06.0635 3456 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:52:06.0650 3456 sbp2port - ok
22:52:06.0759 3456 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:52:06.0806 3456 scfilter - ok
22:52:06.0978 3456 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:52:07.0025 3456 secdrv - ok
22:52:07.0274 3456 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
22:52:07.0321 3456 Serenum - ok
22:52:07.0493 3456 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
22:52:07.0555 3456 Serial - ok
22:52:07.0742 3456 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
22:52:07.0805 3456 sermouse - ok
22:52:08.0179 3456 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:52:08.0195 3456 sffdisk - ok
22:52:08.0304 3456 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:52:08.0351 3456 sffp_mmc - ok
22:52:09.0443 3456 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:52:09.0567 3456 sffp_sd - ok
22:52:09.0739 3456 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
22:52:09.0770 3456 sfloppy - ok
22:52:09.0895 3456 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
22:52:09.0911 3456 SiSRaid2 - ok
22:52:10.0051 3456 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
22:52:10.0067 3456 SiSRaid4 - ok
22:52:10.0176 3456 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:52:10.0238 3456 Smb - ok
22:52:10.0347 3456 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:52:10.0363 3456 spldr - ok
22:52:10.0441 3456 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:52:10.0488 3456 srv - ok
22:52:10.0691 3456 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:52:10.0737 3456 srv2 - ok
22:52:10.0862 3456 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:52:10.0909 3456 srvnet - ok
22:52:11.0081 3456 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
22:52:11.0127 3456 stexstor - ok
22:52:11.0299 3456 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
22:52:11.0330 3456 storflt - ok
22:52:11.0611 3456 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:52:11.0642 3456 storvsc - ok
22:52:11.0783 3456 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:52:11.0876 3456 swenum - ok
22:52:12.0063 3456 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\Synth3dVsc.sys
22:52:12.0079 3456 Synth3dVsc - ok
22:52:12.0251 3456 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\Windows\system32\DRIVERS\SynTP.sys
22:52:12.0266 3456 SynTP - ok
22:52:12.0609 3456 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:52:12.0703 3456 Tcpip - ok
22:52:13.0031 3456 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:52:13.0062 3456 TCPIP6 - ok
22:52:13.0171 3456 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:52:13.0233 3456 tcpipreg - ok
22:52:13.0374 3456 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:52:13.0421 3456 TDPIPE - ok
22:52:13.0514 3456 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:52:13.0545 3456 TDTCP - ok
22:52:13.0655 3456 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:52:13.0717 3456 tdx - ok
22:52:13.0842 3456 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
22:52:13.0857 3456 TermDD - ok
22:52:13.0889 3456 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
22:52:13.0920 3456 terminpt - ok
22:52:14.0013 3456 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:52:14.0107 3456 tssecsrv - ok
22:52:14.0216 3456 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:52:14.0263 3456 TsUsbFlt - ok
22:52:14.0419 3456 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
22:52:14.0450 3456 TsUsbGD - ok
22:52:14.0591 3456 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
22:52:14.0637 3456 tsusbhub - ok
22:52:14.0809 3456 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:52:14.0887 3456 tunnel - ok
22:52:15.0027 3456 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
22:52:15.0027 3456 uagp35 - ok
22:52:15.0152 3456 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:52:15.0215 3456 udfs - ok
22:52:15.0371 3456 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:52:15.0527 3456 uliagpkx - ok
22:52:15.0729 3456 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:52:15.0761 3456 umbus - ok
22:52:15.0870 3456 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
22:52:15.0885 3456 UmPass - ok
22:52:16.0026 3456 US122 (d021deb32346eee3f62feb3d8f76693f) C:\Windows\system32\Drivers\US122x64.sys
22:52:16.0073 3456 US122 - ok
22:52:16.0197 3456 US122DL (01111dd976635ecd9fa8c2bcc7336a41) C:\Windows\system32\Drivers\US122DLx64.sys
22:52:16.0244 3456 US122DL - ok
22:52:16.0417 3456 US122WdmService (32742f3b719538a12b48717e1ed421cf) C:\Windows\system32\Drivers\US122Wdmx64.sys
22:52:16.0448 3456 US122WdmService - ok
22:52:16.0807 3456 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
22:52:16.0900 3456 usbaudio - ok
22:52:17.0212 3456 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
22:52:17.0244 3456 usbccgp - ok
22:52:17.0463 3456 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:52:17.0494 3456 usbcir - ok
22:52:17.0697 3456 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
22:52:17.0728 3456 usbehci - ok
22:52:17.0962 3456 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
22:52:18.0009 3456 usbhub - ok
22:52:18.0149 3456 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
22:52:18.0196 3456 usbohci - ok
22:52:18.0321 3456 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:52:18.0399 3456 usbprint - ok
22:52:18.0540 3456 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:52:18.0556 3456 usbscan - ok
22:52:18.0712 3456 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:52:18.0759 3456 USBSTOR - ok
22:52:18.0899 3456 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:52:18.0946 3456 usbuhci - ok
22:52:19.0071 3456 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
22:52:19.0149 3456 usbvideo - ok
22:52:19.0305 3456 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:52:19.0336 3456 vdrvroot - ok
22:52:19.0445 3456 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:52:19.0476 3456 vga - ok
22:52:19.0570 3456 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:52:19.0632 3456 VgaSave - ok
22:52:19.0757 3456 VGPU - ok
22:52:19.0851 3456 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:52:19.0898 3456 vhdmp - ok
22:52:20.0007 3456 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:52:20.0038 3456 viaide - ok
22:52:20.0178 3456 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
22:52:20.0194 3456 vmbus - ok
22:52:20.0319 3456 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:52:20.0366 3456 VMBusHID - ok
22:52:20.0522 3456 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:52:20.0537 3456 volmgr - ok
22:52:20.0662 3456 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:52:20.0693 3456 volmgrx - ok
22:52:20.0802 3456 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:52:20.0834 3456 volsnap - ok
22:52:20.0943 3456 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
22:52:20.0958 3456 vsmraid - ok
22:52:21.0099 3456 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:52:21.0146 3456 vwifibus - ok
22:52:21.0270 3456 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:52:21.0317 3456 vwififlt - ok
22:52:21.0442 3456 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
22:52:21.0489 3456 WacomPen - ok
22:52:21.0629 3456 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:52:21.0692 3456 WANARP - ok
22:52:21.0738 3456 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:52:21.0785 3456 Wanarpv6 - ok
22:52:21.0926 3456 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
22:52:21.0957 3456 Wd - ok
22:52:22.0128 3456 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:52:22.0160 3456 Wdf01000 - ok
22:52:22.0331 3456 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:52:22.0362 3456 WfpLwf - ok
22:52:22.0518 3456 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:52:22.0534 3456 WIMMount - ok
22:52:22.0674 3456 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:52:22.0721 3456 WinUsb - ok
22:52:22.0862 3456 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:52:22.0893 3456 WmiAcpi - ok
22:52:23.0049 3456 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:52:23.0096 3456 ws2ifsl - ok
22:52:23.0205 3456 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:52:23.0267 3456 WudfPf - ok
22:52:23.0408 3456 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:52:23.0486 3456 WUDFRd - ok
22:52:23.0517 3456 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:52:23.0782 3456 \Device\Harddisk0\DR0 - ok
22:52:23.0798 3456 Boot (0x1200) (a47893ba920ae5593a78c62b2ea176f6) \Device\Harddisk0\DR0\Partition0
22:52:23.0798 3456 \Device\Harddisk0\DR0\Partition0 - ok
22:52:23.0829 3456 Boot (0x1200) (c0ab27e1d573a7f0969d108f7a874d17) \Device\Harddisk0\DR0\Partition1
22:52:23.0829 3456 \Device\Harddisk0\DR0\Partition1 - ok
22:52:23.0876 3456 Boot (0x1200) (636ebea5597a076ffffbd992e9111848) \Device\Harddisk0\DR0\Partition2
22:52:23.0876 3456 \Device\Harddisk0\DR0\Partition2 - ok
22:52:23.0876 3456 ============================================================
22:52:23.0876 3456 Scan finished
22:52:23.0876 3456 ============================================================
22:52:23.0891 3448 Detected object count: 2
22:52:23.0891 3448 Actual detected object count: 2
22:52:28.0322 3448 athr ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:28.0322 3448 athr ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:52:28.0322 3448 oem-drv64 ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:28.0322 3448 oem-drv64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
ich habe in C: zwei ordner die Programme heißen, kann aber nur auf einen zugreifen, zugriff auf den anderen wird verweigert. dieser eine auf den ich zugreifen kann zeigt mir aber den normalen inhalt. genauso habe ich einen ordner namens "documents and settings" und "dokumente und einstellungen" und kann auf keinen der beiden zugreifen. ist das eine begleiterscheinung von unhide ? das problem mit dem umleiten ist soweit beseitigt, kann aber sein, dass es nach kurzer zeit wieder auftritt, so war es nämlich einige schritte zuvor auch schon einmal, ich werde berichten wie es sich entwickelt.  |
|
| Themen zu Firefox leitet auf andere Seiten um [Logfiles inside] |
| acrobat update, adobe, antivir, antivir guard, autorun, avira, bho, bonjour, build 7601, defender, desktop.ini, device driver, explorer, firefox, format, free download, helper, kaspersky, langs, leitet, mozilla thunderbird, nodrives, plug-in, programme, realtek, registry, scan, secur, security, seiten, software, studio, symantec, usb, vice city, windows, windows 7 ultimate |
![Firefox leitet auf andere Seiten um [Logfiles inside]](iconimages/log-analyse-auswertung/firefox-leitet-andere-seiten-um-logfiles-inside_ltr.gif)
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
