Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.02.2012, 17:53   #1
effexion
 
Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir) - Standard

Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir)



Tachchen an alle Helfer hier!

Mir ist euer Forum schon seit längerem bekannt und ich hab mir hier schon öfter Lösungen für mal kleinere & mal größere Virenbefälle geholt und habe bis mir der Schweiß von der Stirn tropfte, stets versucht eine Systemwiederherstellung oder Neuaufsetzung zu vermeiden - und bisher ist es mir auch immer gelungen. Ich würde sagen: Ich hab schon die hartnäckigsten Trojaner/Rootkits etc. eliminiert, aber stehe jetzt vor einem Rätsel...

Folgendes:
Seit ungefähr 1 Woche begann es lediglich mit dem Symptom der Umleitung von Googleergebnissen auf unseriöse Werbeangebote. Da hab ich mir gedacht: Sowas hatte ich vor Jahren schonmal! Also ließ ich im Normalzustand & danach im Abgesichertem Modus einfach mal AdAware, Spybot S&D, Malwarebytes Anti-Malware , CCleaner und AntiVir - alles geupdatet - drüberlaufen, was aber zu keinem einzigen Ergebnis geführt hat. HiJackThis habe ich auch ausgeführt und meine Log mit der Onlinebewertung auswerten lassen: Alles in Ordnung. Und da ich selber auch nicht so unerfahren bin, kann selbst ich dies bestätigen, da wirklich nichts auffälliges oder abnormales in der Log steht. Was ich also vermute: Es handelt sich um einen der etwas hartnäckigeren Sorte, womöglich etwas Neues... also auch noch 2-3 Online-Scanner durchlaufen lassen: Kein Ergebnis.
Mal etwas simples ausprobiert: Firefox und Java neu installiert - da mittlerweile Firefox ab und zu auch noch abgestürzt ist... keine Verbesserung... für ganz kurze Zeit lief er und kurz darauf stürzte er sogut wie ständig ab, wenn ich nur auf irgendeinen Link klickte.
Währenddessen ist mir aufgefallen, das im Taskmanager 10-20x die iexplore.exe offen ist (die Originale!) Also habe ich um zumindest das Problem aus der Welt zu schaffen den Internet Explorer via Windows7 Funktion deaktiviert. Dann habe ich mir über einen anderen Computer Google Chrome besorgt und surfe nun damit, wobei der auch ab und zu hängen bleibt und abstürzt.
Langsam wurde mir mulmig. Zum Glück bin ich aber kein Freund von Online-Banking usw., sodass ich mir weniger Sorgen mache und die Situation nun als Herausforderung sehe. Also hab ich erstmal angefangen zu googlen und bin mal wieder auf euer Board gestoßen und habe mir etwa 20 Threads durchgelesen, in denen ähnliche Symptome beschrieben & bekämpft wurden. Leider hat das bisher nicht geholfen.
Denn wie gesagt, wurde alles ausprobiert. Strikt nach euren Anleitungen. Sophos Anti-Rootkit, TDSSKiller, GMER, OSAM, aswMBR, Combofix... ich habe ernsthaft alle Tools drüberlaufen lassen und keines der genannten meldet mir etwas Unauffälliges oder einen Fund.
Jetzt habe ich erstmal meinen PC wieder von allen Tools befreit und gesäubert, dann AntiVir neu installiert, geupdatet und in der Konfiguration mal einen Haken in "Integritätsprüfung von Systemdateien" gemacht. Nach dem Scan wurde mir dann angezeigt: user32.dll = HEUR/Modified.Systemfile... diese Meldung habe ich dann erstmal gegooglet und bin auf die Aussage gestoßen, das es keine Virenmeldung sein muss, womit ich mich aber nicht zufrieden gab und plötzlich auf diesen Thread gestoßen bin:

http://www.trojaner-board.de/109321-...ystemfile.html

Gleiche Symptome: Google Umleitungen, Firefox Abstürz, die iexplore.exe im Task-Manager & der Fund mit der user32.dll, er ist auch auf Google Chrome umgestiegen, es stürzt bei ihm auch ab... und das ALLES zu einem genau gleichem Zeitraum, was ich für merkwürdig halte... sein letzter Eintrag: Irgendwas mit der Audio-Werbeanzeige... super, die hatte ich auch!

Also: Da ich kein Laie bin und mehrmals seit 3-4 Tagen auch sämtliche Lösungsmöglichkeiten für derartige Viren/Rootkits/Malware ausprobiert habe, aber zu keinem Ergebnis gekommen bin, vermute ich sehr, das es sich hier um etwas bisher Unbekanntes/Neues handelt... was meint Ihr?
Auf Wunsch kann ich die Logs natürlich noch drunterposten, was ich denke aber wenig Sinn hat... mich würde nun interessieren, was ihr für Ideen hättet, außer wie gesagt das System neu aufzusetzen... womöglich erst dann, wenn ich rausgefunden habe, was genau die Probleme verursacht!

Vielen Danke schonmal für euer Interesse!

Alt 11.02.2012, 19:48   #2
markusg
/// Malware-holic
 
Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir) - Standard

Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir)



hi,hi
http://ad13.geekstogo.com/MBRCheck.exe
laden, doppelklicken.
log sollte auf dem desktop gespeichert werden, inhalt bitte posten
__________________

__________________

Alt 11.02.2012, 20:07   #3
effexion
 
Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir) - Standard

Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir)



Zitat:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: INSYDE
System Manufacturer: Sony Corporation
System Product Name: VPCEJ2D1E
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 174):
0x02C08000 \SystemRoot\system32\ntoskrnl.exe
0x031F1000 \SystemRoot\system32\hal.dll
0x00BB7000 \SystemRoot\system32\kdcom.dll
0x00C55000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CA4000 \SystemRoot\system32\PSHED.dll
0x00CB8000 \SystemRoot\system32\CLFS.SYS
0x00D16000 \SystemRoot\system32\CI.dll
0x00E2D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ED1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x01032000 \SystemRoot\System32\Drivers\sptd.sys
0x01199000 \SystemRoot\system32\drivers\ACPI.sys
0x011F0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x01000000 \SystemRoot\system32\drivers\msisadrv.sys
0x0100A000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00EE0000 \SystemRoot\system32\drivers\pci.sys
0x01017000 \SystemRoot\System32\drivers\partmgr.sys
0x00F13000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F1C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F28000 \SystemRoot\system32\drivers\volmgr.sys
0x00F3D000 \SystemRoot\System32\drivers\volmgrx.sys
0x00F99000 \SystemRoot\System32\drivers\mountmgr.sys
0x01202000 \SystemRoot\system32\drivers\iaStor.sys
0x01356000 \SystemRoot\system32\drivers\amdxata.sys
0x01361000 \SystemRoot\system32\drivers\fltmgr.sys
0x013AD000 \SystemRoot\system32\drivers\fileinfo.sys
0x01425000 \SystemRoot\System32\Drivers\Ntfs.sys
0x016CE000 \SystemRoot\System32\Drivers\msrpc.sys
0x0172C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01747000 \SystemRoot\System32\Drivers\cng.sys
0x017B9000 \SystemRoot\System32\drivers\pcw.sys
0x017CA000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01878000 \SystemRoot\system32\drivers\ndis.sys
0x0196B000 \SystemRoot\system32\drivers\NETIO.SYS
0x019CB000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A58000 \SystemRoot\System32\drivers\tcpip.sys
0x01C5C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01CA6000 \SystemRoot\system32\drivers\wd.sys
0x01CAE000 \SystemRoot\system32\drivers\volsnap.sys
0x01CFA000 \SystemRoot\System32\Drivers\spldr.sys
0x01D02000 \SystemRoot\System32\drivers\rdyboost.sys
0x01D3C000 \SystemRoot\System32\Drivers\mup.sys
0x01D4E000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01D57000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01D91000 \SystemRoot\system32\drivers\disk.sys
0x01DA7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x043AC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x043D6000 \SystemRoot\System32\Drivers\Null.SYS
0x043DF000 \SystemRoot\System32\Drivers\Beep.SYS
0x043E6000 \SystemRoot\System32\drivers\vga.sys
0x04200000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04225000 \SystemRoot\System32\drivers\watchdog.sys
0x04235000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x043F4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01DE5000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01DEE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01A00000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01A11000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01A33000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01800000 \SystemRoot\System32\DRIVERS\netbt.sys
0x01600000 \SystemRoot\system32\drivers\afd.sys
0x01A40000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x01A4B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01845000 \SystemRoot\system32\DRIVERS\pacer.sys
0x01689000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0169F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x016AE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x017D4000 \SystemRoot\system32\DRIVERS\termdd.sys
0x00C00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0186B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x017E8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x017F3000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x015C8000 \SystemRoot\System32\drivers\discache.sys
0x015D7000 \SystemRoot\System32\Drivers\dfsc.sys
0x01400000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x019F6000 \SystemRoot\system32\DRIVERS\avkmgr.sys
0x013C1000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x00FB3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04C44000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x0303D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03131000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03177000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x03188000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03199000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03000000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x05A1E000 \SystemRoot\system32\DRIVERS\athrx.sys
0x05CC4000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05CD1000 \SystemRoot\system32\DRIVERS\RtsPStor.sys
0x05D27000 \SystemRoot\system32\DRIVERS\SFEP.sys
0x05D2A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05D48000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05D57000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x05DAA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05DB9000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0x05DC7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x05DD4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x05DD9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05DEF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x05A00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04C00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03024000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04419000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04448000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04463000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04484000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0449E000 \SystemRoot\system32\DRIVERS\VClone.sys
0x044AD000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x044DC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x044DE000 \SystemRoot\system32\DRIVERS\ks.sys
0x04521000 \SystemRoot\system32\DRIVERS\btath_bus.sys
0x0452C000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0453E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04598000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06015000 \SystemRoot\system32\drivers\CHDRT64.sys
0x061A5000 \SystemRoot\system32\drivers\portcls.sys
0x045AD000 \SystemRoot\system32\drivers\drmk.sys
0x061E2000 \SystemRoot\system32\drivers\ksthunk.sys
0x06258000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x062AB000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0423E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x062B9000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x062CC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x062E9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x062EB000 \SystemRoot\System32\Drivers\usbvideo.sys
0x06319000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
0x06323000 \SystemRoot\system32\DRIVERS\btfilter.sys
0x0636D000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x06464000 \SystemRoot\System32\Drivers\bthport.sys
0x064F0000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
0x064FC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0650A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06523000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0652C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x06539000 \SystemRoot\System32\drivers\Dxapi.sys
0x06545000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x06571000 \SystemRoot\system32\drivers\BthEnum.sys
0x06581000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x065A1000 \SystemRoot\system32\DRIVERS\btath_rcp.sys
0x06400000 \SystemRoot\system32\drivers\btath_avdt.sys
0x06385000 \SystemRoot\system32\drivers\btath_a2dp.sys
0x06200000 \SystemRoot\system32\DRIVERS\btath_hcrp.sys
0x0642A000 \SystemRoot\system32\DRIVERS\btath_flt.sys
0x06439000 \SystemRoot\system32\DRIVERS\btath_lwflt.sys
0x0644D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00540000 \SystemRoot\System32\TSDDD.dll
0x00700000 \SystemRoot\System32\cdd.dll
0x00910000 \SystemRoot\System32\ATMFD.DLL
0x063D9000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x045CF000 \SystemRoot\system32\drivers\luafv.sys
0x00FD9000 \SystemRoot\system32\drivers\WudfPf.sys
0x065E6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03C38000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03C8B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03C9E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03CB6000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x03CC0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03CDE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03CF6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03D23000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03D71000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03D95000 \SystemRoot\System32\Drivers\adfs.SYS
0x03DAD000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x068CB000 \SystemRoot\system32\drivers\HTTP.sys
0x06994000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x06800000 \SystemRoot\system32\drivers\peauth.sys
0x068A6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x069A1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x069D2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06EAC000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06F15000 \SystemRoot\System32\DRIVERS\srv.sys
0x06FAD000 \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
0x77430000 \Windows\System32\ntdll.dll
0x47A80000 \Windows\System32\smss.exe
0xFF750000 \Windows\System32\apisetschema.dll

Processes (total 60):
0 System Idle Process
4 System
296 C:\Windows\System32\smss.exe
488 csrss.exe
568 C:\Windows\System32\wininit.exe
592 csrss.exe
640 C:\Windows\System32\services.exe
664 C:\Windows\System32\lsass.exe
676 C:\Windows\System32\lsm.exe
712 C:\Windows\System32\winlogon.exe
796 C:\Windows\System32\svchost.exe
860 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
996 C:\Windows\SysWOW64\svchost.exe
124 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
128 C:\Windows\System32\conhost.exe
444 C:\Windows\System32\svchost.exe
752 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\svchost.exe
1296 C:\Windows\System32\svchost.exe
1396 C:\Windows\System32\wlanext.exe
1404 C:\Windows\System32\conhost.exe
1476 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1520 C:\Windows\System32\svchost.exe
1704 C:\Windows\System32\CISVC.EXE
1776 C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
1848 C:\Windows\System32\svchost.exe
1892 C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
1976 C:\Windows\System32\svchost.exe
2356 C:\Windows\System32\svchost.exe
2560 C:\Windows\System32\svchost.exe
2632 C:\Windows\System32\taskhost.exe
2696 C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
2704 C:\Windows\System32\dwm.exe
2756 C:\Windows\explorer.exe
2976 C:\Windows\System32\hkcmd.exe
3004 C:\Windows\System32\igfxtray.exe
3044 C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
2196 C:\Windows\System32\igfxpers.exe
2488 C:\Program Files\Apoint\Apoint.exe
2872 C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
1584 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3288 C:\Program Files\Apoint\ApMsgFwd.exe
3364 C:\Program Files\Apoint\ApntEx.exe
3372 C:\Program Files\Apoint\Apvfb.exe
3388 C:\Windows\System32\conhost.exe
3252 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
2304 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
536 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
2416 C:\Windows\System32\audiodg.exe
3476 C:\Users\effex\AppData\Local\Google\Chrome\Application\chrome.exe
3268 C:\Users\effex\AppData\Local\Google\Chrome\Application\chrome.exe
1136 C:\Users\effex\AppData\Local\Google\Chrome\Application\chrome.exe
3736 C:\Windows\SysWOW64\rundll32.exe
1500 C:\Users\effex\AppData\Local\Google\Chrome\Application\chrome.exe
3868 dllhost.exe
2344 dllhost.exe
3872 C:\Users\effex\Desktop\MBRCheck.exe
2324 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`7eb00000 (NTFS)

PhysicalDrive0 Model Number: ST9500325AS, Rev: 0006SDM2

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
Wie man sieht, habe ich TuneUp Utilities installiert, was viele für unnötig halten... ich weiß nicht für was die user32.dll zuständig ist, ob sie irgendeine Benutzeranpassung ist... aber trotz der Installation von TuneUp Utilities bin ich mir bewusst, nichts an den Windows Einstellungen verändert zu haben, da ich es lediglich dazu benutzt habe um Speichermüll zu beseitigen und die Registry zu reinigen. Daher vermute ich, das die Modifizierung user32.dll nicht dadurch entstanden ist.
__________________

Alt 12.02.2012, 16:44   #4
effexion
 
Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir) - Standard

Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir)



Noch ein Fall, der mir gerade ins Auge gesprungen ist:
http://www.trojaner-board.de/109598-...mgeleitet.html

Es scheint es ernsthaft etwas zu sein, was bisher noch nicht erkannt wird...

Alt 12.02.2012, 16:54   #5
markusg
/// Malware-holic
 
Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir) - Standard

Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir)



tuneup ist ja auch überflüssig.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.02.2012, 17:25   #6
effexion
 
Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir) - Standard

Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir)



OTL.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.02.2012 17:05:31 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\effex\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 2,98 Gb Available Physical Memory | 75,47% Memory free
7,90 Gb Paging File | 6,59 Gb Available in Paging File | 83,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,78 Gb Total Space | 320,04 Gb Free Space | 70,84% Space Free | Partition Type: NTFS
 
Computer Name: EFFEXLAPTOP | User Name: effex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.12 17:01:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\effex\Desktop\OTL.exe
PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.02.01 13:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 13:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.01.19 02:31:01 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011.11.03 15:44:42 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2011.10.27 17:12:16 | 001,429,608 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011.02.28 10:29:18 | 000,852,160 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2009.07.14 02:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2012.01.19 02:30:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.11.28 17:05:00 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.10.28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) [Disabled | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.04.29 17:20:18 | 000,146,592 | ---- | M] (Atheros) [Disabled | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.04.29 17:19:22 | 000,091,296 | ---- | M] (Atheros Commnucations) [Disabled | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2011.03.29 07:13:25 | 002,361,344 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011.03.05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011.02.01 13:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.02.01 13:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.01.02 14:43:41 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.01.02 14:43:40 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.01.01 21:15:54 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.09.20 16:23:40 | 000,317,776 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.06.21 01:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.05.07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2011.04.29 17:19:36 | 000,288,416 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.04.29 17:19:36 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.04.29 17:19:36 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.04.29 17:19:36 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011.04.29 17:19:36 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.04.29 17:19:36 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.04.29 17:19:36 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.04.29 17:19:34 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.03.29 10:00:53 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2011.03.29 09:55:05 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.29 07:51:30 | 000,425,064 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.29 07:15:05 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011.03.29 04:57:20 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.22 16:27:05 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.04.26 21:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007.02.16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2011.11.24 15:34:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.11.03 15:44:22 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2007.02.16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-889303210-2114755652-1556805751-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data]
IE - HKU\S-1-5-21-889303210-2114755652-1556805751-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-889303210-2114755652-1556805751-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-889303210-2114755652-1556805751-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.download3k.com/Install-Google-chrome.html"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.02.11 21:31:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.02 00:44:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.02.11 21:16:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.10 18:43:03 | 000,000,000 | ---D | M]
 
[2012.02.10 15:16:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\effex\AppData\Roaming\mozilla\Extensions
[2012.02.10 18:56:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.10 18:56:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012.02.10 18:43:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\effex\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\effex\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\effex\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\effex\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\effex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google-Suche = C:\Users\effex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Google Mail = C:\Users\effex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.02.10 23:35:57 | 000,000,000 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [cAudio Treiber] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeys Treiber] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Intel Grafikkarten Treiber] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Intel Persistence Treiber] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ISW]  File not found
O4:64bit: - HKLM..\Run: [Touchpad Treiber] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-889303210-2114755652-1556805751-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-889303210-2114755652-1556805751-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62980B97-062D-4A6F-A4C2-6F838A6E62CD}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{3942788D-F1D2-4201-9BF0-003753DCCEB6} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A85AFD57-B3CB-A442-402D-F40B71BDD9C1} - Microsoft Windows Media Player
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
 
 
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.12 17:01:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\effex\Desktop\OTL.exe
[2012.02.11 21:16:44 | 000,000,000 | ---D | C] -- C:\Users\effex\Documents\ForceField Shared Files
[2012.02.11 21:16:43 | 000,000,000 | ---D | C] -- C:\Users\effex\AppData\Roaming\CheckPoint
[2012.02.11 21:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012.02.11 21:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2012.02.11 21:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012.02.11 21:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2012.02.11 16:00:03 | 000,000,000 | ---D | C] -- C:\Users\effex\AppData\Roaming\Avira
[2012.02.11 15:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.02.11 15:54:41 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.02.11 15:54:41 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.02.11 15:54:41 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.02.11 15:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.02.11 15:54:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.02.11 15:41:43 | 000,000,000 | ---D | C] -- C:\Users\effex\AppData\Roaming\SUPERAntiSpyware.com
[2012.02.11 15:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.02.11 15:17:35 | 000,000,000 | ---D | C] -- C:\Users\effex\Desktop\osam_autorun_manager_5_0_portable
[2012.02.11 15:04:05 | 000,000,000 | ---D | C] -- C:\Users\effex\Desktop\tdsskiller
[2012.02.11 14:58:01 | 000,000,000 | R--D | C] -- C:\Users\effex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012.02.11 13:30:09 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\effex\Desktop\aswMBR.exe
[2012.02.10 20:04:11 | 000,000,000 | ---D | C] -- C:\Users\effex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.02.10 20:04:06 | 000,000,000 | ---D | C] -- C:\Users\effex\AppData\Local\Google
[2012.02.10 18:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.02.10 15:16:05 | 000,000,000 | ---D | C] -- C:\Users\effex\AppData\Roaming\Mozilla
[2012.02.10 15:16:05 | 000,000,000 | ---D | C] -- C:\Users\effex\AppData\Local\Mozilla
[2012.02.10 15:15:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.02.10 00:30:59 | 000,724,992 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2012.02.09 23:37:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\clean
[2012.02.09 22:47:28 | 000,000,000 | ---D | C] -- C:\Users\effex\Desktop\beats&write
[2012.02.09 22:44:13 | 000,000,000 | ---D | C] -- C:\Users\effex\AppData\Roaming\Wise Registry Cleaner
[2012.02.09 22:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.02.09 22:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.02.09 22:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
[2012.02.09 22:43:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise Registry Cleaner
[2012.02.09 21:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012.02.09 21:26:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.02.09 20:48:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.02.08 19:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.02.08 19:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.02.08 19:19:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.02.08 17:42:11 | 000,000,000 | ---D | C] -- C:\Users\effex\Desktop\mp3
[2012.02.08 17:10:31 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012.02.08 16:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012.02.08 16:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012.02.08 16:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2012.02.01 22:45:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2012.01.31 00:05:27 | 000,000,000 | ---D | C] -- C:\Users\effex\seiten
[2012.01.29 20:50:26 | 000,000,000 | ---D | C] -- C:\Users\effex\Documents\My Games
[2012.01.29 20:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012.01.29 20:44:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2012.01.29 20:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012.01.29 19:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2012.01.29 19:46:04 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2012.01.22 20:51:59 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.01.22 20:51:58 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.01.22 20:51:58 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.01.22 20:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.01.22 20:51:48 | 000,000,000 | ---D | C] -- C:\Users\effex\AppData\Roaming\TuneUp Software
[2012.01.22 20:51:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.01.22 20:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.01.22 20:50:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.01.22 19:59:32 | 000,000,000 | ---D | C] -- C:\Users\effex\Documents\Adobe
[2012.01.22 19:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe Systems
[2012.01.22 19:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2012.01.22 15:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012.01.22 15:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2012.01.22 15:24:37 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.01.19 02:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.01.19 02:45:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.01.19 02:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012.01.19 02:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.01.19 02:30:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2011.09.25 19:56:26 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.12 17:01:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\effex\Desktop\OTL.exe
[2012.02.12 15:10:10 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.12 15:10:10 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.12 15:09:10 | 001,622,958 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.12 15:09:10 | 000,700,136 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.12 15:09:10 | 000,654,996 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.12 15:09:10 | 000,150,052 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.12 15:09:10 | 000,122,688 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.12 15:02:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.12 15:02:18 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.11 21:21:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\lmhosts
[2012.02.11 21:17:52 | 000,415,859 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2012.02.11 20:02:12 | 000,080,384 | ---- | M] () -- C:\Users\effex\Desktop\MBRCheck.exe
[2012.02.11 15:54:47 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.11 14:02:55 | 000,302,592 | ---- | M] () -- C:\Users\effex\Desktop\6mp4859e.exe
[2012.02.11 13:30:46 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\effex\Desktop\aswMBR.exe
[2012.02.10 23:40:10 | 002,897,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.10 23:35:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.02.10 23:16:37 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\umstartup.etl
[2012.02.10 20:04:12 | 000,002,274 | ---- | M] () -- C:\Users\effex\Desktop\Google Chrome.lnk
[2012.02.10 15:15:56 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.10 01:54:46 | 000,389,038 | ---- | M] () -- C:\Users\effex\Desktop\1.jpg
[2012.02.10 00:31:47 | 000,724,992 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2012.02.09 23:57:14 | 000,024,320 | ---- | M] () -- C:\Windows\SysWow64\drivers\rkhdrv40.sys
[2012.02.09 23:56:42 | 002,335,270 | ---- | M] () -- C:\Windows\SysWow64\b3d6344.mht
[2012.02.09 20:45:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120209-205406.backup
[2012.02.08 20:35:55 | 000,441,379 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120208-203628.backup
[2012.02.08 20:00:19 | 000,441,379 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120208-203555.backup
[2012.02.08 17:10:30 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012.02.05 14:23:20 | 002,034,997 | ---- | M] () -- C:\Users\effex\Desktop\usmfrage.pdf
[2012.02.05 14:22:44 | 000,081,757 | ---- | M] () -- C:\Users\effex\Desktop\Umfrage.pdf
[2012.02.01 22:48:24 | 000,002,031 | ---- | M] () -- C:\Users\Public\Desktop\Titan Quest.lnk
[2012.01.29 21:04:39 | 000,001,298 | ---- | M] () -- C:\Users\Public\Desktop\Crysis.lnk
[2012.01.29 20:01:56 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\Assassins Creed.lnk
[2012.01.29 19:25:42 | 000,001,774 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VCDDaemon.lnk
[2012.01.22 20:21:08 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\GTA San Andreas.lnk
[2012.01.22 19:57:35 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Audition 3.0.lnk
[2012.01.19 02:51:28 | 000,000,857 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.msn
[2012.01.19 02:51:28 | 000,000,857 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120208-200019.backup
[2012.01.19 02:49:01 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop CS4 (64 Bit).lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.11 21:16:51 | 000,415,859 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2012.02.11 20:02:11 | 000,080,384 | ---- | C] () -- C:\Users\effex\Desktop\MBRCheck.exe
[2012.02.11 15:54:47 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.11 14:02:54 | 000,302,592 | ---- | C] () -- C:\Users\effex\Desktop\6mp4859e.exe
[2012.02.10 23:39:40 | 002,897,320 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.10 20:04:12 | 000,002,274 | ---- | C] () -- C:\Users\effex\Desktop\Google Chrome.lnk
[2012.02.10 15:15:56 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.02.10 15:15:56 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.10 01:54:45 | 000,389,038 | ---- | C] () -- C:\Users\effex\Desktop\1.jpg
[2012.02.09 23:57:14 | 000,024,320 | ---- | C] () -- C:\Windows\SysWow64\drivers\rkhdrv40.sys
[2012.02.09 23:56:42 | 002,335,270 | ---- | C] () -- C:\Windows\SysWow64\b3d6344.mht
[2012.02.05 14:23:20 | 002,034,997 | ---- | C] () -- C:\Users\effex\Desktop\usmfrage.pdf
[2012.02.05 14:22:44 | 000,081,757 | ---- | C] () -- C:\Users\effex\Desktop\Umfrage.pdf
[2012.02.01 22:48:24 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\Titan Quest.lnk
[2012.02.01 22:48:11 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\psfind.dll
[2012.01.29 20:48:31 | 000,001,298 | ---- | C] () -- C:\Users\Public\Desktop\Crysis.lnk
[2012.01.29 20:01:56 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\Assassins Creed.lnk
[2012.01.29 19:25:42 | 000,001,774 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VCDDaemon.lnk
[2012.01.22 20:51:56 | 000,002,201 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.01.22 20:21:08 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\GTA San Andreas.lnk
[2012.01.22 19:57:35 | 000,002,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 3.0.lnk
[2012.01.22 19:57:35 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Audition 3.0.lnk
[2012.01.19 02:50:43 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop CS4 (64 Bit).lnk
[2012.01.19 02:49:01 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4 (64 Bit).lnk
[2012.01.19 02:48:06 | 000,001,137 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4.lnk
[2012.01.19 02:46:23 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
[2012.01.19 02:46:07 | 000,001,436 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Drive CS4.lnk
[2012.01.19 02:45:13 | 000,001,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS4.lnk
[2012.01.19 02:31:23 | 000,001,283 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk
[2012.01.19 02:31:13 | 000,001,407 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
[2012.01.07 16:56:18 | 000,000,246 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.01.01 19:27:14 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.01.01 19:27:14 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.12.07 10:53:24 | 004,770,816 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011.07.12 18:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.03.30 02:46:48 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.03.30 02:46:47 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.03.30 02:46:46 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.02.11 00:03:27 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.04 16:28:18 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
 
========== LOP Check ==========
 
[2012.02.10 00:37:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2012.02.10 00:40:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Wise Registry Cleaner
[2012.02.11 21:16:43 | 000,000,000 | ---D | M] -- C:\Users\effex\AppData\Roaming\CheckPoint
[2012.01.01 19:05:47 | 000,000,000 | ---D | M] -- C:\Users\effex\AppData\Roaming\FLVPlayer4Free
[2012.02.10 19:22:50 | 000,000,000 | ---D | M] -- C:\Users\effex\AppData\Roaming\ICQ
[2012.02.08 17:43:24 | 000,000,000 | ---D | M] -- C:\Users\effex\AppData\Roaming\Mp3tag
[2012.01.01 19:26:25 | 000,000,000 | ---D | M] -- C:\Users\effex\AppData\Roaming\Shark007
[2012.01.22 20:51:48 | 000,000,000 | ---D | M] -- C:\Users\effex\AppData\Roaming\TuneUp Software
[2012.01.29 19:57:47 | 000,000,000 | ---D | M] -- C:\Users\effex\AppData\Roaming\Ubisoft
[2012.01.01 19:25:48 | 000,000,000 | ---D | M] -- C:\Users\effex\AppData\Roaming\Win7codecs
[2012.02.10 00:43:19 | 000,000,000 | ---D | M] -- C:\Users\effex\AppData\Roaming\Wise Registry Cleaner
[2012.02.03 18:30:06 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2012.02.09 23:50:10 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.12.30 16:46:12 | 000,000,000 | ---D | M] -- C:\Documentation
[2011.12.30 16:39:03 | 000,000,000 | ---D | M] -- C:\Intel
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.02.11 21:14:03 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.02.11 21:08:46 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.02.12 17:09:08 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.12.30 17:38:03 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.12.30 17:10:18 | 000,000,000 | ---D | M] -- C:\SPLASH.BAK
[2012.02.12 17:06:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.01.31 22:10:10 | 000,000,000 | R--D | M] -- C:\Users
[2012.02.11 15:02:48 | 000,000,000 | ---D | M] -- C:\Windows
[2011.12.30 16:46:13 | 000,000,000 | ---D | M] -- C:\_FS_SWRINFO
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.07.13 02:21:47 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.07.13 02:21:47 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.07.13 02:21:47 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.07.13 02:21:47 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.07.13 02:21:47 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.07.13 02:21:47 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011.02.22 16:27:05 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.02.22 16:27:05 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys
[2011.02.22 16:27:05 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_5b314ccea0aa569d\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:20 | 000,858,112 | ---- | M] (Microsoft Corporation) MD5=E31F8D7B108DF1A2454BF62BAE8A6B92 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.02.12 17:05:41 | 007,077,888 | -HS- | M] () -- C:\Users\effex\NTUSER.DAT
[2012.02.12 17:05:41 | 000,262,144 | -HS- | M] () -- C:\Users\effex\ntuser.dat.LOG1
[2011.12.30 17:38:16 | 000,000,000 | -HS- | M] () -- C:\Users\effex\ntuser.dat.LOG2
[2011.12.30 18:19:23 | 000,065,536 | -HS- | M] () -- C:\Users\effex\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.12.30 18:19:23 | 000,524,288 | -HS- | M] () -- C:\Users\effex\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.12.30 18:19:23 | 000,524,288 | -HS- | M] () -- C:\Users\effex\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.12.30 17:38:17 | 000,000,020 | -HS- | M] () -- C:\Users\effex\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---




Extras.txt

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.02.2012 17:05:31 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\effex\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 2,98 Gb Available Physical Memory | 75,47% Memory free
7,90 Gb Paging File | 6,59 Gb Available in Paging File | 83,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,78 Gb Total Space | 320,04 Gb Free Space | 70,84% Space Free | Partition Type: NTFS
 
Computer Name: EFFEXLAPTOP | User Name: effex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-889303210-2114755652-1556805751-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = Sony Corporation
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb" = Adobe Audition 3.0 Vista Compatibility
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64
"{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"VLC media player" = VLC media player 1.3.0-git-20111225-0102
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"x64 Components_is1" = x64 Components v3.3.6
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{046885A1-B4AE-4459-A0D1-8C93706698D6}" = 
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5D6C26B9-D9E7-4E77-A4DE-0C2B242E85FA}" = ZoneAlarm Firewall
"{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Atheros WiFi Driver Installation
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = 
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = 
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4BC01F3-B7E6-49FA-8FBE-6B62FDF9CED0}" = ZoneAlarm Security
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}" = VAIO Hardware Diagnostics
"{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}" = Ad-Aware
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EFE4AB7D-4E94-441B-9A86-98E69E37567B}" = Nero Burning ROM 11
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Avira AntiVir Desktop" = Avira Free Antivirus
"CloneCD" = CloneCD
"DivX Setup" = DivX-Setup
"FLVPlayer4Free Free FLV Player_is1" = FLVPlayer4Free Free FLV Player 4.6.0.0
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"Mp3tag" = Mp3tag v2.49a
"Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VAIO Help and Support" = 
"VirtualCloneDrive" = VirtualCloneDrive
"Winamp" = Winamp
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.14
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"ZoneAlarm Free" = ZoneAlarm Free
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-889303210-2114755652-1556805751-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.01.2012 14:25:04 | Computer Name = effexlaptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.01.2012 23:55:57 | Computer Name = effexlaptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GTA2.EXE, Version: 9.6.0.0, Zeitstempel:
 0x37fe16d1  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00036d9c  ID des fehlerhaften
 Prozesses: 0x79c  Startzeit der fehlerhaften Anwendung: 0x01ccdd70b511d58f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\GTA2\GTA2.EXE  Pfad des fehlerhaften
 Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: fb915a53-4963-11e1-a63e-aafd699c2110
 
Error - 27.01.2012 23:59:03 | Computer Name = effexlaptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GTA2.EXE, Version: 9.6.0.0, Zeitstempel:
 0x37fe16d1  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00036d9c  ID des fehlerhaften
 Prozesses: 0xda8  Startzeit der fehlerhaften Anwendung: 0x01ccdd712c6e7f9a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\GTA2\GTA2.EXE  Pfad des fehlerhaften
 Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 6a5b4fa1-4964-11e1-a63e-aafd699c2110
 
Error - 27.01.2012 23:59:11 | Computer Name = effexlaptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GTA2.EXE, Version: 9.6.0.0, Zeitstempel:
 0x37fe16d1  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00036d9c  ID des fehlerhaften
 Prozesses: 0x508  Startzeit der fehlerhaften Anwendung: 0x01ccdd7130fa8080  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\GTA2\GTA2.EXE  Pfad des fehlerhaften
 Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 6ed6a6e5-4964-11e1-a63e-aafd699c2110
 
Error - 27.01.2012 23:59:52 | Computer Name = effexlaptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GTA2.EXE, Version: 9.6.0.0, Zeitstempel:
 0x37fe16d1  Name des fehlerhaften Moduls: GTA2.EXE, Version: 9.6.0.0, Zeitstempel:
 0x37fe16d1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001ee87b  ID des fehlerhaften Prozesses:
 0xe6c  Startzeit der fehlerhaften Anwendung: 0x01ccdd71497aca72  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\GTA2\GTA2.EXE  Pfad des fehlerhaften Moduls: C:\Program
 Files (x86)\GTA2\GTA2.EXE  Berichtskennung: 87595238-4964-11e1-a63e-aafd699c2110
 
Error - 28.01.2012 00:00:02 | Computer Name = effexlaptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GTA2.EXE, Version: 9.6.0.0, Zeitstempel:
 0x37fe16d1  Name des fehlerhaften Moduls: GTA2.EXE, Version: 9.6.0.0, Zeitstempel:
 0x37fe16d1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001ee87b  ID des fehlerhaften Prozesses:
 0xc08  Startzeit der fehlerhaften Anwendung: 0x01ccdd714f96b286  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\GTA2\GTA2.EXE  Pfad des fehlerhaften Moduls: C:\Program
 Files (x86)\GTA2\GTA2.EXE  Berichtskennung: 8d622f4a-4964-11e1-a63e-aafd699c2110
 
Error - 28.01.2012 00:00:07 | Computer Name = effexlaptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GTA2.EXE, Version: 9.6.0.0, Zeitstempel:
 0x37fe16d1  Name des fehlerhaften Moduls: GTA2.EXE, Version: 9.6.0.0, Zeitstempel:
 0x37fe16d1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001ee87b  ID des fehlerhaften Prozesses:
 0x2d8  Startzeit der fehlerhaften Anwendung: 0x01ccdd715267f379  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\GTA2\GTA2.EXE  Pfad des fehlerhaften Moduls: C:\Program
 Files (x86)\GTA2\GTA2.EXE  Berichtskennung: 90467b3f-4964-11e1-a63e-aafd699c2110
 
Error - 28.01.2012 00:00:18 | Computer Name = effexlaptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GTA2.EXE, Version: 9.6.0.0, Zeitstempel:
 0x37fe16d1  Name des fehlerhaften Moduls: GTA2.EXE, Version: 9.6.0.0, Zeitstempel:
 0x37fe16d1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001ee87b  ID des fehlerhaften Prozesses:
 0xa64  Startzeit der fehlerhaften Anwendung: 0x01ccdd7158f3bc3a  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\GTA2\GTA2.EXE  Pfad des fehlerhaften Moduls: C:\Program
 Files (x86)\GTA2\GTA2.EXE  Berichtskennung: 96d96820-4964-11e1-a63e-aafd699c2110
 
Error - 28.01.2012 00:00:36 | Computer Name = effexlaptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gta2.exe, Version: 9.6.0.0, Zeitstempel:
 0x37fe16d1  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00036d9c  ID des fehlerhaften
 Prozesses: 0x2e0  Startzeit der fehlerhaften Anwendung: 0x01ccdd7163ac4ed6  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\GTA2\gta2.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: a191fabc-4964-11e1-a63e-aafd699c2110
 
Error - 28.01.2012 00:00:55 | Computer Name = effexlaptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gta2.exe, Version: 9.6.0.0, Zeitstempel:
 0x37fe16d1  Name des fehlerhaften Moduls: gta2.exe, Version: 9.6.0.0, Zeitstempel:
 0x37fe16d1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001ee87b  ID des fehlerhaften Prozesses:
 0xeec  Startzeit der fehlerhaften Anwendung: 0x01ccdd716f6394af  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\GTA2\gta2.exe  Pfad des fehlerhaften Moduls: C:\Program
 Files (x86)\GTA2\gta2.exe  Berichtskennung: ad3172d3-4964-11e1-a63e-aafd699c2110
 
[ System Events ]
Error - 09.02.2012 20:50:14 | Computer Name = effexlaptop | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Driver Foundation - Benutzermodus-Treiberframework"
 wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen
 werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 09.02.2012 20:51:14 | Computer Name = effexlaptop | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Programmkompatibilitäts-Assistent-Dienst" Korrekturmaßnahmen (Neustart
 des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:   %%1056
 
Error - 09.02.2012 21:03:26 | Computer Name = effexlaptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 09.02.2012 21:03:26 | Computer Name = effexlaptop | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 09.02.2012 21:03:30 | Computer Name = effexlaptop | Source = DCOM | ID = 10005
Description = 
 
Error - 09.02.2012 21:03:30 | Computer Name = effexlaptop | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 09.02.2012 21:03:30 | Computer Name = effexlaptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 09.02.2012 21:03:30 | Computer Name = effexlaptop | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 09.02.2012 21:03:30 | Computer Name = effexlaptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 09.02.2012 21:31:07 | Computer Name = effexlaptop | Source = Service Control Manager | ID = 7034
Description = Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
 
< End of report >
         
--- --- ---

Alt 12.02.2012, 17:35   #7
markusg
/// Malware-holic
 
Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir) - Standard

Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir)



wird zu bestimmten seiten geleitet oder unterschiedliche?
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.02.2012, 17:54   #8
effexion
 
Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir) - Standard

Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir)



TDSSKiller Log folgt hiernach.
Unterschiedliche...
ich probiere es jetzt mal anhand von file-upload, welches ich via Google suche... die Umleitung findet nicht immer statt - ich würde sagen zu 50%.
Die Umleitung teilt sich in quasi 3 schnelle Weiterleitungen auf, mir sind unterschiedliche Varianten in Erinnerung.
Nach dem Klick findet z.b. folgende Umleitung statt. Es wäre natürlich besser zu deiner Sicherheit, die Links gar nicht erst zu öffnen, sondern nur, das du dir die URLs mal anschaust
Zitat:
erster link:
hxxp://livinglifehealthyandnatural.com/?c=25c26882bc435b5c283e9293c7734f29&uid=204113

zweiter link:
hxxp://search.bpath.com/toolbar/search.dbm?q=fileupload&trg=bGm2fRBFz400AFqNmz5U7zoYM5xwU2%25r8j3jJAgX5JpZeoxTTnotpRGXDIvY2%2506DdY2%25xDU8jlMj5Z0%25k3RYxyuwpWo2o7iY2%255y5WiFlDNxBmI 4yakPS405GtYbjDzXLOg2zJ79OCEEBGk9aPr5jwiEtMaZYAZ0%25WVrkU2%25l81ysaHGqaQjc72zn8ZBIbEVV9sigp52akY2%25wUctyfCUOannZwVLUAlSarz7U7b6foMJzL9O%3Drf%26pv6YWh kccc6EbsYnoB3OZ0%25zieY2%25PNCtDI0K3p1C6mrBKqsWhFvEU2%253Imh5LsutdQkn7DSzIyRO96FVQJtY2%25q5hmr3ZOnZU2%25IdSjjae%3Drz%3FpxroXwz%2FveivHwz%2Fnlx%2Ehwzpo x%2F%2F%3Akggs

dritter link:
hxxp://www.planet49.com/cgi-bin/wingame.pl?partner_pk=1385&wingame_pk=85&sub_id=9417&sub_id_postback=00cGMbyU8ejX1B85p13pEyZFq2000000&ce_cid=00cGMbyU8ejX1B85p13pEyZFq2000000

Alt 12.02.2012, 18:00   #9
markusg
/// Malware-holic
 
Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir) - Standard

Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir)



hi, dann gucken wir mal was der tdss killer sagt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.02.2012, 18:04   #10
effexion
 
Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir) - Standard

Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir)



Meldet nichts... nur spdt.sys - die stammt aber denke ich von Alcohol 52%, welches ich installiert hatte...


Zitat:
17:58:11.0176 5000 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
17:58:11.0300 5000 ============================================================
17:58:11.0300 5000 Current date / time: 2012/02/12 17:58:11.0300
17:58:11.0300 5000 SystemInfo:
17:58:11.0300 5000
17:58:11.0300 5000 OS Version: 6.1.7601 ServicePack: 1.0
17:58:11.0300 5000 Product type: Workstation
17:58:11.0300 5000 ComputerName: EFFEXLAPTOP
17:58:11.0300 5000 UserName: effex
17:58:11.0300 5000 Windows directory: C:\Windows
17:58:11.0300 5000 System windows directory: C:\Windows
17:58:11.0300 5000 Running under WOW64
17:58:11.0300 5000 Processor architecture: Intel x64
17:58:11.0300 5000 Number of processors: 4
17:58:11.0300 5000 Page size: 0x1000
17:58:11.0300 5000 Boot type: Normal boot
17:58:11.0300 5000 ============================================================
17:58:12.0439 5000 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:58:12.0455 5000 \Device\Harddisk0\DR0:
17:58:12.0455 5000 MBR used
17:58:12.0455 5000 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1BC3800, BlocksNum 0x32000
17:58:12.0455 5000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BF5800, BlocksNum 0x38790000
17:58:12.0486 5000 Initialize success
17:58:12.0486 5000 ============================================================
17:58:41.0273 3044 ============================================================
17:58:41.0273 3044 Scan started
17:58:41.0273 3044 Mode: Manual; SigCheck; TDLFS;
17:58:41.0273 3044 ============================================================
17:58:42.0037 3044 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:58:42.0146 3044 1394ohci - ok
17:58:42.0287 3044 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:58:42.0318 3044 ACPI - ok
17:58:42.0365 3044 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:58:42.0458 3044 AcpiPmi - ok
17:58:42.0583 3044 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
17:58:42.0630 3044 adfs - ok
17:58:42.0802 3044 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
17:58:42.0864 3044 adp94xx - ok
17:58:42.0926 3044 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
17:58:42.0973 3044 adpahci - ok
17:58:43.0082 3044 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
17:58:43.0114 3044 adpu320 - ok
17:58:43.0223 3044 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
17:58:43.0285 3044 AFD - ok
17:58:43.0394 3044 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:58:43.0410 3044 agp440 - ok
17:58:43.0504 3044 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:58:43.0535 3044 aliide - ok
17:58:43.0550 3044 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:58:43.0566 3044 amdide - ok
17:58:43.0628 3044 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
17:58:43.0691 3044 AmdK8 - ok
17:58:43.0800 3044 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
17:58:43.0847 3044 AmdPPM - ok
17:58:44.0018 3044 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:58:44.0050 3044 amdsata - ok
17:58:44.0081 3044 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
17:58:44.0096 3044 amdsbs - ok
17:58:44.0128 3044 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:58:44.0143 3044 amdxata - ok
17:58:44.0284 3044 ApfiltrService (12bfa9ec4b03cc16bb7d19baa308aef2) C:\Windows\system32\DRIVERS\Apfiltr.sys
17:58:44.0315 3044 ApfiltrService - ok
17:58:44.0377 3044 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:58:44.0564 3044 AppID - ok
17:58:44.0705 3044 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
17:58:44.0736 3044 arc - ok
17:58:44.0752 3044 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
17:58:44.0767 3044 arcsas - ok
17:58:44.0798 3044 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
17:58:44.0814 3044 ArcSoftKsUFilter - ok
17:58:44.0923 3044 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:58:45.0079 3044 AsyncMac - ok
17:58:45.0188 3044 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:58:45.0204 3044 atapi - ok
17:58:45.0298 3044 AthBTPort (50f257e19554421b6891e3f998edca90) C:\Windows\system32\DRIVERS\btath_flt.sys
17:58:45.0313 3044 AthBTPort - ok
17:58:45.0500 3044 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
17:58:45.0641 3044 athr - ok
17:58:45.0750 3044 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
17:58:45.0781 3044 atksgt - ok
17:58:45.0890 3044 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
17:58:45.0937 3044 avgntflt - ok
17:58:46.0046 3044 avipbb (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
17:58:46.0078 3044 avipbb - ok
17:58:46.0109 3044 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
17:58:46.0124 3044 avkmgr - ok
17:58:46.0265 3044 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
17:58:46.0327 3044 b06bdrv - ok
17:58:46.0421 3044 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:58:46.0468 3044 b57nd60a - ok
17:58:46.0624 3044 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:58:46.0702 3044 Beep - ok
17:58:46.0811 3044 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:58:46.0842 3044 blbdrive - ok
17:58:46.0967 3044 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:58:47.0014 3044 bowser - ok
17:58:47.0123 3044 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
17:58:47.0170 3044 BrFiltLo - ok
17:58:47.0201 3044 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
17:58:47.0216 3044 BrFiltUp - ok
17:58:47.0310 3044 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:58:47.0388 3044 BridgeMP - ok
17:58:47.0513 3044 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:58:47.0591 3044 Brserid - ok
17:58:47.0684 3044 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:58:47.0731 3044 BrSerWdm - ok
17:58:47.0840 3044 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:58:47.0903 3044 BrUsbMdm - ok
17:58:47.0903 3044 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:58:47.0934 3044 BrUsbSer - ok
17:58:48.0043 3044 BTATH_A2DP (b3bcd755fa9a359d10208cc9f09847cc) C:\Windows\system32\drivers\btath_a2dp.sys
17:58:48.0074 3044 BTATH_A2DP - ok
17:58:48.0137 3044 btath_avdt (9bbba9d6dbdefc8a6542bc7a6ebaf710) C:\Windows\system32\drivers\btath_avdt.sys
17:58:48.0152 3044 btath_avdt - ok
17:58:48.0230 3044 BTATH_BUS (d838dd1bcb328efcfad7a52de9e3cafd) C:\Windows\system32\DRIVERS\btath_bus.sys
17:58:48.0246 3044 BTATH_BUS - ok
17:58:48.0293 3044 BTATH_HCRP (a441b800e04cf8443faf519207563abb) C:\Windows\system32\DRIVERS\btath_hcrp.sys
17:58:48.0324 3044 BTATH_HCRP - ok
17:58:48.0402 3044 BTATH_LWFLT (b16f8429a35bba2a8ef9db2e08675b97) C:\Windows\system32\DRIVERS\btath_lwflt.sys
17:58:48.0418 3044 BTATH_LWFLT - ok
17:58:48.0542 3044 BTATH_RCP (c24231c6bdfe21735930084a22089aab) C:\Windows\system32\DRIVERS\btath_rcp.sys
17:58:48.0574 3044 BTATH_RCP - ok
17:58:48.0636 3044 BtFilter (3632fa4c6b3ce9ec827690deac266d8c) C:\Windows\system32\DRIVERS\btfilter.sys
17:58:48.0667 3044 BtFilter - ok
17:58:48.0776 3044 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
17:58:48.0839 3044 BthEnum - ok
17:58:48.0932 3044 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:58:48.0979 3044 BTHMODEM - ok
17:58:49.0042 3044 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:58:49.0088 3044 BthPan - ok
17:58:49.0213 3044 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
17:58:49.0260 3044 BTHPORT - ok
17:58:49.0385 3044 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
17:58:49.0432 3044 BTHUSB - ok
17:58:49.0525 3044 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:58:49.0619 3044 cdfs - ok
17:58:49.0744 3044 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:58:49.0790 3044 cdrom - ok
17:58:49.0915 3044 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
17:58:49.0962 3044 circlass - ok
17:58:50.0071 3044 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:58:50.0102 3044 CLFS - ok
17:58:50.0212 3044 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:58:50.0258 3044 CmBatt - ok
17:58:50.0336 3044 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:58:50.0368 3044 cmdide - ok
17:58:50.0414 3044 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:58:50.0492 3044 CNG - ok
17:58:50.0648 3044 CnxtHdAudService (1f394df3714ed4280047810790e6df69) C:\Windows\system32\drivers\CHDRT64.sys
17:58:50.0742 3044 CnxtHdAudService - ok
17:58:50.0804 3044 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:58:50.0820 3044 Compbatt - ok
17:58:50.0898 3044 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:58:50.0945 3044 CompositeBus - ok
17:58:51.0070 3044 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
17:58:51.0101 3044 crcdisk - ok
17:58:51.0148 3044 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:58:51.0194 3044 DfsC - ok
17:58:51.0288 3044 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:58:51.0366 3044 discache - ok
17:58:51.0460 3044 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
17:58:51.0491 3044 Disk - ok
17:58:51.0538 3044 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:58:51.0569 3044 drmkaud - ok
17:58:51.0662 3044 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:58:51.0709 3044 DXGKrnl - ok
17:58:51.0740 3044 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
17:58:51.0787 3044 e1yexpress - ok
17:58:51.0943 3044 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
17:58:52.0084 3044 ebdrv - ok
17:58:52.0209 3044 ElbyCDFL (9387a484d31209d7fc3f795a787294db) C:\Windows\system32\Drivers\ElbyCDFL.sys
17:58:52.0255 3044 ElbyCDFL - ok
17:58:52.0365 3044 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
17:58:52.0396 3044 ElbyCDIO - ok
17:58:52.0458 3044 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
17:58:52.0489 3044 elxstor - ok
17:58:52.0521 3044 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:58:52.0552 3044 ErrDev - ok
17:58:52.0645 3044 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:58:52.0723 3044 exfat - ok
17:58:52.0739 3044 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:58:52.0786 3044 fastfat - ok
17:58:52.0895 3044 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
17:58:52.0942 3044 fdc - ok
17:58:53.0035 3044 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:58:53.0067 3044 FileInfo - ok
17:58:53.0098 3044 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:58:53.0145 3044 Filetrace - ok
17:58:53.0285 3044 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
17:58:53.0316 3044 flpydisk - ok
17:58:53.0379 3044 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:58:53.0410 3044 FltMgr - ok
17:58:53.0457 3044 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:58:53.0472 3044 FsDepends - ok
17:58:53.0519 3044 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:58:53.0535 3044 Fs_Rec - ok
17:58:53.0613 3044 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:58:53.0659 3044 fvevol - ok
17:58:53.0706 3044 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
17:58:53.0722 3044 gagp30kx - ok
17:58:53.0815 3044 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:58:53.0831 3044 GEARAspiWDM - ok
17:58:53.0909 3044 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:58:53.0956 3044 hcw85cir - ok
17:58:54.0049 3044 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:58:54.0112 3044 HdAudAddService - ok
17:58:54.0205 3044 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:58:54.0252 3044 HDAudBus - ok
17:58:54.0283 3044 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
17:58:54.0315 3044 HidBatt - ok
17:58:54.0361 3044 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
17:58:54.0424 3044 HidBth - ok
17:58:54.0533 3044 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
17:58:54.0564 3044 HidIr - ok
17:58:54.0611 3044 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:58:54.0658 3044 HidUsb - ok
17:58:54.0767 3044 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:58:54.0798 3044 HpSAMD - ok
17:58:54.0861 3044 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:58:54.0985 3044 HTTP - ok
17:58:55.0063 3044 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:58:55.0095 3044 hwpolicy - ok
17:58:55.0126 3044 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:58:55.0157 3044 i8042prt - ok
17:58:55.0251 3044 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys
17:58:55.0297 3044 iaStor - ok
17:58:55.0407 3044 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:58:55.0453 3044 iaStorV - ok
17:58:55.0843 3044 igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:58:56.0218 3044 igfx - ok
17:58:56.0327 3044 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
17:58:56.0343 3044 iirsp - ok
17:58:56.0405 3044 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:58:56.0467 3044 IntcDAud - ok
17:58:56.0561 3044 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:58:56.0577 3044 intelide - ok
17:58:56.0608 3044 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:58:56.0670 3044 intelppm - ok
17:58:56.0764 3044 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:58:56.0826 3044 IpFilterDriver - ok
17:58:56.0857 3044 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:58:56.0873 3044 IPMIDRV - ok
17:58:56.0967 3044 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:58:57.0060 3044 IPNAT - ok
17:58:57.0154 3044 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:58:57.0232 3044 IRENUM - ok
17:58:57.0310 3044 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:58:57.0341 3044 isapnp - ok
17:58:57.0388 3044 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:58:57.0403 3044 iScsiPrt - ok
17:58:57.0528 3044 ISWKL (bf65e6d039ae37c988d5b2b680e7d718) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
17:58:57.0544 3044 ISWKL - ok
17:58:57.0653 3044 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:58:57.0684 3044 kbdclass - ok
17:58:57.0715 3044 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:58:57.0747 3044 kbdhid - ok
17:58:57.0856 3044 KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
17:58:57.0871 3044 KMWDFILTER - ok
17:58:57.0918 3044 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:58:57.0934 3044 KSecDD - ok
17:58:57.0981 3044 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:58:58.0012 3044 KSecPkg - ok
17:58:58.0105 3044 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:58:58.0199 3044 ksthunk - ok
17:58:58.0339 3044 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
17:58:58.0371 3044 lirsgt - ok
17:58:58.0402 3044 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:58:58.0495 3044 lltdio - ok
17:58:58.0636 3044 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
17:58:58.0667 3044 LSI_FC - ok
17:58:58.0698 3044 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
17:58:58.0714 3044 LSI_SAS - ok
17:58:58.0792 3044 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
17:58:58.0823 3044 LSI_SAS2 - ok
17:58:58.0854 3044 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
17:58:58.0854 3044 LSI_SCSI - ok
17:58:58.0948 3044 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:58:59.0026 3044 luafv - ok
17:58:59.0104 3044 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
17:58:59.0135 3044 megasas - ok
17:58:59.0197 3044 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
17:58:59.0244 3044 MegaSR - ok
17:58:59.0307 3044 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
17:58:59.0338 3044 MEIx64 - ok
17:58:59.0385 3044 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:58:59.0478 3044 Modem - ok
17:58:59.0541 3044 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:58:59.0603 3044 monitor - ok
17:58:59.0697 3044 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:58:59.0728 3044 mouclass - ok
17:58:59.0790 3044 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:58:59.0837 3044 mouhid - ok
17:58:59.0853 3044 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:58:59.0868 3044 mountmgr - ok
17:58:59.0915 3044 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:58:59.0931 3044 mpio - ok
17:58:59.0962 3044 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:59:00.0040 3044 mpsdrv - ok
17:59:00.0133 3044 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:59:00.0196 3044 MRxDAV - ok
17:59:00.0227 3044 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:59:00.0258 3044 mrxsmb - ok
17:59:00.0352 3044 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:59:00.0399 3044 mrxsmb10 - ok
17:59:00.0414 3044 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:59:00.0430 3044 mrxsmb20 - ok
17:59:00.0461 3044 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:59:00.0477 3044 msahci - ok
17:59:00.0508 3044 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:59:00.0523 3044 msdsm - ok
17:59:00.0601 3044 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:59:00.0679 3044 Msfs - ok
17:59:00.0757 3044 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:59:00.0835 3044 mshidkmdf - ok
17:59:00.0929 3044 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:59:00.0945 3044 msisadrv - ok
17:59:01.0054 3044 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:59:01.0132 3044 MSKSSRV - ok
17:59:01.0225 3044 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:59:01.0319 3044 MSPCLOCK - ok
17:59:01.0335 3044 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:59:01.0413 3044 MSPQM - ok
17:59:01.0475 3044 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:59:01.0522 3044 MsRPC - ok
17:59:01.0553 3044 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:59:01.0553 3044 mssmbios - ok
17:59:01.0584 3044 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:59:01.0631 3044 MSTEE - ok
17:59:01.0709 3044 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
17:59:01.0756 3044 MTConfig - ok
17:59:01.0849 3044 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:59:01.0881 3044 Mup - ok
17:59:01.0943 3044 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:59:02.0005 3044 NativeWifiP - ok
17:59:02.0146 3044 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:59:02.0208 3044 NDIS - ok
17:59:02.0255 3044 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:59:02.0286 3044 NdisCap - ok
17:59:02.0395 3044 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:59:02.0458 3044 NdisTapi - ok
17:59:02.0551 3044 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:59:02.0629 3044 Ndisuio - ok
17:59:02.0676 3044 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:59:02.0770 3044 NdisWan - ok
17:59:02.0863 3044 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:59:02.0941 3044 NDProxy - ok
17:59:02.0988 3044 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:59:03.0082 3044 NetBIOS - ok
17:59:03.0097 3044 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:59:03.0144 3044 NetBT - ok
17:59:03.0253 3044 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
17:59:03.0285 3044 nfrd960 - ok
17:59:03.0331 3044 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:59:03.0378 3044 Npfs - ok
17:59:03.0456 3044 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:59:03.0519 3044 nsiproxy - ok
17:59:03.0659 3044 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:59:03.0768 3044 Ntfs - ok
17:59:03.0815 3044 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:59:03.0862 3044 Null - ok
17:59:04.0221 3044 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:59:04.0611 3044 nvlddmkm - ok
17:59:04.0657 3044 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:59:04.0673 3044 nvraid - ok
17:59:04.0689 3044 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:59:04.0704 3044 nvstor - ok
17:59:04.0751 3044 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:59:04.0782 3044 nv_agp - ok
17:59:04.0798 3044 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:59:04.0829 3044 ohci1394 - ok
17:59:04.0907 3044 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
17:59:04.0954 3044 Parport - ok
17:59:04.0985 3044 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:59:05.0001 3044 partmgr - ok
17:59:05.0032 3044 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:59:05.0047 3044 pci - ok
17:59:05.0141 3044 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:59:05.0157 3044 pciide - ok
17:59:05.0188 3044 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
17:59:05.0203 3044 pcmcia - ok
17:59:05.0297 3044 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:59:05.0313 3044 pcw - ok
17:59:05.0344 3044 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:59:05.0422 3044 PEAUTH - ok
17:59:05.0547 3044 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:59:05.0609 3044 PptpMiniport - ok
17:59:05.0640 3044 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
17:59:05.0671 3044 Processor - ok
17:59:05.0781 3044 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:59:05.0859 3044 Psched - ok
17:59:05.0968 3044 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
17:59:06.0046 3044 ql2300 - ok
17:59:06.0093 3044 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
17:59:06.0124 3044 ql40xx - ok
17:59:06.0171 3044 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:59:06.0249 3044 QWAVEdrv - ok
17:59:06.0342 3044 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:59:06.0405 3044 RasAcd - ok
17:59:06.0514 3044 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:59:06.0576 3044 RasAgileVpn - ok
17:59:06.0623 3044 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:59:06.0685 3044 Rasl2tp - ok
17:59:06.0795 3044 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:59:06.0873 3044 RasPppoe - ok
17:59:06.0966 3044 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:59:07.0044 3044 RasSstp - ok
17:59:07.0138 3044 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:59:07.0231 3044 rdbss - ok
17:59:07.0247 3044 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
17:59:07.0278 3044 rdpbus - ok
17:59:07.0372 3044 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:59:07.0465 3044 RDPCDD - ok
17:59:07.0528 3044 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:59:07.0606 3044 RDPENCDD - ok
17:59:07.0699 3044 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:59:07.0762 3044 RDPREFMP - ok
17:59:07.0793 3044 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:59:07.0824 3044 RDPWD - ok
17:59:07.0918 3044 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:59:07.0949 3044 rdyboost - ok
17:59:08.0058 3044 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:59:08.0105 3044 RFCOMM - ok
17:59:08.0199 3044 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys
17:59:08.0230 3044 RSPCIESTOR - ok
17:59:08.0277 3044 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:59:08.0355 3044 rspndr - ok
17:59:08.0448 3044 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:59:08.0479 3044 RTL8167 - ok
17:59:08.0526 3044 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:59:08.0526 3044 sbp2port - ok
17:59:08.0557 3044 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:59:08.0604 3044 scfilter - ok
17:59:08.0729 3044 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
17:59:08.0776 3044 sdbus - ok
17:59:08.0885 3044 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:59:08.0947 3044 secdrv - ok
17:59:09.0072 3044 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
17:59:09.0119 3044 Serenum - ok
17:59:09.0228 3044 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
17:59:09.0275 3044 Serial - ok
17:59:09.0384 3044 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
17:59:09.0431 3044 sermouse - ok
17:59:09.0540 3044 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys
17:59:09.0587 3044 SFEP - ok
17:59:09.0634 3044 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:59:09.0696 3044 sffdisk - ok
17:59:09.0790 3044 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:59:09.0837 3044 sffp_mmc - ok
17:59:09.0868 3044 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:59:09.0899 3044 sffp_sd - ok
17:59:10.0008 3044 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
17:59:10.0055 3044 sfloppy - ok
17:59:10.0195 3044 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
17:59:10.0211 3044 SiSRaid2 - ok
17:59:10.0227 3044 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
17:59:10.0258 3044 SiSRaid4 - ok
17:59:10.0336 3044 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:59:10.0414 3044 Smb - ok
17:59:10.0523 3044 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:59:10.0554 3044 spldr - ok
17:59:10.0632 3044 sptd (d519ad2de7968cd2b47fea807c5b29b2) C:\Windows\System32\Drivers\sptd.sys
17:59:10.0632 3044 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: d519ad2de7968cd2b47fea807c5b29b2
17:59:10.0632 3044 sptd ( LockedFile.Multi.Generic ) - warning
17:59:10.0632 3044 sptd - detected LockedFile.Multi.Generic (1)
17:59:10.0710 3044 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:59:10.0773 3044 srv - ok
17:59:10.0897 3044 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:59:10.0944 3044 srv2 - ok
17:59:11.0053 3044 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:59:11.0131 3044 srvnet - ok
17:59:11.0225 3044 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
17:59:11.0256 3044 stexstor - ok
17:59:11.0287 3044 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:59:11.0303 3044 swenum - ok
17:59:11.0475 3044 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:59:11.0553 3044 Tcpip - ok
17:59:11.0646 3044 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:59:11.0693 3044 TCPIP6 - ok
17:59:11.0755 3044 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:59:11.0802 3044 tcpipreg - ok
17:59:11.0880 3044 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:59:11.0958 3044 TDPIPE - ok
17:59:12.0036 3044 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:59:12.0099 3044 TDTCP - ok
17:59:12.0177 3044 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:59:12.0255 3044 tdx - ok
17:59:12.0364 3044 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
17:59:12.0379 3044 TermDD - ok
17:59:12.0504 3044 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:59:12.0582 3044 tssecsrv - ok
17:59:12.0660 3044 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:59:12.0723 3044 TsUsbFlt - ok
17:59:12.0769 3044 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
17:59:12.0816 3044 TsUsbGD - ok
17:59:12.0941 3044 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
17:59:12.0957 3044 TuneUpUtilitiesDrv - ok
17:59:13.0050 3044 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:59:13.0144 3044 tunnel - ok
17:59:13.0159 3044 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
17:59:13.0175 3044 uagp35 - ok
17:59:13.0284 3044 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:59:13.0331 3044 udfs - ok
17:59:13.0425 3044 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:59:13.0456 3044 uliagpkx - ok
17:59:13.0487 3044 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:59:13.0534 3044 umbus - ok
17:59:13.0612 3044 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
17:59:13.0659 3044 UmPass - ok
17:59:13.0768 3044 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:59:13.0815 3044 USBAAPL64 - ok
17:59:13.0908 3044 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:59:13.0955 3044 usbccgp - ok
17:59:14.0064 3044 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:59:14.0111 3044 usbcir - ok
17:59:14.0205 3044 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:59:14.0251 3044 usbehci - ok
17:59:14.0361 3044 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:59:14.0407 3044 usbhub - ok
17:59:14.0454 3044 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:59:14.0485 3044 usbohci - ok
17:59:14.0563 3044 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
17:59:14.0610 3044 usbprint - ok
17:59:14.0657 3044 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
17:59:14.0704 3044 USBSTOR - ok
17:59:14.0813 3044 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:59:14.0844 3044 usbuhci - ok
17:59:14.0938 3044 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
17:59:14.0985 3044 usbvideo - ok
17:59:15.0031 3044 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
17:59:15.0063 3044 VClone - ok
17:59:15.0172 3044 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:59:15.0187 3044 vdrvroot - ok
17:59:15.0234 3044 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:59:15.0265 3044 vga - ok
17:59:15.0281 3044 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:59:15.0359 3044 VgaSave - ok
17:59:15.0453 3044 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:59:15.0484 3044 vhdmp - ok
17:59:15.0531 3044 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:59:15.0546 3044 viaide - ok
17:59:15.0640 3044 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:59:15.0671 3044 volmgr - ok
17:59:15.0687 3044 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:59:15.0702 3044 volmgrx - ok
17:59:15.0765 3044 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:59:15.0780 3044 volsnap - ok
17:59:15.0889 3044 Vsdatant (239d8d72730226cd460bdc8ca0a23d43) C:\Windows\system32\DRIVERS\vsdatant.sys
17:59:15.0921 3044 Vsdatant - ok
17:59:16.0014 3044 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
17:59:16.0030 3044 vsmraid - ok
17:59:16.0123 3044 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:59:16.0186 3044 vwifibus - ok
17:59:16.0279 3044 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:59:16.0342 3044 vwififlt - ok
17:59:16.0389 3044 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:59:16.0451 3044 vwifimp - ok
17:59:16.0467 3044 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
17:59:16.0498 3044 WacomPen - ok
17:59:16.0607 3044 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:59:16.0685 3044 WANARP - ok
17:59:16.0701 3044 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:59:16.0732 3044 Wanarpv6 - ok
17:59:16.0825 3044 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
17:59:16.0857 3044 Wd - ok
17:59:16.0888 3044 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:59:16.0919 3044 Wdf01000 - ok
17:59:17.0044 3044 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:59:17.0091 3044 WfpLwf - ok
17:59:17.0122 3044 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:59:17.0137 3044 WIMMount - ok
17:59:17.0278 3044 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:59:17.0340 3044 WinUsb - ok
17:59:17.0465 3044 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:59:17.0512 3044 WmiAcpi - ok
17:59:17.0543 3044 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:59:17.0605 3044 ws2ifsl - ok
17:59:17.0621 3044 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:59:17.0668 3044 WudfPf - ok
17:59:17.0761 3044 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:59:17.0839 3044 WUDFRd - ok
17:59:17.0902 3044 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:59:18.0136 3044 \Device\Harddisk0\DR0 - ok
17:59:18.0151 3044 Boot (0x1200) (9e8a8d01b111f42cb934cec3ee186922) \Device\Harddisk0\DR0\Partition0
17:59:18.0151 3044 \Device\Harddisk0\DR0\Partition0 - ok
17:59:18.0183 3044 Boot (0x1200) (4a84805b2a839b8e4a95baf6bd9512c2) \Device\Harddisk0\DR0\Partition1
17:59:18.0198 3044 \Device\Harddisk0\DR0\Partition1 - ok
17:59:18.0198 3044 ============================================================
17:59:18.0198 3044 Scan finished
17:59:18.0198 3044 ============================================================
17:59:18.0214 4652 Detected object count: 1
17:59:18.0214 4652 Actual detected object count: 1
18:00:36.0042 4652 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:00:36.0042 4652 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:00:56.0093 3732 Deinitialize success

Alt 12.02.2012, 18:10   #11
markusg
/// Malware-holic
 
Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir) - Standard

Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir)



ok das iist nichts.
Live-System PartedMagic / GParted

1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 180 MB sein
2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn unter Windows
3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist



4. Du müsstest ein Symbol PartitionEditor auf dem Desktop finden, das doppelklicken
5. Wenn das Tool die Partitionen aufgelistet hat, bitte einen Screenshot mit Hilfe der Taste DRUCK auf der Tastatur erstellen, diesen Screenshot hier posten
(idR hast du einen Internetzugang mit PartedMagic, wenn nicht einfach den Screenshot auf einem Stick abspeichern und unter Windows hier posten)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.02.2012, 18:33   #12
effexion
 
Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir) - Standard

Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir)



Funktioniert es auch mitm USB Stick? Ich glaube nämlich, momentan keine CD oder DVD zur Hand zur haben...

Alt 12.02.2012, 18:45   #13
markusg
/// Malware-holic
 
Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir) - Standard

Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir)



bitte mal hier lesen:
Parted Magic
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.02.2012, 18:58   #14
effexion
 
Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir) - Standard

Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir)



Mmh mist... jetzt ist mir doch auch noch der USB Stick abhanden gekommen...
Gibts auch ne Möglichkeit von meinem Zweitrechner aus? Hab en Peer-to-peer Kabel hier liegen...
Oder eventuell wenn ich ne 2. Partition auf der gleichen Festplatte erstelle und PartedMagic dort reinbrenne?

Geändert von effexion (12.02.2012 um 19:09 Uhr)

Alt 12.02.2012, 19:41   #15
effexion
 
Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir) - Standard

Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir)



Müsste doch theoretisch gehen oder? Jetzt hab ich jedenfalls eine Partition mit 5GB angelegt - soll ich den Inhalt der *.iso Datei einfach darein kopieren?

Antwort

Themen zu Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir)
.dll, absturz, antivir, aswmbr, auswerten, computer, e-banking, explorer, firefox, forum, google, google chrome, hijack, hijackthis, hängen, iexplore, iexplore.exe, internet, internet explorer, log, malwarebytes, neuaufsetzung, problem, sophos, sophos anti-rootkit, super, system neu, systemwiederherstellung, task-manager, taskmanager, windows



Ähnliche Themen: Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir)


  1. HEUR/Modified.SystemFile; 'TR/BitCoinMiner.Gen
    Plagegeister aller Art und deren Bekämpfung - 10.09.2015 (16)
  2. Trojanerbefall? HEUR/Modified.SystemFile
    Log-Analyse und Auswertung - 30.03.2015 (13)
  3. Windows 7: Avira HEUR/Modified.SystemFile
    Plagegeister aller Art und deren Bekämpfung - 10.07.2014 (9)
  4. WebPage.Gen, TR/Crypt.XPACK.Gen, HEUR/Modified.SystemFile und weitere unerwünschte Besucher
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (37)
  5. Verdacht auf "google redirect virus"
    Log-Analyse und Auswertung - 29.01.2013 (7)
  6. Frage zum Thema "Google Redirect Virus"
    Log-Analyse und Auswertung - 19.10.2012 (3)
  7. Viren (EXP/CVE-2012-0507.BR; Trojan.Agent.Gen; HEUR/SystemFile.modified) nach Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 30.07.2012 (9)
  8. FireFox stürzt sofort ab + Umleitung auf Werbeseiten + user32.dll Modified.SystemFile
    Plagegeister aller Art und deren Bekämpfung - 08.02.2012 (7)
  9. "Google Redirect Virus" - Wie wieder entfernen?
    Plagegeister aller Art und deren Bekämpfung - 10.10.2011 (38)
  10. Google Redirect Virus "GoingonEarth"
    Plagegeister aller Art und deren Bekämpfung - 30.07.2011 (4)
  11. Google Redirect Virus "goingonearth" - wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 14.04.2011 (25)
  12. fehlermeldung Der Prozedureinsprungpunkt "CreatePo" wurde in der DLL "USER32.dll" nicht gefunden.
    Plagegeister aller Art und deren Bekämpfung - 14.03.2011 (3)
  13. "google-redirect.com"-Wurm in der Datei "autochk.dll/autochk.exe" - Hilfe
    Plagegeister aller Art und deren Bekämpfung - 11.05.2009 (31)
  14. Firefox hat hat "google redirect Problem" & Desktophintergrund läßt sich nicht ändern
    Log-Analyse und Auswertung - 09.05.2009 (1)
  15. Malware HEUR/Modified.SystemFile' gefunden
    Log-Analyse und Auswertung - 14.04.2009 (2)
  16. Google redirect, firefox crash, avira antivir update nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 11.04.2009 (6)
  17. HEUR/Modified.Systemfile !!!
    Plagegeister aller Art und deren Bekämpfung - 25.03.2009 (7)

Zum Thema Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir) - Tachchen an alle Helfer hier! Mir ist euer Forum schon seit längerem bekannt und ich hab mir hier schon öfter Lösungen für mal kleinere & mal größere Virenbefälle geholt und - Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir)...
Archiv
Du betrachtest: Google Redirect; Firefox Absturz; iexplore im TManager; user32.dll = "Modified Systemfile" (AntiVir) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.